Why China Wants Your Sensitive Data
Social Engineering & Black Hat: Do As I Do Not As I Say
What Do You Mean My Security Tools Don't Work on APIs?!!
The Dark Web: An Untapped Source For Threat Intelligence
5 Things You Probably Missed In The Verizon DBIR
News & Commentary
FBI Offering $4.3 Million For Help Finding Cyber Most-Wanted
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Big prize still going to whomever can help find Gameover ZeuS mastermind.
By Sara Peters Senior Editor at Dark Reading, 7/2/2015
Comment0 comments  |  Read  |  Post a Comment
Harvard Suffers Data Breach Spanning Multiple Schools, Administration Networks
Jai Vijayan, Freelance writerNews
Investigation so far shows email and system login info may have been compromised, university says.
By Jai Vijayan Freelance writer, 7/2/2015
Comment0 comments  |  Read  |  Post a Comment
In The Cyber Realm, Letís Be Knights Not Blacksmiths
Jeff Schilling, CSO, FirehostCommentary
Why the Internet of Things is our chance to finally get information security right.
By Jeff Schilling CSO, Firehost, 7/2/2015
Comment1 Comment  |  Read  |  Post a Comment
Smart Cities' 4 Biggest Security Challenges
Sara Peters, Senior Editor at Dark ReadingNews
The messiness of politics and the vulnerability of the Internet of Things in one big, unwieldy package.
By Sara Peters Senior Editor at Dark Reading, 7/1/2015
Comment3 comments  |  Read  |  Post a Comment
PCI Update Paves Way For Expanding Point-to-Point Encryption
Jai Vijayan, Freelance writerNews
Move appears designed mainly for large organizations and big-box retailers looking to lock down payment card security.
By Jai Vijayan Freelance writer, 7/1/2015
Comment4 comments  |  Read  |  Post a Comment
iOS 8.4, Mac OS X Updates Plug Vulnerabilities
Eric Zeman, Commentary
Apple released its iOS 8.4 and Mac OS X 10.10.4 updates that add Apple Music and tackle a range of security problems.
By Eric Zeman , 7/1/2015
Comment0 comments  |  Read  |  Post a Comment
Franchising Ransomware
Vincent Weafer, Senior Vice President, Intel Security
Ransomware-as-a-service is fueling cyberattacks. Is your organization prepared?
By Vincent Weafer Senior Vice President, Intel Security, 7/1/2015
Comment2 comments  |  Read  |  Post a Comment
Why We Need In-depth SAP Security Training
Juan Pablo Perez-Etchegoyen, CTO, OnapsisCommentary
SAP and Oracle are releasing tons of patches every month, but are enterprises up to this complex task? I have my doubts.
By Juan Pablo Perez-Etchegoyen CTO, Onapsis, 7/1/2015
Comment1 Comment  |  Read  |  Post a Comment
DDoS Attackers Exploiting '80s-Era Routing Protocol
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Latest wave of DDoS attacks abuses small office-home routers via the 27-year-old, outdated Routing Information Protocol Version 1 (RIPv1).
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/1/2015
Comment2 comments  |  Read  |  Post a Comment
Android Malware On The Rise
Sara Peters, Senior Editor at Dark ReadingNews
By the end of 2015, researchers expect the number of new Android malware strains to hit 2 million.
By Sara Peters Senior Editor at Dark Reading, 7/1/2015
Comment0 comments  |  Read  |  Post a Comment
Securing Critical Infrastructure
Lorie Wigle, Vice President, General Manager IOT Security Solutions, Intel Security Group
Protecting the Industrial Internet of Things from cyberthreats is a national priority.
By Lorie Wigle Vice President, General Manager IOT Security Solutions, Intel Security Group, 6/30/2015
Comment1 Comment  |  Read  |  Post a Comment
Cisco 'Everywhere': Networking Giant To Buy OpenDNS For $635 Million
Dark Reading Staff, Quick Hits
OpenDNS, which provides threat intelligence via a software-as-a-service offering, expected to enhance Cisco's existing cloud security offerings.
By Dark Reading Staff , 6/30/2015
Comment0 comments  |  Read  |  Post a Comment
Getting To Yes: Negotiating Technology Innovation & Security Risk
Tsion Gonen , Chief Strategy Office, Gemalto, Identity & Data ProtectionCommentary
As enterprises look for ways to leverage the cloud, mobility, Big Data, and social media for competitive advantage, CISOs can no longer give blanket refusals to IT experimentation.
By Tsion Gonen Chief Strategy Office, Gemalto, Identity & Data Protection, 6/30/2015
Comment0 comments  |  Read  |  Post a Comment
4 Signs Your Board Thinks Security Readiness Is Better Than It Is
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Ponemon Institute survey shows a gap in perception between boards of directors and IT executives when it comes to IT risk posture.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/30/2015
Comment1 Comment  |  Read  |  Post a Comment
Gas Stations In the Bullseye
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
White hats at Black Hat USA will release free honeypot tool for monitoring attacks against gas tank monitoring systems.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/29/2015
Comment6 comments  |  Read  |  Post a Comment
Clever CryptoWall Spreading Via New Attacks
Sara Peters, Senior Editor at Dark ReadingNews
Top ransomware doesn't waste time jumping on the latest Flash zero-day, and hops rides on click fraud campaigns, too.
By Sara Peters Senior Editor at Dark Reading, 6/29/2015
Comment4 comments  |  Read  |  Post a Comment
CSA Announces New Working Group For Cloud Security API Standards
Ericka Chickowski, Contributing Writer, Dark ReadingNews
CipherCloud, Deloitte, InfoSys, Intel Security and SAP all on board to start developing vendor-neutral guidelines that could further accelerate CASB growth
By Ericka Chickowski Contributing Writer, Dark Reading, 6/29/2015
Comment0 comments  |  Read  |  Post a Comment
Cyber Resilience And Spear Phishing
Mo Cashman, Director of the Enterprise Architecture team at Intel Security.
Balanced security capability, defense in depth, integrated countermeasures, and a threat-intelligence strategy are critical to defending your business from spear-phishing attacks.
By Mo Cashman Director of the Enterprise Architecture team at Intel Security. , 6/29/2015
Comment0 comments  |  Read  |  Post a Comment
Social Engineering & Black Hat: Do As I Do Not As I Say
Tal Klein, VP Strategy, Lakeside Software.Commentary
Yes, I will be at Black Hat, where people will yell at me about NOT giving my PII to anyone, especially if they ask me for it via email.
By Tal Klein VP Strategy, Lakeside Software., 6/29/2015
Comment2 comments  |  Read  |  Post a Comment
4 Ways Cloud Usage Is Putting Health Data At Risk
Jai Vijayan, Freelance writerNews
A huge shadow IT problem is just one of the risks of uncontrolled cloud usage in healthcare organizations, new study shows.
By Jai Vijayan Freelance writer, 6/26/2015
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Gas Stations In the Bullseye
Kelly Jackson Higgins, Executive Editor at Dark Reading,  6/29/2015
Clever CryptoWall Spreading Via New Attacks
Sara Peters, Senior Editor at Dark Reading,  6/29/2015
PCI Update Paves Way For Expanding Point-to-Point Encryption
Jai Vijayan, Freelance writer,  7/1/2015
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Franchising Ransomware
Ransomware-as-a-service is fueling cyberattacks. Is your organization prepared? Read >>
Partner Perspectives
What's This?
Cartoon
Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0192
Published: 2015-07-02
Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine.

CVE-2015-1914
Published: 2015-07-02
IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass "permission checks" and obtain sensitive information via vectors related to the Java Virtual Machine.

CVE-2015-1916
Published: 2015-07-02
Unspecified vulnerability in IBM Java 8 before SR1 allows remote attackers to cause a denial of service via unknown vectors related to SSL/TLS and the Secure Socket Extension provider.

CVE-2015-3157
Published: 2015-07-02
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE-2015-3202
Published: 2015-07-02
fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature.

10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed