IoT Devices Hosted On Vulnerable Clouds In 'Bad Neighborhoods'
Microsoft Windows 10: Three Security Features To Know About
What Data Breaches Now Cost And Why
Moose Malware Uses Linux Routers For Social Network Fraud
Escalating Cyberattacks Threaten US Healthcare Systems
News & Commentary
Tim Cook: Customers, Not Companies, Should Control Their Data
Nathan Eddy, Freelance WriterNews
Apple CEO Tim Cook told a crowd that consumer data should be theirs to keep and not used to make businesses money. He targeted Google and Facebook without mentioning them.
By Nathan Eddy Freelance Writer, 6/3/2015
Comment0 comments  |  Read  |  Post a Comment
Help Wanted: Security Heroes & Heroines Only Need Apply
Malcolm Harkins, Chief Information Security Officer, Cylance Inc.Commentary
If we want to do more than simply defend ourselves, we need security champions and equally heroic security solutions.
By Malcolm Harkins Chief Information Security Officer, Cylance Inc., 6/3/2015
Comment0 comments  |  Read  |  Post a Comment
IoT Devices Hosted On Vulnerable Clouds In 'Bad Neighborhoods'
Sara Peters, Senior Editor at Dark ReadingNews
OpenDNS report finds that organizations may be more susceptible to Internet of Things devices than they realize.
By Sara Peters Senior Editor at Dark Reading, 6/2/2015
Comment0 comments  |  Read  |  Post a Comment
Shaping A Better Future For Software Security
Kevin E. Greene, Software Assurance Program Manager, Department of Homeland Security Science & Technology DirectorateCommentary
Industry and government leaders discuss ways to improve practices, awareness and education around secure software development. Here’s a recap of what you missed.
By Kevin E. Greene Software Assurance Program Manager, Department of Homeland Security Science & Technology Directorate, 6/2/2015
Comment1 Comment  |  Read  |  Post a Comment
3 Lessons From Heartland Breach The Second Time Around
Ericka Chickowski, Contributing Writer, Dark ReadingNews
While not even a drop in the bucket compared to its last breach, Heartland's exposure this week does offer some lessons to the security community.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/2/2015
Comment0 comments  |  Read  |  Post a Comment
Cyber Security And The CIO: Changing The Conversation
Joe Stanganelli, Attorney, Beacon Hill LawCommentary
Do CIOs have an inherent conflict of interest when it comes to security? What should be their InfoSec involvement?
By Joe Stanganelli Attorney, Beacon Hill Law, 6/2/2015
Comment1 Comment  |  Read  |  Post a Comment
Threat Intelligence Platforms: The Next "Must-Have" For Harried Security Operations Teams
Tim Wilson, Editor in Chief, Dark ReadingNews
New category of technology promises to aggregate all threat intelligence feeds and help security teams find the attacks that could cause the most damage
By Tim Wilson Editor in Chief, Dark Reading, 6/2/2015
Comment0 comments  |  Read  |  Post a Comment
Woolworths' Self-Inflicted Breach A Clear Example Of Insider Negligence
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Australian grocer sent master spreadsheet of customer information and redeemable codes for thousands of gift cards to hundreds of customers.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/1/2015
Comment0 comments  |  Read  |  Post a Comment
Board Rooms Becoming More Security-Savvy
Sara Peters, Senior Editor at Dark ReadingNews
Thirty-five percent say they discuss cybersecurity at every board meeting, a Veracode-NYSE survey says.
By Sara Peters Senior Editor at Dark Reading, 6/1/2015
Comment1 Comment  |  Read  |  Post a Comment
Google Centralizes Security, Privacy For Web, Android Users
Thomas Claburn, Editor at Large, Enterprise MobilityNews
Google's new account hub, for users of its Web services and Android smartphones, gives IT organizations a new tool to improve employee awareness of security and privacy.
By Thomas Claburn Editor at Large, Enterprise Mobility, 6/1/2015
Comment0 comments  |  Read  |  Post a Comment
Microsoft Windows 10: Three Security Features To Know About
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Microsoft's next-generation operating system Windows 10 will be available as a free upgrade to Windows 7 and 8.1 users on July 29. But Windows Enterprise version customers will have to wait until later this year.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/1/2015
Comment1 Comment  |  Read  |  Post a Comment
Today’s Requirements To Defend Against Tomorrow’s Insider Threats
Scott Weber, Managing Director, Stroz FriedbergCommentary
At its most basic, a consistent and meaningful insider threat detection program has two components: data and people. Here’s how to put them together.
By Scott Weber Managing Director, Stroz Friedberg, 6/1/2015
Comment0 comments  |  Read  |  Post a Comment
Home Routers Being Targeted in DNS Hijacking Attack, Trend Micro Says
Jai Vijayan, Freelance writerNews
Attackers attempting to steal sensitive data by diverting home router traffic to malicious domains, security firm says.
By Jai Vijayan Freelance writer, 5/29/2015
Comment2 comments  |  Read  |  Post a Comment
How I Would Secure The Internet With $4 Billion
Jim Manico, OWASP Global Board MemberCommentary
In an open letter to President Obama, a member of the Open Web Application Security Project tells why pending legislation on threat-intel sharing doesn’t go far enough.
By Jim Manico OWASP Global Board Member, 5/29/2015
Comment8 comments  |  Read  |  Post a Comment
UN Report Warns Encryption Backdoors Violate Human Rights
Sara Peters, Senior Editor at Dark ReadingNews
Report says States should be promoting strong encryption and anonymity tools, not restricting them.
By Sara Peters Senior Editor at Dark Reading, 5/28/2015
Comment6 comments  |  Read  |  Post a Comment
IRS Attack Demonstrates How Breaches Beget More Breaches
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Weak authentication validation assumed only taxpayers would know their Social Security Numbers and other information that criminals have been stealing for years.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/28/2015
Comment16 comments  |  Read  |  Post a Comment
Small-to Mid-sized Organizations Targeted By 'Grabit' Cyberspies
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Rare SMB-focused cyber espionage campaign hitting small firms worldwide.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/28/2015
Comment2 comments  |  Read  |  Post a Comment
'Tox' Offers Ransomware As A Service
Jai Vijayan, Freelance writerNews
The ransomware is free to use but site retains 20 percent of any ransom that is collected, McAfee researcher says.
By Jai Vijayan Freelance writer, 5/28/2015
Comment0 comments  |  Read  |  Post a Comment
What Are You Doing During The Golden Hour After An Attack?
Torry Campbell, Chief Technical Officer of Endpoint and Management at Intel Security
Take the time to detect the attack, isolate the infected machines, and restore them to a known state.
By Torry Campbell Chief Technical Officer of Endpoint and Management at Intel Security, 5/28/2015
Comment1 Comment  |  Read  |  Post a Comment
FUD Watch: The Marketing Of Security Vulnerabilities
Bill Brenner, Information Security BloggerCommentary
I’m all for raising awareness, but making designer vulnerabilities, catchy logos and content part of the disclosure process is a step in the wrong direction.
By Bill Brenner Information Security Blogger, 5/28/2015
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by mohankrishh
Current Conversations its interesting post
In reply to: Re: Not sure...
Post Your Own Reply
Posted by Marilyn Cohodas
Current Conversations LOL! Very funny.
In reply to: Re: Is $4 Billion enough?
Post Your Own Reply
More Conversations
PR Newswire
IRS Attack Demonstrates How Breaches Beget More Breaches
Ericka Chickowski, Contributing Writer, Dark Reading,  5/28/2015
Moose Malware Uses Linux Routers For Social Network Fraud
Sara Peters, Senior Editor at Dark Reading,  5/27/2015
How I Would Secure The Internet With $4 Billion
Jim Manico, OWASP Global Board Member,  5/29/2015
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Drinking from the Malware Fire Hose
Take a staged approach to processing malware in bulk so that scarce and time-limited resources can be prioritized for only those threats that truly require them. Read >>
Cartoon
Dark Reading Radio
Archived Dark Reading Radio
From Target to Sony to Anthem, they are happening all around you: the “big” data breaches that compromise critical data and threaten the welfare of the corporate brand. Is your organization ready to respond?
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0999
Published: 2015-06-02
Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header.

CVE-2014-8391
Published: 2015-06-02
The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users' sessions via a large number of request.

CVE-2015-0759
Published: 2015-06-02
Cross-site request forgery (CSRF) vulnerability in Cisco Headend Digital Broadband Delivery System allows remote attackers to hijack the authentication of arbitrary users.

CVE-2015-0850
Published: 2015-06-02
The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository.

CVE-2015-1945
Published: 2015-06-02
Unspecified vulnerability in the Reference Data Management component in IBM InfoSphere Master Data Management 10.1, 11.0, 11.3 before FP3, and 11.4 allows remote authenticated users to gain privileges via unknown vectors.

10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed