Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Careers & People
Page 1 / 2   >   >>
Success Enablers or Silent Killers?
Commentary  |  12/6/2019  | 
These five success enablers will help CISOs report, measure, and demonstrate ROI to the C-suite.
Navigating Security in the Cloud
Commentary  |  12/4/2019  | 
Underestimating the security changes that need to accompany a shift to the cloud could be fatal to a business. Here's why.
What Security Leaders Can Learn from Marketing
Commentary  |  12/3/2019  | 
Employees can no longer be pawns who must be protected all the time. They must become partners in the battle against threats.
Cybersecurity Team Holiday Guide: 2019 Gag Gift Edition
Slideshows  |  12/2/2019  | 
Make your favorite security experts laugh with these affordable holiday gifts.
5 Ways to Champion and Increase Your 2020 Security Budget
Commentary  |  11/26/2019  | 
Give your organization's leadership an impactful, out-of-office experience so they know what's at stake with their budgeting decisions.
6 Top Nontechnical Degrees for Cybersecurity
Slideshows  |  11/21/2019  | 
A computer science degree isn't the only path into a cybersecurity career.
The 'Department of No': Why CISOs Need to Cultivate a Middle Way
Commentary  |  11/21/2019  | 
A chief information security officer's job inherently involves conflict, but a go-along-to-get-along approach carries its own vulnerabilities and risks.
Employee Privacy in a Mobile Workplace
Commentary  |  11/20/2019  | 
Why businesses need guidelines for managing their employees' personal information -- without compromising on security.
A Security Strategy That Centers on Humans, Not Bugs
Commentary  |  11/19/2019  | 
The industry's fixation on complex exploits has come at the expense of making fundamentals easy and intuitive for end users.
13 Security Pros Share Their Most Valuable Experiences
Slideshows  |  11/18/2019  | 
From serving as an artillery Marine to working a help desk, infosec practitioners pinpoint experiences that had the greatest influence on their careers.
DevSecOps: The Answer to the Cloud Security Skills Gap
Commentary  |  11/15/2019  | 
There's a skills and resources gap industrywide, but a DevSecOps approach can go a long way toward closing that gap.
Capture the Flag Planned to Find Missing Persons Information
Quick Hits  |  11/14/2019  | 
The competition, launched by SANS and Trace Labs, will put to use open source information in search of new clues.
5 Cybersecurity CISO Priorities for the Future
Commentary  |  11/14/2019  | 
Seven chief information security officers share their pain points and two-year spending plans.
SHAKEN/STIR: Finally! A Solution to Caller ID Spoofing?
Commentary  |  11/12/2019  | 
The ubiquitous Caller ID hasn't changed much over the years, but the technology to exploit it has exploded. That may be about to change.
9 Principles to Simplify Security
Commentary  |  11/8/2019  | 
This isn't a one-size-fits-all situation. Simplify as much as you can, as the saying goes, but no more than that.
Black Hat Q&A: Hacking a '90s Sports Car
News  |  11/7/2019  | 
Security researcher Stanislas Lejay offers a preview of his upcoming Black Hat Europe talk on automotive engine computer management and hardware reverse engineering.
Raising Security Awareness: Why Tools Can't Replace People
Commentary  |  11/1/2019  | 
Training your people and building relationships outside of the security organization is the most significant investment a CISO can make.
Quantifying Security Results to Justify Costs
Commentary  |  10/31/2019  | 
The CISO job isn't to protect the entire business from all threats for any budget. It's to spell out what level of protection executives can expect for a given budget.
9 Ways Data Vampires Are Bleeding Your Sensitive Information
Commentary  |  10/31/2019  | 
Pull a Van Helsing on those sucking the lifeblood from your data and intellectual property.
Email Threats Poised to Haunt Security Pros into Next Decade
Commentary  |  10/30/2019  | 
Decentralized threat intel sharing, more public-private collaboration, and greater use of automated incident response are what's needed to combat phishing
Hacking Phones: How Law Enforcement Is Saving Privacy
Commentary  |  10/30/2019  | 
It's no longer true that society must choose to either weaken everybody's privacy or let criminals run rampant.
Why It's Imperative to Bridge the IT & OT Cultural Divide
Commentary  |  10/29/2019  | 
As industrial enterprises face the disruptive forces of an increasingly connected world, these two cultures must learn to coexist.
4 Security Lessons Federal IT Pros Can Teach the Private Sector
Commentary  |  10/25/2019  | 
With a little research and basic planning, small companies can make big strides against the cybersecurity threats they face. Here's how.
It's Time to Improve Website Identity Indicators, Not Remove Them
Commentary  |  10/24/2019  | 
Why Google and Mozilla are wrong about the benefits of Extended Validation certificates that aim to prevent fraud and protect user privacy.
Report: 2020 Presidential Campaigns Still Vulnerable to Web Attacks
Commentary  |  10/23/2019  | 
Nine out of 12 Democratic candidates have yet to enable DNSSEC, a simple set of extensions that stops most targeted domain-based attacks.
The AI (R)evolution: Why Humans Will Always Have a Place in the SOC
Commentary  |  10/22/2019  | 
In cybersecurity, the combination of men, women and machines can do what neither can do alone -- form a complementary team capable of upholding order and fighting the forces of evil.
Keeping Too Many Cooks out of the Security Kitchen
Commentary  |  10/22/2019  | 
A good security team helps the business help itself operate more securely -- soliciting input while adhering to a unified strategy, vision, goals, and priorities.
SOC Puppet: Dark Reading Caption Contest Winners
Commentary  |  10/18/2019  | 
Social engineering, SOC analysts, and Sock puns. And the winners are:
Smart Prevention: How Every Enterprise Can Create Human Firewalls
Commentary  |  10/17/2019  | 
Organizations of all sizes should include both human firewalls and virtual tools in their cybersecurity budgets.
How to Think Like a Hacker
Commentary  |  10/10/2019  | 
In the arms race of computer security, it's never been more important to develop an adversarial mindset that can identify assumptions and determine if and how they can be violated.
Virginia a Hot Spot For Cybersecurity Jobs
News  |  10/9/2019  | 
State has highest number of people in information security roles and the most current job openings, Comparitech study finds.
A Realistic Threat Model for the Masses
Commentary  |  10/9/2019  | 
For many people, overly restrictive advice about passwords and other security practices is doing more harm than good. Here's why.
Utilities' Operational Networks Continue to Be Vulnerable
News  |  10/8/2019  | 
More than half of utilities have suffered an outage or data loss in the last 12 months, but only a minority of organizations seem ready for an attack that could affect operations, a survey finds.
Lack of Role Models, Burnout & Pay Disparity Hold Women Back
News  |  10/7/2019  | 
New ISACA data emphasizes a gap between men and women who share their opinions on underrepresentation of women and equal pay in the tech industry.
'Father of Identity Theft' Convicted on 13 Federal Counts
Quick Hits  |  10/1/2019  | 
James Jackson, a 58-year-old Memphis resident, used the identities of deceased individuals to steal money from banks and the estates of the dead.
Navigating Your First Month as a New CISO
Commentary  |  10/1/2019  | 
The single most important thing you can do is to start building the relationships and political capital you'll need to run your security program. Here's how.
DevSecOps: Recreating Cybersecurity Culture
Commentary  |  9/18/2019  | 
Bringing developers and security teams together guided by a common goal requires some risk-taking. With patience and confidence, it will pay off. Here's how.
How Intel Unlocks the Powerful Potential of Diversity in Cybersecurity
Commentary  |  9/17/2019  | 
Sparking cultural shifts within an organization -- and throughout an entire industry -- can feel like a monumental task, but the juice is well worth the squeeze.
Preventing PTSD and Burnout for Cybersecurity Professionals
Commentary  |  9/16/2019  | 
The safety of our digital lives is at stake, and we need to all do our part in raising awareness of these issues.
No Quick Fix for Security-Worker Shortfall
News  |  9/13/2019  | 
Security professionals see acquiring skills as the way forward, but only half of companies are training their workers, with more continuing to search for highly skilled employees.
Taking a Fresh Look at Security Ops: 10 Tips
Commentary  |  9/13/2019  | 
Maybe you love your executive team, your security processes, tools, or strategy. Maybe you hate them. Whatever the situation, it's likely at some point that things will have changed.
Security Leaders Share Tips for Boardroom Chats
Slideshows  |  9/12/2019  | 
Cisco, Oracle, and LinkedIn security leaders share their challenges in communicating with business teams and advice for how CISOs can navigate the relationship.
A Definitive Guide to Crowdsourced Vulnerability Management
Commentary  |  9/12/2019  | 
Knowing about a bug and actually securing it are very different things. These six steps will get you from "oh, sh*t" to fixed.
Automation: Friend of the SOC Analyst
Commentary  |  9/5/2019  | 
Faced by increasingly sophisticated threats, organizations are realizing the benefits of automation in their cybersecurity programs.
Bug Bounties Continue to Rise, but Market Has Its Own 1% Problem
News  |  8/29/2019  | 
The average payout for a critical vulnerability has almost reached $3,400, but only the top bug hunters of a field of 500,000 are truly profiting.
10 Low-Cost (or Free!) Ways to Boost Your Security AI Skills
Slideshows  |  8/23/2019  | 
The following hardware and software options will amplify your know-how about artificial intelligence and how to apply it to security without busting any budgets.
Beat the Heat: Dark Reading Caption Contest Winners
Commentary  |  8/16/2019  | 
Phishing, token codes, training, MFA, polluted data entry, and whales. And the winners are ...
Does Personality Make You Vulnerable to Cybercrime?
News  |  8/13/2019  | 
A new study explores the connections between personality traits and susceptibility to different cyberattacks.
2019 Pwnie Award Winners (And Those Who Wish They Weren't)
Slideshows  |  8/13/2019  | 
This year's round-up includes awards into two new categories: most under-hyped research and epic achievement.
Dark Reading News Desk Live at Black Hat USA 2019
News  |  8/8/2019  | 
Watch right here for 40 video interviews with speakers and sponsors. Streaming live from Black Hat USA Wednesday and Thursday 2 p.m. to 6 p.m. Eastern.
Page 1 / 2   >   >>


Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16772
PUBLISHED: 2019-12-07
The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.to...
CVE-2019-9464
PUBLISHED: 2019-12-06
In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges need...
CVE-2019-2220
PUBLISHED: 2019-12-06
In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...
CVE-2019-2221
PUBLISHED: 2019-12-06
In hasActivityInVisibleTask of WindowProcessController.java there?s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...
CVE-2019-2222
PUBLISHED: 2019-12-06
n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android...