Compliance Is A Start, Not The End
Insider Threats: Breaching The Human Barrier
Cartoon: BYOD Meets Internet of Things
'POODLE' Attacks, Kills Off SSL 3.0
The Internet of Things: 7 Scary Security Scenarios
News & Commentary
Backoff PoS Malware Boomed In Q3
Brian Prince, Contributing Writer, Dark ReadingNews
The security firm Damballa detected a 57% increase in infections of the notorious Backoff malware from August to September.
By Brian Prince Contributing Writer, Dark Reading, 10/24/2014
Comment0 comments  |  Read  |  Post a Comment
Poll: Patching Is Primary Response to Shellshock
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
As potential threats mount, Dark Reading community members hone in on patching infrastructure but not devices, according to our latest poll.
By Marilyn Cohodas Community Editor, Dark Reading, 10/24/2014
Comment1 Comment  |  Read  |  Post a Comment
Samsung Knox Is Weak, Researcher Says
Thomas Claburn, Editor-at-LargeCommentary
Samsung's Knox security software for Android devices handles passwords in a way that undermines encryption, an anonymous researcher says.
By Thomas Claburn Editor-at-Large, 10/24/2014
Comment2 comments  |  Read  |  Post a Comment
This Week In 60 Seconds: Crypto Outcry, Compliance & More
Andrew Conry Murray, Director of Content & Community, InteropCommentary
Hot stories this week include saying 'No' to crypto backdoors for law enforcement, new roles for IT on Wall Street, and more.
By Andrew Conry Murray Director of Content & Community, Interop, 10/24/2014
Comment0 comments  |  Read  |  Post a Comment
3 Enterprise Security Tenets To Take Personally
David Fowler, VP Marketing, INetUCommentary
Individuals need to become conscious advocates for their own security -- after all, no one cares about your data like you do.
By David Fowler VP Marketing, INetU, 10/24/2014
Comment3 comments  |  Read  |  Post a Comment
US Military Officials, Defense Firms Targeted In 'Operation Pawn Storm'
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Cyber espionage attackers "did their homework" in an attack campaign that has intensified in the wake of US-Russian tensions.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/23/2014
Comment5 comments  |  Read  |  Post a Comment
Financial Services Ranks Cyberattacks Top Industry Worry
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Depository Trust & Clearing Corporation (DTCC) survey says cyberrisk is one of the top five concerns for financial services firms.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/23/2014
Comment2 comments  |  Read  |  Post a Comment
Attacks On Patched Sandworm Flaw Force Microsoft To Issue Fix It
Jai Vijayan, Freelance writerNews
More than a week after Microsoft fixed a flaw affecting almost all Windows versions, attackers are continuing to exploit it.
By Jai Vijayan Freelance writer, 10/23/2014
Comment0 comments  |  Read  |  Post a Comment
20% Of 'Broadly Shared' Data Contains Regulated Info
Sara Peters, Senior Editor at Dark ReadingNews
Forget shadow IT. The new risk is "shadow data."
By Sara Peters Senior Editor at Dark Reading, 10/23/2014
Comment4 comments  |  Read  |  Post a Comment
Incident Response: Is Your IR Plan A Glorified Phone Tree?
Kerstyn Clover, Attack & Defense Team ConsultantCommentary
Training internal security teams to be first responders can drastically improve an organization's effectiveness in the wake of a data breach. Here's why.
By Kerstyn Clover Attack & Defense Team Consultant, 10/23/2014
Comment2 comments  |  Read  |  Post a Comment
Enterprise Security: Why You Need a Digital Immune System
Mike Fey, EVP, GM of Corporate Products & CTO, Intel Security
I’ve often talked about “trial and error” hacking tactics and how organizations frequently build “rat maze” defenses in response to them. Each time they learn ...
By Mike Fey EVP, GM of Corporate Products & CTO, Intel Security, 10/23/2014
Comment1 Comment  |  Read  |  Post a Comment
DHS Investigates Dozens Of Medical Device Cybersecurity Flaws
Jai Vijayan, Freelance writerCommentary
Department of Homeland Security reportedly investigating two-dozen products from major medical device manufacturers for security holes.
By Jai Vijayan Freelance writer, 10/23/2014
Comment1 Comment  |  Read  |  Post a Comment
10 Things IT Probably Doesn't Know About Cyber Insurance
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Understand the benefits and the pitfalls you might miss when evaluating cyber policies.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/23/2014
Comment3 comments  |  Read  |  Post a Comment
So You Think You Know Risk Management
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Infosec officers are coming around to the idea that their job is more about managing risk than putting the entire organization on permanent lockdown. But do security pros understand risk management as well as they think they do?
By Sara Peters Senior Editor at Dark Reading, 10/23/2014
Comment1 Comment  |  Read  |  Post a Comment
Open-Source Software Brings Bugs To Web Applications
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
An average of eight severe security flaws from open-source and third-party code can be found in each web application, according to new findings from Veracode.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/22/2014
Comment8 comments  |  Read  |  Post a Comment
Pharmaceuticals, Not Energy, May Have Been True Target Of Dragonfly, Energetic Bear
Sara Peters, Senior Editor at Dark ReadingNews
New research says the compromised companies were suppliers for OEMs that served pharma and biotech.
By Sara Peters Senior Editor at Dark Reading, 10/22/2014
Comment0 comments  |  Read  |  Post a Comment
Insecure Protocol Puts 1.2M SOHO Devices At Risk
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Enterprises should take care to prohibit NAT-PMP traffic on untrusted network interfaces.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/22/2014
Comment1 Comment  |  Read  |  Post a Comment
Cyber Threats: Information vs. Intelligence
Matt Hartley, VP Product Management, iSIGHT PartnersCommentary
Cyber threat intelligence or CTI is touted to be the next big thing in InfoSec. But does it narrow the security problem or compound it?
By Matt Hartley VP Product Management, iSIGHT Partners, 10/22/2014
Comment2 comments  |  Read  |  Post a Comment
Illumio Takes New Cloud, Data Center Security Approach
Charles Babcock, Editor At Large, InformationWeek Commentary
Security startup Illumio has launched a granular scheme based on individual workloads, not firewalls or network monitoring.
By Charles Babcock Editor At Large, InformationWeek , 10/22/2014
Comment2 comments  |  Read  |  Post a Comment
Shellshock & Why EHRs Need Updating
Michael A.M. Davies, Founder & Chairman, Endeavour PartnersCommentary
Nearly half of all security breaches occur in healthcare, and outdated medical records systems make data more vulnerable. An up-to-date EHR system can help solve security concerns, save money, and improve patient care.
By Michael A.M. Davies Founder & Chairman, Endeavour Partners, 10/22/2014
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
How To Become A CISO, Part 1
Sara Peters, Senior Editor at Dark Reading,  10/20/2014
Nearly Half Of Consumers Will Punish Breached Retailers During Holidays
Ericka Chickowski, Contributing Writer, Dark Reading,  10/20/2014
Open-Source Software Brings Bugs To Web Applications
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/22/2014
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Enterprise Security: Why You Need a Digital Immune System
Treating enterprise security like the human body's response to illness or injury is more effective than just a barrier approach Read >>
Cartoon
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.
White Papers
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2021
Published: 2014-10-24
Cross-site scripting (XSS) vulnerability in admincp/apilog.php in vBulletin 4.4.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name.

CVE-2014-3604
Published: 2014-10-24
Certificates.java in Not Yet Commons SSL before 0.3.15 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CVE-2014-6230
Published: 2014-10-24
WP-Ban plugin before 1.6.4 for WordPress, when running in certain configurations, allows remote attackers to bypass the IP blacklist via a crafted X-Forwarded-For header.

CVE-2014-6251
Published: 2014-10-24
Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote attackers to have an unspecified impact by sending a mining.subscribe response with a large nonce2 length, then triggering the overflow with a mining.notify request.

CVE-2014-7180
Published: 2014-10-24
Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for (1) eccert.pl and (2) ecconfigure.pl, which allows local users to execute arbitrary Perl code by modifying these files.

Best of the Web
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed