Operations // Careers & People
News & Commentary
Phishing: What Once Was Old Is New Again
Dave Kearns, Analyst, Kuppinger-ColeCommentary
I used to think the heyday of phishing had passed. But as Symantec notes in its 2014 Internet Security Threat Report, I was wrong!
By Dave Kearns Analyst, Kuppinger-Cole, 7/30/2014
Comment9 comments  |  Read  |  Post a Comment
The Perfect InfoSec Mindset: Paranoia + Skepticism
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
A little skeptical paranoia will ensure that you have the impulse to react quickly to new threats while retaining the logic to separate fact from fiction.
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 7/29/2014
Comment3 comments  |  Read  |  Post a Comment
Weak Password Advice From Microsoft
Andrey Dulkin, Senior Director, Cyber Innovation, CyberArkCommentary
Tempting as it may seem to do away with strong passwords for low-risk websites, password reuse is still a significant threat to both users and business.
By Andrey Dulkin Senior Director, Cyber Innovation, CyberArk, 7/28/2014
Comment8 comments  |  Read  |  Post a Comment
How To Build A Federal Information Security Team
(ISC)2 Writers Bureau, Commentary
Federal security officers face many challenges building and maintaining an information security team. Here are some tips for putting together a group of employees that will protect your systems and data.
By (ISC)2 Writers Bureau , 7/28/2014
Comment1 Comment  |  Read  |  Post a Comment
Passwords Be Gone! Removing 4 Barriers To Strong Authentication
Phillip M. Dunkelberger, President & CEO, Nok Nok LabsCommentary
As biometric factors become more prevalent on mobile devices, FIDO Alliance standards will gain traction as an industry-wide authentication solution.
By Phillip M. Dunkelberger President & CEO, Nok Nok Labs, 7/24/2014
Comment9 comments  |  Read  |  Post a Comment
Government Security: Saying 'No' Doesn't Work
Steve Jones, Group Strategy Director, Big Data & Analytics, CapgeminiCommentary
It's time for government agencies to move beyond draconian security rules and adopt anomaly analytics.
By Steve Jones Group Strategy Director, Big Data & Analytics, Capgemini, 7/14/2014
Comment0 comments  |  Read  |  Post a Comment
3 BYOD Risk Prevention Strategies
Jim Szafranski, SVP Customer Platform Services, FiberlinkCommentary
An effective BYOD plan must balance control with convenience. Here's what to keep in mind.
By Jim Szafranski SVP Customer Platform Services, Fiberlink, 7/8/2014
Comment2 comments  |  Read  |  Post a Comment
Dark Reading Radio: The Changing Role Of The CSO
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Why does the CSO report to the CIO? Join us for a panel discussion. Showtime is today, Wednesday, 1:00 p.m., New York, 10 a.m., San Francisco.
By Marilyn Cohodas Community Editor, Dark Reading, 7/8/2014
Comment7 comments  |  Read  |  Post a Comment
Why Your Application Security Program May Backfire
Jeff Williams, CTO, Contrast SecurityCommentary
You have to consider the human factor when you’re designing security interventions, because the best intentions can have completely opposite consequences.
By Jeff Williams CTO, Contrast Security, 7/2/2014
Comment4 comments  |  Read  |  Post a Comment
Hacker Movies We Love & Hate
Marilyn Cohodas, Community Editor, Dark Reading
Check out Dark Reading community members' favorite hacker movie hits and misses. Then add your picks in the comments section.
By Marilyn Cohodas Community Editor, Dark Reading, 7/1/2014
Comment3 comments  |  Read  |  Post a Comment
3 Mobile Security Tips For SMBs
Vijay Basani, Co-Founder, President & CEO, EIQ NetworksCommentary
Everyone in an organization has to work together to combat intrusions and data loss, but this is especially true for small businesses.
By Vijay Basani Co-Founder, President & CEO, EIQ Networks, 6/27/2014
Comment5 comments  |  Read  |  Post a Comment
Why A Secured Network Is Like The Human Body
Dan Ross, CEO & President, PromisecCommentary
It’s time to throw away the analogies about building fortresses and perimeter defenses and start to approach InfoSec with the same standard of care we use for public health.
By Dan Ross CEO & President, Promisec, 6/26/2014
Comment11 comments  |  Read  |  Post a Comment
What Workplace Privacy Will Look Like In 10 Years
David Melnick, Founder & CEO, WebLife BalanceCommentary
New laws like Europe's "right to be forgotten" in Google search are just the latest examples of how quickly perceptions and practices about personal privacy in the workplace are changing.
By David Melnick Founder & CEO, WebLife Balance, 6/19/2014
Comment10 comments  |  Read  |  Post a Comment
Ending Cybersecurity Labor Shortage Will Take Time
Sara Peters, News
Researchers at RAND say the industry has taken the right steps, but there is still a long way to go.
By Sara Peters , 6/18/2014
Comment3 comments  |  Read  |  Post a Comment
Security Pro File: Spam-Inspired Journey From Physics To Security
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
SANS Internet Storm Center director Johannes Ullrich talks threat tracking, spam, physics -- and his pick for the World Cup.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 6/17/2014
Comment7 comments  |  Read  |  Post a Comment
A Roadmap for CIOs & CSOs After the Year of the Mega Breach
Sheila B. Jordan, SVP & CIO, SymantecCommentary
The journey starts with three steps: Engage the C-suite, think like a hacker, and look at the big picture.
By Sheila B. Jordan SVP & CIO, Symantec, 6/16/2014
Comment16 comments  |  Read  |  Post a Comment
Academia: Government's Biggest Cyber Security Ally?
W. Hord Tipton, Commentary
Federal cyber security programs need access to fresh talent. They can boost the quality of that talent by bolstering cyber security training in colleges and universities.
By W. Hord Tipton , 6/12/2014
Comment5 comments  |  Read  |  Post a Comment
Target Hires GM Exec As First CISO
Kristin Burnham, Senior Editor, InformationWeek.comCommentary
Target names Brad Maiorino as its first chief information security officer to oversee the company's security and technology risk strategy.
By Kristin Burnham Senior Editor, InformationWeek.com, 6/11/2014
Comment6 comments  |  Read  |  Post a Comment
Don’t Let Lousy Teachers Sink Security Awareness
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
You can't fix a human problem with a technology solution. Here are three reasons why user education can work and six tips on how to develop a corporate culture of security.
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 6/11/2014
Comment11 comments  |  Read  |  Post a Comment
In Praise Of Shadow IT
Eric Zeman, Commentary
80% of those employed by enterprises larger than 1,000 people circumvent IT to use cloud-based tools, new research says. I say let them.
By Eric Zeman , 6/9/2014
Comment12 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-6651
Published: 2014-07-31
Multiple directory traversal vulnerabilities in the Vitamin plugin before 1.1.0 for WordPress allow remote attackers to access arbitrary files via a .. (dot dot) in the path parameter to (1) add_headers.php or (2) minify.php.

CVE-2014-2970
Published: 2014-07-31
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5139. Reason: This candidate is a duplicate of CVE-2014-5139, and has also been used to refer to an unrelated topic that is currently outside the scope of CVE. This unrelated topic is a LibreSSL code change adding functionality ...

CVE-2014-3488
Published: 2014-07-31
The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.

CVE-2014-3554
Published: 2014-07-31
Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp allows remote routers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS Search List (DNSSL) in an IPv6 router advertisement.

CVE-2014-5171
Published: 2014-07-31
SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network.

Best of the Web
Dark Reading Radio