Careers & People

News & Commentary
Will the US Adopt a National Privacy Law?
Seth P.  Berman, Partner, NutterCommentary
Probably not before the 2020 election. But keep an eye on this Congress as legislators debate how to define personal data and what limits to place on how companies use it.
By Seth P. Berman Partner, Nutter, 4/23/2019
Comment0 comments  |  Read  |  Post a Comment
4 Tips to Protect Your Business Against Social Media Mistakes
Guy Bunker, CTO of ClearswiftCommentary
Don't let social media become the go-to platform for cybercriminals looking to steal sensitive corporate information or cause huge reputational damage.
By Guy Bunker CTO of Clearswift, 4/22/2019
Comment1 Comment  |  Read  |  Post a Comment
The Cybersecurity Automation Paradox
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Recent studies show that before automation can reduce the burden on understaffed cybersecurity teams, they need to bring in enough automation skills to run the tools.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/18/2019
Comment1 Comment  |  Read  |  Post a Comment
GoT Guide to Cybersecurity: Preparing for Battle During a Staffing Shortage
Orion Cassetto, Senior Product Maester, ExabeamCommentary
Faced with an overwhelming adversary, Game of Thrones heroes Daenerys Targaryen and Jon Snow have a lot in common with today's beleaguered CISOs.
By Orion Cassetto Senior Product Maester, Exabeam, 4/18/2019
Comment0 comments  |  Read  |  Post a Comment
7 Tips for an Effective Employee Security Awareness Program
Jai Vijayan, Freelance writer
Breaches and compliance requirements have heightened the need for continuous and effective employee training, security experts say.
By Jai Vijayan Freelance writer, 4/17/2019
Comment1 Comment  |  Read  |  Post a Comment
The Single Cybersecurity Question Every CISO Should Ask
Arif Kareem, CEO, ExtraHopCommentary
The answer can lead to a scalable enterprise security solution for years to come.
By Arif Kareem CEO, ExtraHop, 4/15/2019
Comment1 Comment  |  Read  |  Post a Comment
Julian Assange Arrested in London
Dark Reading Staff, Quick Hits
The WikiLeaks founder, who was taken from the Ecuadorian Embassy by British police, has been convicted of skipping bail in 2012.
By Dark Reading Staff , 4/11/2019
Comment2 comments  |  Read  |  Post a Comment
Stop Mocking & Start Enabling Emerging Technologies
Rick Holland, Chief Information Security Officer and Vice President of  Strategy at Digital ShadowsCommentary
Mocking new technology isn't productive and can lead to career disadvantage.
By Rick Holland Chief Information Security Officer and Vice President of Strategy at Digital Shadows, 4/9/2019
Comment0 comments  |  Read  |  Post a Comment
British Hacker Jailed for Role in Russian Crime Group
Dark Reading Staff, Quick Hits
According to authorities, Zain Qaiser would pose as a legitimate ad broker to buy online advertising unit from pornographic websites.
By Dark Reading Staff , 4/9/2019
Comment1 Comment  |  Read  |  Post a Comment
Advanced Persistent Threat: Dark Reading Caption Contest Winners
Marilyn Cohodas, Managing Editor, Dark ReadingCommentary
From sushi and phishing to robots, passwords and ninjas -- and the winners are ...
By Marilyn Cohodas Managing Editor, Dark Reading, 4/5/2019
Comment0 comments  |  Read  |  Post a Comment
Where Do CISOs Belong in an IT Org Chart?
Steve Kovsky, Technology JournalistNews
A new pecking order may be needed as CIO and CISO objectives clash, putting them at cross-purposes.
By Steve Kovsky Technology Journalist, 4/5/2019
Comment0 comments  |  Read  |  Post a Comment
3 Lessons Security Leaders Can Learn from Theranos
Chad Loeven, President of VMRay Inc.Commentary
Theranos flamed out in spectacular fashion, but you can still learn from the company's "worst practices."
By Chad Loeven President of VMRay Inc., 4/4/2019
Comment1 Comment  |  Read  |  Post a Comment
In Security, Programmers Aren't Perfect
Roselle Safran & Utpal Desai, President of Rosint Labs/Director of Product Management of BitdefenderCommentary
Software developers and their managers must change their perception of secure coding from being an optional feature to being a requirement that is factored into design from the beginning.
By Roselle Safran & Utpal Desai President of Rosint Labs/Director of Product Management of Bitdefender, 4/3/2019
Comment1 Comment  |  Read  |  Post a Comment
6 Essential Skills Cybersecurity Pros Need to Develop in 2019
Ericka Chickowski, Contributing Writer, Dark Reading
In a time of disruption in the security and tech worlds, cybersecurity professionals can't afford to become complacent even in the face of a skills shortage.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/3/2019
Comment2 comments  |  Read  |  Post a Comment
Women Now Hold One-Quarter of Cybersecurity Jobs
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New data from ISC(2) shows younger women are making more money than in previous generations in the field but overall gender pay disparity persists.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/2/2019
Comment3 comments  |  Read  |  Post a Comment
NDSU Offers Nation's First Ph.D. in Cybersecurity Education
Dark Reading Staff, Quick Hits
The new program focuses on training university-level educators in cybersecurity.
By Dark Reading Staff , 3/29/2019
Comment5 comments  |  Read  |  Post a Comment
The 'Twitterverse' Is Not the Security Community
Ira Winkler, CISSP, President, Secure MentemCommentary
The drama on social media belies the incredible role models, job, training, and networking opportunities found in the real world of traditional cybersecurity.
By Ira Winkler CISSP, President, Secure Mentem, 3/27/2019
Comment1 Comment  |  Read  |  Post a Comment
Data Privacy Manifestos: Competitive Advantage or the Start of Something Bigger?
Andrea Little Limbago, Chief Social Scientist, VirtruCommentary
Facebook is the latest company to weigh in with a corporate manifesto focused on privacy. Though it's a welcome trend, only time will tell how many follow through.
By Andrea Little Limbago Chief Social Scientist, Virtru, 3/26/2019
Comment1 Comment  |  Read  |  Post a Comment
A Glass Ceiling? Not in Privacy
Rita Heimes, Data Protection Officer, Research Director & General Counsel, IAPPCommentary
According to a new study, female professionals in the US privacy profession outnumber males 53% to 47%.
By Rita Heimes Data Protection Officer, Research Director & General Counsel, IAPP, 3/25/2019
Comment1 Comment  |  Read  |  Post a Comment
Security Lessons from My Game Closet
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA Commentary
In an era of popular video games like Fortnite and Minecraft, there is a lot to be learned about risk, luck, and strategy from some old-fashioned board games.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDRRA , 3/22/2019
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by brucewinters
Current Conversations What is the question?  :-)
In reply to: One Question?
Post Your Own Reply
More Conversations
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data Researcher,  4/19/2019
Tips for the Aftermath of a Cyberattack
Kelly Sheridan, Staff Editor, Dark Reading,  4/17/2019
Why We Need a 'Cleaner Internet'
Darren Anstee, Chief Technology Officer at Arbor Networks,  4/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7303
PUBLISHED: 2019-04-23
A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. The seccomp rules were generated to match 64-bit ioctl(2) commands on a 64-bit platform; however, the Linux kernel only uses the lower 32 b...
CVE-2019-7304
PUBLISHED: 2019-04-23
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
CVE-2019-0223
PUBLISHED: 2019-04-23
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1...
CVE-2017-12619
PUBLISHED: 2019-04-23
Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijack a valid user session. Issue was reported by "stone lone".
CVE-2018-1317
PUBLISHED: 2019-04-23
In Apache Zeppelin prior to 0.8.0 the cron scheduler was enabled by default and could allow users to run paragraphs as other users without authentication.