Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

News & Commentary
Proving the Value of Security Awareness with Metrics that 'Deserve More'
Ira Winkler, CISSP, President, Secure MentemCommentary
Without metrics that matter to the business, awareness programs will continue to be the bastard child of security.
By Ira Winkler CISSP, President, Secure Mentem, 5/22/2019
Comment0 comments  |  Read  |  Post a Comment
To Narrow the Cyber Skills Gap with Attackers, Cut the Red Tape
James Hadley, CEO at Immersive LabsCommentary
Attackers are getting further ahead, and entrenched corporate rules shoulder much of the blame.
By James Hadley CEO at Immersive Labs, 5/21/2019
Comment2 comments  |  Read  |  Post a Comment
Killer SecOps Skills: Soft Is the New Hard
Edy Almer, VP Product, CyberbitCommentary
The sooner we give mindsets and tool sets equal bearing, the better. We must put SOC team members through rigorous training for emergency situations.
By Edy Almer VP Product, Cyberbit, 5/20/2019
Comment0 comments  |  Read  |  Post a Comment
Black Hat Q&A: Bruce Schneier Calls For Public-Interest Technologists
Black Hat Staff,  News
Ahead of his 2019 Black Hat USA talk, cybersecurity luminary Bruce Schneier explains why its so important for tech experts to be actively involved in setting public policy.
By Alex Wawro, Special to Dark Reading , 5/20/2019
Comment0 comments  |  Read  |  Post a Comment
The Data Problem in Security
Julian Waits, GM Cyber Security Business Unit, Devo TechnologyCommentary
CISOs must consider reputation, resiliency, and regulatory impact to establish their organization's guidelines around what data matters most.
By Julian Waits GM Cyber Security Business Unit, Devo Technology, 5/16/2019
Comment0 comments  |  Read  |  Post a Comment
Cyber Workforce Exec Order: Right Question, Wrong Answer
Ryan Shaw, Co-Founder, BionicCommentary
Shuffling resources, adding administrative process, and creating a competition and incentive system will do little to grow and mature the talent we need to meet the cybersecurity challenges we face.
By Ryan Shaw Co-Founder, Bionic, 5/16/2019
Comment0 comments  |  Read  |  Post a Comment
Resolution Requires Cybersecurity Training for Members of Congress
Dark Reading Staff, Quick Hits
A bipartisan resolution would mandate IT and cybersecurity training for all members of Congress, their staff, and employees.
By Dark Reading Staff , 5/14/2019
Comment0 comments  |  Read  |  Post a Comment
Missing in Action: Cybersecurity Professionals
Andrea Fumagalli, Vice President of Engineering, DFLabsCommentary
Just as every organization security team's needs are unique, so are the reasons for the shortage of candidates for open positions. Here are five strategies to help you close the gap.
By Andrea Fumagalli Vice President of Engineering, DFLabs, 5/14/2019
Comment0 comments  |  Read  |  Post a Comment
Why AI Will Create Far More Jobs Than It Replaces
John DiLullo, CEO, LastlineCommentary
Just as spreadsheets and personal computers created a job boom in the '70s, so too will artificial intelligence spur security analysts' ability to defend against advanced threats.
By John DiLullo CEO, Lastline, 5/14/2019
Comment2 comments  |  Read  |  Post a Comment
How the Skills Gap Strains and Constrains Security Pros
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New ISSA/ESG survey underscores increasing pressures and security fallout of a strapped security team.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/9/2019
Comment1 Comment  |  Read  |  Post a Comment
New Initiative Aims to Fast-Track Women into Cybersecurity Careers
Dark Reading Staff, Quick Hits
'100 Women in 100 Days' is a career development program made possible by a $160,000 gift from Craig Newmark Philanthropies.
By Dark Reading Staff , 5/9/2019
Comment8 comments  |  Read  |  Post a Comment
How to Close the Critical Cybersecurity Talent Gap
Tom Weithman, Managing Director at CIT GAP Funds & Chief Investment Officer at MACH37Commentary
If we don't change our ways, the gap will keep getting worse. Outside-the-box thinking and new techniques are required, and here are a few ways to get started.
By Tom Weithman Managing Director at CIT GAP Funds & Chief Investment Officer at MACH37, 5/9/2019
Comment2 comments  |  Read  |  Post a Comment
The Fine Line of Feedback: 6 Tips for Talking to Security Pros
Joshua Goldfarb, Independent ConsultantCommentary
Feedback is a two-way street in terms of giving, receiving, and knowing how to give and receive.
By Joshua Goldfarb Independent Consultant, 5/8/2019
Comment0 comments  |  Read  |  Post a Comment
Trust the Stack, Not the People
John De Santis, CEO, HyTrustCommentary
A completely trusted stack lets the enterprise be confident that apps and data are treated and protected wherever they are.
By John De Santis CEO, HyTrust, 5/6/2019
Comment0 comments  |  Read  |  Post a Comment
New Executive Order Aims to Grow Federal Cybersecurity Staff
Dark Reading Staff, Quick Hits
The EO outlines a 'rotational assignment program' intended to help security practitioners develop their skills.
By Dark Reading Staff , 5/3/2019
Comment0 comments  |  Read  |  Post a Comment
How Storytelling Can Help Keep Your Company Safe
Zack Schuler, Founder and CEO of NINJIOCommentary
Well-crafted narratives can help you win over users in the battle to develop a sustainable cybersecurity culture.
By Zack Schuler Founder and CEO of NINJIO, 5/3/2019
Comment0 comments  |  Read  |  Post a Comment
World Password Day or Groundhog Day?
Stephen Cox, VP & CSA, SecureAuthCommentary
Despite decades trying to fortify our passwords with bolt-on solutions, attackers have always found ways to defeat them. Here are four reasons why.
By Stephen Cox VP & CSA, SecureAuth, 5/2/2019
Comment3 comments  |  Read  |  Post a Comment
8 Personality Traits for Cybersecurity
Dark Reading Staff, Quick Hits
Personality assessment firm Hogan Assessments lists top characteristics for a 'successful' cybersecurity hire.
By Dark Reading Staff , 5/1/2019
Comment1 Comment  |  Read  |  Post a Comment
Staffing the Software Security Team: Who You Gonna Call?
Steve Lipner, Executive Director, SAFECodeCommentary
Recruiting developers and testers from the product group is a great way to build a top-notch application security team. Here's why.
By Steve Lipner Executive Director, SAFECode, 5/1/2019
Comment0 comments  |  Read  |  Post a Comment
How to Help Your Board Navigate Cybersecurity's Legal Risks
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLCCommentary
What's worse than a massive data breach? A massive data breach followed by a shareholder derivative lawsuit. Learn whats at stake and what CISOs can do to mitigate the damage.
By Beth Burgin Waller Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC, 4/30/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
How a Manufacturing Firm Recovered from a Devastating Ransomware Attack
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-7201
PUBLISHED: 2019-05-22
CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel.
CVE-2018-7803
PUBLISHED: 2019-05-22
A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet. The emulator is used infrequently for application logic testing. It is susceptible to an attack...
CVE-2018-7844
PUBLISHED: 2019-05-22
A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading memory blocks from the controller over Modbus.
CVE-2018-7853
PUBLISHED: 2019-05-22
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus
CVE-2018-7854
PUBLISHED: 2019-05-22
A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a denial of Service when sending invalid debug parameters to the controller over Modbus.