News & Commentary
Welcome To My Cyber Security Nightmare
TK Keanini, CTO, LancopeCommentary
Happy Halloween. Here are three chilling scenarios that will keep even the most hardened infosec warrior awake all night.
By TK Keanini CTO, Lancope, 10/30/2014
Comment0 comments  |  Read  |  Post a Comment
Keep Calm & Verify: How To Spot A Fake Online Data Dump
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Determining whether a data dump on Pastebin or elsewhere online is legit can be time-consuming and resource-intensive. Deloitte & Touche offers tips for how to weed out the fake hacks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/29/2014
Comment0 comments  |  Read  |  Post a Comment
Infographic: The Many Faces of Today’s Hackers
John Trobough, CEO, NarusCommentary
How many of these hacker personas are you dueling with in your organization?
By John Trobough CEO, Narus, 10/29/2014
Comment1 Comment  |  Read  |  Post a Comment
White House Says Unclassified Network Hit In Cyberattack
Jai Vijayan, Freelance writerNews
Mitigation efforts have caused temporary outages and loss of connectivity for some staff, but no computers have been damaged, official says.
By Jai Vijayan Freelance writer, 10/29/2014
Comment1 Comment  |  Read  |  Post a Comment
Security Companies Team Up, Take Down Chinese Hacking Group
Sara Peters, Senior Editor at Dark ReadingNews
Novetta, Microsoft, and others form Operation SMN to eradicate Hikit malware and disrupt the cyber espionage gang Axiom's extensive information gathering.
By Sara Peters Senior Editor at Dark Reading, 10/28/2014
Comment4 comments  |  Read  |  Post a Comment
Retailers Facing Intensified Cyberthreat This Holiday Season
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
After the Year of the Retail Breach, retail's annual holiday shopping season "freeze" on new technology and some security patching is just around the corner.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/28/2014
Comment8 comments  |  Read  |  Post a Comment
What Scares Me About Healthcare & Electric Power Security
John B. Dickson, CISSP,  Principal, Denim GroupCommentary
Both industries share many of the same issues as enterprises. But they also have a risk profile that makes them singularly unprepared for sophisticated threats
By John B. Dickson CISSP, Principal, Denim Group, 10/28/2014
Comment12 comments  |  Read  |  Post a Comment
Researcher Shows Why Tor Anonymity Is No Guarantee Of Security
Jai Vijayan, Freelance writerNews
Tor exit node in Russia spotted downloading malicious code.
By Jai Vijayan Freelance writer, 10/27/2014
Comment1 Comment  |  Read  |  Post a Comment
A Simple Formula For Usable Risk Intelligence
Jason Polancich, Founder & Chief Architect, SurfWatchLabsCommentary
How infosec can cut through the noise and gain real value from cyberdata.
By Jason Polancich Founder & Chief Architect, SurfWatchLabs, 10/27/2014
Comment8 comments  |  Read  |  Post a Comment
Backoff PoS Malware Boomed In Q3
Brian Prince, Contributing Writer, Dark ReadingNews
The security firm Damballa detected a 57% increase in infections of the notorious Backoff malware from August to September.
By Brian Prince Contributing Writer, Dark Reading, 10/24/2014
Comment7 comments  |  Read  |  Post a Comment
Poll: Patching Is Primary Response to Shellshock
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
As potential threats mount, Dark Reading community members hone in on patching infrastructure but not devices, according to our latest poll.
By Marilyn Cohodas Community Editor, Dark Reading, 10/24/2014
Comment11 comments  |  Read  |  Post a Comment
US Military Officials, Defense Firms Targeted In 'Operation Pawn Storm'
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Cyber espionage attackers "did their homework" in an attack campaign that has intensified in the wake of US-Russian tensions.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/23/2014
Comment7 comments  |  Read  |  Post a Comment
Financial Services Ranks Cyberattacks Top Industry Worry
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Depository Trust & Clearing Corporation (DTCC) survey says cyberrisk is one of the top five concerns for financial services firms.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/23/2014
Comment3 comments  |  Read  |  Post a Comment
Attacks On Patched Sandworm Flaw Force Microsoft To Issue Fix It
Jai Vijayan, Freelance writerNews
More than a week after Microsoft fixed a flaw affecting almost all Windows versions, attackers are continuing to exploit it.
By Jai Vijayan Freelance writer, 10/23/2014
Comment0 comments  |  Read  |  Post a Comment
Incident Response: Is Your IR Plan A Glorified Phone Tree?
Kerstyn Clover, Attack & Defense Team ConsultantCommentary
Training internal security teams to be first responders can drastically improve an organization's effectiveness in the wake of a data breach. Here's why.
By Kerstyn Clover Attack & Defense Team Consultant, 10/23/2014
Comment4 comments  |  Read  |  Post a Comment
Enterprise Security: Why You Need a Digital Immune System
Mike Fey, EVP, GM of Corporate Products & CTO, Intel Security
I’ve often talked about “trial and error” hacking tactics and how organizations frequently build “rat maze” defenses in response to them. Each time they learn ...
By Mike Fey EVP, GM of Corporate Products & CTO, Intel Security, 10/23/2014
Comment3 comments  |  Read  |  Post a Comment
DHS Investigates Dozens Of Medical Device Cybersecurity Flaws
Jai Vijayan, Freelance writerCommentary
Department of Homeland Security reportedly investigating two-dozen products from major medical device manufacturers for security holes.
By Jai Vijayan Freelance writer, 10/23/2014
Comment3 comments  |  Read  |  Post a Comment
Pharmaceuticals, Not Energy, May Have Been True Target Of Dragonfly, Energetic Bear
Sara Peters, Senior Editor at Dark ReadingNews
New research says the compromised companies were suppliers for OEMs that served pharma and biotech.
By Sara Peters Senior Editor at Dark Reading, 10/22/2014
Comment0 comments  |  Read  |  Post a Comment
Cyber Threats: Information vs. Intelligence
Matt Hartley, VP Product Management, iSIGHT PartnersCommentary
Cyber threat intelligence or CTI is touted to be the next big thing in InfoSec. But does it narrow the security problem or compound it?
By Matt Hartley VP Product Management, iSIGHT Partners, 10/22/2014
Comment2 comments  |  Read  |  Post a Comment
Why Outlawing Encryption Is Wrong
Jonathan Feldman, CIO, City of Asheville, NCCommentary
Putting data encryption solely into the hands of government employees won't prevent bad things from happening -- and it might encourage wrongdoing.
By Jonathan Feldman CIO, City of Asheville, NC, 10/22/2014
Comment12 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-10-30
Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI.

Published: 2014-10-30
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file.

Published: 2014-10-30
SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in BSS Continuity CMS 4.2.22640.0 allows remote attackers to execute arbitrary SQL commands via the nodeid parameter.

Published: 2014-10-30
The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service.

Published: 2014-10-30
Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vect...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.