Dark Reading Radio: How To Become A CISO
Stocking Stuffers For Happy Hacking
Price Tag Rises For Stolen Identities Sold In The Underground
Ekoparty Isn't The Next Defcon (& It Doesn't Want To Be)
Internet Of Things: 3 Holiday Gifts That Will Keep CISOs Up At Night
News & Commentary
The New Target for State-Sponsored Cyber Attacks: Applications
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
Skilled hackers are now using simple web application vulnerabilities like SQL Injection to take over database servers. Are you prepared to defend against this new type of threat actor?
By Jeff Williams CTO, Aspect Security & Contrast Security, 12/17/2014
Comment0 comments  |  Read  |  Post a Comment
2014's Top Malware: Less Money, Mo' Problems
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Here are the five most active malware packages to give attackers a huge ROI on a small investment.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/16/2014
Comment0 comments  |  Read  |  Post a Comment
Sony Warns Media About Disclosure, Staff About Fraud, 'Bond' Fans About Spoilers
Sara Peters, Senior Editor at Dark ReadingQuick Hits
A wrapup of the latest Sony attack fallout.
By Sara Peters Senior Editor at Dark Reading, 12/16/2014
Comment1 Comment  |  Read  |  Post a Comment
2014: The Year of Privilege Vulnerabilities
Marc Maiffret, CTO, BeyondTrustCommentary
Of the 30 critical-rated Microsoft Security Bulletins this year, 24 involved vulnerabilities where the age-old best practice of "least privilege" could limit the impact of malware and raise the bar of difficulty for attackers.
By Marc Maiffret CTO, BeyondTrust, 12/16/2014
Comment0 comments  |  Read  |  Post a Comment
Balancing Accounting Policy & Security Strategy
Kevin T. Reardon, VP, Worldwide Strategy at McAfee, part of Intel Security
A long-term approach involves focusing on security as a platform, instead of a selection of individual products and point defenses.
By Kevin T. Reardon VP, Worldwide Strategy at McAfee, part of Intel Security, 12/16/2014
Comment0 comments  |  Read  |  Post a Comment
Stocking Stuffers For Happy Hacking
Ericka Chickowski, Contributing Writer, Dark Reading
Find that perfect gift for your co-workers and much-loved white hats without breaking the bank.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/15/2014
Comment0 comments  |  Read  |  Post a Comment
Price Tag Rises For Stolen Identities Sold In The Underground
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
What cybercriminals now charge for stolen identities, counterfeit identities, hacking tutorials, DDoS, and other services.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/15/2014
Comment4 comments  |  Read  |  Post a Comment
Dark Reading Radio: How To Become A CISO
Sara Peters, Senior Editor at Dark ReadingCommentary
Find out what employers are really looking for in a chief information security officer.
By Sara Peters Senior Editor at Dark Reading, 12/15/2014
Comment2 comments  |  Read  |  Post a Comment
Ekoparty Isn’t The Next Defcon (& It Doesn’t Want To Be)
Andrew Ford, Developer, BugcrowdCommentary
Unlike American security conferences that offer a buffet of merchandise, meals, and drinks, Ekoparty, in Buenos Aires, is every bit as functional -- with a little less fluff.
By Andrew Ford Developer, Bugcrowd, 12/15/2014
Comment0 comments  |  Read  |  Post a Comment
Targeted Attacks: A Defender's Playbook
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Cyberthreat actors are increasingly going after a single victim. Here are some tips to help your organization get ready.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/15/2014
Comment3 comments  |  Read  |  Post a Comment
Attackers Turn Focus To PoS Vendors
Brian Prince, Contributing Writer, Dark ReadingNews
The recently reported attack on Charge Anywhere puts the payment solutions provider on a list of PoS vendors attacked this year.
By Brian Prince Contributing Writer, Dark Reading, 12/12/2014
Comment1 Comment  |  Read  |  Post a Comment
Iowa Mobile ID Program Raises Privacy Questions
Eric Zeman, News
The state of Iowa proposes using a mobile app as an option to a traditional driver's license -- but security questions abound.
By Eric Zeman , 12/12/2014
Comment4 comments  |  Read  |  Post a Comment
Shadow IT: Not The Risk You Think
Tal Klein, VP Strategy, AdallomCommentary
Enterprise cloud services such as Box, Office 365, Salesforce, and Google Apps can make a better case for being called sanctioned than many legacy, on-premises, IT-provisioned applications.
By Tal Klein VP Strategy, Adallom, 12/12/2014
Comment0 comments  |  Read  |  Post a Comment
Cyberattacks Longer, More Continuous Than Before
Jai Vijayan, Freelance writerNews
A surprisingly large number of organizations experienced cyberattacks lasting more than one month, a new survey found.
By Jai Vijayan Freelance writer, 12/12/2014
Comment1 Comment  |  Read  |  Post a Comment
InformationWeek 2014 Mobile Security Survey
InformationWeek Staff,
Securing company data on mobile devices is the top concern when it comes to mobile security. Respondents worry most about data loss due to lost or stolen devices, and less than half of respondents feel confident that data is protected.
By InformationWeek Staff , 12/12/2014
Comment0 comments  |  Read  |  Post a Comment
Hiring Hackers To Secure The Internet Of Things
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
How some white hat hackers are changing career paths to help fix security weaknesses in consumer devices and business systems.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/11/2014
Comment3 comments  |  Read  |  Post a Comment
FBI Calls For Law Facilitating Security Information Sharing
Sara Peters, Senior Editor at Dark ReadingNews
Uniform breach notification laws and amendments to the Computer Fraud and Abuse Act are also on the list.
By Sara Peters Senior Editor at Dark Reading, 12/11/2014
Comment2 comments  |  Read  |  Post a Comment
Cyber Security Practices Insurance Underwriters Demand
Natalie Lehr, Co-Founder & VP Analytics, TSC AdvantageCommentary
Insurance underwriters aren’t looking for companies impervious to risk. They want clients that understand the threat landscape and have demonstrated abilities to mitigate attacks.
By Natalie Lehr Co-Founder & VP Analytics, TSC Advantage, 12/11/2014
Comment2 comments  |  Read  |  Post a Comment
Securing the Internet of Things
Lorie Wigle, Vice President, General Manager IOT Security Solutions, Intel Security Group
Factors specific to IoT devices make them a unique security risk.
By Lorie Wigle Vice President, General Manager IOT Security Solutions, Intel Security Group, 12/11/2014
Comment1 Comment  |  Read  |  Post a Comment
4 Worst Government Data Breaches Of 2014
Jai Vijayan, Freelance writerNews
Government agency breaches pale in comparison to private sector companies' problems, but government did get hacked in 2014. Look at the four biggest incidents.
By Jai Vijayan Freelance writer, 12/11/2014
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Ex-NSA Agents' Security Startup Lands $8 Million In Funding
Sara Peters, Senior Editor at Dark Reading,  12/10/2014
Price Tag Rises For Stolen Identities Sold In The Underground
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/15/2014
Hiring Hackers To Secure The Internet Of Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/11/2014
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Balancing Accounting Policy & Security Strategy
A long-term approach involves focusing on security as a platform, instead of a selection of individual products and point defenses. Read >>
Partner Perspectives
What's This?
Cartoon
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.
White Papers
Current Issue
Dark Reading, January 2015
To find and fix exploits aimed directly at your business, stop waiting for alerts and become a proactive hunter.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5437
Published: 2014-12-17
Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote management via a request to remote_management.php,...

CVE-2014-5438
Published: 2014-12-17
Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML via the computer_name parameter to connected_devices_computers_edit.php.

CVE-2014-7285
Published: 2014-12-17
The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.

CVE-2014-7880
Published: 2014-12-17
Multiple unspecified vulnerabilities in the POP implementation in HP OpenVMS TCP/IP 5.7 before ECO5 allow remote attackers to cause a denial of service via unspecified vectors.

CVE-2014-8133
Published: 2014-12-17
arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a set...

Best of the Web
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed