DR Radio: Incident Response War-Gaming
Data Encryption In The Cloud: Square Pegs In Round Holes
Planes, Tweets & Possible Hacks From Seats
Hacking Airplanes: No One Benefits When Lives Are Risked To Prove A Point
VENOM Zero-Day May Affect Thousands Of Cloud, Virtualization Products
News & Commentary
Iris Scans: Security Breakthrough Or Privacy Invasion?
David Wagner, Executive Editor, Community & IT LifeNews
New technology allows irises to be scanned from 40 feet away. Is this a wonder weapon against crime and terrorism or a way for governments to invade our privacy and track our movements?
By David Wagner Executive Editor, Community & IT Life, 5/27/2015
Comment0 comments  |  Read  |  Post a Comment
What Data Breaches Now Cost And Why
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New Ponemon report says the cost of a data breach has increased by 23% and healthcare and education breaches are the most pricey.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/27/2015
Comment0 comments  |  Read  |  Post a Comment
IRS Breach Exposes 100,000 Taxpayers' Tax Returns, Other Data
Dark Reading Staff, Quick Hits
Online 'Get Transcript' service accessed from February to mid-May.
By Dark Reading Staff , 5/26/2015
Comment2 comments  |  Read  |  Post a Comment
Profile Of A Cybercrime Petty Thief
Sara Peters, Senior Editor at Dark ReadingNews
Trend Micro provides peek at methods of amateur, lone-wolf carder.
By Sara Peters Senior Editor at Dark Reading, 5/26/2015
Comment0 comments  |  Read  |  Post a Comment
A Threat Intelligence-Sharing Reality-Check
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Many organizations employ sharing one-way (gathering) and mainly for 'CYA,' experts say.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/26/2015
Comment0 comments  |  Read  |  Post a Comment
State-Sponsored Cybercrime: A Growing Business Threat
David Venable,  Director, Professional Services, Masergy CommunicationsCommentary
You don’t have to be the size of Sony -- or even mock North Korea -- to be a target.
By David Venable Director, Professional Services, Masergy Communications, 5/26/2015
Comment1 Comment  |  Read  |  Post a Comment
Android Factory Reset Leaves Your Data Exposed: Study
Nathan Eddy, Freelance WriterNews
Flaws in Google’s Android operating system mean the factory-reset option is unlikely to permanently wipe all your data -- or master token -- from the device.
By Nathan Eddy Freelance Writer, 5/25/2015
Comment3 comments  |  Read  |  Post a Comment
DR Radio: Incident Response War-Gaming
Sara Peters, Senior Editor at Dark ReadingCommentary
Wednesday, May 27: Learn how to practice the post-breach panicking.
By Sara Peters Senior Editor at Dark Reading, 5/25/2015
Comment2 comments  |  Read  |  Post a Comment
Google: Account Recovery Security Questions Not Very Secure
Jai Vijayan, Freelance writerNews
An analysis of millions of answers to security questions show many are predictable and easily guessable, says Google.
By Jai Vijayan Freelance writer, 5/22/2015
Comment2 comments  |  Read  |  Post a Comment
Cyber Threat Analysis: A Call for Clarity
Michael McMahon, Director, Cyber Strategy & Analysis, Innovative Analytics & Training, LLCCommentary
The general public deserves less hyperbole and more straight talk
By Michael McMahon Director, Cyber Strategy & Analysis, Innovative Analytics & Training, LLC, 5/22/2015
Comment8 comments  |  Read  |  Post a Comment
Hacking Virginia State Trooper Cruisers
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Working group of federal agencies and private industry launched by the state of Virginia is studying car vulnerabilities and building tools to detect and protect against vehicle hacking and tampering.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/22/2015
Comment1 Comment  |  Read  |  Post a Comment
Bots Outpace Humans Online: Study
Curtis Franklin Jr., Executive Editor, Technical ContentCommentary
Humans were responsible for only 41% of network traffic monitored by Distil Networks; bots made up the rest. What does this mean for your applications?
By Curtis Franklin Jr. Executive Editor, Technical Content, 5/22/2015
Comment3 comments  |  Read  |  Post a Comment
NSA Wanted To Hack Google App Store, Infect Android Phones
Eric Zeman, Commentary
The NSA and its Five Eyes allies researched a man-in-the-middle attack to infect Android smartphone users by hacking Google's App Store. It's the last revelation from Edward Snowden.
By Eric Zeman , 5/21/2015
Comment18 comments  |  Read  |  Post a Comment
Data Encryption In The Cloud: Square Pegs In Round Holes
Thomas Ristenpart, Asst. Professor, Computer Sciences, University of WisconsinCommentary
Conventional encryption is a surefire solution for protecting sensitive data -- except when it breaks cloud applications. “Format-preserving” encryption could change all that.
By Thomas Ristenpart Asst. Professor, Computer Sciences, University of Wisconsin, 5/21/2015
Comment0 comments  |  Read  |  Post a Comment
Half Of Retail, Healthcare Sites 'Always Vulnerable'
Sara Peters, Senior Editor at Dark ReadingNews
Finding vulnerabilities in custom web applications isn't the major problem; fixing them in a timely fashion is, a new report from WhiteHat Security finds.
By Sara Peters Senior Editor at Dark Reading, 5/21/2015
Comment0 comments  |  Read  |  Post a Comment
1.1 Million Hit In Another BlueCross BlueShield Breach
Dark Reading Staff, Quick Hits
CareFirst BCBS announces breach, two months after Premera Blue Cross disclosed a breach of 11 million records.
By Dark Reading Staff , 5/20/2015
Comment0 comments  |  Read  |  Post a Comment
Logjam Encryption Flaw Threatens Secure Communications On Web
Jai Vijayan, Freelance writerNews
Most major browsers, websites that support export ciphers impacted
By Jai Vijayan Freelance writer, 5/20/2015
Comment1 Comment  |  Read  |  Post a Comment
The Cloud Revolution Requires High-Performance Attack Prevention
Rees Johnson, Sr. VP and GM the Content Security Business Unit, Intel Security
Where there is traffic, there are bandits.
By Rees Johnson Sr. VP and GM the Content Security Business Unit, Intel Security, 5/20/2015
Comment0 comments  |  Read  |  Post a Comment
Planes, Tweets & Possible Hacks From Seats
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
There are conflicting reports over whether security researcher Chris Roberts hacked into flight controls and manipulated a plane.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/20/2015
Comment9 comments  |  Read  |  Post a Comment
5 Signs Credentials In Your Network Are Being Compromised
Idan Tendler, CEO, FortscaleCommentary
Where should you start to keep ahead of attackers using insiders to steal corporate secrets or personal identifiable information? Check out these common scenarios.
By Idan Tendler CEO, Fortscale, 5/20/2015
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Planes, Tweets & Possible Hacks From Seats
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/20/2015
Cyber Threat Analysis: A Call for Clarity
Michael McMahon, Director, Cyber Strategy & Analysis, Innovative Analytics & Training, LLC,  5/22/2015
Google: Account Recovery Security Questions Not Very Secure
Jai Vijayan, Freelance writer,  5/22/2015
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Drinking from the Malware Fire Hose
Take a staged approach to processing malware in bulk so that scarce and time-limited resources can be prioritized for only those threats that truly require them. Read >>
Cartoon
Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-9710
Published: 2015-05-27
The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time windo...

CVE-2014-9715
Published: 2015-05-27
include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that trig...

CVE-2015-2666
Published: 2015-05-27
Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to t...

CVE-2015-2830
Published: 2015-05-27
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrate...

CVE-2015-2922
Published: 2015-05-27
The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.

10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed