Breaking The Security Fail Cycle
Social Engineering Defenses: Reducing The Human Element
Smartphone Security Shootout
Twitter's Top 10 Social CISOs
To Evangelize Security, Get Out Of Your Comfort Zone
News & Commentary
Vixie Proposes 'Cooling-Off Period' For New Domains To Deter Cybercrime
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Short trial period would help detect malicious use of domain names, Internet expert says.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/6/2015
Comment3 comments  |  Read  |  Post a Comment
8 Linux Security Improvements In 8 Years
Charles Babcock, Editor at Large, Cloud
Linux started getting really serious about security in 2007, and it has made big strides in the past three years. As open source code faces more threats, Linux can't rest on its laurels.
By Charles Babcock Editor at Large, Cloud, 5/6/2015
Comment3 comments  |  Read  |  Post a Comment
3 Ways Attackers Will Own Your SAP
Ericka Chickowski, Contributing Writer, Dark ReadingNews
SAP vulnerabilities that have been highlighted for years are now becoming attackers' favorite means of breaking into enterprises.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/5/2015
Comment0 comments  |  Read  |  Post a Comment
Law Enforcement Finding Few Allies On Encryption
Sara Peters, Senior Editor at Dark ReadingNews
Cloud providers, mobile device manufacturers, private citizens, and a bipartisan Congressional committee are lining up on the opposite side.
By Sara Peters Senior Editor at Dark Reading, 5/5/2015
Comment3 comments  |  Read  |  Post a Comment
Deconstructing Mobile Fraud Risk
Subbu Sthanu, Director, Mobile Security & Application Security, IBMCommentary
Today’s enterprise security solutions don’t do enough to manage BYOD risk, credit card theft and the reputational damage resulting from a major data breach.
By Subbu Sthanu Director, Mobile Security & Application Security, IBM, 5/5/2015
Comment1 Comment  |  Read  |  Post a Comment
Rapid7 Picks Up NTObjectives
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Adds 25 new employees and further diversifies testing capabilities.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/4/2015
Comment1 Comment  |  Read  |  Post a Comment
Security Product Liability Protections Emerge
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
WhiteHat Security, FireEye each offer product liability protections to their customers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/4/2015
Comment0 comments  |  Read  |  Post a Comment
Defenses Outside the Wall
Lorie Wigle, Vice President, General Manager IOT Security Solutions, Intel Security Group
Protecting the Internet of Things means protecting the privacy of customers and colleagues.
By Lorie Wigle Vice President, General Manager IOT Security Solutions, Intel Security Group, 5/4/2015
Comment5 comments  |  Read  |  Post a Comment
Free Android Apps Secretly Talk To Ad, Tracking Sites
Eric Zeman, Commentary
Researchers are warning about misleading Google Play app behaviors and are calling for more visibility into Android applications' connection policies.
By Eric Zeman , 5/4/2015
Comment3 comments  |  Read  |  Post a Comment
Building a Stronger Security Strategy: 6 Tips
Harry Folloder, CIO, Advantage Waypoint LLC (AWP)Commentary
CIO offers his formula for achieving the right balance between data security and employee productivity and convenience
By Harry Folloder CIO, Advantage Waypoint LLC (AWP), 5/4/2015
Comment0 comments  |  Read  |  Post a Comment
Nine Years Later, IT Security Is Even More Important To Business
Tim Wilson, Editor in Chief, Dark ReadingCommentary
As Dark Reading celebrates its ninth year of publication, the security industry prepares for its next round of evolution.
By Tim Wilson Editor in Chief, Dark Reading, 5/1/2015
Comment2 comments  |  Read  |  Post a Comment
Dyre Trojan Adds New Sandbox-Evasion Feature
Jai Vijayan, Freelance writerNews
New tactic makes it that much harder to detect, says Seculert.
By Jai Vijayan Freelance writer, 5/1/2015
Comment1 Comment  |  Read  |  Post a Comment
CareerBuilder Attack Sends Malware-Rigged Resumes To Businesses
Jai Vijayan, Freelance writerNews
Attack displays 'simple elegance and brilliance,' security researcher say.
By Jai Vijayan Freelance writer, 4/30/2015
Comment2 comments  |  Read  |  Post a Comment
Breaking The Security Fail Cycle
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
How security teams are evolving in the face of today's threats.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/30/2015
Comment4 comments  |  Read  |  Post a Comment
Google's Urs Hoelzle: Cloud Will Soon Be More Secure
Charles Babcock, Editor at Large, CloudNews
Google's chief data center architect, Urs Hoelzle, says cloud security will improve faster than enterprise security in the next few years.
By Charles Babcock Editor at Large, Cloud, 4/30/2015
Comment11 comments  |  Read  |  Post a Comment
Information Security: Identifying Your Weakest Links
Kelly Sheridan, Associate Editor, InformationWeekNews
Modern security execs use existing tools to identify areas of risk and find new ones to track, evaluate, and share their progress.
By Kelly Sheridan Associate Editor, InformationWeek, 4/30/2015
Comment0 comments  |  Read  |  Post a Comment
Social Engineering Defenses: Reducing The Human Element
Rob Ragan, Senior Security Associate, Bishop FoxCommentary
Most security awareness advice is terrible, just plain bad, and not remotely feasible for your average user.
By Rob Ragan Senior Security Associate, Bishop Fox, 4/30/2015
Comment8 comments  |  Read  |  Post a Comment
Wi-Fi Woes Continue To Plague Infosec
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Several pieces of research coincide to send the message that hotspot connectivity is probably always going to be a sore spot for security.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/30/2015
Comment8 comments  |  Read  |  Post a Comment
Caterpillar Uses Better Intelligence To Drive Security
Kelly Sheridan, Associate Editor, InformationWeekNews
How strategy and a Capability Maturity Model are helping Caterpillar drive its information security transformation.
By Kelly Sheridan Associate Editor, InformationWeek, 4/29/2015
Comment3 comments  |  Read  |  Post a Comment
IRC Botnets Are Not Quite Dead Yet
Jai Vijayan, Freelance writerNews
The handful that still operate are more sophisticated and resilient than before, Zscaler says.
By Jai Vijayan Freelance writer, 4/29/2015
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Wi-Fi Woes Continue To Plague Infosec
Ericka Chickowski, Contributing Writer, Dark Reading,  4/30/2015
Social Engineering Defenses: Reducing The Human Element
Rob Ragan, Senior Security Associate, Bishop Fox,  4/30/2015
Defenses Outside the Wall
Lorie Wigle, Vice President, General Manager IOT Security Solutions, Intel Security Group,  5/4/2015
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Third-Party Risk and Organizational Situational Awareness
A rigorous risk management approach will help organizations understand the potential risks posed by their partners. Read >>
Cartoon
Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0531
Published: 2015-05-06
EMC SourceOne Email Management before 7.2 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.

CVE-2015-0538
Published: 2015-05-06
ftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508 HF4 allows remote attackers to execute arbitrary commands via crafted packets.

CVE-2015-0701
Published: 2015-05-06
Cisco UCS Central Software 1.2 and earlier allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961.

CVE-2015-0715
Published: 2015-05-06
SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCut33447 and CSCut33608.

CVE-2015-0716
Published: 2015-05-06
Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659.

10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed