Why China Wants Your Sensitive Data
Social Engineering & Black Hat: Do As I Do Not As I Say
What Do You Mean My Security Tools Don't Work on APIs?!!
The Dark Web: An Untapped Source For Threat Intelligence
5 Things You Probably Missed In The Verizon DBIR
News & Commentary
iOS 8.4, Mac OS X Updates Plug Vulnerabilities
Eric Zeman, Commentary
Apple released its iOS 8.4 and Mac OS X 10.10.4 updates that add Apple Music and tackle a range of security problems.
By Eric Zeman , 7/1/2015
Comment0 comments  |  Read  |  Post a Comment
Franchising Ransomware
Vincent Weafer, Senior Vice President, Intel Security
Ransomware-as-a-service is fueling cyberattacks. Is your organization prepared?
By Vincent Weafer Senior Vice President, Intel Security, 7/1/2015
Comment0 comments  |  Read  |  Post a Comment
Why We Need In-depth SAP Security Training
Juan Pablo Perez-Etchegoyen, CTO, OnapsisCommentary
SAP and Oracle are releasing tons of patches every month, but are enterprises up to this complex task? I have my doubts.
By Juan Pablo Perez-Etchegoyen CTO, Onapsis, 7/1/2015
Comment0 comments  |  Read  |  Post a Comment
DDoS Attackers Exploiting '80s-Era Routing Protocol
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Latest wave of DDoS attacks abuses small office-home routers via the 27-year-old, outdated Routing Information Protocol Version 1 (RIPv1).
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/1/2015
Comment0 comments  |  Read  |  Post a Comment
Android Malware On The Rise
Sara Peters, Senior Editor at Dark ReadingNews
By the end of 2015, researchers expect the number of new Android malware strains to hit 2 million.
By Sara Peters Senior Editor at Dark Reading, 7/1/2015
Comment0 comments  |  Read  |  Post a Comment
Securing Critical Infrastructure
Lorie Wigle, Vice President, General Manager IOT Security Solutions, Intel Security Group
Protecting the Industrial Internet of Things from cyberthreats is a national priority.
By Lorie Wigle Vice President, General Manager IOT Security Solutions, Intel Security Group, 6/30/2015
Comment1 Comment  |  Read  |  Post a Comment
Cisco 'Everywhere': Networking Giant To Buy OpenDNS For $635 Million
Dark Reading Staff, Quick Hits
OpenDNS, which provides threat intelligence via a software-as-a-service offering, expected to enhance Cisco's existing cloud security offerings.
By Dark Reading Staff , 6/30/2015
Comment0 comments  |  Read  |  Post a Comment
Getting To Yes: Negotiating Technology Innovation & Security Risk
Tsion Gonen , Chief Strategy Office, Gemalto, Identity & Data ProtectionCommentary
As enterprises look for ways to leverage the cloud, mobility, Big Data, and social media for competitive advantage, CISOs can no longer give blanket refusals to IT experimentation.
By Tsion Gonen Chief Strategy Office, Gemalto, Identity & Data Protection, 6/30/2015
Comment0 comments  |  Read  |  Post a Comment
4 Signs Your Board Thinks Security Readiness Is Better Than It Is
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Ponemon Institute survey shows a gap in perception between boards of directors and IT executives when it comes to IT risk posture.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/30/2015
Comment1 Comment  |  Read  |  Post a Comment
Gas Stations In the Bullseye
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
White hats at Black Hat USA will release free honeypot tool for monitoring attacks against gas tank monitoring systems.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/29/2015
Comment6 comments  |  Read  |  Post a Comment
Clever CryptoWall Spreading Via New Attacks
Sara Peters, Senior Editor at Dark ReadingNews
Top ransomware doesn't waste time jumping on the latest Flash zero-day, and hops rides on click fraud campaigns, too.
By Sara Peters Senior Editor at Dark Reading, 6/29/2015
Comment3 comments  |  Read  |  Post a Comment
CSA Announces New Working Group For Cloud Security API Standards
Ericka Chickowski, Contributing Writer, Dark ReadingNews
CipherCloud, Deloitte, InfoSys, Intel Security and SAP all on board to start developing vendor-neutral guidelines that could further accelerate CASB growth
By Ericka Chickowski Contributing Writer, Dark Reading, 6/29/2015
Comment0 comments  |  Read  |  Post a Comment
Cyber Resilience And Spear Phishing
Mo Cashman, Director of the Enterprise Architecture team at Intel Security.
Balanced security capability, defense in depth, integrated countermeasures, and a threat-intelligence strategy are critical to defending your business from spear-phishing attacks.
By Mo Cashman Director of the Enterprise Architecture team at Intel Security. , 6/29/2015
Comment0 comments  |  Read  |  Post a Comment
Social Engineering & Black Hat: Do As I Do Not As I Say
Tal Klein, VP Strategy, Lakeside Software.Commentary
Yes, I will be at Black Hat, where people will yell at me about NOT giving my PII to anyone, especially if they ask me for it via email.
By Tal Klein VP Strategy, Lakeside Software., 6/29/2015
Comment2 comments  |  Read  |  Post a Comment
4 Ways Cloud Usage Is Putting Health Data At Risk
Jai Vijayan, Freelance writerNews
A huge shadow IT problem is just one of the risks of uncontrolled cloud usage in healthcare organizations, new study shows.
By Jai Vijayan Freelance writer, 6/26/2015
Comment3 comments  |  Read  |  Post a Comment
3 Simple Steps For Minimizing Ransomware Exposure
Michelle Drolet, Founder, TowerwallCommentary
If your data is important enough to pay a ransom, why wasn't it important enough to properly backup and protect in the first place?
By Michelle Drolet Founder, Towerwall, 6/26/2015
Comment0 comments  |  Read  |  Post a Comment
Stealthy Fobber Malware Takes Anti-Analysis To New Heights
Sara Peters, Senior Editor at Dark ReadingNews
Built off the Tinba banking Trojan and distributed through the elusive HanJuan exploit kit, Fobber info-stealer defies researchers with layers upon layers of encryption.
By Sara Peters Senior Editor at Dark Reading, 6/25/2015
Comment0 comments  |  Read  |  Post a Comment
FireEye Report Prompts Reported SEC Probe Of FIN4 Hacking Gang
Jai Vijayan, Freelance writerNews
Security vendor's report from last year had warned about group targeting insider data from illegal trading.
By Jai Vijayan Freelance writer, 6/25/2015
Comment0 comments  |  Read  |  Post a Comment
5 Things You Probably Missed In The Verizon DBIR
Kelly Jackson Higgins, Executive Editor at Dark Reading
A look at a few of the lesser-noticed but meaty nuggets in the annual Verizon Data Breach Investigations Report (DBIR).
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/25/2015
Comment5 comments  |  Read  |  Post a Comment
Samsung Slammed For Disabling Windows Update
Eric Zeman, Commentary
Samsung admitted to altering the behavior of Microsoft's Windows Update tool, but claims to have good intentions.
By Eric Zeman , 6/25/2015
Comment9 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by harmanpreetsinghka
Current Conversations nice post
In reply to: Re: Cartoon: Spring Fever
Post Your Own Reply
More Conversations
PR Newswire
What Do You Mean My Security Tools Don't Work on APIs?!!
Jeff Williams, CTO, Aspect Security & Contrast Security,  6/25/2015
Gas Stations In the Bullseye
Kelly Jackson Higgins, Executive Editor at Dark Reading,  6/29/2015
5 Things You Probably Missed In The Verizon DBIR
Kelly Jackson Higgins, Executive Editor at Dark Reading,  6/25/2015
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Franchising Ransomware
Ransomware-as-a-service is fueling cyberattacks. Is your organization prepared? Read >>
Partner Perspectives
What's This?
Cartoon
Latest Comment: nice post
Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1750
Published: 2015-07-01
Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps & Places plugin 1.6.6 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the href parameter to page/place.html. NOTE: this was originally reported as cross-sit...

CVE-2014-1836
Published: 2015-07-01
Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.

CVE-2015-0848
Published: 2015-07-01
Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image.

CVE-2015-1330
Published: 2015-07-01
unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vecto...

CVE-2015-1950
Published: 2015-07-01
IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain PowerVC credentials and bypass intended access restrictions via unspecified Python code.

10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed