Dark Reading Radio: How To Become A CISO
Stocking Stuffers For Happy Hacking
Price Tag Rises For Stolen Identities Sold In The Underground
Ekoparty Isn't The Next Defcon (& It Doesn't Want To Be)
Internet Of Things: 3 Holiday Gifts That Will Keep CISOs Up At Night
News & Commentary
Bad Bots On The Rise
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Humans remain outnumbered by bots online, new data shows.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/18/2014
Comment0 comments  |  Read  |  Post a Comment
Vawtrak: Crimeware Made-To-Order
Sara Peters, Senior Editor at Dark ReadingQuick Hits
A compartmentalized botnet with a wide selection of specialized web injects makes it easier to attack bank accounts across the globe.
By Sara Peters Senior Editor at Dark Reading, 12/18/2014
Comment0 comments  |  Read  |  Post a Comment
5 Pitfalls to Avoid When Running Your SOC
Jeff Schilling, CSO, FirehostCommentary
The former head of the US Army Cyber Command SOC shares his wisdom and battle scars about playing offense not defense against attackers.
By Jeff Schilling CSO, Firehost, 12/18/2014
Comment0 comments  |  Read  |  Post a Comment
Sony Cancels Movie, US Confirms North Korea Involvement, But Were Bomb Threats Empty?
Sara Peters, Senior Editor at Dark ReadingNews
After the Sony hackers issue threats of physical violence and 9/11-style attacks, The Interview is being killed before it even premieres. But would the attackers have really blown up theaters?
By Sara Peters Senior Editor at Dark Reading, 12/17/2014
Comment3 comments  |  Read  |  Post a Comment
Millions Of Android Phones In China Have Backdoor
Jai Vijayan, Freelance writerNews
An Android backdoor is the topic of one of two advisories this week on mobile threats.
By Jai Vijayan Freelance writer, 12/17/2014
Comment0 comments  |  Read  |  Post a Comment
'Grinch' Bug May Affect Most Linux Systems
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
But newly discovered vulnerability not as urgent as previous open-source bug disclosures.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/17/2014
Comment1 Comment  |  Read  |  Post a Comment
The New Target for State-Sponsored Cyber Attacks: Applications
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
Skilled hackers are now using simple web application vulnerabilities like SQL Injection to take over database servers. Are you prepared to defend against this new type of threat actor?
By Jeff Williams CTO, Aspect Security & Contrast Security, 12/17/2014
Comment0 comments  |  Read  |  Post a Comment
2014's Top Malware: Less Money, Mo' Problems
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Here are the five most active malware packages to give attackers a huge ROI on a small investment.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/16/2014
Comment0 comments  |  Read  |  Post a Comment
Sony Warns Media About Disclosure, Staff About Fraud, 'Bond' Fans About Spoilers
Sara Peters, Senior Editor at Dark ReadingQuick Hits
A wrapup of the latest Sony attack fallout.
By Sara Peters Senior Editor at Dark Reading, 12/16/2014
Comment1 Comment  |  Read  |  Post a Comment
2014: The Year of Privilege Vulnerabilities
Marc Maiffret, CTO, BeyondTrustCommentary
Of the 30 critical-rated Microsoft Security Bulletins this year, 24 involved vulnerabilities where the age-old best practice of "least privilege" could limit the impact of malware and raise the bar of difficulty for attackers.
By Marc Maiffret CTO, BeyondTrust, 12/16/2014
Comment0 comments  |  Read  |  Post a Comment
Balancing Accounting Policy & Security Strategy
Kevin T. Reardon, VP, Worldwide Strategy at McAfee, part of Intel Security
A long-term approach involves focusing on security as a platform, instead of a selection of individual products and point defenses.
By Kevin T. Reardon VP, Worldwide Strategy at McAfee, part of Intel Security, 12/16/2014
Comment0 comments  |  Read  |  Post a Comment
Stocking Stuffers For Happy Hacking
Ericka Chickowski, Contributing Writer, Dark Reading
Find that perfect gift for your co-workers and much-loved white hats without breaking the bank.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/15/2014
Comment0 comments  |  Read  |  Post a Comment
Price Tag Rises For Stolen Identities Sold In The Underground
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
What cybercriminals now charge for stolen identities, counterfeit identities, hacking tutorials, DDoS, and other services.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/15/2014
Comment4 comments  |  Read  |  Post a Comment
Dark Reading Radio: How To Become A CISO
Sara Peters, Senior Editor at Dark ReadingCommentary
Find out what employers are really looking for in a chief information security officer.
By Sara Peters Senior Editor at Dark Reading, 12/15/2014
Comment2 comments  |  Read  |  Post a Comment
Ekoparty Isn’t The Next Defcon (& It Doesn’t Want To Be)
Andrew Ford, Developer, BugcrowdCommentary
Unlike American security conferences that offer a buffet of merchandise, meals, and drinks, Ekoparty, in Buenos Aires, is every bit as functional -- with a little less fluff.
By Andrew Ford Developer, Bugcrowd, 12/15/2014
Comment0 comments  |  Read  |  Post a Comment
Targeted Attacks: A Defender's Playbook
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Cyberthreat actors are increasingly going after a single victim. Here are some tips to help your organization get ready.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/15/2014
Comment3 comments  |  Read  |  Post a Comment
Attackers Turn Focus To PoS Vendors
Brian Prince, Contributing Writer, Dark ReadingNews
The recently reported attack on Charge Anywhere puts the payment solutions provider on a list of PoS vendors attacked this year.
By Brian Prince Contributing Writer, Dark Reading, 12/12/2014
Comment1 Comment  |  Read  |  Post a Comment
Iowa Mobile ID Program Raises Privacy Questions
Eric Zeman, News
The state of Iowa proposes using a mobile app as an option to a traditional driver's license -- but security questions abound.
By Eric Zeman , 12/12/2014
Comment4 comments  |  Read  |  Post a Comment
Shadow IT: Not The Risk You Think
Tal Klein, VP Strategy, AdallomCommentary
Enterprise cloud services such as Box, Office 365, Salesforce, and Google Apps can make a better case for being called sanctioned than many legacy, on-premises, IT-provisioned applications.
By Tal Klein VP Strategy, Adallom, 12/12/2014
Comment0 comments  |  Read  |  Post a Comment
Cyberattacks Longer, More Continuous Than Before
Jai Vijayan, Freelance writerNews
A surprisingly large number of organizations experienced cyberattacks lasting more than one month, a new survey found.
By Jai Vijayan Freelance writer, 12/12/2014
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Price Tag Rises For Stolen Identities Sold In The Underground
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/15/2014
Sony Cancels Movie, US Confirms North Korea Involvement, But Were Bomb Threats Empty?
Sara Peters, Senior Editor at Dark Reading,  12/17/2014
Targeted Attacks: A Defender's Playbook
Ericka Chickowski, Contributing Writer, Dark Reading,  12/15/2014
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Balancing Accounting Policy & Security Strategy
A long-term approach involves focusing on security as a platform, instead of a selection of individual products and point defenses. Read >>
Partner Perspectives
What's This?
Cartoon
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.
White Papers
Current Issue
Dark Reading, January 2015
To find and fix exploits aimed directly at your business, stop waiting for alerts and become a proactive hunter.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3580
Published: 2014-12-18
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.

CVE-2014-6076
Published: 2014-12-18
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to conduct clickjacking attacks via a crafted web site.

CVE-2014-6077
Published: 2014-12-18
Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

CVE-2014-6078
Published: 2014-12-18
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which makes it easier for remote attackers to obtain admin access via a brute-force attack.

CVE-2014-6080
Published: 2014-12-18
SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Best of the Web
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed