Retail Hacking: What To Expect This Holiday Season
The Year Of The Retailer Data Breach
Time To Turn The Tables On Attackers
US Postal Service Suspends Telecommuting Following Massive Data Breach
How I Became A CISO: Jennings Aske, Nuance Communications
News & Commentary
Privacy Groups Release 'Detekt' Tool to Spot Spyware
Brian Prince, Contributing Writer, Dark ReadingNews
Privacy advocates have joined together to release a tool for identifying cyber espionage malware.
By Brian Prince Contributing Writer, Dark Reading, 11/21/2014
Comment0 comments  |  Read  |  Post a Comment
Cloud Security By The Numbers
Ericka Chickowski, Contributing Writer, Dark Reading
Quantifying the perceptions around cloud security practices.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/21/2014
Comment1 Comment  |  Read  |  Post a Comment
The Week When Attackers Started Winning The War On Trust
Kevin Bocek, VP Security Strategy & Threat Intelligence, VenafiCommentary
The misuse of keys and certificates is not exotic or hypothetical. It’s a real threat that could undermine most, if not all, critical security controls, as recent headlines strongly show.
By Kevin Bocek VP Security Strategy & Threat Intelligence, Venafi, 11/21/2014
Comment0 comments  |  Read  |  Post a Comment
Video: Tech Hygiene Bad Habits, 3D Stock Portfolios
Andrew Conry Murray, Director of Content & Community, InteropCommentary
This Week In 60 Seconds looks at bad tech hygiene habits, using Oculus Rift for 3D stock portfolios, security risks during the holiday shopping season, and more.
By Andrew Conry Murray Director of Content & Community, Interop, 11/21/2014
Comment1 Comment  |  Read  |  Post a Comment
OCR Audits: Don’t Fall Victim To Past Mistakes
Mark Fulford, Partner at LBMC’s Security & Risk ServicesCommentary
The Office of Civil Rights is not out to get you. But it does expect you to make good-faith efforts at protecting patient data.
By Mark Fulford Partner at LBMC’s Security & Risk Services, 11/21/2014
Comment0 comments  |  Read  |  Post a Comment
When Every Minute Counts (Part 2)
Carric Dooley, WW VP of Foundstone Services, Intel Security
Acting on key Indicators of Attack for incident response is crucial.
By Carric Dooley WW VP of Foundstone Services, Intel Security, 11/21/2014
Comment0 comments  |  Read  |  Post a Comment
Russian Cyber Espionage Under The Microscope
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New report shows level of coordination and strategy by three main groups of cyberspies out of Russia.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/20/2014
Comment6 comments  |  Read  |  Post a Comment
New Citadel Attack Targets Password Managers
Jai Vijayan, Freelance writerNews
IBM researchers have found signs that the prolific data steal Trojan is now being used to attack widely used password managers.
By Jai Vijayan Freelance writer, 11/20/2014
Comment3 comments  |  Read  |  Post a Comment
You’re Doing BYOD Wrong: These Numbers Prove It
Bogdan Botezatu, Senior E-threat Analyst, Bitdefender
Almost 40% of users who connect personal mobile devices to corporate networks have no lock-screen mechanism set in place.
By Bogdan Botezatu Senior E-threat Analyst, Bitdefender, 11/20/2014
Comment1 Comment  |  Read  |  Post a Comment
Surveillance Cameras Next On The Insecure IoT List
Sara Peters, Senior Editor at Dark ReadingNews
Three buffer overflow vulnerabilities leave HikVision video recorders open to remote code execution.
By Sara Peters Senior Editor at Dark Reading, 11/20/2014
Comment2 comments  |  Read  |  Post a Comment
Enter The Digital Risk Officer
Nick Sanna, President, Digital Risk Management InstituteCommentary
In the brave new world of digital risk management, a CISO would report up to a DRO who manages risk from a business perspective and works with peers in business ops, compliance, and IT security.
By Nick Sanna President, Digital Risk Management Institute, 11/20/2014
Comment1 Comment  |  Read  |  Post a Comment
When Every Minute Counts: Fighting Advanced Threats With Real-Time SIEM
Ryan Allphin, Senior Vice President & General Manager, Security Management, McAfee
Survey shows that reducing time-to-detection is possible with the right approach.
By Ryan Allphin Senior Vice President & General Manager, Security Management, McAfee, 11/19/2014
Comment3 comments  |  Read  |  Post a Comment
Internet Architecture Board Calls For Net Encryption By Default
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The Internet Architecture Board (IAB) urges encryption across the protocol stack to usher in an era where encrypted traffic is the norm. But there are possible security tradeoffs.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/19/2014
Comment9 comments  |  Read  |  Post a Comment
New Certification Authority To Offer Free Certs For HTTPS
Sara Peters, Senior Editor at Dark ReadingNews
The Electronic Frontier Foundation's new certificate authority aims to make getting a domain validation TLS cert so easy, you can't resist.
By Sara Peters Senior Editor at Dark Reading, 11/19/2014
Comment3 comments  |  Read  |  Post a Comment
Machine Learning: A Solution to Today's Security Threats & One Step Closer to AI
Liviu Arsene, Senior E-threat Analyst, Bitdefender
Algorithms can identify threats that have been missed by traditional security mechanisms.
By Liviu Arsene Senior E-threat Analyst, Bitdefender, 11/19/2014
Comment0 comments  |  Read  |  Post a Comment
Killing Passwords: Don’t Get A-Twitter Over ‘Digits’
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Twitter’s new service that eliminates passwords for authentication actually makes your mobile device less secure.
By Dave Kearns Analyst, Kuppinger-Cole, 11/19/2014
Comment5 comments  |  Read  |  Post a Comment
The Rise Of The Resilient Mobile Botnet
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New report on what researchers call one of the 'most sophisticated mobile botnets online' shows how profitable mobile malware has become.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/19/2014
Comment0 comments  |  Read  |  Post a Comment
Microsoft Issues Emergency Patch Amid Targeted Attacks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Windows Kerberos authentication bug "critical."
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/18/2014
Comment2 comments  |  Read  |  Post a Comment
'Misdial Trap' Phone Scam Hits Financial Services
Sara Peters, Senior Editor at Dark ReadingQuick Hits
One in six financial institutions victimized by this new scam.
By Sara Peters Senior Editor at Dark Reading, 11/18/2014
Comment2 comments  |  Read  |  Post a Comment
Best Practices in the Face of High-Profile Breaches
Bradon Rogers, Senior Vice President, Worldwide Product and Solution Marketing, McAfee
Attacks are a mainstream problem, and organizations must employ more than just traditional minimalist approaches of firewalls and virus scanners.
By Bradon Rogers Senior Vice President, Worldwide Product and Solution Marketing, McAfee, 11/18/2014
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Why Cyber Security Starts At Home
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard Technologies,  11/17/2014
Internet Architecture Board Calls For Net Encryption By Default
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2014
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
You're Doing BYOD Wrong: These Numbers Prove It
Almost 40% of users who connect personal mobile devices to corporate networks have no lock-screen mechanism set in place. Read >>
Cartoon
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?
White Papers
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5395
Published: 2014-11-21
Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users ...

CVE-2014-7137
Published: 2014-11-21
Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM before 3.6.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) contactid parameter in an addcontact action, (2) ligne parameter in a swapstatut action, or (3) project_ref parameter to projet/tasks/contact.php; (4...

CVE-2014-7871
Published: 2014-11-21
SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call.

CVE-2014-8090
Published: 2014-11-21
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nes...

CVE-2014-8469
Published: 2014-11-21
Cross-site scripting (XSS) vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox before 4 Beta allows remote attackers to inject arbitrary web script or HTML via the User-Agent header.

Best of the Web
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed