Operations

News & Commentary
Security Compliance: The Less You Spend the More You Pay
Jai Vijayan, Freelance writerNews
The costs of complying with data protection requirements are steep, but the costs of non-compliance are even higher, a new study shows.
By Jai Vijayan Freelance writer, 12/12/2017
Comment0 comments  |  Read  |  Post a Comment
Oracle Product Rollout Underscores Need for Trust in the Cloud
Kelly Sheridan, Associate Editor, Dark ReadingNews
Oracle updates its Identity SOC and management cloud with security tools to verify and manage users trusted with access to cloud-based data and applications.
By Kelly Sheridan Associate Editor, Dark Reading, 12/11/2017
Comment1 Comment  |  Read  |  Post a Comment
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity VenturesCommentary
The number of unfilled jobs in our industry continues to grow. Here's why.
By Steve Morgan Founder & CEO, Cybersecurity Ventures, 12/11/2017
Comment6 comments  |  Read  |  Post a Comment
Gartner: IT Security Spending to Reach $96 Billion in 2018
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Identity access management and security services to drive worldwide spending growth.
By Dawn Kawamoto Associate Editor, Dark Reading, 12/8/2017
Comment0 comments  |  Read  |  Post a Comment
Ransomware Meets 'Grey's Anatomy'
Tom & Natalie Pageler, Neustar CRO & CSO, and MD Stanford UniversityCommentary
Fictional Grey Sloan Memorial Hospital is locked out of its electronic medical records, but in the real world, healthcare organizations face even greater risks.
By Tom & Natalie Pageler Neustar CRO & CSO, and MD Stanford University, 12/7/2017
Comment0 comments  |  Read  |  Post a Comment
Attacker 'Dwell Time' Average Dips Slightly to 86 Days
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Real-world incident response investigation data from CrowdStrike reveals attacker trends with fileless malware, ransomware, and other weapons.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/7/2017
Comment0 comments  |  Read  |  Post a Comment
Improve Signal-to-Noise Ratio with 'Content Curation:' 5 Steps
Justin Monti, CTO, MKACyberCommentary
By intelligently managing signatures, correlation rules, filters and searches, you can see where your security architecture falls down, and how your tools can better defend the network.
By Justin Monti CTO, MKACyber, 12/5/2017
Comment0 comments  |  Read  |  Post a Comment
Why Security Depends on Usability -- and How to Achieve Both
Tyler Shields,  VP of Marketing, Strategy & Partnerships,  Signal SciencesCommentary
Any initiative that reduces usability will have consequences that make security less effective.
By Tyler Shields VP of Marketing, Strategy & Partnerships, Signal Sciences, 11/29/2017
Comment1 Comment  |  Read  |  Post a Comment
The Looming War of Good AI vs. Bad AI
Derek Manky, Global Security Strategist, FortinetCommentary
The rise of artificial intelligence, machine learning, hivenets, and next-generation morphic malware is leading to an arms race that enterprises must prepare for now.
By Derek Manky Global Security Strategist, Fortinet, 11/28/2017
Comment1 Comment  |  Read  |  Post a Comment
Cyber Forensics: The Next Frontier in Cybersecurity
Brendan Saltaformaggio, Assistant Professor, Georgia Tech School of  Electrical and Computer EngineeringCommentary
We can now recover evidence from the RAM on a cellphone, even if the account is locked, and use it to prosecute a case.
By Brendan Saltaformaggio Assistant Professor, Georgia Tech School of Electrical and Computer Engineering, 11/27/2017
Comment1 Comment  |  Read  |  Post a Comment
3 Pillars of Cyberthreat Intelligence
Martin Dion, VP EMEA Services, Kudelski SecurityCommentary
Strong enterprise cybersecurity programs must be a built on a framework that incorporates strategic, operational, and tactical leadership and goals.
By Martin Dion VP EMEA Services, Kudelski Security, 11/22/2017
Comment0 comments  |  Read  |  Post a Comment
Time to Pull an Uber and Disclose Your Data Breach Now
Joseph Carson, Chief Security Scientist, ThycoticCommentary
There is never a good time to reveal a cyberattack. But with EU's GDPR looming, the fallout is only going to get harder and more expensive if you wait.
By Joseph Carson Chief Security Scientist, Thycotic, 11/22/2017
Comment1 Comment  |  Read  |  Post a Comment
Uber Paid Hackers $100K to Conceal 2016 Data Breach
Kelly Sheridan, Associate Editor, Dark ReadingNews
The ride-sharing company has confirmed an October 2016 data breach that compromised 57 million accounts.
By Kelly Sheridan Associate Editor, Dark Reading, 11/22/2017
Comment1 Comment  |  Read  |  Post a Comment
3 Ways to Retain Security Operations Staff
Oliver Rochford, Vice President of Security Evangelism at DFLabsCommentary
Finding skilled security analysts is hard enough. Once you do, you'll need to fight to keep them working for you. These tips can help.
By Oliver Rochford Vice President of Security Evangelism at DFLabs, 11/20/2017
Comment10 comments  |  Read  |  Post a Comment
Death of the Tier 1 SOC Analyst
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Say goodbye to the entry-level security operations center (SOC) analyst as we know it.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/16/2017
Comment1 Comment  |  Read  |  Post a Comment
Who Am I? Best Practices for Next-Gen Authentication
Seth Ruden, Senior Fraud Consultant, ACI WorldwideCommentary
By their very nature, antiquated, static identifiers like Social Security numbers and dates of birth are worse than passwords.
By Seth Ruden Senior Fraud Consultant, ACI Worldwide, 11/15/2017
Comment0 comments  |  Read  |  Post a Comment
Deception Technology: Prevention Reimagined
Ofer Israeli, CEO & Founder, Illusive NetworksCommentary
How state-of-the-art tools make it practical and cost-effective to identify and engage attackers in early lateral movement stages to prevent them from reaching critical systems and data.
By Ofer Israeli CEO & Founder, Illusive Networks, 11/15/2017
Comment1 Comment  |  Read  |  Post a Comment
What the NFL Teaches Us about Fostering a Champion Security Team
Richard Henderson, Global Security Strategist, AbsoluteCommentary
Cybersecurity experts can learn how to do a better job by keeping a close eye on the gridiron.
By Richard Henderson Global Security Strategist, Absolute, 11/14/2017
Comment1 Comment  |  Read  |  Post a Comment
Why Common Sense Is Not so Common in Security: 20 Answers
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRACommentary
Or, questions vendors need to ask themselves before they write a single word of marketing material.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDDRA, 11/10/2017
Comment0 comments  |  Read  |  Post a Comment
Hypervisors: Now a Tool to Protect against Security Blind Spots
Shaun Donaldson, Director of Strategic Alliances, Bitdefender EnterpriseCommentary
By facilitating live introspection of virtual machine memory, the Xen Project is striving to eliminate stealthy attack techniques like EternalBlue.
By Shaun Donaldson Director of Strategic Alliances, Bitdefender Enterprise, 11/9/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity Ventures,  12/11/2017
Oracle Product Rollout Underscores Need for Trust in the Cloud
Kelly Sheridan, Associate Editor, Dark Reading,  12/11/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Gee, these virtual reality goggles work great!!! 
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.