Database Security
Authentication
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Cybercrime: A Black Market Price List From The Dark Web
From NY To Bangladesh: Inside An Inexcusable Cyber Heist
'FBiOS' Case Heading For A New Firestorm
6 Hot Cybersecurity Startups: MACH37's Spring Class Of 2016
Vuln Disclosure: Why Security Vendors & Researchers Don't Trust Each Other
News & Commentary
Ransomware Authors Break New Ground With Petya
Jai Vijayan, Freelance writerNews
Instead of encrypting files on disk, Petya goes for the jugular by encrypting the entire disk instead, says F-Secure.
By Jai Vijayan Freelance writer, 4/1/2016
Comment0 comments  |  Read  |  Post a Comment
Raising The Stakes For Application Security
Jeremiah Grossman, Commentary
Why, if we already know most everything we need to know about exploited vulnerabilities in software, do hacks keep happening?
By Jeremiah Grossman , 4/1/2016
Comment0 comments  |  Read  |  Post a Comment
DoD Picks HackerOne To Run Its Historic Bug Bounty Pilot
Dark Reading Staff, Quick Hits
HackerOne will run US federal government's first-ever bug bounty pilot 'Hack The Pentagon.'
By Dark Reading Staff , 4/1/2016
Comment0 comments  |  Read  |  Post a Comment
SecurityScorecard Offers Free Cybersecurity Assessment
Dark Reading Staff, Quick Hits
New security assessment tool provides a security "posture score" based on their protection-level and flaws in the network.
By Dark Reading Staff , 4/1/2016
Comment0 comments  |  Read  |  Post a Comment
In Brief: The Unusual Suspects -- DeMystifying Attack Groups
Brian Gillooly, Vice President, Event Content & Strategy, UBM TechCommentaryVideo
Your adversary is an imperfect human being. Use that knowledge to fight back.
By Brian Gillooly Vice President, Event Content & Strategy, UBM Tech, 3/31/2016
Comment0 comments  |  Read  |  Post a Comment
Apple’s Workflow For Enterprise iOS App Distribution Vulnerable To Attack
Jai Vijayan, Freelance writerNews
Millions of iPhones and iPads running iOS 9 can be exploited if enrolled in mobile device management, Check Point Software says.
By Jai Vijayan Freelance writer, 3/31/2016
Comment0 comments  |  Read  |  Post a Comment
Symantec: Financial Trojans Declined By 73% In 2015
Emily Johnson, Associate Editor, UBM AmericasNews
Symantec detected far fewer financial Trojans in 2015 and saw cybercriminals focus more of their efforts directly on financial institutions.
By Emily Johnson Associate Editor, UBM Americas, 3/31/2016
Comment0 comments  |  Read  |  Post a Comment
When It Comes To Cyberthreat Intelligence, Sharing Is Caring
Vincent Weafer, Senior Vice President, Intel Security
Shared cyberthreat intelligence will soon be a critical component of security operations, enabling organizations to better protect their digital assets and respond more quickly to emerging threats.
By Vincent Weafer Senior Vice President, Intel Security, 3/31/2016
Comment0 comments  |  Read  |  Post a Comment
New Portal Launched For ICS/SCADA Threat Intelligence-Sharing Among Nations
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The EastWest Institute teamed up with the US ICS-ISAC to create a platform for critical infrastructure operators worldwide to share threat data.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/31/2016
Comment0 comments  |  Read  |  Post a Comment
Hackers Attack Major US Law Firms
Dark Reading Staff, Quick Hits
Hackers broke into computer networks of prominent law firms, and the FBI is investigating whether the stolen data was used for illegal trading purposes, the WSJ reports.
By Dark Reading Staff , 3/31/2016
Comment0 comments  |  Read  |  Post a Comment
Machine Learning In Security: Seeing the Nth Dimension in Signatures
Gunter Ollmann, Chief Security Officer, VectraCommentary
How adding “supervised” machine learning to the development of n-dimensional signature engines is moving the detection odds back to the defender.
By Gunter Ollmann Chief Security Officer, Vectra, 3/31/2016
Comment1 Comment  |  Read  |  Post a Comment
NIST Publishes New Security Standard For Encrypting Credit Card, Medical Info
Dark Reading Staff, Quick Hits
NIST published a new cybersecurity standard that specifies 'format- preserving encryption' techniques to secure credit card number and sensitive medical information.
By Dark Reading Staff , 3/31/2016
Comment1 Comment  |  Read  |  Post a Comment
Business Disruption A Big Focus In 2015 Cyberattacks
Jai Vijayan, Freelance writerNews
In a shift from the low and slow attacks of recent years, many incidents last year were attention seeking and were motivated not just by money, according to Mandiant's annual report.
By Jai Vijayan Freelance writer, 3/30/2016
Comment0 comments  |  Read  |  Post a Comment
'FBiOS' Case Heading For A New Firestorm
Jonathan Braverman, Legal and Compliance Officer, CymmetriaCommentary
The surprise developments in the FBI v Apple case offer little reason to celebrate for encryption and privacy advocates.
By Jonathan Braverman Legal and Compliance Officer, Cymmetria, 3/30/2016
Comment0 comments  |  Read  |  Post a Comment
Machine Learning In Security: Good & Bad News About Signatures
Gunter Ollmann, Chief Security Officer, VectraCommentary
Why security teams that rely solely on signature-based detection are overwhelmed by a high number of alerts.
By Gunter Ollmann Chief Security Officer, Vectra, 3/30/2016
Comment0 comments  |  Read  |  Post a Comment
Cybercrime: A Black Market Price List From The Dark Web
Ericka Chickowski, Contributing Writer, Dark Reading
What does it cost for malware, stolen identities and other tools of the cybercriminal trade? Probably less than you think.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/30/2016
Comment0 comments  |  Read  |  Post a Comment
New Florida Law Lets Agencies Keep Some Breach Details Under Wraps
Dark Reading Staff, Quick Hits
Florida governor Rick Scott signs a bill to keep some critical information about data breaches confidential and out of the public eye.
By Dark Reading Staff , 3/30/2016
Comment0 comments  |  Read  |  Post a Comment
NIST Cybersecurity Framework Adoption Hampered By Costs, Survey Finds
Dark Reading Staff, Quick Hits
Security pros consider the NIST framework an industry best practice, yet half of its adopters say its complete implementation involves a high level of investment.
By Dark Reading Staff , 3/30/2016
Comment5 comments  |  Read  |  Post a Comment
FBI Cracks Terrorist’s iPhone -- Sans Apple
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Now there's a new hole in the iPhone 5c, so what happens next?
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/29/2016
Comment5 comments  |  Read  |  Post a Comment
From NY To Bangladesh: Inside An Inexcusable Cyber Heist
John Moynihan, President, Minuteman GovernanceCommentary
A spelling error was the tipoff to last month’s multimillion-dollar digital bank heist. But could multifactor authentication have prevented it in the first place?
By John Moynihan President, Minuteman Governance, 3/29/2016
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Mathewpual
Current Conversations nice post
In reply to: Re: Merger with Bit9
Post Your Own Reply
More Conversations
Products & Releases
Avira Launches Phantom VPN for Secure and Anonymous Internet Access, Anywhere
SolarWinds Study Reveals Hybrid IT is the Reality for Majority of Businesses; Security Concerns, New Skillsets Top of Mind for IT Professionals
BakerHostetler Data Security Incident Response Report Reveals Being 'Compromise Ready' Better Positions Companies to Respond to Incidents
Wombat Security Launches Healthcare Security Awareness and Training Program
Austin data startup builds security leadership with new additions
More Than 90 Percent of Newly Observed Malicious Domains Worldwide Hosted in the U.S. and Germany, According to the Infoblox DNS Threat Index
Loss of Customer Trust and Decreased Revenues Most Damaging Consequences of DDoS Attacks According to IT Security Pros and Network Operators
Internal Threats Startup Teramind Launches, Helping Companies Detect and Stop Malicious Users in Real-Time
More Products & Releases
PR Newswire
FBI Cracks Terrorist's iPhone -- Sans Apple
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/29/2016
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
When It Comes To Cyberthreat Intelligence, Sharing Is Caring
Shared cyberthreat intelligence will soon be a critical component of security operations, enabling organizations to better protect their digital assets and respond more quickly to emerging threats. Read >>
Partner Perspectives
What's This?
Breach Defense Playbook: Cybersecurity Governance
Time to leave the island: Integrate cybersecurity into your risk management strategy. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Dark Reading Radio
Archived Dark Reading Radio
Join Dark Reading Executive Editor Kelly Jackson Higgins as she talks to authentication experts to find out what the future holds.
White Papers
Current Issue
Understanding & Managing the Mobile Security Threat
Mobile devices are increasing IT security risk. Is your enterprise ready?
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed