10 Ways Security Gurus Give Thanks
Cartoon: The Insider Threat
The Week When Attackers Started Winning The War On Trust
How I Became A CISO: Mark Potter, Danya International
Retail Hacking: What To Expect This Holiday Season
News & Commentary
Why We Need Better Cyber Security: A Graphical Snapshot
Marilyn Cohodas, Community Editor, Dark Reading
By 2022, demand for security industry professionals will grow 37%.
By Marilyn Cohodas Community Editor, Dark Reading, 11/28/2014
Comment0 comments  |  Read  |  Post a Comment
Dangers Of Shopping Are Evolving
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Point-of-sale malware is making brick-and-mortar shopping more dangerous. Online, attackers are beginning to value user accounts with payment information attached more than credit card details themselves.
By Sara Peters Senior Editor at Dark Reading, 11/26/2014
Comment1 Comment  |  Read  |  Post a Comment
Custom Malware Sneaks Past Advanced Threat Detection Appliances In Lab Experiment
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
An independent test of advanced threat detection products demonstrates how they could be bypassed by attackers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/26/2014
Comment0 comments  |  Read  |  Post a Comment
10 Ways Security Gurus Give Thanks
Ericka Chickowski, Contributing Writer, Dark ReadingNews
From board-level awareness to bug bounty programs and everything in between, the security world's maturation offers security practitioners something to be thankful for.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/25/2014
Comment3 comments  |  Read  |  Post a Comment
6 Million+ Email Accounts Worldwide Exposed In Past 3 Months
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Spike in number of stolen accounts likely due to uptick in major data breaches, researchers say.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/25/2014
Comment0 comments  |  Read  |  Post a Comment
Data Management Vs. Data Loss Prevention: Vive La Différence!
Todd Feinman,  President & CEO, Identity FinderCommentary
A sensitive data management strategy can include the use of DLP technology, but it also involves a comprehensive understanding of where your data is and what specifically is at risk.
By Todd Feinman President & CEO, Identity Finder, 11/25/2014
Comment4 comments  |  Read  |  Post a Comment
What Healthcare Can Learn From CHS Data Breach
Paula Knippa, AttorneyCommentary
Security breach that exposed personal data on 4.5 million Tennessee healthcare system patients offers key lessons to prevent similar cyber attacks.
By Paula Knippa Attorney, 11/25/2014
Comment5 comments  |  Read  |  Post a Comment
Underground Carders Abusing Charities To Verify Stolen Payment Data
Sara Peters, Senior Editor at Dark ReadingNews
Charities' weak fraud controls make things easier on donors and criminals alike.
By Sara Peters Senior Editor at Dark Reading, 11/25/2014
Comment2 comments  |  Read  |  Post a Comment
Newly Revealed Cyber Espionage Attack 'More Complex' Than Stuxnet, Flame
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
"Regin" cyber spying platform is reportedly behind cyber spying against a Belgian telecommunications provider, which was revealed in leaked NSA documents.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/24/2014
Comment7 comments  |  Read  |  Post a Comment
How I Became A CISO: Mark Potter, Danya International
Sara Peters, Senior Editor at Dark ReadingNews
Much like one of his favorite choose-your-own-adventure novels, Mark Potter's path to the chief information security officer job was full of twists, turns, and a couple of falls off a cliff.
By Sara Peters Senior Editor at Dark Reading, 11/24/2014
Comment1 Comment  |  Read  |  Post a Comment
Don't Discount XSS Vulnerabilities
Ericka Chickowski, Contributing Writer, Dark ReadingNews
XSS flaws are more serious than you'd think.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/24/2014
Comment4 comments  |  Read  |  Post a Comment
Cyber Security Needs Its Ralph Nader
Tsion Gonen , Chief Strategy Officer, SafeNetCommentary
It took thousands of unnecessary traffic fatalities to create an environment for radical transformation of the auto industry. What will it take for a similar change to occur in data security?
By Tsion Gonen Chief Strategy Officer, SafeNet, 11/24/2014
Comment11 comments  |  Read  |  Post a Comment
Privacy Groups Release 'Detekt' Tool to Spot Spyware
Brian Prince, Contributing Writer, Dark ReadingNews
Privacy advocates have joined together to release a tool for identifying cyber espionage malware.
By Brian Prince Contributing Writer, Dark Reading, 11/21/2014
Comment0 comments  |  Read  |  Post a Comment
Cloud Security By The Numbers
Ericka Chickowski, Contributing Writer, Dark Reading
Quantifying the perceptions around cloud security practices.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/21/2014
Comment8 comments  |  Read  |  Post a Comment
The Week When Attackers Started Winning The War On Trust
Kevin Bocek, VP Security Strategy & Threat Intelligence, VenafiCommentary
The misuse of keys and certificates is not exotic or hypothetical. It’s a real threat that could undermine most, if not all, critical security controls, as recent headlines strongly show.
By Kevin Bocek VP Security Strategy & Threat Intelligence, Venafi, 11/21/2014
Comment1 Comment  |  Read  |  Post a Comment
Video: Tech Hygiene Bad Habits, 3D Stock Portfolios
Andrew Conry Murray, Director of Content & Community, InteropCommentary
This Week In 60 Seconds looks at bad tech hygiene habits, using Oculus Rift for 3D stock portfolios, security risks during the holiday shopping season, and more.
By Andrew Conry Murray Director of Content & Community, Interop, 11/21/2014
Comment2 comments  |  Read  |  Post a Comment
OCR Audits: Don’t Fall Victim To Past Mistakes
Mark Fulford, Partner at LBMC’s Security & Risk ServicesCommentary
The Office of Civil Rights is not out to get you. But it does expect you to make good-faith efforts at protecting patient data.
By Mark Fulford Partner at LBMC’s Security & Risk Services, 11/21/2014
Comment1 Comment  |  Read  |  Post a Comment
When Every Minute Counts (Part 2)
Carric Dooley, WW VP of Foundstone Services, Intel Security
Acting on key Indicators of Attack for incident response is crucial.
By Carric Dooley WW VP of Foundstone Services, Intel Security, 11/21/2014
Comment0 comments  |  Read  |  Post a Comment
Russian Cyber Espionage Under The Microscope
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New report shows level of coordination and strategy by three main groups of cyberspies out of Russia.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/20/2014
Comment8 comments  |  Read  |  Post a Comment
New Citadel Attack Targets Password Managers
Jai Vijayan, Freelance writerNews
IBM researchers have found signs that the prolific data steal Trojan is now being used to attack widely used password managers.
By Jai Vijayan Freelance writer, 11/20/2014
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Cyber Security Needs Its Ralph Nader
Tsion Gonen , Chief Strategy Officer, SafeNet,  11/24/2014
Cloud Security By The Numbers
Ericka Chickowski, Contributing Writer, Dark Reading,  11/21/2014
Newly Revealed Cyber Espionage Attack 'More Complex' Than Stuxnet, Flame
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/24/2014
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
You're Doing BYOD Wrong: These Numbers Prove It
Almost 40% of users who connect personal mobile devices to corporate networks have no lock-screen mechanism set in place. Read >>
Cartoon
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?
White Papers
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3407
Published: 2014-11-27
The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888.

CVE-2014-4829
Published: 2014-11-27
Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allows remote attackers to hijack the authentication of arbitrary users for requests tha...

CVE-2014-4831
Published: 2014-11-27
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to hijack sessions via unspecified vectors.

CVE-2014-4832
Published: 2014-11-27
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session.

CVE-2014-4883
Published: 2014-11-27
resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for man-in-the-middle attackers to conduct cache-poisoning attacks via spoofed reply packets.

Best of the Web
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed