Stocking Stuffers For Happy Hacking
2014: The Year of Privilege Vulnerabilities
5 Pitfalls to Avoid When Running Your SOC
'Grinch' Bug May Affect Most Linux Systems
Dark Reading Radio: How To Become A CISO
News & Commentary
CISO Holiday Bookshelf
Ericka Chickowski, Contributing Writer, Dark Reading
A selection of interesting security reads perfect as gifts from and to the typical CISO.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/22/2014
Comment0 comments  |  Read  |  Post a Comment
Security News No One Saw Coming In 2014
John B. Dickson, CISSP,  Principal, Denim GroupCommentary
John Dickson shares his list (and checks it twice) of five of the most surprising security headlines of the year.
By John B. Dickson CISSP, Principal, Denim Group, 12/22/2014
Comment2 comments  |  Read  |  Post a Comment
Startup Profile: Seculert Prioritizes Response Over Prevention
Andrew Conry Murray, Director of Content & Community, InteropCommentary
The cloud security newcomer Seculert aims to identify and validate data breaches to enable faster response and remediation.
By Andrew Conry Murray Director of Content & Community, Interop, 12/22/2014
Comment0 comments  |  Read  |  Post a Comment
The Internet's Winter Of Discontent
Paul Vixie, Chairman & CEO, Farsight Security, Inc.Commentary
The new great cybersecurity challenge in trying to sum up the most dangerous weaknesses in the world’s connected economy is that the hits just keep on coming.
By Paul Vixie Chairman & CEO, Farsight Security, Inc., 12/19/2014
Comment1 Comment  |  Read  |  Post a Comment
Obama: U.S. Will Respond 'Proportionately' To Sony Cyber Attack
Brian Prince, Contributing Writer, Dark ReadingNews
President Obama says the United States will take action against North Korea in response to the cyber-attack on Sony.
By Brian Prince Contributing Writer, Dark Reading, 12/19/2014
Comment15 comments  |  Read  |  Post a Comment
Time To Rethink Patching Strategies
Kevin E. Greene, Software Assurance Program Manager, Department of Homeland Security Science & Technology DirectorateCommentary
In 2014, the National Vulnerability Database is expected to log a record-breaking 8,000 vulnerabilities. That's 8,000 reasons to improve software quality at the outset.
By Kevin E. Greene Software Assurance Program Manager, Department of Homeland Security Science & Technology Directorate, 12/19/2014
Comment11 comments  |  Read  |  Post a Comment
SDN And Security: Start Slow, But Start
Greg Ferro, Network Architect & BloggerNews
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul policies
By Greg Ferro Network Architect & Blogger, 12/19/2014
Comment0 comments  |  Read  |  Post a Comment
ICANN Hit By Cyberattack
Jai Vijayan, Freelance writerNews
Spear phishing campaign led to attackers gaining administrative access to one system.
By Jai Vijayan Freelance writer, 12/18/2014
Comment0 comments  |  Read  |  Post a Comment
Bad Bots On The Rise
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Humans remain outnumbered by bots online, new data shows.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/18/2014
Comment0 comments  |  Read  |  Post a Comment
Vawtrak: Crimeware Made-To-Order
Sara Peters, Senior Editor at Dark ReadingQuick Hits
A compartmentalized botnet with a wide selection of specialized web injects makes it easier to attack bank accounts across the globe.
By Sara Peters Senior Editor at Dark Reading, 12/18/2014
Comment0 comments  |  Read  |  Post a Comment
5 Pitfalls to Avoid When Running Your SOC
Jeff Schilling, CSO, FirehostCommentary
The former head of the US Army Cyber Command SOC shares his wisdom and battle scars about playing offense not defense against attackers.
By Jeff Schilling CSO, Firehost, 12/18/2014
Comment6 comments  |  Read  |  Post a Comment
Sony Cancels Movie, US Confirms North Korea Involvement, But Were Bomb Threats Empty?
Sara Peters, Senior Editor at Dark ReadingNews
After the Sony hackers issue threats of physical violence and 9/11-style attacks, The Interview is being killed before it even premieres. But would the attackers have really blown up theaters?
By Sara Peters Senior Editor at Dark Reading, 12/17/2014
Comment8 comments  |  Read  |  Post a Comment
Millions Of Android Phones In China Have Backdoor
Jai Vijayan, Freelance writerNews
An Android backdoor is the topic of one of two advisories this week on mobile threats.
By Jai Vijayan Freelance writer, 12/17/2014
Comment0 comments  |  Read  |  Post a Comment
'Grinch' Bug May Affect Most Linux Systems
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
But newly discovered vulnerability not as urgent as previous open-source bug disclosures.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/17/2014
Comment3 comments  |  Read  |  Post a Comment
The New Target for State-Sponsored Cyber Attacks: Applications
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
Skilled hackers are now using simple web application vulnerabilities like SQL Injection to take over database servers. Are you prepared to defend against this new type of threat actor?
By Jeff Williams CTO, Aspect Security & Contrast Security, 12/17/2014
Comment1 Comment  |  Read  |  Post a Comment
2014's Top Malware: Less Money, Mo' Problems
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Here are the five most active malware packages to give attackers a huge ROI on a small investment.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/16/2014
Comment0 comments  |  Read  |  Post a Comment
Sony Warns Media About Disclosure, Staff About Fraud, 'Bond' Fans About Spoilers
Sara Peters, Senior Editor at Dark ReadingQuick Hits
A wrapup of the latest Sony attack fallout.
By Sara Peters Senior Editor at Dark Reading, 12/16/2014
Comment1 Comment  |  Read  |  Post a Comment
2014: The Year of Privilege Vulnerabilities
Marc Maiffret, CTO, BeyondTrustCommentary
Of the 30 critical-rated Microsoft Security Bulletins this year, 24 involved vulnerabilities where the age-old best practice of "least privilege" could limit the impact of malware and raise the bar of difficulty for attackers.
By Marc Maiffret CTO, BeyondTrust, 12/16/2014
Comment0 comments  |  Read  |  Post a Comment
Balancing Accounting Policy & Security Strategy
Kevin T. Reardon, VP, Worldwide Strategy at McAfee, part of Intel Security
A long-term approach involves focusing on security as a platform, instead of a selection of individual products and point defenses.
By Kevin T. Reardon VP, Worldwide Strategy at McAfee, part of Intel Security, 12/16/2014
Comment0 comments  |  Read  |  Post a Comment
Stocking Stuffers For Happy Hacking
Ericka Chickowski, Contributing Writer, Dark Reading
Find that perfect gift for your co-workers and much-loved white hats without breaking the bank.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/15/2014
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by stevew928
Current Conversations Inside job.
In reply to: Re: Go offensive
Post Your Own Reply
More Conversations
PR Newswire
Obama: U.S. Will Respond 'Proportionately' To Sony Cyber Attack
Brian Prince, Contributing Writer, Dark Reading,  12/19/2014
Time To Rethink Patching Strategies
Kevin E. Greene, Software Assurance Program Manager, Department of Homeland Security Science & Technology Directorate,  12/19/2014
Sony Cancels Movie, US Confirms North Korea Involvement, But Were Bomb Threats Empty?
Sara Peters, Senior Editor at Dark Reading,  12/17/2014
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Balancing Accounting Policy & Security Strategy
A long-term approach involves focusing on security as a platform, instead of a selection of individual products and point defenses. Read >>
Partner Perspectives
What's This?
Cartoon
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.
White Papers
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5208
Published: 2014-12-22
BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbit...

CVE-2014-7286
Published: 2014-12-22
Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors.

CVE-2014-8896
Published: 2014-12-22
The Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to modify ...

CVE-2014-8897
Published: 2014-12-22
Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 ...

CVE-2014-8898
Published: 2014-12-22
Cross-site scripting (XSS) vulnerability in the Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 ...

Best of the Web
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed