What Data Breaches Now Cost And Why
Moose Malware Uses Linux Routers For Social Network Fraud
Escalating Cyberattacks Threaten US Healthcare Systems
Data Encryption In The Cloud: Square Pegs In Round Holes
DR Radio: Incident Response War-Gaming
News & Commentary
Cyber Security And The CIO: Changing The Conversation
Joe Stanganelli, Attorney, Beacon Hill LawCommentary
Do CIOs have an inherent conflict of interest when it comes to security? What should be their InfoSec involvement?
By Joe Stanganelli Attorney, Beacon Hill Law, 6/2/2015
Comment0 comments  |  Read  |  Post a Comment
Woolworths' Self-Inflicted Breach A Clear Example Of Insider Negligence
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Australian grocer sent master spreadsheet of customer information and redeemable codes for thousands of gift cards to hundreds of customers.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/1/2015
Comment0 comments  |  Read  |  Post a Comment
Board Rooms Becoming More Security-Savvy
Sara Peters, Senior Editor at Dark ReadingNews
Thirty-five percent say they discuss cybersecurity at every board meeting, a Veracode-NYSE survey says.
By Sara Peters Senior Editor at Dark Reading, 6/1/2015
Comment1 Comment  |  Read  |  Post a Comment
Google Centralizes Security, Privacy For Web, Android Users
Thomas Claburn, Editor at Large, Enterprise MobilityNews
Google's new account hub, for users of its Web services and Android smartphones, gives IT organizations a new tool to improve employee awareness of security and privacy.
By Thomas Claburn Editor at Large, Enterprise Mobility, 6/1/2015
Comment0 comments  |  Read  |  Post a Comment
Microsoft Windows 10: Three Security Features To Know About
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Microsoft's next-generation operating system Windows 10 will be available as a free upgrade to Windows 7 and 8.1 users on July 29. But Windows Enterprise version customers will have to wait until later this year.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/1/2015
Comment0 comments  |  Read  |  Post a Comment
Today’s Requirements To Defend Against Tomorrow’s Insider Threats
Scott Weber, Managing Director, Stroz FriedbergCommentary
At its most basic, a consistent and meaningful insider threat detection program has two components: data and people. Here’s how to put them together.
By Scott Weber Managing Director, Stroz Friedberg, 6/1/2015
Comment0 comments  |  Read  |  Post a Comment
Home Routers Being Targeted in DNS Hijacking Attack, Trend Micro Says
Jai Vijayan, Freelance writerNews
Attackers attempting to steal sensitive data by diverting home router traffic to malicious domains, security firm says.
By Jai Vijayan Freelance writer, 5/29/2015
Comment2 comments  |  Read  |  Post a Comment
How I Would Secure The Internet With $4 Billion
Jim Manico, OWASP Global Board MemberCommentary
In an open letter to President Obama, a member of the Open Web Application Security Project tells why pending legislation on threat-intel sharing doesn’t go far enough.
By Jim Manico OWASP Global Board Member, 5/29/2015
Comment7 comments  |  Read  |  Post a Comment
UN Report Warns Encryption Backdoors Violate Human Rights
Sara Peters, Senior Editor at Dark ReadingNews
Report says States should be promoting strong encryption and anonymity tools, not restricting them.
By Sara Peters Senior Editor at Dark Reading, 5/28/2015
Comment6 comments  |  Read  |  Post a Comment
IRS Attack Demonstrates How Breaches Beget More Breaches
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Weak authentication validation assumed only taxpayers would know their Social Security Numbers and other information that criminals have been stealing for years.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/28/2015
Comment15 comments  |  Read  |  Post a Comment
Small-to Mid-sized Organizations Targeted By 'Grabit' Cyberspies
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Rare SMB-focused cyber espionage campaign hitting small firms worldwide.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/28/2015
Comment2 comments  |  Read  |  Post a Comment
'Tox' Offers Ransomware As A Service
Jai Vijayan, Freelance writerNews
The ransomware is free to use but site retains 20 percent of any ransom that is collected, McAfee researcher says.
By Jai Vijayan Freelance writer, 5/28/2015
Comment0 comments  |  Read  |  Post a Comment
What Are You Doing During The Golden Hour After An Attack?
Torry Campbell, Chief Technical Officer of Endpoint and Management at Intel Security
Take the time to detect the attack, isolate the infected machines, and restore them to a known state.
By Torry Campbell Chief Technical Officer of Endpoint and Management at Intel Security, 5/28/2015
Comment1 Comment  |  Read  |  Post a Comment
FUD Watch: The Marketing Of Security Vulnerabilities
Bill Brenner, Information Security BloggerCommentary
I’m all for raising awareness, but making designer vulnerabilities, catchy logos and content part of the disclosure process is a step in the wrong direction.
By Bill Brenner Information Security Blogger, 5/28/2015
Comment1 Comment  |  Read  |  Post a Comment
Data Theft The Goal Of BlackEnergy Attacks On Industrial Control Systems, Researchers Say
Jai Vijayan, Freelance writerNews
CyberX analysis of BlackEnergy module reveals most likely motive behind sophisticated multi-year attack campaign.
By Jai Vijayan Freelance writer, 5/28/2015
Comment0 comments  |  Read  |  Post a Comment
Oracle PeopleSoft In The Crosshairs
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Presenter at Hack In The Box says PeopleSoft is in worse security shape than SAP was five years ago.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/27/2015
Comment4 comments  |  Read  |  Post a Comment
Moose Malware Uses Linux Routers For Social Network Fraud
Sara Peters, Senior Editor at Dark ReadingNews
Linux/Moose is sophisticated enough to do DNS hijacks, DDoSes, and deep network penetration...so why is it wasting its time on Instagram?
By Sara Peters Senior Editor at Dark Reading, 5/27/2015
Comment13 comments  |  Read  |  Post a Comment
Escalating Cyberattacks Threaten US Healthcare Systems
Rick Kam and Larry Ponemon, Rick Kam, President & Co-founder, ID Experts & Larry Ponemon, Chairman & Founder, Ponemon InstituteCommentary
Electronic health records are prime targets because healthcare organizations lack the resources, processes, and technologies to protect them. And it’s only going to get worse.
By Rick Kam and Larry Ponemon Rick Kam, President & Co-founder, ID Experts & Larry Ponemon, Chairman & Founder, Ponemon Institute, 5/27/2015
Comment0 comments  |  Read  |  Post a Comment
Iris Scans: Security Breakthrough Or Privacy Invasion?
David Wagner, Executive Editor, Community & IT LifeNews
New technology allows irises to be scanned from 40 feet away. Is this a wonder weapon against crime and terrorism or a way for governments to invade our privacy and track our movements?
By David Wagner Executive Editor, Community & IT Life, 5/27/2015
Comment5 comments  |  Read  |  Post a Comment
What Data Breaches Now Cost And Why
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New Ponemon report says the cost of a data breach has increased by 23% and healthcare and education breaches are the most pricey.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/27/2015
Comment7 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Marilyn Cohodas
Current Conversations LOL! Very funny.
In reply to: Re: Is $4 Billion enough?
Post Your Own Reply
More Conversations
PR Newswire
IRS Attack Demonstrates How Breaches Beget More Breaches
Ericka Chickowski, Contributing Writer, Dark Reading,  5/28/2015
Moose Malware Uses Linux Routers For Social Network Fraud
Sara Peters, Senior Editor at Dark Reading,  5/27/2015
What Data Breaches Now Cost And Why
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/27/2015
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Drinking from the Malware Fire Hose
Take a staged approach to processing malware in bulk so that scarce and time-limited resources can be prioritized for only those threats that truly require them. Read >>
Cartoon
Dark Reading Radio
Archived Dark Reading Radio
After a serious cybersecurity incident, everyone will be looking to you for answers -- but you’ll never have complete information and you’ll never have enough time. So in those heated moments, when a business is on the brink of collapse, how will you and the rest of the board room executives respond?
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0211
Published: 2015-06-01
mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, which allows remote authenticated users to obtain s...

CVE-2015-0212
Published: 2015-06-01
Cross-site scripting (XSS) vulnerability in course/pending.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted course summary.

CVE-2015-0213
Published: 2015-06-01
Multiple cross-site request forgery (CSRF) vulnerabilities in (1) editcategories.html and (2) editcategories.php in the Glossary module in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allow remote attackers to hijack the authentication of unspecified victims.

CVE-2015-0214
Published: 2015-06-01
message/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to bypass a messaging-disabled setting via a web-services request, as demonstrated by a people-search request.

CVE-2015-0215
Published: 2015-06-01
calendar/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to obtain sensitive calendar-event information via a web-services request.

10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed