Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

News & Commentary
7 Non-Technical Skills Threat Analysts Should Master to Keep Their Jobs
Dov Lerner, Security Research Lead, SixgillCommentary
It's not just technical expertise and certifications that enable analysts to build long-term careers in cybersecurity.
By Dov Lerner Security Research Lead, Sixgill, 9/23/2020
Comment0 comments  |  Read  |  Post a Comment
Nearly 70% of IT & Security Pros Hone Their Cyber Skills Outside of Work
Steve Zurier, Contributing WriterNews
New research shows how security skills are lacking across multiple IT disciplines as well - including network engineers, sys admins, and cloud developers.
By Steve Zurier Contributing Writer, 9/22/2020
Comment0 comments  |  Read  |  Post a Comment
Time for CEOs to Stop Enabling China's Blatant IP Theft
Eric Noonan, CEO, CyberSheathCommentary
Protecting intellectual property in the name of US economic and national security should be part of every company's fiduciary duty.
By Eric Noonan CEO, CyberSheath, 9/17/2020
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVistaCommentary
While the demand for cybersecurity talent rebounds, organizations will need to focus on cyber-enabled roles to fill immediate skills gaps.
By Simone Petrella Chief Executive Officer, CyberVista, 9/16/2020
Comment2 comments  |  Read  |  Post a Comment
6 Lessons IT Security Can Learn From DevOps
Curtis Franklin Jr., Senior Editor at Dark Reading
DevOps has taken over enterprise software development. The discipline has lessons for IT security -- here are a quick half-dozen.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/10/2020
Comment2 comments  |  Read  |  Post a Comment
Post-COVID-19 Security Spending Update
Ericka Chickowski, Contributing Writer
Security spending growth will slow in 2020, but purse strings are looser than for other areas of IT.
By Ericka Chickowski Contributing Writer, 9/8/2020
Comment0 comments  |  Read  |  Post a Comment
5 Ways for Cybersecurity Teams to Work Smarter, Not Harder
Theresa Lanowitz, Head of Evangelism, AT&T CybersecurityCommentary
Burnout is real and pervasive, but some common sense tools and techniques can help mitigate all that.
By Theresa Lanowitz Head of Evangelism, AT&T Cybersecurity, 9/3/2020
Comment1 Comment  |  Read  |  Post a Comment
From Defense to Offense: Giving CISOs Their Due
Marc Wilczek, Digital Strategist & COO of Link11Commentary
In today's unparalleled era of disruption, forward-thinking CISOs can become key to company transformation -- but this means resetting relationships with the board and C-suite.
By Marc Wilczek Digital Strategist & COO of Link11, 8/31/2020
Comment5 comments  |  Read  |  Post a Comment
Redefining What CISO Success Looks Like
Brian Ahern, CEOCommentary
Key to this new definition is the principle that security programs are designed to minimize business risk, not to achieve 100% no-risk.
By Brian Ahern CEO, 8/28/2020
Comment0 comments  |  Read  |  Post a Comment
The Inside Threat from Psychological Manipulators
Joshua Goldfarb, Independent ConsultantCommentary
How internal manipulators can actually degrade your organization's cyber defense, and how to defend against them.
By Joshua Goldfarb Independent Consultant, 8/27/2020
Comment2 comments  |  Read  |  Post a Comment
How CISOs Can Play a New Role in Defining the Future of Work
David Bradbury, CSO, OktaCommentary
Rather than just reacting to security issues in the COVID-19 era, CISOs are now in a position to be change agents alongside their C-suite peers.
By David Bradbury CSO, Okta, 8/27/2020
Comment1 Comment  |  Read  |  Post a Comment
Black Hat USA 2020 Musings: Weird and Wonderful Virtual Events are Here to Stay
Jeff Wilson, Chief Analyst, OmdiaCommentary
Black Hat USA 2020 was nothing like an in-person event, but it was incredibly useful for all involved, providing even the most grizzled industry veterans with fresh perspectives.
By Jeff Wilson Chief Analyst, Omdia, 8/20/2020
Comment0 comments  |  Read  |  Post a Comment
10 Resume and Interview Tips from Security Pros
Kelly Sheridan, Staff Editor, Dark Reading
Experts from the DEF CON Career Hacking Village explain how job seekers can build a resume and rock an interview.
By Kelly Sheridan Staff Editor, Dark Reading, 8/19/2020
Comment0 comments  |  Read  |  Post a Comment
Secure Development Takes a (Remote) Village
Guy Podjarny, CEO & Cofounder, SnykCommentary
The shift to work from home isn't just about giving your Dev team the physical tools they need.
By Guy Podjarny CEO & Cofounder, Snyk, 8/13/2020
Comment0 comments  |  Read  |  Post a Comment
Black Hat USA 2020 Shines Spotlight on the Mental Challenges of Cybersecurity
Eric Parizo, Senior Analyst, OmdiaCommentary
Infosec practitioners face a variety of mental struggles in areas such as awareness training, problem solving, or general mental health. Several sessions at Black Hat USA 2020 highlighted these challenges and how to overcome them.
By Eric Parizo Senior Analyst, Omdia, 8/13/2020
Comment0 comments  |  Read  |  Post a Comment
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark ReadingNews
A security leader shares tips for adopting a CISO mindset, creating risk management strategies, and "selling infosec" to IT and executives.
By Kelly Sheridan Staff Editor, Dark Reading, 8/10/2020
Comment1 Comment  |  Read  |  Post a Comment
Dark Reading Video News Desk Returns to Black Hat
Sara Peters, Senior Editor at Dark ReadingNews
UPDATED: Coming to you prerecorded from in front of carefully arranged bookcases around the world ...!
By Sara Peters Senior Editor at Dark Reading, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Where Dark Reading Goes Next
Dark Reading Staff, News
Dark Reading Editor-in-Chief gives a complete rundown of all the Dark Reading projects you might not even know about, his insight into the future of the security industry, and how we plan to cover it.
By Dark Reading Staff , 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Four Rules and Three Tools to Protect Against Fake SaaS Apps
Dmitry Dontov, Chief Technology Officer, Spin TechnologyCommentary
Here's how to blunt the twinned forces of shadow IT and counterfeit apps and keep your data safe.
By Dmitry Dontov Chief Technology Officer, Spin Technology, 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Supporting Women in InfoSec
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Maxine Holt, senior research director from Omdia, explains why the time is right for women to step into more cybersecurity jobs.
By Sara Peters Senior Editor at Dark Reading, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by TimKorry
Current Conversations Great tips. Thanks
In reply to: Great tips
Post Your Own Reply
Posted by TiaGilbert
Current Conversations Good article!
In reply to: Article
Post Your Own Reply
More Conversations
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15208
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
CVE-2020-15209
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
CVE-2020-15210
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
CVE-2020-15211
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
CVE-2020-15212
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...