Operations // Careers & People
News & Commentary
Why We Need In-depth SAP Security Training
Juan Pablo Perez-Etchegoyen, CTO, OnapsisCommentary
SAP and Oracle are releasing tons of patches every month, but are enterprises up to this complex task? I have my doubts.
By Juan Pablo Perez-Etchegoyen CTO, Onapsis, 7/1/2015
Comment2 comments  |  Read  |  Post a Comment
Getting To Yes: Negotiating Technology Innovation & Security Risk
Tsion Gonen , Chief Strategy Office, Gemalto, Identity & Data ProtectionCommentary
As enterprises look for ways to leverage the cloud, mobility, Big Data, and social media for competitive advantage, CISOs can no longer give blanket refusals to IT experimentation.
By Tsion Gonen Chief Strategy Office, Gemalto, Identity & Data Protection, 6/30/2015
Comment0 comments  |  Read  |  Post a Comment
4 Signs Your Board Thinks Security Readiness Is Better Than It Is
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Ponemon Institute survey shows a gap in perception between boards of directors and IT executives when it comes to IT risk posture.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/30/2015
Comment1 Comment  |  Read  |  Post a Comment
Social Engineering & Black Hat: Do As I Do Not As I Say
Tal Klein, VP Strategy, Lakeside Software.Commentary
Yes, I will be at Black Hat, where people will yell at me about NOT giving my PII to anyone, especially if they ask me for it via email.
By Tal Klein VP Strategy, Lakeside Software., 6/29/2015
Comment3 comments  |  Read  |  Post a Comment
3 Simple Steps For Minimizing Ransomware Exposure
Michelle Drolet, Founder, TowerwallCommentary
If your data is important enough to pay a ransom, why wasn't it important enough to properly backup and protect in the first place?
By Michelle Drolet Founder, Towerwall, 6/26/2015
Comment0 comments  |  Read  |  Post a Comment
Why China Wants Your Sensitive Data
Adam Meyers, VP of Intelligence, CrowdStrikeCommentary
Since May 2014, the Chinese government has been amassing a 'Facebook for human intelligence.' Here's what it's doing with the info.
By Adam Meyers VP of Intelligence, CrowdStrike, 6/24/2015
Comment17 comments  |  Read  |  Post a Comment
The Dark Web: An Untapped Source For Threat Intelligence
Jason Polancich, Founder & Chief Architect, SurfWatchLabsCommentary
Most organizations already have the tools for starting a low-cost, high-return Dark Web cyber intelligence program within their existing IT and cybersecurity teams. Here’s how.
By Jason Polancich Founder & Chief Architect, SurfWatchLabs, 6/23/2015
Comment1 Comment  |  Read  |  Post a Comment
Security Surveys: Read With Caution
Bill Brenner, Information Security BloggerCommentary
I’m skeptical of industry surveys that tell security practitioners what they already know. Don’t state the obvious. Tell us the way forward.
By Bill Brenner Information Security Blogger, 6/22/2015
Comment1 Comment  |  Read  |  Post a Comment
CIOs And Security: Time To Rethink The Processes?
Paul Korzeniowski, Commentary
Businesses need to develop new security responses to address gigantic attacks, and the CIO is in the best position to lead the way.
By Paul Korzeniowski , 6/22/2015
Comment10 comments  |  Read  |  Post a Comment
7 Top Security Quotes From London Technology Week
Sara Peters, Senior Editor at Dark Reading
Tech events across the city hit on IoT, smart cities, mobility and Legos.
By Sara Peters Senior Editor at Dark Reading, 6/19/2015
Comment9 comments  |  Read  |  Post a Comment
9 Questions For A Healthy Application Security Program
Patrick Thomas, Senior Security Consultant, Cisco Security SolutionsCommentary
Teams often struggle with building secure software because fundamental supporting practices aren't in place. But those practices don't require magic, just commitment.
By Patrick Thomas Senior Security Consultant, Cisco Security Solutions, 6/19/2015
Comment1 Comment  |  Read  |  Post a Comment
Cybersecurity Advice From A Former White House CIO
Theresa Payton, Former White House CIO, CEO of Fortalice Solutions, LLCCommentary
Today's playbook demands 'human-centered' user education that assumes people will share passwords, forget them, and do unsafe things to get their jobs done.
By Theresa Payton Former White House CIO, CEO of Fortalice Solutions, LLC, 6/18/2015
Comment4 comments  |  Read  |  Post a Comment
Survival Tips For The Security Skills Shortage
Nimmy Reichenberg, VP of Strategy, AlgoSecCommentary
No matter how you slice it, creating a security professional with 10 years of experience takes, well, 10 years. Here are six suggestions for doing more with less.
By Nimmy Reichenberg VP of Strategy, AlgoSec, 6/12/2015
Comment5 comments  |  Read  |  Post a Comment
Security Metrics: It’s All Relative
Joshua Goldfarb, VP & CTO - Americas, FireEye.Commentary
What a haircut taught me about communicating the value of security to executives and non-security professionals.
By Joshua Goldfarb VP & CTO - Americas, FireEye., 6/9/2015
Comment2 comments  |  Read  |  Post a Comment
Tim Cook: Customers, Not Companies, Should Control Their Data
Nathan Eddy, Freelance WriterNews
Apple CEO Tim Cook told a crowd that consumer data should be theirs to keep and not used to make businesses money. He targeted Google and Facebook without mentioning them.
By Nathan Eddy Freelance Writer, 6/3/2015
Comment9 comments  |  Read  |  Post a Comment
Help Wanted: Security Heroes & Heroines Only Need Apply
Malcolm Harkins, Chief Information Security Officer, Cylance Inc.Commentary
If we want to do more than simply defend ourselves, we need security champions and equally heroic security solutions.
By Malcolm Harkins Chief Information Security Officer, Cylance Inc., 6/3/2015
Comment1 Comment  |  Read  |  Post a Comment
Shaping A Better Future For Software Security
Kevin E. Greene, Software Assurance Program Manager, Department of Homeland Security Science & Technology DirectorateCommentary
Industry and government leaders discuss ways to improve practices, awareness and education around secure software development. Here’s a recap of what you missed.
By Kevin E. Greene Software Assurance Program Manager, Department of Homeland Security Science & Technology Directorate, 6/2/2015
Comment3 comments  |  Read  |  Post a Comment
Board Rooms Becoming More Security-Savvy
Sara Peters, Senior Editor at Dark ReadingNews
Thirty-five percent say they discuss cybersecurity at every board meeting, a Veracode-NYSE survey says.
By Sara Peters Senior Editor at Dark Reading, 6/1/2015
Comment1 Comment  |  Read  |  Post a Comment
Today’s Requirements To Defend Against Tomorrow’s Insider Threats
Scott Weber, Managing Director, Stroz FriedbergCommentary
At its most basic, a consistent and meaningful insider threat detection program has two components: data and people. Here’s how to put them together.
By Scott Weber Managing Director, Stroz Friedberg, 6/1/2015
Comment0 comments  |  Read  |  Post a Comment
How I Would Secure The Internet With $4 Billion
Jim Manico, OWASP Global Board MemberCommentary
In an open letter to President Obama, a member of the Open Web Application Security Project tells why pending legislation on threat-intel sharing doesn’t go far enough.
By Jim Manico OWASP Global Board Member, 5/29/2015
Comment9 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0543
Published: 2015-07-05
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2015-0544
Published: 2015-07-05
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by predicting a value.

CVE-2015-4129
Published: 2015-07-05
SQL injection vulnerability in Subrion CMS before 3.3.3 allows remote authenticated users to execute arbitrary SQL commands via modified serialized data in a salt cookie.

CVE-2015-0547
Published: 2015-07-04
The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.

CVE-2015-0548
Published: 2015-07-04
The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report