Operations // Careers & People
News & Commentary
SDN And Security: Start Slow, But Start
Greg Ferro, Network Architect & BloggerNews
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul policies
By Greg Ferro Network Architect & Blogger, 12/19/2014
Comment0 comments  |  Read  |  Post a Comment
5 Pitfalls to Avoid When Running Your SOC
Jeff Schilling, CSO, FirehostCommentary
The former head of the US Army Cyber Command SOC shares his wisdom and battle scars about playing offense not defense against attackers.
By Jeff Schilling CSO, Firehost, 12/18/2014
Comment0 comments  |  Read  |  Post a Comment
Stocking Stuffers For Happy Hacking
Ericka Chickowski, Contributing Writer, Dark Reading
Find that perfect gift for your co-workers and much-loved white hats without breaking the bank.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/15/2014
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Radio: How To Become A CISO
Sara Peters, Senior Editor at Dark ReadingCommentary
Find out what employers are really looking for in a chief information security officer.
By Sara Peters Senior Editor at Dark Reading, 12/15/2014
Comment2 comments  |  Read  |  Post a Comment
Ekoparty Isn’t The Next Defcon (& It Doesn’t Want To Be)
Andrew Ford, Developer, BugcrowdCommentary
Unlike American security conferences that offer a buffet of merchandise, meals, and drinks, Ekoparty, in Buenos Aires, is every bit as functional -- with a little less fluff.
By Andrew Ford Developer, Bugcrowd, 12/15/2014
Comment0 comments  |  Read  |  Post a Comment
Smartphones Get Headlines, But Lax USB Security Is Just As Risky
Cam Roberson, Director Reseller Channel, Beachhead SolutionsCommentary
Most companies use no software to detect or secure sensitive data when it is moved to a USB flash drive, or even check USB drives for viruses or malware.
By Cam Roberson Director Reseller Channel, Beachhead Solutions, 12/10/2014
Comment7 comments  |  Read  |  Post a Comment
Internet Of Things: 3 Holiday Gifts That Will Keep CISOs Up At Night
Chris Rouland, Founder & CEO, BastilleCommentary
If you think BYOD policies will protect your infrastructure from the January influx of mobile hotspots, fitness trackers, and Bluetooth, think again.
By Chris Rouland Founder & CEO, Bastille, 12/9/2014
Comment7 comments  |  Read  |  Post a Comment
How To Become a CISO: Top Tips
Sara Peters, Senior Editor at Dark Reading
A look at the best career advice for aspiring CISOs from people who've reached the top.
By Sara Peters Senior Editor at Dark Reading, 12/8/2014
Comment1 Comment  |  Read  |  Post a Comment
How Startups Can Jumpstart Security Innovation
Rick Gordon, Managing Partner, Mach37 Cyber AcceleratorCommentary
One of the best places for CISOs to turn for a cutting-edge cyber security strategy is the burgeoning world of startups. Here’s how to find them.
By Rick Gordon Managing Partner, Mach37 Cyber Accelerator, 12/3/2014
Comment1 Comment  |  Read  |  Post a Comment
How I Became a CISO: Jonathan Trull, Qualys
Sara Peters, Senior Editor at Dark ReadingNews
Technology was more of a hobby than a career choice for Jonathan Trull, but protecting people was always job number one.
By Sara Peters Senior Editor at Dark Reading, 12/1/2014
Comment1 Comment  |  Read  |  Post a Comment
Why We Need Better Cyber Security: A Graphical Snapshot
Marilyn Cohodas, Community Editor, Dark Reading
By 2022, demand for security industry professionals will grow 37%.
By Marilyn Cohodas Community Editor, Dark Reading, 11/28/2014
Comment13 comments  |  Read  |  Post a Comment
How I Became A CISO: Mark Potter, Danya International
Sara Peters, Senior Editor at Dark ReadingNews
Much like one of his favorite choose-your-own-adventure novels, Mark Potter's path to the chief information security officer job was full of twists, turns, and a couple of falls off a cliff.
By Sara Peters Senior Editor at Dark Reading, 11/24/2014
Comment3 comments  |  Read  |  Post a Comment
Cyber Security Needs Its Ralph Nader
Tsion Gonen , Chief Strategy Officer, SafeNetCommentary
It took thousands of unnecessary traffic fatalities to create an environment for radical transformation of the auto industry. What will it take for a similar change to occur in data security?
By Tsion Gonen Chief Strategy Officer, SafeNet, 11/24/2014
Comment14 comments  |  Read  |  Post a Comment
New Citadel Attack Targets Password Managers
Jai Vijayan, Freelance writerNews
IBM researchers have found signs that the prolific data steal Trojan is now being used to attack widely used password managers.
By Jai Vijayan Freelance writer, 11/20/2014
Comment4 comments  |  Read  |  Post a Comment
Enter The Digital Risk Officer
Nick Sanna, President, Digital Risk Management InstituteCommentary
In the brave new world of digital risk management, a CISO would report up to a DRO who manages risk from a business perspective and works with peers in business ops, compliance, and IT security.
By Nick Sanna President, Digital Risk Management Institute, 11/20/2014
Comment1 Comment  |  Read  |  Post a Comment
Killing Passwords: Don’t Get A-Twitter Over ‘Digits’
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Twitter’s new service that eliminates passwords for authentication actually makes your mobile device less secure.
By Dave Kearns Analyst, Kuppinger-Cole, 11/19/2014
Comment5 comments  |  Read  |  Post a Comment
Is Security Awareness Training Really Worth It?
Fahmida Y. Rashid, News
Experts weigh in on the value of end-user security training, and how to make education more effective.
By Fahmida Y. Rashid , 11/18/2014
Comment9 comments  |  Read  |  Post a Comment
Why Cyber Security Starts At Home
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
Even the grandmas on Facebook need to know and practice basic security hygiene, because what happens anywhere on the Internet can eventually affect us all.
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 11/17/2014
Comment13 comments  |  Read  |  Post a Comment
The Enemy Who Is Us: DoD Puts Contractors On Notice For Insider Threats
Adam Firestone, President & GM, Kaspersky Government Security SolutionsCommentary
New rule requires US government contractors to gather and report information on insider threat activity on classified networks.
By Adam Firestone President & GM, Kaspersky Government Security Solutions, 11/13/2014
Comment5 comments  |  Read  |  Post a Comment
How I Became A CISO: Jennings Aske, Nuance Communications
Sara Peters, Senior Editor at Dark ReadingNews
With the training of an attorney, the curiosity of an academic, and some fortuitous timing, Aske rode the compliance wave straight through to the CISO role.
By Sara Peters Senior Editor at Dark Reading, 11/10/2014
Comment9 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7241
Published: 2014-12-19
The TSUTAYA application 5.3 and earlier for Android allows remote attackers to execute arbitrary Java methods via a crafted HTML document.

CVE-2014-7249
Published: 2014-12-19
Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, AR750S, AR750S-DP, AT-8624POE, AT-8624T/2M, AT-8648T/2SP, AT-8748XL, AT-8848, AT-9816GB, AT-9924T, AT-9924Ts, CentreCOM AR415S, CentreCOM AR450S, CentreCOM AR550S, CentreCOM AR570S, CentreCOM 8700SL, CentreCOM 8948XL, CentreCOM 992...

CVE-2014-7267
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the output-page generator in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-7268.

CVE-2014-7268
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the data-export feature in the Ricksoft WBS Gantt-Chart add-on 7.8.1 and earlier for JIRA allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-7267.

CVE-2014-8272
Published: 2014-12-19
The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.