Retail Hacking: What To Expect This Holiday Season
The Year Of The Retailer Data Breach
Time To Turn The Tables On Attackers
US Postal Service Suspends Telecommuting Following Massive Data Breach
How I Became A CISO: Jennings Aske, Nuance Communications
News & Commentary
Video: Tech Hygiene Bad Habits, 3D Stock Portfolios
Andrew Conry Murray, Director of Content & Community, InteropCommentary
This Week In 60 Seconds looks at bad tech hygiene habits, using Oculus Rift for 3D stock portfolios, security risks during the holiday shopping season, and more.
By Andrew Conry Murray Director of Content & Community, Interop, 11/21/2014
Comment0 comments  |  Read  |  Post a Comment
OCR Audits: Don’t Fall Victim To Past Mistakes
Mark Fulford, Partner at LBMC’s Security & Risk ServicesCommentary
The Office of Civil Rights is not out to get you. But it does expect you to make good-faith efforts at protecting patient data.
By Mark Fulford Partner at LBMC’s Security & Risk Services, 11/21/2014
Comment0 comments  |  Read  |  Post a Comment
When Every Minute Counts (Part 2)
Carric Dooley, WW VP of Foundstone Services, Intel Security
Acting on key Indicators of Attack for incident response is crucial.
By Carric Dooley WW VP of Foundstone Services, Intel Security, 11/21/2014
Comment0 comments  |  Read  |  Post a Comment
Russian Cyber Espionage Under The Microscope
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New report shows level of coordination and strategy by three main groups of cyberspies out of Russia.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/20/2014
Comment1 Comment  |  Read  |  Post a Comment
New Citadel Attack Targets Password Managers
Jai Vijayan, Freelance writerNews
IBM researchers have found signs that the prolific data steal Trojan is now being used to attack widely used password managers.
By Jai Vijayan Freelance writer, 11/20/2014
Comment1 Comment  |  Read  |  Post a Comment
You’re Doing BYOD Wrong: These Numbers Prove It
Bogdan Botezatu, Senior E-threat Analyst, Bitdefender
Almost 40% of users who connect personal mobile devices to corporate networks have no lock-screen mechanism set in place.
By Bogdan Botezatu Senior E-threat Analyst, Bitdefender, 11/20/2014
Comment0 comments  |  Read  |  Post a Comment
Surveillance Cameras Next On The Insecure IoT List
Sara Peters, Senior Editor at Dark ReadingNews
Three buffer overflow vulnerabilities leave HikVision video recorders open to remote code execution.
By Sara Peters Senior Editor at Dark Reading, 11/20/2014
Comment2 comments  |  Read  |  Post a Comment
Enter The Digital Risk Officer
Nick Sanna, President, Digital Risk Management InstituteCommentary
In the brave new world of digital risk management, a CISO would report up to a DRO who manages risk from a business perspective and works with peers in business ops, compliance, and IT security.
By Nick Sanna President, Digital Risk Management Institute, 11/20/2014
Comment1 Comment  |  Read  |  Post a Comment
When Every Minute Counts: Fighting Advanced Threats With Real-Time SIEM
Ryan Allphin, Senior Vice President & General Manager, Security Management, McAfee
Survey shows that reducing time-to-detection is possible with the right approach.
By Ryan Allphin Senior Vice President & General Manager, Security Management, McAfee, 11/19/2014
Comment1 Comment  |  Read  |  Post a Comment
Internet Architecture Board Calls For Net Encryption By Default
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The Internet Architecture Board (IAB) urges encryption across the protocol stack to usher in an era where encrypted traffic is the norm. But there are possible security tradeoffs.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/19/2014
Comment7 comments  |  Read  |  Post a Comment
New Certification Authority To Offer Free Certs For HTTPS
Sara Peters, Senior Editor at Dark ReadingNews
The Electronic Frontier Foundation's new certificate authority aims to make getting a domain validation TLS cert so easy, you can't resist.
By Sara Peters Senior Editor at Dark Reading, 11/19/2014
Comment0 comments  |  Read  |  Post a Comment
Machine Learning: A Solution to Today's Security Threats & One Step Closer to AI
Liviu Arsene, Senior E-threat Analyst, Bitdefender
Algorithms can identify threats that have been missed by traditional security mechanisms.
By Liviu Arsene Senior E-threat Analyst, Bitdefender, 11/19/2014
Comment0 comments  |  Read  |  Post a Comment
Killing Passwords: Don’t Get A-Twitter Over ‘Digits’
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Twitter’s new service that eliminates passwords for authentication actually makes your mobile device less secure.
By Dave Kearns Analyst, Kuppinger-Cole, 11/19/2014
Comment5 comments  |  Read  |  Post a Comment
The Rise Of The Resilient Mobile Botnet
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New report on what researchers call one of the 'most sophisticated mobile botnets online' shows how profitable mobile malware has become.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/19/2014
Comment0 comments  |  Read  |  Post a Comment
Microsoft Issues Emergency Patch Amid Targeted Attacks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Windows Kerberos authentication bug "critical."
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/18/2014
Comment2 comments  |  Read  |  Post a Comment
'Misdial Trap' Phone Scam Hits Financial Services
Sara Peters, Senior Editor at Dark ReadingQuick Hits
One in six financial institutions victimized by this new scam.
By Sara Peters Senior Editor at Dark Reading, 11/18/2014
Comment2 comments  |  Read  |  Post a Comment
Best Practices in the Face of High-Profile Breaches
Bradon Rogers, Senior Vice President, Worldwide Product and Solution Marketing, McAfee
Attacks are a mainstream problem, and organizations must employ more than just traditional minimalist approaches of firewalls and virus scanners.
By Bradon Rogers Senior Vice President, Worldwide Product and Solution Marketing, McAfee, 11/18/2014
Comment0 comments  |  Read  |  Post a Comment
State Dept. Breach Heightens Concerns Over Resilience Of Government Networks
Jai Vijayan, Freelance writerNews
The department is the fourth federal entity in recent weeks to disclose a data breach.
By Jai Vijayan Freelance writer, 11/18/2014
Comment6 comments  |  Read  |  Post a Comment
Is Security Awareness Training Really Worth It?
Fahmida Y. Rashid, News
Experts weigh in on the value of end-user security training, and how to make education more effective.
By Fahmida Y. Rashid , 11/18/2014
Comment9 comments  |  Read  |  Post a Comment
Deconstructing the Cyber Kill Chain
Giora Engel, VP Product & Strategy, LightCyberCommentary
As sexy as it is, the Cyber Kill Chain model can actually be detrimental to network security because it reinforces old-school, perimeter-focused, malware-prevention thinking.
By Giora Engel VP Product & Strategy, LightCyber, 11/18/2014
Comment4 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Microsoft Fixes Critical SChannel & OLE Bugs, But No Patches For XP
Sara Peters, Senior Editor at Dark Reading,  11/14/2014
Why Cyber Security Starts At Home
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard Technologies,  11/17/2014
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
You're Doing BYOD Wrong: These Numbers Prove It
Almost 40% of users who connect personal mobile devices to corporate networks have no lock-screen mechanism set in place. Read >>
Cartoon
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?
White Papers
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2382
Published: 2014-11-20
The DfDiskLo.sys driver in Faronics Deep Freeze Standard and Enterprise 8.10 and earlier allows local administrators to cause a denial of service (crash) and execute arbitrary code via a crafted IOCTL request that writes to arbitrary memory locations, related to the IofCallDriver function.

CVE-2014-3625
Published: 2014-11-20
Directory traversal vulnerability in Pivitol Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.

CVE-2014-7194
Published: 2014-11-20
TIBCO Managed File Transfer Internet Server before 7.2.4, Managed File Transfer Command Center before 7.2.4, Slingshot before 1.9.3, and Vault before 1.1.1 allow remote attackers to obtain sensitive information or modify data by leveraging agent access.

CVE-2014-7195
Published: 2014-11-20
Spotfire Web Player Engine in TIBCO Spotfire Web Player 6.0.x before 6.0.2 and 6.5.x before 6.5.2, Spotfire Deployment Kit 6.0.x before 6.0.2 and 6.5.x before 6.5.2, and Silver Fabric Enabler for Spotfire Web Player before 1.6.1 allows remote authenticated users to obtain sensitive information via u...

CVE-2014-8000
Published: 2014-11-20
Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497.

Best of the Web
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed