Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

News & Commentary
The AI (R)evolution: Why Humans Will Always Have a Place in the SOC
Celeste Fralick, Chief Data Scientist & Senior Principal Engineer, McAfeeCommentary
In cybersecurity, the combination of men, women and machines can do what neither can do alone -- form a complementary team capable of upholding order and fighting the forces of evil.
By Celeste Fralick Chief Data Scientist & Senior Principal Engineer, McAfee, 10/22/2019
Comment0 comments  |  Read  |  Post a Comment
Keeping Too Many Cooks out of the Security Kitchen
Joshua Goldfarb, Independent ConsultantCommentary
A good security team helps the business help itself operate more securely -- soliciting input while adhering to a unified strategy, vision, goals, and priorities.
By Joshua Goldfarb Independent Consultant, 10/22/2019
Comment0 comments  |  Read  |  Post a Comment
SOC Puppet: Dark Reading Caption Contest Winners
Marilyn Cohodas, Managing Editor, Dark ReadingCommentary
Social engineering, SOC analysts, and Sock puns. And the winners are:
By Marilyn Cohodas Managing Editor, Dark Reading, 10/18/2019
Comment0 comments  |  Read  |  Post a Comment
Smart Prevention: How Every Enterprise Can Create Human Firewalls
Debby Briggs, Chief Security Officer at NETSCOUTCommentary
Organizations of all sizes should include both human firewalls and virtual tools in their cybersecurity budgets.
By Debby Briggs Chief Security Officer at NETSCOUT, 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
How to Think Like a Hacker
Dr. Giovanni Vigna, Chief Technology Officer at LastlineCommentary
In the arms race of computer security, it's never been more important to develop an adversarial mindset that can identify assumptions and determine if and how they can be violated.
By Dr. Giovanni Vigna Chief Technology Officer at Lastline, 10/10/2019
Comment1 Comment  |  Read  |  Post a Comment
Virginia a Hot Spot For Cybersecurity Jobs
Jai Vijayan, Contributing WriterNews
State has highest number of people in information security roles and the most current job openings, Comparitech study finds.
By Jai Vijayan Contributing Writer, 10/9/2019
Comment1 Comment  |  Read  |  Post a Comment
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESETCommentary
For many people, overly restrictive advice about passwords and other security practices is doing more harm than good. Here's why.
By Lysa Myers Security Researcher, ESET, 10/9/2019
Comment1 Comment  |  Read  |  Post a Comment
Utilities' Operational Networks Continue to Be Vulnerable
Robert Lemos, Contributing WriterNews
More than half of utilities have suffered an outage or data loss in the last 12 months, but only a minority of organizations seem ready for an attack that could affect operations, a survey finds.
By Robert Lemos Contributing Writer, 10/8/2019
Comment0 comments  |  Read  |  Post a Comment
Lack of Role Models, Burnout & Pay Disparity Hold Women Back
Kelly Sheridan, Staff Editor, Dark ReadingNews
New ISACA data emphasizes a gap between men and women who share their opinions on underrepresentation of women and equal pay in the tech industry.
By Kelly Sheridan Staff Editor, Dark Reading, 10/7/2019
Comment0 comments  |  Read  |  Post a Comment
'Father of Identity Theft' Convicted on 13 Federal Counts
Dark Reading Staff, Quick Hits
James Jackson, a 58-year-old Memphis resident, used the identities of deceased individuals to steal money from banks and the estates of the dead.
By Dark Reading Staff , 10/1/2019
Comment0 comments  |  Read  |  Post a Comment
Navigating Your First Month as a New CISO
John Hellickson, Vice President, Advisory Services, at Kudelski Security, Inc.Commentary
The single most important thing you can do is to start building the relationships and political capital you'll need to run your security program. Here's how.
By John Hellickson Vice President, Advisory Services, at Kudelski Security, Inc., 10/1/2019
Comment0 comments  |  Read  |  Post a Comment
DevSecOps: Recreating Cybersecurity Culture
Steve Martino, Senior Vice President, Chief Information Security Officer, CiscoCommentary
Bringing developers and security teams together guided by a common goal requires some risk-taking. With patience and confidence, it will pay off. Here's how.
By Steve Martino Senior Vice President, Chief Information Security Officer, Cisco, 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
How Intel Unlocks the Powerful Potential of Diversity in Cybersecurity
Jim Gordon, GM, Ecosystem Strategy & Business Development, Intel Platform Security DivisionCommentary
Sparking cultural shifts within an organization -- and throughout an entire industry -- can feel like a monumental task, but the juice is well worth the squeeze.
By Jim Gordon GM, Ecosystem Strategy & Business Development, Intel Platform Security Division, 9/17/2019
Comment0 comments  |  Read  |  Post a Comment
Preventing PTSD and Burnout for Cybersecurity Professionals
Craig Hinkley, CEO, WhiteHat SecurityCommentary
The safety of our digital lives is at stake, and we need to all do our part in raising awareness of these issues.
By Craig Hinkley CEO, WhiteHat Security, 9/16/2019
Comment2 comments  |  Read  |  Post a Comment
No Quick Fix for Security-Worker Shortfall
Robert Lemos, Contributing WriterNews
Security professionals see acquiring skills as the way forward, but only half of companies are training their workers, with more continuing to search for highly skilled employees.
By Robert Lemos Contributing Writer, 9/13/2019
Comment0 comments  |  Read  |  Post a Comment
Taking a Fresh Look at Security Ops: 10 Tips
Joshua Goldfarb, Independent ConsultantCommentary
Maybe you love your executive team, your security processes, tools, or strategy. Maybe you hate them. Whatever the situation, it's likely at some point that things will have changed.
By Joshua Goldfarb Independent Consultant, 9/13/2019
Comment0 comments  |  Read  |  Post a Comment
Security Leaders Share Tips for Boardroom Chats
Kelly Sheridan, Staff Editor, Dark Reading
Cisco, Oracle, and LinkedIn security leaders share their challenges in communicating with business teams and advice for how CISOs can navigate the relationship.
By Kelly Sheridan Staff Editor, Dark Reading, 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
A Definitive Guide to Crowdsourced Vulnerability Management
David Baker, CSO & VP of Operations, BugcrowdCommentary
Knowing about a bug and actually securing it are very different things. These six steps will get you from "oh, sh*t" to fixed.
By David Baker CSO & VP of Operations, Bugcrowd, 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
Automation: Friend of the SOC Analyst
Chris Schueler, Senior VP, Managed Security Services, TrustwaveCommentary
Faced by increasingly sophisticated threats, organizations are realizing the benefits of automation in their cybersecurity programs.
By Chris Schueler Senior VP, Managed Security Services, Trustwave, 9/5/2019
Comment2 comments  |  Read  |  Post a Comment
Bug Bounties Continue to Rise, but Market Has Its Own 1% Problem
Robert Lemos, Contributing WriterNews
The average payout for a critical vulnerability has almost reached $3,400, but only the top bug hunters of a field of 500,000 are truly profiting.
By Robert Lemos Contributing Writer, 8/29/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Mia Doyle
Current Conversations really useful, thank you!
In reply to: comment
Post Your Own Reply
More Conversations
Tor Weaponized to Steal Bitcoin
Dark Reading Staff 10/18/2019
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
State of SMB Insecurity by the Numbers
Ericka Chickowski, Contributing Writer,  10/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-9501
PUBLISHED: 2019-10-22
The Artificial Intelligence theme before 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root.
CVE-2019-16971
PUBLISHED: 2019-10-22
In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php uses an unsanitized "contact_uuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS.
CVE-2019-16972
PUBLISHED: 2019-10-22
In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVE-2019-16973
PUBLISHED: 2019-10-22
In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVE-2015-9496
PUBLISHED: 2019-10-22
The freshmail-newsletter plugin before 1.6 for WordPress has shortcode.php SQL Injection via the 'FM_form id=' substring.