Cloud
News & Commentary
Keep Calm & Verify: How To Spot A Fake Online Data Dump
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Determining whether a data dump on Pastebin or elsewhere online is legit can be time-consuming and resource-intensive. Deloitte & Touche offers tips for how to weed out the fake hacks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/29/2014
Comment0 comments  |  Read  |  Post a Comment
3 Enterprise Security Tenets To Take Personally
David Fowler, VP Marketing, INetUCommentary
Individuals need to become conscious advocates for their own security -- after all, no one cares about your data like you do.
By David Fowler VP Marketing, INetU, 10/24/2014
Comment4 comments  |  Read  |  Post a Comment
20% Of 'Broadly Shared' Data Contains Regulated Info
Sara Peters, Senior Editor at Dark ReadingNews
Forget shadow IT. The new risk is "shadow data."
By Sara Peters Senior Editor at Dark Reading, 10/23/2014
Comment6 comments  |  Read  |  Post a Comment
Illumio Takes New Cloud, Data Center Security Approach
Charles Babcock, Editor At Large, InformationWeek Commentary
Security startup Illumio has launched a granular scheme based on individual workloads, not firewalls or network monitoring.
By Charles Babcock Editor At Large, InformationWeek , 10/22/2014
Comment2 comments  |  Read  |  Post a Comment
Google Expands 2-Factor Authentication For Chrome, Gmail
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Google issues USB keys for Chrome users to log into Google accounts and any other websites that support FIDO universal two-factor authentication -- but it's no help to mobile users.
By Sara Peters Senior Editor at Dark Reading, 10/21/2014
Comment6 comments  |  Read  |  Post a Comment
China Accused Of Attacking Apple iCloud
Thomas Claburn, Editor-at-LargeCommentary
Media freedom group GreatFire.org claims Apple's iCloud is being subject to a man-in-the-middle attack by China's censorship apparatus.
By Thomas Claburn Editor-at-Large, 10/20/2014
Comment4 comments  |  Read  |  Post a Comment
In Plain Sight: How Cyber Criminals Exfiltrate Data Via Video
Kaushik Narayan, CTO, Skyhigh NetworksCommentary
Just like Fortune 500 companies, attackers are investing in sophisticated measures that let them fly beneath the radar of conventional security.
By Kaushik Narayan CTO, Skyhigh Networks, 10/17/2014
Comment11 comments  |  Read  |  Post a Comment
FBI Director Urges New Encryption Legislation
Sara Peters, Senior Editor at Dark ReadingNews
Encryption algorithms do not acknowledge "lawful access."
By Sara Peters Senior Editor at Dark Reading, 10/16/2014
Comment5 comments  |  Read  |  Post a Comment
The Internet of Things: 7 Scary Security Scenarios
Marilyn Cohodas, Community Editor, Dark Reading
The IoT can be frightening when viewed from the vantage point of information security.
By Marilyn Cohodas Community Editor, Dark Reading, 10/16/2014
Comment7 comments  |  Read  |  Post a Comment
Berners-Lee Behind New Private Communications Network For Ultra-Privacy Conscious
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
MeWe offers free, secure, and private communications.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/16/2014
Comment1 Comment  |  Read  |  Post a Comment
Third-Party Code: Fertile Ground For Malware
Peter Zavlaris, Analyst, RiskIQCommentary
How big-brand corporate websites are becoming a popular method for mass distribution of exploit kits on vulnerable computers.
By Peter Zavlaris Analyst, RiskIQ, 10/15/2014
Comment7 comments  |  Read  |  Post a Comment
Hundreds Of DropBox Logins For Sale On Pastebin
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Trader says he's got 7 million more where those came from, but Dropbox says the accounts were expired.
By Sara Peters Senior Editor at Dark Reading, 10/14/2014
Comment0 comments  |  Read  |  Post a Comment
Stolen Medical Data Is Now A Hot Commodity
Lysa Myers, Security Researcher, ESETCommentary
While credit cards are selling for a dollar or less on the black market, personal health credentials are commanding as much as $10 per patient. Here’s why.
By Lysa Myers Security Researcher, ESET, 10/14/2014
Comment5 comments  |  Read  |  Post a Comment
2 Tech Challenges Preventing Online Voting In US
Sara Peters, Senior Editor at Dark ReadingNews
A new report explains that online voting in the US is a matter of "if, not when," but problems of anonymity and verifiability must be solved first.
By Sara Peters Senior Editor at Dark Reading, 10/9/2014
Comment7 comments  |  Read  |  Post a Comment
How One Criminal Hacker Group Stole Credentials for 800,000 Bank Accounts
Sara Peters, Senior Editor at Dark ReadingNews
Proofpoint report shows how one Russian-speaking criminal organization hides from security companies.
By Sara Peters Senior Editor at Dark Reading, 10/8/2014
Comment2 comments  |  Read  |  Post a Comment
To Combat Government Snooping, Encrypt Data Before Putting It In Cloud, Says Interop Speaker
Sara Peters, Senior Editor at Dark ReadingQuick Hits
If Uncle Sam wants your data, make him come directly to you.
By Sara Peters Senior Editor at Dark Reading, 10/3/2014
Comment10 comments  |  Read  |  Post a Comment
Shellshocked: A Future Of ‘Hair On Fire’ Bugs
Paul Vixie, Chairman & CEO, Farsight Security, Inc.Commentary
Most computers affected by Bash will be updated within 10 years. The rest will be vulnerable for the lifespans of all humans now living. This should concern us. But then, global warming should also concern us.
By Paul Vixie Chairman & CEO, Farsight Security, Inc., 9/26/2014
Comment22 comments  |  Read  |  Post a Comment
Amazon Reboots Cloud Servers, Xen Bug Blamed
Charles Babcock, Editor At Large, InformationWeek Commentary
Amazon tells customers it has to patch and reboot 10% of its EC2 cloud servers before Oct. 1.
By Charles Babcock Editor At Large, InformationWeek , 9/26/2014
Comment4 comments  |  Read  |  Post a Comment
'Shellshock' Bash Bug Impacts Basically Everything, Exploits Appear In Wild
Sara Peters, Senior Editor at Dark ReadingNews
CGI-based web servers are the biggest target, but other web servers, hosting services, embedded systems, Mac OSX, and IoT endpoints are all at risk.
By Sara Peters Senior Editor at Dark Reading, 9/25/2014
Comment6 comments  |  Read  |  Post a Comment
How SaaS Adoption Is Changing Cloud Security
Tal Klein, VP Strategy, AdallomCommentary
Sanctioning cloud-based services requires a new approach to security that "assumes breach" and accounts for the limitations of endpoint and perimeter defenses.
By Tal Klein VP Strategy, Adallom, 9/25/2014
Comment6 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3051
Published: 2014-10-29
The Internet Service Monitor (ISM) agent in IBM Tivoli Composite Application Manager (ITCAM) for Transactions 7.1 and 7.2 before 7.2.0.3 IF28, 7.3 before 7.3.0.1 IF30, and 7.4 before 7.4.0.0 IF18 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof s...

CVE-2014-3668
Published: 2014-10-29
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument t...

CVE-2014-3669
Published: 2014-10-29
Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function ...

CVE-2014-3670
Published: 2014-10-29
The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly exec...

CVE-2014-3694
Published: 2014-10-29
The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and ob...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.