Risk // Compliance
News & Commentary
Wearables In Healthcare: Privacy Rules Needed
Alison Diana, Senior EditorCommentary
Johns Hopkins patient privacy violation didn't involve Google Glass or wearables but indicates why the healthcare industry must head off trouble with wearables in clinical settings.
By Alison Diana Senior Editor, 7/23/2014
Comment3 comments  |  Read  |  Post a Comment
Summer Travel Cyber Security Tips For Government Employees
Jerry Irvine, Commentary
Vacationing as a government employee brings special security concerns. Follow these precautions to protect your devices and data on the beach and beyond.
By Jerry Irvine , 7/23/2014
Comment2 comments  |  Read  |  Post a Comment
Payment Card Data Theft: Tips For Small Business
Chris Nutt, Director, Incident Response & Malware, MandiantCommentary
For small businesses looking to reduce their exposure to data theft the good news is the advantage of being small.
By Chris Nutt Director, Incident Response & Malware, Mandiant, 7/15/2014
Comment7 comments  |  Read  |  Post a Comment
Cloud & The Fuzzy Math of Shadow IT
Krishna Narayanaswamy, Founder & Chief Scientist, NetskopeCommentary
Do you know how many cloud apps, on average, are running in your organization? The number is probably greater than you think.
By Krishna Narayanaswamy Founder & Chief Scientist, Netskope, 7/10/2014
Comment14 comments  |  Read  |  Post a Comment
Dark Reading Radio: The Changing Role Of The CSO
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Why does the CSO report to the CIO? Join us for a panel discussion. Showtime is today, Wednesday, 1:00 p.m., New York, 10 a.m., San Francisco.
By Marilyn Cohodas Community Editor, Dark Reading, 7/8/2014
Comment7 comments  |  Read  |  Post a Comment
Florida Law Aims To Tighten Data Security
Alison Diana, Senior EditorCommentary
Florida's new data privacy law increases security accountability for all enterprises; healthcare providers could face greater burden to protect patients' personal information.
By Alison Diana Senior Editor, 7/7/2014
Comment10 comments  |  Read  |  Post a Comment
Why Your Application Security Program May Backfire
Jeff Williams, CTO, Contrast SecurityCommentary
You have to consider the human factor when you’re designing security interventions, because the best intentions can have completely opposite consequences.
By Jeff Williams CTO, Contrast Security, 7/2/2014
Comment4 comments  |  Read  |  Post a Comment
Internet Of Things: Current Privacy Policies Don't Work
Marc Loewenthal, Director, Promontory Financial GroupCommentary
Traditional ways to deliver privacy guidelines, such as online postings or click-through mechanisms, don't work with the Internet of Things.
By Marc Loewenthal Director, Promontory Financial Group, 6/30/2014
Comment4 comments  |  Read  |  Post a Comment
NIST Security Guidance Revision: Prepare Now
Vincent Berk, Commentary
NIST 800-53 Revision 5 will likely put more emphasis on continuous monitoring. Don't wait until it arrives to close your security gaps.
By Vincent Berk , 6/16/2014
Comment4 comments  |  Read  |  Post a Comment
BYOD: Build A Policy That Works
Ericka Chickowski, Contributing Writer, Dark ReadingCommentary
To secure employee-owned smartphones and tablets, it takes a practical, enforceable set of guidelines.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/9/2014
Comment1 Comment  |  Read  |  Post a Comment
Government Advances Continuous Security Monitoring
Henry Kenyon, Commentary
DOD, DHS expect smart technologies will defend networks against common attacks, free IT personnel to deal with more dangerous threats.
By Henry Kenyon , 6/6/2014
Comment3 comments  |  Read  |  Post a Comment
Compliance: The Surprising Gift Of Windows XP
Glenn S. Phillips, Commentary
The end of Windows XP will force organizations to properly reinvest in a modern and compliant desktop infrastructure that will be easier to maintain and secure.
By Glenn S. Phillips , 6/3/2014
Comment3 comments  |  Read  |  Post a Comment
Healthcare IT Security Worse Than Retail, Study Says
Alison Diana, Senior EditorCommentary
Bad news for healthcare community: New study shows retailers like Target and eBay are more secure than many healthcare organizations.
By Alison Diana Senior Editor, 5/28/2014
Comment21 comments  |  Read  |  Post a Comment
Government Hiring Practices Hamper Cybersecurity Efforts
Patience Wait, Commentary
Federal agencies find it difficult to hire unconventional but well-qualified talent to battle cyberattacks, experts say.
By Patience Wait , 5/20/2014
Comment4 comments  |  Read  |  Post a Comment
Cisco CEO: U.S. Should Reform Surveillance Rules
Michael Endler, Associate Editor, InformationWeek.comCommentary
Cisco CEO John Chambers says his company does not enable NSA spying, and that the U.S. government must establish proper policies.
By Michael Endler Associate Editor, InformationWeek.com, 5/15/2014
Comment5 comments  |  Read  |  Post a Comment
Government Surveillance Criticism Heats Up
Thomas Claburn, Editor-at-LargeCommentary
As book on Snowden affair debuts, several organizations take steps to restrain the mass online surveillance that Snowden investigation exposed.
By Thomas Claburn Editor-at-Large, 5/14/2014
Comment5 comments  |  Read  |  Post a Comment
Money, Skills, And Hired Guns: 2014 Strategic Security Survey
Michael A. Davis, Contributing EditorCommentary
Tight budgets. A manpower crunch. More -- and more sophisticated -- threats. Are you sure you're up to this?
By Michael A. Davis Contributing Editor, 5/12/2014
Comment2 comments  |  Read  |  Post a Comment
A New Approach to Endpoint Security: Think ‘Positive’
Jason Sachowski, Sr. Manager, Security R&D, ScotiabankCommentary
It's time to move away from traditional blacklisting models that define what should be restricted and implicitly allow everything else.
By Jason Sachowski Sr. Manager, Security R&D, Scotiabank, 5/9/2014
Comment10 comments  |  Read  |  Post a Comment
FTC Must Disclose Consumer Data Security Standards
William Jackson, Technology WriterCommentary
A company accused by the FTC of failing to provide adequate data security has the right to know the required security standards, administrative judge rules.
By William Jackson Technology Writer, 5/8/2014
Comment2 comments  |  Read  |  Post a Comment
Study: Many UK Retail, Financial Firms Still Don't Understand Security Risks
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Despite recent breaches, many UK retailers and financial firms haven't upgraded their online security strategies.
By Tim Wilson Editor in Chief, Dark Reading, 5/8/2014
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2363
Published: 2014-07-26
Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request.

CVE-2014-3071
Published: 2014-07-26
Cross-site scripting (XSS) vulnerability in the Data Quality Console in IBM InfoSphere Information Server 11.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL for adding a project connection.

CVE-2014-3301
Published: 2014-07-26
The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned messages, aka Bug ID CSCuj81700.

CVE-2014-3305
Published: 2014-07-26
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuj81735.

CVE-2014-3324
Published: 2014-07-26
Multiple cross-site scripting (XSS) vulnerabilities in the login page in the administrative web interface in Cisco TelePresence Server Software 4.0(2.8) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCup90060.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.