Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

News & Commentary
13 Security Pros Share Their Most Valuable Experiences
Kelly Sheridan, Staff Editor, Dark Reading
From serving as an artillery Marine to working a help desk, infosec practitioners pinpoint experiences that had the greatest influence on their careers.
By Kelly Sheridan Staff Editor, Dark Reading, 11/18/2019
Comment0 comments  |  Read  |  Post a Comment
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at NetskopeCommentary
There's a skills and resources gap industrywide, but a DevSecOps approach can go a long way toward closing that gap.
By Lamont Orange Chief Information Security Officer at Netskope, 11/15/2019
Comment2 comments  |  Read  |  Post a Comment
Capture the Flag Planned to Find Missing Persons Information
Dark Reading Staff, Quick Hits
The competition, launched by SANS and Trace Labs, will put to use open source information in search of new clues.
By Dark Reading Staff , 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
5 Cybersecurity CISO Priorities for the Future
Paul Shomo, Cybersecurity AnalystCommentary
Seven chief information security officers share their pain points and two-year spending plans.
By Paul Shomo Cybersecurity Analyst, 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
SHAKEN/STIR: Finally! A Solution to Caller ID Spoofing?
Mark B. Cooper, President and Founder, PKI SolutionsCommentary
The ubiquitous Caller ID hasn't changed much over the years, but the technology to exploit it has exploded. That may be about to change.
By Mark B. Cooper President and Founder, PKI Solutions, 11/12/2019
Comment0 comments  |  Read  |  Post a Comment
9 Principles to Simplify Security
Menny Barzilay, CEO at Cytactic & Founder of the THINK:CYBER NewsletterCommentary
This isn't a one-size-fits-all situation. Simplify as much as you can, as the saying goes, but no more than that.
By Menny Barzilay CEO at Cytactic & Founder of the THINK:CYBER Newsletter, 11/8/2019
Comment0 comments  |  Read  |  Post a Comment
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff,  News
Security researcher Stanislas Lejay offers a preview of his upcoming Black Hat Europe talk on automotive engine computer management and hardware reverse engineering.
By By Alex Wawro, Special to Dark Reading , 11/7/2019
Comment3 comments  |  Read  |  Post a Comment
Raising Security Awareness: Why Tools Can't Replace People
Lena Smart, Chief Information Security Officer, MongoDBCommentary
Training your people and building relationships outside of the security organization is the most significant investment a CISO can make.
By Lena Smart Chief Information Security Officer, MongoDB, 11/1/2019
Comment1 Comment  |  Read  |  Post a Comment
Quantifying Security Results to Justify Costs
Douglas Ferguson, Founder & CTO, Pharos SecurityCommentary
The CISO job isn't to protect the entire business from all threats for any budget. It's to spell out what level of protection executives can expect for a given budget.
By Douglas Ferguson Founder & CTO, Pharos Security, 10/31/2019
Comment2 comments  |  Read  |  Post a Comment
9 Ways Data Vampires Are Bleeding Your Sensitive Information
Dr. Steve Marsh, Vice President at Nucleus CyberCommentary
Pull a Van Helsing on those sucking the lifeblood from your data and intellectual property.
By Dr. Steve Marsh Vice President at Nucleus Cyber, 10/31/2019
Comment0 comments  |  Read  |  Post a Comment
Email Threats Poised to Haunt Security Pros into Next Decade
Eyal Benishti, CEO & Founder of IRONSCALESCommentary
Decentralized threat intel sharing, more public-private collaboration, and greater use of automated incident response are what's needed to combat phishing
By Eyal Benishti CEO & Founder of IRONSCALES, 10/30/2019
Comment0 comments  |  Read  |  Post a Comment
Hacking Phones: How Law Enforcement Is Saving Privacy
Matthew Rosenquist, Cybersecurity StrategistCommentary
It's no longer true that society must choose to either weaken everybody's privacy or let criminals run rampant.
By Matthew Rosenquist Cybersecurity Strategist, 10/30/2019
Comment1 Comment  |  Read  |  Post a Comment
Why It's Imperative to Bridge the IT & OT Cultural Divide
Dave Weinstein, Chief Security Officer, ClarotyCommentary
As industrial enterprises face the disruptive forces of an increasingly connected world, these two cultures must learn to coexist.
By Dave Weinstein Chief Security Officer, Claroty, 10/29/2019
Comment0 comments  |  Read  |  Post a Comment
4 Security Lessons Federal IT Pros Can Teach the Private Sector
Greg Kushto, Vice President of Sales Engineering at Force 3Commentary
With a little research and basic planning, small companies can make big strides against the cybersecurity threats they face. Here's how.
By Greg Kushto Vice President of Sales Engineering at Force 3, 10/25/2019
Comment2 comments  |  Read  |  Post a Comment
It's Time to Improve Website Identity Indicators, Not Remove Them
Tim Callan, Senior Fellow, SectigoCommentary
Why Google and Mozilla are wrong about the benefits of Extended Validation certificates that aim to prevent fraud and protect user privacy.
By Tim Callan Senior Fellow, Sectigo, 10/24/2019
Comment2 comments  |  Read  |  Post a Comment
Report: 2020 Presidential Campaigns Still Vulnerable to Web Attacks
Gary Golomb, Co-Founder & Chief Research Officer at Awake SecurityCommentary
Nine out of 12 Democratic candidates have yet to enable DNSSEC, a simple set of extensions that stops most targeted domain-based attacks.
By Gary Golomb Co-Founder & Chief Research Officer at Awake Security, 10/23/2019
Comment0 comments  |  Read  |  Post a Comment
The AI (R)evolution: Why Humans Will Always Have a Place in the SOC
Celeste Fralick, Chief Data Scientist & Senior Principal Engineer, McAfeeCommentary
In cybersecurity, the combination of men, women and machines can do what neither can do alone -- form a complementary team capable of upholding order and fighting the forces of evil.
By Celeste Fralick Chief Data Scientist & Senior Principal Engineer, McAfee, 10/22/2019
Comment1 Comment  |  Read  |  Post a Comment
Keeping Too Many Cooks out of the Security Kitchen
Joshua Goldfarb, Independent ConsultantCommentary
A good security team helps the business help itself operate more securely -- soliciting input while adhering to a unified strategy, vision, goals, and priorities.
By Joshua Goldfarb Independent Consultant, 10/22/2019
Comment0 comments  |  Read  |  Post a Comment
SOC Puppet: Dark Reading Caption Contest Winners
Marilyn Cohodas, Managing Editor, Dark ReadingCommentary
Social engineering, SOC analysts, and Sock puns. And the winners are:
By Marilyn Cohodas Managing Editor, Dark Reading, 10/18/2019
Comment0 comments  |  Read  |  Post a Comment
Smart Prevention: How Every Enterprise Can Create Human Firewalls
Debby Briggs, Chief Security Officer at NETSCOUTCommentary
Organizations of all sizes should include both human firewalls and virtual tools in their cybersecurity budgets.
By Debby Briggs Chief Security Officer at NETSCOUT, 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by ronaldjeichner
Current Conversations thank so much
In reply to: thank pro
Post Your Own Reply
Posted by TerryWilliams
Current Conversations very useful information
In reply to: thanks
Post Your Own Reply
Posted by charlesemorris
Current Conversations wow
In reply to: Re: thank for somuch
Post Your Own Reply
Posted by anthonydrobbins
Current Conversations hihihi
In reply to: thank for somuch
Post Your Own Reply
More Conversations
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19071
PUBLISHED: 2019-11-18
A memory leak in the rsi_send_beacon() function in drivers/net/wireless/rsi/rsi_91x_mgmt.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering rsi_prepare_beacon() failures, aka CID-d563131ef23c.
CVE-2019-19072
PUBLISHED: 2019-11-18
A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-96c5c6e6a5b6.
CVE-2019-19073
PUBLISHED: 2019-11-18
Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, ...
CVE-2019-19074
PUBLISHED: 2019-11-18
A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.
CVE-2019-19075
PUBLISHED: 2019-11-18
A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures, aka CID-6402939ec86e.