Cloud
News & Commentary
Dangers Of Shopping Are Evolving
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Point-of-sale malware is making brick-and-mortar shopping more dangerous. Online, attackers are beginning to value user accounts with payment information attached more than credit card details themselves.
By Sara Peters Senior Editor at Dark Reading, 11/26/2014
Comment0 comments  |  Read  |  Post a Comment
6 Million+ Email Accounts Worldwide Exposed In Past 3 Months
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Spike in number of stolen accounts likely due to uptick in major data breaches, researchers say.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/25/2014
Comment0 comments  |  Read  |  Post a Comment
Underground Carders Abusing Charities To Verify Stolen Payment Data
Sara Peters, Senior Editor at Dark ReadingNews
Charities' weak fraud controls make things easier on donors and criminals alike.
By Sara Peters Senior Editor at Dark Reading, 11/25/2014
Comment2 comments  |  Read  |  Post a Comment
Cloud Security By The Numbers
Ericka Chickowski, Contributing Writer, Dark Reading
Quantifying the perceptions around cloud security practices.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/21/2014
Comment7 comments  |  Read  |  Post a Comment
New Certification Authority To Offer Free Certs For HTTPS
Sara Peters, Senior Editor at Dark ReadingNews
The Electronic Frontier Foundation's new certificate authority aims to make getting a domain validation TLS cert so easy, you can't resist.
By Sara Peters Senior Editor at Dark Reading, 11/19/2014
Comment5 comments  |  Read  |  Post a Comment
The Rise Of The Resilient Mobile Botnet
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New report on what researchers call one of the 'most sophisticated mobile botnets online' shows how profitable mobile malware has become.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/19/2014
Comment0 comments  |  Read  |  Post a Comment
New Attack Method Can Hit 95% Of iOS Devices
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Masque Attack replaces legit apps with malware using the same bundle identifier names.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/10/2014
Comment8 comments  |  Read  |  Post a Comment
IBM Launches Cross-Cloud Security Protection
Charles Babcock, Editor At Large, InformationWeek News
IBM's Dynamic Cloud Security can monitor and analyze data access activity and applications in IBM SoftLayer, Salesforce.com, and Amazon.
By Charles Babcock Editor At Large, InformationWeek , 11/5/2014
Comment1 Comment  |  Read  |  Post a Comment
Bracket's New IaaS Twist
Andrew Conry Murray, Director of Content & Community, InteropCommentary
Bracket Computing, backed by Andreesen Horowitz, lets customers build "compute cells" on top of IaaS from multiple providers, wrapping apps and data.
By Andrew Conry Murray Director of Content & Community, Interop, 10/30/2014
Comment2 comments  |  Read  |  Post a Comment
Keep Calm & Verify: How To Spot A Fake Online Data Dump
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Determining whether a data dump on Pastebin or elsewhere online is legit can be time-consuming and resource-intensive. Deloitte & Touche offers tips for how to weed out the fake hacks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/29/2014
Comment6 comments  |  Read  |  Post a Comment
3 Enterprise Security Tenets To Take Personally
David Fowler, VP Marketing, INetUCommentary
Individuals need to become conscious advocates for their own security -- after all, no one cares about your data like you do.
By David Fowler VP Marketing, INetU, 10/24/2014
Comment4 comments  |  Read  |  Post a Comment
20% Of 'Broadly Shared' Data Contains Regulated Info
Sara Peters, Senior Editor at Dark ReadingNews
Forget shadow IT. The new risk is "shadow data."
By Sara Peters Senior Editor at Dark Reading, 10/23/2014
Comment6 comments  |  Read  |  Post a Comment
Illumio Takes New Cloud, Data Center Security Approach
Charles Babcock, Editor At Large, InformationWeek News
Security startup Illumio has launched a granular scheme based on individual workloads, not firewalls or network monitoring.
By Charles Babcock Editor At Large, InformationWeek , 10/22/2014
Comment2 comments  |  Read  |  Post a Comment
Google Expands 2-Factor Authentication For Chrome, Gmail
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Google issues USB keys for Chrome users to log into Google accounts and any other websites that support FIDO universal two-factor authentication -- but it's no help to mobile users.
By Sara Peters Senior Editor at Dark Reading, 10/21/2014
Comment6 comments  |  Read  |  Post a Comment
China Accused Of Attacking Apple iCloud
Thomas Claburn, Editor-at-LargeNews
Media freedom group GreatFire.org claims Apple's iCloud is being subject to a man-in-the-middle attack by China's censorship apparatus.
By Thomas Claburn Editor-at-Large, 10/20/2014
Comment4 comments  |  Read  |  Post a Comment
In Plain Sight: How Cyber Criminals Exfiltrate Data Via Video
Kaushik Narayan, CTO, Skyhigh NetworksCommentary
Just like Fortune 500 companies, attackers are investing in sophisticated measures that let them fly beneath the radar of conventional security.
By Kaushik Narayan CTO, Skyhigh Networks, 10/17/2014
Comment11 comments  |  Read  |  Post a Comment
FBI Director Urges New Encryption Legislation
Sara Peters, Senior Editor at Dark ReadingNews
Encryption algorithms do not acknowledge "lawful access."
By Sara Peters Senior Editor at Dark Reading, 10/16/2014
Comment5 comments  |  Read  |  Post a Comment
The Internet of Things: 7 Scary Security Scenarios
Marilyn Cohodas, Community Editor, Dark Reading
The IoT can be frightening when viewed from the vantage point of information security.
By Marilyn Cohodas Community Editor, Dark Reading, 10/16/2014
Comment9 comments  |  Read  |  Post a Comment
Berners-Lee Behind New Private Communications Network For Ultra-Privacy Conscious
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
MeWe offers free, secure, and private communications.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/16/2014
Comment1 Comment  |  Read  |  Post a Comment
Third-Party Code: Fertile Ground For Malware
Peter Zavlaris, Analyst, RiskIQCommentary
How big-brand corporate websites are becoming a popular method for mass distribution of exploit kits on vulnerable computers.
By Peter Zavlaris Analyst, RiskIQ, 10/15/2014
Comment7 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8551
Published: 2014-11-26
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets.

CVE-2014-8552
Published: 2014-11-26
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to read arbitrary files via crafted packets.

CVE-2014-1421
Published: 2014-11-25
mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors.

CVE-2014-3605
Published: 2014-11-25
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6407. Reason: This candidate is a reservation duplicate of CVE-2014-6407. Notes: All CVE users should reference CVE-2014-6407 instead of this candidate. All references and descriptions in this candidate have been removed to pre...

CVE-2014-6093
Published: 2014-11-25
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?