News & Commentary
RSA: Follow Keynote Sessions on Dark Reading
Sara Peters, Senior Editor at Dark ReadingNews
RSA's new CEO, Amit Yoran takes aim at SIEM. Follow here for more from the first morning of keynote sessions at the RSA Conference.
By Sara Peters Senior Editor at Dark Reading, 4/21/2015
Comment1 Comment  |  Read  |  Post a Comment
Virginia Forms First State-Level Cyberthreat Intel-Sharing Organization
Dark Reading Staff, Quick Hits
Governor Terry McAuliffe today announced Virginia's new Information Sharing and Analysis Organization (ISAO).
By Dark Reading Staff , 4/21/2015
Comment0 comments  |  Read  |  Post a Comment
Microsoft Zero-Day Bug Being Exploited In The Wild
Sara Peters, Senior Editor at Dark ReadingNews
As attacks mount, and over 70 million websites remain vulnerable, advice is "fix now."
By Sara Peters Senior Editor at Dark Reading, 4/16/2015
Comment0 comments  |  Read  |  Post a Comment
How Ionic Says It Makes Data Breaches Irrelevant
Sara Peters, Senior Editor at Dark ReadingNews
Ionic Security goes public with a data security platform that manages trillions of encryption keys and enables a user to sign each pixel with its own unique key.
By Sara Peters Senior Editor at Dark Reading, 4/15/2015
Comment2 comments  |  Read  |  Post a Comment
Verizon DBIR: Mobile Devices Not A Factor In Real-World Attacks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New annual Verizon Data Breach Investigations Report shows most attacks affect a secondary victim, the average cost of a data breach is just 58 cents per stolen record -- and attackers are not going after mobile en masse.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/14/2015
Comment2 comments  |  Read  |  Post a Comment
Salesforce Acquires Mobile Authentication Specialist Toopher
Nathan Eddy, Freelance WriterNews
Salesforce is looking to add to its identity and access management offering by acquiring start-up Toopher. Financial details were not disclosed.
By Nathan Eddy Freelance Writer, 4/2/2015
Comment0 comments  |  Read  |  Post a Comment
British Airways The Latest Loyalty Program Breach Victim
Sara Peters, Senior Editor at Dark ReadingNews
Who needs to steal credit cards when you can get airfare and luxury items for free?
By Sara Peters Senior Editor at Dark Reading, 3/30/2015
Comment1 Comment  |  Read  |  Post a Comment
Study: Enterprises Losing Faith In Digital Certificates, Crytographic Keys
Tim Wilson, Editor in Chief, Dark ReadingNews
On the heels of Heartbleed and other vulnerabilities, many enterprises are not confident in the ability of digital certificates to protect their data, Ponemon report says
By Tim Wilson Editor in Chief, Dark Reading, 3/12/2015
Comment2 comments  |  Read  |  Post a Comment
DroppedIn Vuln Links Victims' Androids To Attackers' DropBoxes
Sara Peters, Senior Editor at Dark ReadingNews
DropBox released a patch quick, but unpatched vulnerable Android apps that use the DropBox SDK may let attackers open up a two-way highway between victim Droids and their own Boxes.
By Sara Peters Senior Editor at Dark Reading, 3/11/2015
Comment1 Comment  |  Read  |  Post a Comment
Second Look: Data Security In A Hybrid Cloud
Bill Kleyman, Director of Strategy & Innovation, MTM TechnologiesCommentary
Today’s big cloud providers were built around an architecture for hosting and securing data. They will continue to thrive, only by keeping your workloads safe.
By Bill Kleyman Director of Strategy & Innovation, MTM Technologies, 3/9/2015
Comment12 comments  |  Read  |  Post a Comment
Scope Of FREAK Flaw Widens As Microsoft Says Windows Affected Too
Jai Vijayan, Freelance writerNews
Researchers had originally thought only Safari and Android affected by flaw.
By Jai Vijayan Freelance writer, 3/6/2015
Comment1 Comment  |  Read  |  Post a Comment
North Korean Government Not Likely Behind Malware On Nation's Official News Site
Jai Vijayan, Freelance writerNews
Contrary to initial assumptions of North Korean government involvement, watering hole attack appears to be the work of external hackers -- and contains similarities to Darkhotel campaign, security researchers say.
By Jai Vijayan Freelance writer, 3/5/2015
Comment0 comments  |  Read  |  Post a Comment
'Shadow' Cloud Services Rampant In Government Networks
Jai Vijayan, Freelance writerNews
Survey finds public sector employees use unmanaged cloud services just as much as private employees.
By Jai Vijayan Freelance writer, 2/26/2015
Comment4 comments  |  Read  |  Post a Comment
Superfish Compromises All SSL Connections On Lenovo Gear
Sara Peters, Senior Editor at Dark ReadingNews
More than just pre-installed adware on some Lenovo laptops, Superfish acts as a man-in-the-middle certificate authority, hijacking every SSL session the laptop makes.
By Sara Peters Senior Editor at Dark Reading, 2/19/2015
Comment10 comments  |  Read  |  Post a Comment
Malvertising Gets Boost From Malicious Browser Plug-ins
Dark Reading Staff, Quick Hits
Cisco discovers malicious browser add-ons that serve up unwanted and sometimes infected ads.
By Dark Reading Staff , 2/12/2015
Comment0 comments  |  Read  |  Post a Comment
Box Giving Customers Control Over Encryption Keys
Sara Peters, Senior Editor at Dark ReadingNews
Box says they've eliminated the last major barrier to cloud adoption, even in highly regulated organizations.
By Sara Peters Senior Editor at Dark Reading, 2/10/2015
Comment1 Comment  |  Read  |  Post a Comment
Enterprises Underestimate Actual Shadow Cloud Risks
Jai Vijayan, Freelance writerNews
More than 85 percent of cloud applications used in the workplace are unsanctioned, study shows.
By Jai Vijayan Freelance writer, 2/3/2015
Comment3 comments  |  Read  |  Post a Comment
New Adobe Flash 0-Day Used In Malvertising Campaign
Sara Peters, Senior Editor at Dark ReadingNews
The latest in a series of recent Flash vulnerabilities and malvertising exploits that are hard for users to avoid.
By Sara Peters Senior Editor at Dark Reading, 2/2/2015
Comment5 comments  |  Read  |  Post a Comment
ZeroAccess Click-Fraud Botnet Back In Action Again
Sara Peters, Senior Editor at Dark ReadingNews
After a six-month hiatus, the much-diminished P2P botnet is up to its old tricks.
By Sara Peters Senior Editor at Dark Reading, 1/29/2015
Comment1 Comment  |  Read  |  Post a Comment
Facebook Messenger: Classically Bad AppSec
Daniel Riedel, CEO, New ContextCommentary
Facebook offers a textbook example of what the software industry needs to do to put application security in the forefront of software development.
By Daniel Riedel CEO, New Context, 1/21/2015
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-04-21
The default configuration for the Command Line Interface in Red Hat Enterprise Application Platform before 6.4.0 and WildFly (formerly JBoss Application Server) uses weak permissions for .jboss-cli-history, which allows local users to obtain sensitive information via unspecified vectors.

Published: 2015-04-21
Multiple cross-site request forgery (CSRF) vulnerabilities in Landesk Management Suite 9.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) start, (2) stop, or (3) restart services via a request to remote/serverServices.aspx.

Published: 2015-04-21
Directory traversal vulnerability in the CFChart servlet (com.naryx.tagfusion.cfm.cfchartServlet) in New Atlanta BlueDragon before allows remote attackers to read or possibly delete arbitrary files via a .. (dot dot) in the QUERY_STRING to cfchart.cfchart.

Published: 2015-04-21
Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.

Published: 2015-04-21
XML external entity (XXE) vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.