Breaking The Security Fail Cycle
Social Engineering Defenses: Reducing The Human Element
Smartphone Security Shootout
Twitter's Top 10 Social CISOs
To Evangelize Security, Get Out Of Your Comfort Zone
News & Commentary
Deconstructing Mobile Fraud Risk
Subbu Sthanu, Director, Mobile Security & Application Security, IBMCommentary
Today’s enterprise security solutions don’t do enough to manage BYOD risk, credit card theft and the reputational damage resulting from a major data breach.
By Subbu Sthanu Director, Mobile Security & Application Security, IBM, 5/5/2015
Comment0 comments  |  Read  |  Post a Comment
Rapid7 Picks Up NTObjectives
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Adds 25 new employees and further diversifies testing capabilities.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/4/2015
Comment1 Comment  |  Read  |  Post a Comment
Security Product Liability Protections Emerge
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
WhiteHat Security, FireEye each offer product liability protections to their customers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/4/2015
Comment0 comments  |  Read  |  Post a Comment
Defenses Outside the Wall
Lorie Wigle, Vice President, General Manager IOT Security Solutions, Intel Security Group
Protecting the Internet of Things means protecting the privacy of customers and colleagues.
By Lorie Wigle Vice President, General Manager IOT Security Solutions, Intel Security Group, 5/4/2015
Comment3 comments  |  Read  |  Post a Comment
Free Android Apps Secretly Talk To Ad, Tracking Sites
Eric Zeman, Commentary
Researchers are warning about misleading Google Play app behaviors and are calling for more visibility into Android applications' connection policies.
By Eric Zeman , 5/4/2015
Comment3 comments  |  Read  |  Post a Comment
Building a Stronger Security Strategy: 6 Tips
Harry Folloder, CIO, Advantage Waypoint LLC (AWP)Commentary
CIO offers his formula for achieving the right balance between data security and employee productivity and convenience
By Harry Folloder CIO, Advantage Waypoint LLC (AWP), 5/4/2015
Comment0 comments  |  Read  |  Post a Comment
Nine Years Later, IT Security Is Even More Important To Business
Tim Wilson, Editor in Chief, Dark ReadingCommentary
As Dark Reading celebrates its ninth year of publication, the security industry prepares for its next round of evolution.
By Tim Wilson Editor in Chief, Dark Reading, 5/1/2015
Comment2 comments  |  Read  |  Post a Comment
Dyre Trojan Adds New Sandbox-Evasion Feature
Jai Vijayan, Freelance writerNews
New tactic makes it that much harder to detect, says Seculert.
By Jai Vijayan Freelance writer, 5/1/2015
Comment1 Comment  |  Read  |  Post a Comment
CareerBuilder Attack Sends Malware-Rigged Resumes To Businesses
Jai Vijayan, Freelance writerNews
Attack displays 'simple elegance and brilliance,' security researcher say.
By Jai Vijayan Freelance writer, 4/30/2015
Comment2 comments  |  Read  |  Post a Comment
Breaking The Security Fail Cycle
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
How security teams are evolving in the face of today's threats.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/30/2015
Comment4 comments  |  Read  |  Post a Comment
Google's Urs Hoelzle: Cloud Will Soon Be More Secure
Charles Babcock, Editor at Large, CloudNews
Google's chief data center architect, Urs Hoelzle, says cloud security will improve faster than enterprise security in the next few years.
By Charles Babcock Editor at Large, Cloud, 4/30/2015
Comment10 comments  |  Read  |  Post a Comment
Information Security: Identifying Your Weakest Links
Kelly Sheridan, Associate Editor, InformationWeekNews
Modern security execs use existing tools to identify areas of risk and find new ones to track, evaluate, and share their progress.
By Kelly Sheridan Associate Editor, InformationWeek, 4/30/2015
Comment0 comments  |  Read  |  Post a Comment
Social Engineering Defenses: Reducing The Human Element
Rob Ragan, Senior Security Associate, Bishop FoxCommentary
Most security awareness advice is terrible, just plain bad, and not remotely feasible for your average user.
By Rob Ragan Senior Security Associate, Bishop Fox, 4/30/2015
Comment8 comments  |  Read  |  Post a Comment
Wi-Fi Woes Continue To Plague Infosec
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Several pieces of research coincide to send the message that hotspot connectivity is probably always going to be a sore spot for security.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/30/2015
Comment8 comments  |  Read  |  Post a Comment
Caterpillar Uses Better Intelligence To Drive Security
Kelly Sheridan, Associate Editor, InformationWeekNews
How strategy and a Capability Maturity Model are helping Caterpillar drive its information security transformation.
By Kelly Sheridan Associate Editor, InformationWeek, 4/29/2015
Comment2 comments  |  Read  |  Post a Comment
IRC Botnets Are Not Quite Dead Yet
Jai Vijayan, Freelance writerNews
The handful that still operate are more sophisticated and resilient than before, Zscaler says.
By Jai Vijayan Freelance writer, 4/29/2015
Comment2 comments  |  Read  |  Post a Comment
Big Data & The Security Skills Shortage
Peter Schlampp, VP of Products, PlatforaCommentary
Finding a security analyst with the data discovery experience to combat modern threats is like searching for the mythical unicorn. The person does not exist
By Peter Schlampp VP of Products, Platfora, 4/29/2015
Comment4 comments  |  Read  |  Post a Comment
RSA Highlighted Impending IoT Troubles
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Same mistakes made all over again with a new technology game changer, but the stakes are higher this time.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/28/2015
Comment3 comments  |  Read  |  Post a Comment
Bringing Tokenization To Secure Payments & Beyond
Sara Peters, Senior Editor at Dark ReadingNews
HYPR aims to do for everything else what ApplePay has done for payments
By Sara Peters Senior Editor at Dark Reading, 4/28/2015
Comment5 comments  |  Read  |  Post a Comment
Cisco Offers Free Decryption Tool For Ransomware Victims
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Tool decrypts, unlocks files hit by TeslaCrypt ransomware attacks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/28/2015
Comment5 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Wi-Fi Woes Continue To Plague Infosec
Ericka Chickowski, Contributing Writer, Dark Reading,  4/30/2015
Social Engineering Defenses: Reducing The Human Element
Rob Ragan, Senior Security Associate, Bishop Fox,  4/30/2015
Cisco Offers Free Decryption Tool For Ransomware Victims
Kelly Jackson Higgins, Executive Editor at Dark Reading,  4/28/2015
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Hacking Vulnerable Medical Equipment Puts Millions at Risk
Hospitals and medical device manufacturers need to start doing more to detect and thwart incoming attacks on networks and devices. Read >>
Partner Perspectives
What's This?
Third-Party Risk and Organizational Situational Awareness
A rigorous risk management approach will help organizations understand the potential risks posed by their partners. Read >>
Cartoon
Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0714
Published: 2015-05-02
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCut53595.

CVE-2014-3598
Published: 2015-05-01
The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.

CVE-2014-8361
Published: 2015-05-01
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request.

CVE-2015-0237
Published: 2015-05-01
Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial of service (prevent host start) by creating a long snapshot chain.

CVE-2015-0257
Published: 2015-05-01
Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory.

10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed