Risk // Compliance
News & Commentary
Federal IT Security Policies Must Be User Friendly
James Bindseil, Commentary
Federal agencies should choose security tools and policies that suit the productivity needs of their employees.
By James Bindseil , 4/16/2014
Comment1 Comment  |  Read  |  Post a Comment
White House Details Zero-Day Bug Policy
Mathew J. Schwartz, News
NSA denies prior knowledge of the Heartbleed vulnerability, but the White House reserves the right to withhold zero-day exploit information in some cases involving security or law enforcement.
By Mathew J. Schwartz , 4/15/2014
Comment3 comments  |  Read  |  Post a Comment
Feds Address Antitrust Concerns On Cyberthreat Sharing
William Jackson, Technology WriterCommentary
Justice Dept. and FTC confirm that sharing cybersecurity threat information is not an antitrust law violation.
By William Jackson Technology Writer, 4/11/2014
Comment3 comments  |  Read  |  Post a Comment
Paul Allen Invests In Online Voting Firm
Elena Malykhina, Technology JournalistCommentary
E-voting firm Scytl receives $40 million from Paul Allen's Vulcan Capital to continue election modernization efforts. Defense Department among its customers.
By Elena Malykhina Technology Journalist, 4/9/2014
Comment5 comments  |  Read  |  Post a Comment
Colleagues In Cuffs: When Employees Steal Patient Records
Alison Diana, Senior EditorCommentary
The Queens County DA recently arrested two Jamaica Hospital employees for stealing patient data, a lucrative crime occurring at hospitals across the nation.
By Alison Diana Senior Editor, 4/7/2014
Comment11 comments  |  Read  |  Post a Comment
March Madness: Online Privacy Edition
Mark Weinstein, Founder & CEO, SgrouplesCommentary
Say hello to the privacy revolution where an emerging backlash is being spurred by NSA spying, mass data collection and plain old common sense.
By Mark Weinstein Founder & CEO, Sgrouples, 3/26/2014
Comment1 Comment  |  Read  |  Post a Comment
Target, PCI Auditor Trustwave Sued By Banks
Mathew J. Schwartz, News
Trustwave apparently certified the retailer as PCI compliant -- but can PCI assessors be held liable for data breaches?
By Mathew J. Schwartz , 3/26/2014
Comment11 comments  |  Read  |  Post a Comment
Windows XP Security Issues: Fact Vs. Fiction
Michael Endler, Associate Editor, InformationWeek.comNews
Are you prepared for the end of Microsoft support for Windows XP next month?
By Michael Endler Associate Editor, InformationWeek.com, 3/12/2014
Comment2 comments  |  Read  |  Post a Comment
Security Services Cater To SMBs
Robert Lemos, Technology JournalistNews
Cloud and managed security services are headed down market with simpler interfaces masking their enterprise heritage
By Robert Lemos Technology Journalist, 3/11/2014
Comment0 comments  |  Read  |  Post a Comment
Compliance Is Not Hard
Glenn S. Phillips, Commentary
Compliance requires a new set of healthy habits and the self-discipline to make those habits stick
By Glenn S. Phillips , 2/26/2014
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Beefs Up EMET
Kelly Jackson Higgins, Senior Editor, Dark ReadingQuick Hits
Early release of anti-exploit tool shuts down bypass methods created by Bromium Labs
By Kelly Jackson Higgins Senior Editor, Dark Reading, 2/25/2014
Comment2 comments  |  Read  |  Post a Comment
FIDO Alliance Publishes Authentication Standards; First Products Unveiled
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
FIDO Alliance issues specs for "authentication plumbing;" Nok Nok ships first implementation
By Tim Wilson Editor in Chief, Dark Reading, 2/17/2014
Comment1 Comment  |  Read  |  Post a Comment
The Mysterious Appearance Of An Anti-Theft Application
Kelly Jackson Higgins, Senior Editor, Dark ReadingQuick Hits
Kaspersky Lab researchers discover on their machines Absolute Software Computrace anti-theft application -- but they had not installed it
By Kelly Jackson Higgins Senior Editor, Dark Reading, 2/13/2014
Comment1 Comment  |  Read  |  Post a Comment
Locking Down E-Mail With Security Services
Robert Lemos, Technology JournalistNews
Companies are increasingly looking to the cloud for services to encrypt, back up, and archive their e-mail to protect from accidental leakage and intentional disruption
By Robert Lemos Technology Journalist, 2/12/2014
Comment2 comments  |  Read  |  Post a Comment
Javelin Study: A New Identity Fraud Victim Every Two Seconds
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Javelin report says identity fraud increased to 13.1 million victims in 2013
By Tim Wilson Editor in Chief, Dark Reading, 2/6/2014
Comment0 comments  |  Read  |  Post a Comment
NAC Comes Back
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
BYOD and advanced malware help resuscitate network access control
By Kelly Jackson Higgins Senior Editor, Dark Reading, 2/5/2014
Comment2 comments  |  Read  |  Post a Comment
Chip-and-PIN Security Push To Pit Retailers Against Banks
Robert Lemos, Technology JournalistNews
While the cost of breaches typically falls on the merchants, card issuers and banks would foot much of the bill for improving the security of the payment-card system
By Robert Lemos Technology Journalist, 1/30/2014
Comment2 comments  |  Read  |  Post a Comment
Securing The Distributed Network Perimeter
Robert Lemos, Technology JournalistNews
A variety of cloud and managed services can be used to lock down the rapidly expanding corporate network perimeter
By Robert Lemos Technology Journalist, 1/28/2014
Comment0 comments  |  Read  |  Post a Comment
Secret Service Investigating Breach At Michael's Retail Chain
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Retail giant Michael's still has not disclosed source or scope of breach; Secret Service called in
By Tim Wilson Editor in Chief, Dark Reading, 1/28/2014
Comment0 comments  |  Read  |  Post a Comment
Startup Tackles Security Through Microsoft Active Directory
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
New company Aorato identifies potential threats by monitoring traffic from ubiquitous Active Directory
By Tim Wilson Editor in Chief, Dark Reading, 1/23/2014
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Current Issue
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2008-3277
Published: 2014-04-15
Untrusted search path vulnerability in a certain Red Hat build script for the ibmssh executable in ibutils packages before ibutils-1.5.7-2.el6 in Red Hat Enterprise Linux (RHEL) 6 and ibutils-1.2-11.2.el5 in Red Hat Enterprise Linux (RHEL) 5 allows local users to gain privileges via a Trojan Horse p...

CVE-2010-2236
Published: 2014-04-15
The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, rela...

CVE-2011-3628
Published: 2014-04-15
Untrusted search path vulnerability in pam_motd (aka the MOTD module) in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.0...

CVE-2012-0214
Published: 2014-04-15
The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user fro...

CVE-2013-4768
Published: 2014-04-15
The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote attackers to cause a denial of service via vectors related to the "network connection clean up code" and (1) Cloud Controller (CLC), (2) Walrus, (3) Storage Controller (SC), and (4) VMware Broker (VB).

Best of the Web