News & Commentary
Cyber Monday: What Retailers & Shoppers Should Watch For
Sara Peters, Senior Editor at Dark ReadingNews
Attackers have a variety of ways to commit fraud and may take advantage of busy time to sneak in a data breach.
By Sara Peters Senior Editor at Dark Reading, 11/24/2015
Comment2 comments  |  Read  |  Post a Comment
Docker Tightens Security Over Container Vulnerabilities
Charles Babcock, Editor at Large, CloudNews
Docker unveils three ways to make containers more secure, especially when code is changed during its update cycle.
By Charles Babcock Editor at Large, Cloud, 11/17/2015
Comment1 Comment  |  Read  |  Post a Comment
More Ransomware Being Spread Via Malvertising
Dark Reading Staff, Quick Hits
Magnitude exploit kit has popped up in new malvertising campaign and dropping CryptoWall.
By Dark Reading Staff , 11/13/2015
Comment3 comments  |  Read  |  Post a Comment
CloudFlare Supplies Security At Network's Edge
Charles Babcock, Editor at Large, CloudNews
CloudFlare is a startup that has invested in security-as-a-service, and distributes it with a low latency to the edge of the network. Microsoft, Google, and others have taken notice.
By Charles Babcock Editor at Large, Cloud, 11/9/2015
Comment2 comments  |  Read  |  Post a Comment
U.K. Bill Aims To Limit Use Of Encryption
Dark Reading Staff, Quick Hits
Members of British government taking a stab what members of American government have also been attempting to push through.
By Dark Reading Staff , 11/3/2015
Comment1 Comment  |  Read  |  Post a Comment
Xen Patches 'Worst'-Ever Virtual Machine Escape Vulnerability
Jai Vijayan, Freelance writerNews
Bug remained undetected for seven years and enabled complete control of host system.
By Jai Vijayan Freelance writer, 10/30/2015
Comment0 comments  |  Read  |  Post a Comment
15-Year-Old Arrested For TalkTalk Attack
Sara Peters, Senior Editor at Dark ReadingNews
U.K. police collar Northern Ireland youth for questioning, while security industry tries to make sense of confusing information out of TalkTalk CEO.
By Sara Peters Senior Editor at Dark Reading, 10/26/2015
Comment17 comments  |  Read  |  Post a Comment
Navigating New Security Architectures For Cloud Data Centers
Marc Woolward, CTO, vArmourCommentary
Micro-segmentation is a revolutionary approach to data center complexity and security. But not all architectures are created equal.
By Marc Woolward CTO, vArmour, 10/21/2015
Comment0 comments  |  Read  |  Post a Comment
Former White House Advisor: Marry Infosec To Economics
Sara Peters, Senior Editor at Dark ReadingNews
Melissa Hathaway, former cybersecurity policy advisor to the White House, says the security and economy agendas should go hand-in-hand, and Western nations' use of surveillance technology is 'alarming.'
By Sara Peters Senior Editor at Dark Reading, 10/19/2015
Comment3 comments  |  Read  |  Post a Comment
Survey Shows Little Accord On Responsibility For Cloud Security
Jai Vijayan, Freelance writerNews
With procurement teams and business groups doing most vendor selection and vetting, IT groups have little role in security.
By Jaikumar Vijayn , 10/15/2015
Comment3 comments  |  Read  |  Post a Comment
More Reasons To Drop The War On Encryption
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Rod Beckstrom, founding director of the US National Cybersecurity Center visits the Dark Reading News Desk at Black Hat to discuss cybercrime legislation, takedown operations, and why law enforcement should drop the war on encryption.
By Sara Peters Senior Editor at Dark Reading, 10/9/2015
Comment1 Comment  |  Read  |  Post a Comment
Researchers Warn Against Continuing Use Of SHA-1 Crypto Standard
Jai Vijayan, Freelance writerNews
New attack methods have made it economically feasible to crack SHA-1 much sooner than expected.
By Jai Vijayan Freelance writer, 10/8/2015
Comment2 comments  |  Read  |  Post a Comment
What The EU’s Safe Harbor Ruling Means For Data Privacy In The Cloud
Michael Fey, President & COO, Blue CoatCommentary
The European Court of Justice today struck down the 15-year-old data transfer agreement between the European Union and the US. Here’s how to begin to prepare for the fallout.
By Michael Fey President & COO, Blue Coat, 10/6/2015
Comment0 comments  |  Read  |  Post a Comment
Amazon Downplays New Hack For Stealing Crypto Keys In Cloud
Jai Vijayan, Freelance writerNews
Attack works only under extremely rare conditions, cloud giant says of the latest research.
By Jai Vijayan Freelance writer, 10/2/2015
Comment1 Comment  |  Read  |  Post a Comment
DHS Funds Project For Open Source 'Invisible Clouds'
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Cloud Security Alliance and Waverley Labs to build software-defined perimeter (SDP) to protect cloud and critical infrastructure from DDoS attacks.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/30/2015
Comment2 comments  |  Read  |  Post a Comment
Visibility: The Key To Security In The Cloud
Amrit Williams, CTO, CloudPassageCommentary
You can’t secure what you can’t see. These five best practices will shed some light on how to protect your data from the ground up.
By Amrit Williams CTO, CloudPassage, 9/18/2015
Comment2 comments  |  Read  |  Post a Comment
Darknet Is Full Of Criminals & Governments Giving TOR A Bad Name
Sara Peters, Senior Editor at Dark ReadingNews
Human traffickers, crowd-sourcing murderers, child pornographers, and governments in the market for juicy zero-days are flooding the Dark Web -- making it hard for the good guys to defend it.
By Sara Peters Senior Editor at Dark Reading, 9/16/2015
Comment4 comments  |  Read  |  Post a Comment
Fixing IoT Security: Dark Reading Radio Wednesday at 1 P.M. ET
Sara Peters, Senior Editor at Dark ReadingCommentary
Join us for a conversation about what is being done and what needs to be done to secure the Internet of Things.
By Sara Peters Senior Editor at Dark Reading, 9/15/2015
Comment2 comments  |  Read  |  Post a Comment
Malvertising Campaign Rages Undetected For 3 Weeks
Sara Peters, Senior Editor at Dark ReadingNews
Instead of injecting nasty code into ads, attackers pose as legitimate advertisers and manipulate ad networks' chain of trust.
By Sara Peters Senior Editor at Dark Reading, 9/14/2015
Comment1 Comment  |  Read  |  Post a Comment
What You Should, But Don't, Do About Untrusted Certs, CAs
Sara Peters, Senior Editor at Dark ReadingNews
Security departments could take measures to protect organizations from untrusted certificate authorities and counterfeit SSL certs, but most don't bother.
By Sara Peters Senior Editor at Dark Reading, 9/9/2015
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Current Issue
E-Commerce Security: What Every Enterprise Needs to Know
The mainstream use of EMV smartcards in the US has experts predicting an increase in online fraud. Organizations will need to look at new tools and processes for building better breach detection and response capabilities.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio