Welcome To My Cyber Security Nightmare
What Scares Me About Healthcare & Electric Power Security
The Internet of Things: 7 Scary Security Scenarios
How I Became a CISO: Janet Levesque, RSA
Retailers Now Actively Sharing Cyberthreat Intelligence
News & Commentary
Financial Breaches Show ‘Trust Model’ Is Broken
Bob West, Chief Trust Officer, CipherCloudCommentary
It’s a full-blown crisis when a dozen major financial services firms admit to having their networks probed by the same attackers as those behind the JPMorgan Chase breach.
By Bob West Chief Trust Officer, CipherCloud, 10/31/2014
Comment1 Comment  |  Read  |  Post a Comment
The Performance Penalties of Bloatware-Based Next-Gen Firewalls
Mike Fey, EVP, GM of Corporate Products & CTO, Intel Security
At last month’s Oracle OpenWorld 2014, Intel president Renee James spoke of the need to eliminate the “performance penalties” of today’s most urgently needed ...
By Mike Fey EVP, GM of Corporate Products & CTO, Intel Security, 10/31/2014
Comment1 Comment  |  Read  |  Post a Comment
Big Data Software For Mainstream Users
Jeff Bertolucci, Commentary
Not everyone needs to be a data scientist, Red Lambda argues.
By Jeff Bertolucci , 10/31/2014
Comment1 Comment  |  Read  |  Post a Comment
Shellshock Attacks Stack Up
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Organizations are unable to keep up with patching processes and find incident response practices lag in wake of Bash bug.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/30/2014
Comment1 Comment  |  Read  |  Post a Comment
Retailers Now Actively Sharing Cyberthreat Intelligence
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The retail industry's R-CISC has been up and running for four months now and is looking for more retailers to sign up.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/30/2014
Comment6 comments  |  Read  |  Post a Comment
VA Buckles Down On Cyber Security, Program Management
Henry Kenyon, Commentary
Agency refocuses IT priorities on data protection, on-time project delivery to overcome past poor performance.
By Henry Kenyon , 10/30/2014
Comment0 comments  |  Read  |  Post a Comment
Welcome To My Cyber Security Nightmare
TK Keanini, CTO, LancopeCommentary
Happy Halloween. Here are three chilling scenarios that will keep even the most hardened infosec warrior awake all night.
By TK Keanini CTO, Lancope, 10/30/2014
Comment2 comments  |  Read  |  Post a Comment
Keep Calm & Verify: How To Spot A Fake Online Data Dump
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Determining whether a data dump on Pastebin or elsewhere online is legit can be time-consuming and resource-intensive. Deloitte & Touche offers tips for how to weed out the fake hacks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/29/2014
Comment4 comments  |  Read  |  Post a Comment
Infographic: The Many Faces of Today’s Hackers
John Trobough, CEO, NarusCommentary
How many of these hacker personas are you dueling with in your organization?
By John Trobough CEO, Narus, 10/29/2014
Comment5 comments  |  Read  |  Post a Comment
Facebook Launches New Open-Source OS Monitoring Tool
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Modular framework can be used to schedule and log SQL-based queries.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/29/2014
Comment0 comments  |  Read  |  Post a Comment
White House Says Unclassified Network Hit In Cyberattack
Jai Vijayan, Freelance writerNews
Mitigation efforts have caused temporary outages and loss of connectivity for some staff, but no computers have been damaged, official says.
By Jai Vijayan Freelance writer, 10/29/2014
Comment2 comments  |  Read  |  Post a Comment
Verizon Wireless Embroiled In Tracking Controversy
Kristin Burnham, Senior Editor, InformationWeek.comCommentary
Verizon Wireless is in hot water with security and privacy advocates regarding unique identifier headers that function as what one EFF expert calls "perma-cookies."
By Kristin Burnham Senior Editor, InformationWeek.com, 10/29/2014
Comment11 comments  |  Read  |  Post a Comment
Cyber Espionage Attacks Attributed To Russian Government
Ericka Chickowski, Contributing Writer, Dark ReadingNews
FireEye report meticulously details clues that all point to state-sponsorship of the Sofacy/Sourface malware and tracks its evolution over seven years.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/29/2014
Comment0 comments  |  Read  |  Post a Comment
Security Companies Team Up, Take Down Chinese Hacking Group
Sara Peters, Senior Editor at Dark ReadingNews
Novetta, Microsoft, and others form Operation SMN to eradicate Hikit malware and disrupt the cyber espionage gang Axiom's extensive information gathering.
By Sara Peters Senior Editor at Dark Reading, 10/28/2014
Comment4 comments  |  Read  |  Post a Comment
Retailers Facing Intensified Cyberthreat This Holiday Season
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
After the Year of the Retail Breach, retail's annual holiday shopping season "freeze" on new technology and some security patching is just around the corner.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/28/2014
Comment10 comments  |  Read  |  Post a Comment
What Scares Me About Healthcare & Electric Power Security
John B. Dickson, CISSP,  Principal, Denim GroupCommentary
Both industries share many of the same issues as enterprises. But they also have a risk profile that makes them singularly unprepared for sophisticated threats
By John B. Dickson CISSP, Principal, Denim Group, 10/28/2014
Comment12 comments  |  Read  |  Post a Comment
Chipmaker Disables Counterfeits With Software Update
Jai Vijayan, Freelance writerCommentary
FTDI's update, targeting counterfeit chips, could disable systems widely embedded in healthcare, critical infrastructure, and consumer products.
By Jai Vijayan Freelance writer, 10/28/2014
Comment3 comments  |  Read  |  Post a Comment
Researcher Shows Why Tor Anonymity Is No Guarantee Of Security
Jai Vijayan, Freelance writerNews
Tor exit node in Russia spotted downloading malicious code.
By Jai Vijayan Freelance writer, 10/27/2014
Comment1 Comment  |  Read  |  Post a Comment
How I Became a CISO: Janet Levesque, RSA
Sara Peters, Senior Editor at Dark ReadingNews
RSA's newest chief information security officer says she landed the job because of her ability to build relationships, not a background in crypto or a pile of certs.
By Sara Peters Senior Editor at Dark Reading, 10/27/2014
Comment10 comments  |  Read  |  Post a Comment
A Simple Formula For Usable Risk Intelligence
Jason Polancich, Founder & Chief Architect, SurfWatchLabsCommentary
How infosec can cut through the noise and gain real value from cyberdata.
By Jason Polancich Founder & Chief Architect, SurfWatchLabs, 10/27/2014
Comment8 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
What Scares Me About Healthcare & Electric Power Security
John B. Dickson, CISSP, Principal, Denim Group,  10/28/2014
Poll: Patching Is Primary Response to Shellshock
Marilyn Cohodas, Community Editor, Dark Reading,  10/24/2014
How I Became a CISO: Janet Levesque, RSA
Sara Peters, Senior Editor at Dark Reading,  10/27/2014
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Cartoon
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.
White Papers
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-0334
Published: 2014-10-31
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

CVE-2014-2334
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

CVE-2014-2335
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

CVE-2014-2336
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335.

CVE-2014-3366
Published: 2014-10-31
SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089.

Best of the Web
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed