News & Commentary
Latest Content
Page 1 / 2   >   >>
Don't Blame It On The Web Programming Platform
Quick Hits  |  4/15/2014  | 
New data shows no one Web development platform generates more vulnerabilities than another -- and website security is still a problem.
White House Details Zero-Day Bug Policy
News  |  4/15/2014  | 
NSA denies prior knowledge of the Heartbleed vulnerability, but the White House reserves the right to withhold zero-day exploit information is some cases involving security or law enforcement.
Black Hat USA 2014: Pentesting? Thought You'd Never Ask
Event Updates  |  4/15/2014  | 
If Black Hat USA 2014 isn't quite around the corner, it's definitely on the horizon, and the team is hard at work putting together this year's programming.
Active Directory Is Dead: 3 Reasons
Commentary  |  4/15/2014  | 
These days, Active Directory smells gangrenous to innovative companies born in the cloud and connecting customers, employees, and partners across devices at light speed.
Heartbleed's Intranet & VPN Connection
News  |  4/14/2014  | 
How the game-changing crypto bug affects internal servers, clients, and VPN networks -- and what to do about it.
Akamai Withdraws Proposed Heartbleed Patch
News  |  4/14/2014  | 
As researchers demonstrate OpenSSL bug exploits that retrieve private keys, Akamai rescinds a patch suggestion for the SSL/TLS library after a security researcher punches holes in it.
'Baby Teeth' In Infrastructure Cyber Security Framework
Commentary  |  4/14/2014  | 
NISTís modest effort to improve lax security around IT infrastructure in airports, utilities, and other critical areas now heads to Congress. Don't hold your breath.
Iranian-Based Cyberattack Activity On The Rise, Mandiant Report Says
News  |  4/11/2014  | 
New report details the rise of suspected Iranian and Syrian-based cyber-attacks.
Free Heartbleed-Checker Released for Firefox Browser
Quick Hits  |  4/11/2014  | 
Browser plug-ins arrive for Firefox and Chrome that scan websites for Heartbleed risk
Windows XP Alive & Well in ICS/SCADA Networks
News  |  4/10/2014  | 
End-of-life for XP support not raising many red flags in critical infrastructure environments, where patching is the exception.
Heartbleed Will Go On Even After The Updates
News  |  4/10/2014  | 
What's next now that the mindset is 'assume the worst has already occurred?'
Flash Poll: Broken Heartbeat
Commentary  |  4/10/2014  | 
What steps do you plan to take in response to the Heartbleed bug? Take our poll and share your reasons in the comments.
Heartbleed: Examining The Impact
Commentary  |  4/10/2014  | 
With Heartbleed, thereís little hope of knowing if an asset was breached, if a breach can be identified, or what, if any, data was leaked. Hereís how to defend against future attacks.
CIO Vs. CSO: Allies Or Enemies?
Commentary  |  4/10/2014  | 
In the wake of the Target breach it's clear that the CIO and CSO must have clear boundaries of responsibility and equal representation in the board room.
Majority Of Users Have Not Received Security Awareness Training, Study Says
Quick Hits  |  4/10/2014  | 
Many users fail to follow policies on mobile, cloud security, EMA Research study says.
More Than A Half-Million Servers Exposed To Heartbleed Flaw
News  |  4/9/2014  | 
What the newly exposed SSL/TLS threat really means for enterprises and end-users.
Whatís Worse: Credit Card Or Identity Theft?
Commentary  |  4/9/2014  | 
When it comes to data loss, itís time for the conversation to shift from credit cards to personal information like Social Security numbers, home addresses, and your favorite flavor of ice cream.
Emergency SSL/TLS Patching Under Way
News  |  4/8/2014  | 
A "Heartbleed" flaw revealed in the OpenSSL library leaks the contents of memory, including passwords, source code, and keys.
One Year Later: The APT1 Report
Commentary  |  4/8/2014  | 
One of the most positive impacts of APT1 is the undeniable rise in the stature of the threat intelligence industry. "Threat Intelligence" is the SIEM, the NAC of 2014.
Operation Stop the Exfiltration
News  |  4/7/2014  | 
Determined cybercriminals and cyberspies will find their way to the data they want, but there are ways to trip them up as they try to make their way out.
Social Engineering Grows Up
News  |  4/7/2014  | 
Fifth annual DEF CON Social Engineering Capture the Flag Contest kicks off today with new "tag team" rules to reflect realities of the threat.
If Mother Nature Were A CISO
Commentary  |  4/7/2014  | 
There are many defensive patterns in nature that also apply to information security. Here's how to defeat your predators in the high-stakes game of corporate survival and resiliency.
We Are the Perimeter
Guest Blogs  |  4/7/2014  | 
End users, not technology, define the boundaries of the enterprise. Security strategies must protect this new perimeter.
Tech Insight: Making Data Classification Work
Commentary  |  4/4/2014  | 
Data classification involves much more than simply buying a product and dropping it in place. Here are some dos and don'ts.
Advanced Attacks Are The New Norm, Study Says
Quick Hits  |  4/4/2014  | 
According to the Websense 2014 Threat Report, most malicious exploits now are advanced and targeted.
Nominum: 24 Million Home Routers Exposing ISPs to DDoS Attacks
News  |  4/4/2014  | 
Even Internet service providers that go to great lengths to protect their networks are vulnerable.
NSAís Big Surprise: Govít Agency Is Actually Doing Its Job
Commentary  |  4/4/2014  | 
When people claimed after 9/11 that the NSA was ill equipped to deal with a changing world, I wonder what they expected to happen.
Advanced Persistent Threats: What Are They, Really?
Advanced Persistent Threats: What Are They, Really?
Dark Reading Videos  |  4/4/2014  | 
There seem to be as many definitions of APT as there are actual APTs. So what is an advanced persistent threat, really?
Study: Security Fears Continue To Block Cloud Deployment
Quick Hits  |  4/3/2014  | 
'Fear of the unknown' still haunts cloud adoption.
API-First: 3 Steps For Building Secure Cloud Apps
Commentary  |  4/3/2014  | 
When it comes to protecting data traveling to and from the cloud, today's choices are daunting. Here are three steps for making the application programming interface your new best friend.
What Is The FIDO Alliance?
What Is The FIDO Alliance?
Dark Reading Videos  |  4/2/2014  | 
Phillip Dunkelberger of Nok Nok Labs explains why its proposed specifications will transform computing.
Extra, Extra: What's New With Dark Reading News & Analysis
Commentary  |  4/2/2014  | 
How to share your opinion, news tips, and ideas.
The Right Stuff: Staffing Your Corporate SOC
Commentary  |  4/2/2014  | 
What makes a top-notch security analyst? Passion, experience, and communication skills trump certifications and degrees. But you get what you pay for.
Cyber Criminals Operate On A Budget, Too
Quick Hits  |  4/1/2014  | 
New report shines light on how attacks have gotten more advanced but still basically use some of the same old, same old, tools
Be Careful Beating Up Target
Commentary  |  4/1/2014  | 
Target was actually better prepared than most retailers. The real problem lies with the current state of industry threat intelligence and IR practices.
Researchers: RSA Adopted Second Tool That Might Have Helped NSA Surveillance
Quick Hits  |  4/1/2014  | 
RSA adopted a technology extension for secure websites that may have allowed faster cracking of RSAís flawed Dual Elliptic Curve.
Wickr Spreads Its 'Leave No Trace' Messaging
News  |  4/1/2014  | 
Privacy-conscious messaging technology now offered to other social media, messaging providers.
Community & A Virtual Handshake
Commentary  |  3/31/2014  | 
A secret handshake means you are part of a shared experience. That's what the Dark Reading community is all about.
Bit Errors & the Internet of Things
Commentary  |  3/31/2014  | 
Internet traffic, misdirected to malicious bitsquatted domains, has plagued computer security for years. The consequences will be even worse for the IoT.
Top Advice for CISOs
Top Advice for CISOs
Dark Reading Videos  |  3/31/2014  | 
Some of the soft skills are the hardest ones for CISOs to deploy.
'Thingularity' Triggers Security Warnings
News  |  3/28/2014  | 
The Internet of Things is creating 50 billion Internet-connected devices. Who is going to keep them updated and secure?
Incident Response Now Shaping Security Operations
News  |  3/28/2014  | 
How an organization reacts to hackers infiltrating its network is becoming the key to damage control for data -- and the corporate image.
Hackers Cash In On ATMs
News  |  3/28/2014  | 
Malware uses text messages and other techniques to infect ATMs and ultimately allow criminals to steal cash.
Flying Naked: Why Most Web Apps Leave You Defenseless
Commentary  |  3/28/2014  | 
Even the best-funded and "mature" corporate AppSec programs aren't testing all their web applications and services. That leaves many applications with no real security in place.
Richard Clarke: Snowden Should Be in Prison
Richard Clarke: Snowden Should Be in Prison
Dark Reading Videos  |  3/28/2014  | 
Former White House cybersecurity advisor says Edward Snowden has jeopardized the United States' national security.
Attacks Rise On Network 'Blind' Spot
News  |  3/27/2014  | 
Interop speaker says DDoS attacks are not the only forms of abuse on the Domain Name Server.
Android Apps Hide Crypto-Currency Mining Malware
News  |  3/27/2014  | 
Apps downloaded by millions from Google Play and Spanish software forums include hidden altcoin-mining software. But criminals aren't getting rich quickly.
MACH37 Funds Six New Security Startups
Quick Hits  |  3/27/2014  | 
The cyberaccelerator MACH37 begins work with six emerging cybersecurity firms.
Welcome To The New Dark Reading
Welcome To The New Dark Reading
Dark Reading Videos  |  3/27/2014  | 
Check out Dark Reading's Tim Wilson and Kelly Jackson Higgins talking about the reason behind the re-launch.
A Cyber History Of The Ukraine Conflict
Commentary  |  3/27/2014  | 
The CTO for the US Cyber Consequences Unit offers a brief lesson in Russian geopolitics and related cyber flare-ups, and explains why we should be concerned.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If youíre still focused on securing endpoints, youíve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-5704
Published: 2014-04-15
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."

CVE-2013-5705
Published: 2014-04-15
apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.

CVE-2014-0341
Published: 2014-04-15
Multiple cross-site scripting (XSS) vulnerabilities in PivotX before 2.3.9 allow remote authenticated users to inject arbitrary web script or HTML via the title field to (1) templates_internal/pages.tpl, (2) templates_internal/home.tpl, or (3) templates_internal/entries.tpl; (4) an event field to ob...

CVE-2014-0342
Published: 2014-04-15
Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .php# extension, and then accessing it via unspecified vectors.

CVE-2014-0348
Published: 2014-04-15
The Artiva Agency Single Sign-On (SSO) implementation in Artiva Workstation 1.3.x before 1.3.9, Artiva Rm 3.1 MR7, Artiva Healthcare 5.2 MR5, and Artiva Architect 3.2 MR5, when the domain-name option is enabled, allows remote attackers to login to arbitrary domain accounts by using the corresponding...

Best of the Web