How I Became a CISO: Janet Levesque, RSA
Attacks On Patched Sandworm Flaw Force Microsoft To Issue Fix It
Compliance Is A Start, Not The End
Cartoon: BYOD Meets Internet of Things
The Internet of Things: 7 Scary Security Scenarios
News & Commentary
Keep Calm & Verify: How To Spot A Fake Online Data Dump
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Determining whether a data dump on Pastebin or elsewhere online is legit can be time-consuming and resource-intensive. Deloitte & Touche offers tips for how to weed out the fake hacks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/29/2014
Comment0 comments  |  Read  |  Post a Comment
Infographic: The Many Faces of Today’s Hackers
John Trobough, CEO, NarusCommentary
How many of these hacker personas are you dueling with in your organization?
By John Trobough CEO, Narus, 10/29/2014
Comment1 Comment  |  Read  |  Post a Comment
Facebook Launches New Open-Source OS Monitoring Tool
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Modular framework can be used to schedule and log SQL-based queries.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/29/2014
Comment0 comments  |  Read  |  Post a Comment
White House Says Unclassified Network Hit In Cyberattack
Jai Vijayan, Freelance writerNews
Mitigation efforts have caused temporary outages and loss of connectivity for some staff, but no computers have been damaged, official says.
By Jai Vijayan Freelance writer, 10/29/2014
Comment1 Comment  |  Read  |  Post a Comment
Verizon Wireless Embroiled In Tracking Controversy
Kristin Burnham, Senior Editor, InformationWeek.comCommentary
Verizon Wireless is in hot water with security and privacy advocates regarding unique identifier headers that function as what one EFF expert calls "perma-cookies."
By Kristin Burnham Senior Editor, InformationWeek.com, 10/29/2014
Comment3 comments  |  Read  |  Post a Comment
Cyber Espionage Attacks Attributed To Russian Government
Ericka Chickowski, Contributing Writer, Dark ReadingNews
FireEye report meticulously details clues that all point to state-sponsorship of the Sofacy/Sourface malware and tracks its evolution over seven years.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/29/2014
Comment0 comments  |  Read  |  Post a Comment
Security Companies Team Up, Take Down Chinese Hacking Group
Sara Peters, Senior Editor at Dark ReadingNews
Novetta, Microsoft, and others form Operation SMN to eradicate Hikit malware and disrupt the cyber espionage gang Axiom's extensive information gathering.
By Sara Peters Senior Editor at Dark Reading, 10/28/2014
Comment4 comments  |  Read  |  Post a Comment
Retailers Facing Intensified Cyberthreat This Holiday Season
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
After the Year of the Retail Breach, retail's annual holiday shopping season "freeze" on new technology and some security patching is just around the corner.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/28/2014
Comment8 comments  |  Read  |  Post a Comment
What Scares Me About Healthcare & Electric Power Security
John B. Dickson, CISSP,  Principal, Denim GroupCommentary
Both industries share many of the same issues as enterprises. But they also have a risk profile that makes them singularly unprepared for sophisticated threats
By John B. Dickson CISSP, Principal, Denim Group, 10/28/2014
Comment12 comments  |  Read  |  Post a Comment
Chipmaker Disables Counterfeits With Software Update
Jai Vijayan, Freelance writerCommentary
FTDI's update, targeting counterfeit chips, could disable systems widely embedded in healthcare, critical infrastructure, and consumer products.
By Jai Vijayan Freelance writer, 10/28/2014
Comment3 comments  |  Read  |  Post a Comment
Researcher Shows Why Tor Anonymity Is No Guarantee Of Security
Jai Vijayan, Freelance writerNews
Tor exit node in Russia spotted downloading malicious code.
By Jai Vijayan Freelance writer, 10/27/2014
Comment1 Comment  |  Read  |  Post a Comment
How I Became a CISO: Janet Levesque, RSA
Sara Peters, Senior Editor at Dark ReadingNews
RSA's newest chief information security officer says she landed the job because of her ability to build relationships, not a background in crypto or a pile of certs.
By Sara Peters Senior Editor at Dark Reading, 10/27/2014
Comment6 comments  |  Read  |  Post a Comment
A Simple Formula For Usable Risk Intelligence
Jason Polancich, Founder & Chief Architect, SurfWatchLabsCommentary
How infosec can cut through the noise and gain real value from cyberdata.
By Jason Polancich Founder & Chief Architect, SurfWatchLabs, 10/27/2014
Comment8 comments  |  Read  |  Post a Comment
Microsoft, Facebook Support Services A Scam, FTC Says
Kristin Burnham, Senior Editor, InformationWeek.comCommentary
FTC shutters company that allegedly duped consumers out of $2.5 million by falsely detecting computer viruses and selling bogus software.
By Kristin Burnham Senior Editor, InformationWeek.com, 10/27/2014
Comment5 comments  |  Read  |  Post a Comment
Backoff PoS Malware Boomed In Q3
Brian Prince, Contributing Writer, Dark ReadingNews
The security firm Damballa detected a 57% increase in infections of the notorious Backoff malware from August to September.
By Brian Prince Contributing Writer, Dark Reading, 10/24/2014
Comment7 comments  |  Read  |  Post a Comment
Poll: Patching Is Primary Response to Shellshock
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
As potential threats mount, Dark Reading community members hone in on patching infrastructure but not devices, according to our latest poll.
By Marilyn Cohodas Community Editor, Dark Reading, 10/24/2014
Comment11 comments  |  Read  |  Post a Comment
Samsung Knox Is Weak, Researcher Says
Thomas Claburn, Editor-at-LargeCommentary
Samsung's Knox security software for Android devices handles passwords in a way that undermines encryption, an anonymous researcher says.
By Thomas Claburn Editor-at-Large, 10/24/2014
Comment7 comments  |  Read  |  Post a Comment
This Week In 60 Seconds: Crypto Outcry, Compliance & More
Andrew Conry Murray, Director of Content & Community, InteropCommentary
Hot stories this week include saying 'No' to crypto backdoors for law enforcement, new roles for IT on Wall Street, and more.
By Andrew Conry Murray Director of Content & Community, Interop, 10/24/2014
Comment0 comments  |  Read  |  Post a Comment
3 Enterprise Security Tenets To Take Personally
David Fowler, VP Marketing, INetUCommentary
Individuals need to become conscious advocates for their own security -- after all, no one cares about your data like you do.
By David Fowler VP Marketing, INetU, 10/24/2014
Comment4 comments  |  Read  |  Post a Comment
US Military Officials, Defense Firms Targeted In 'Operation Pawn Storm'
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Cyber espionage attackers "did their homework" in an attack campaign that has intensified in the wake of US-Russian tensions.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/23/2014
Comment7 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
What Scares Me About Healthcare & Electric Power Security
John B. Dickson, CISSP, Principal, Denim Group,  10/28/2014
Poll: Patching Is Primary Response to Shellshock
Marilyn Cohodas, Community Editor, Dark Reading,  10/24/2014
A Simple Formula For Usable Risk Intelligence
Jason Polancich, Founder & Chief Architect, SurfWatchLabs,  10/27/2014
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Enterprise Security: Why You Need a Digital Immune System
Treating enterprise security like the human body's response to illness or injury is more effective than just a barrier approach Read >>
Cartoon
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.
White Papers
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7877
Published: 2014-10-30
Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors.

CVE-2014-3051
Published: 2014-10-29
The Internet Service Monitor (ISM) agent in IBM Tivoli Composite Application Manager (ITCAM) for Transactions 7.1 and 7.2 before 7.2.0.3 IF28, 7.3 before 7.3.0.1 IF30, and 7.4 before 7.4.0.0 IF18 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof s...

CVE-2014-3668
Published: 2014-10-29
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument t...

CVE-2014-3669
Published: 2014-10-29
Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function ...

CVE-2014-3670
Published: 2014-10-29
The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly exec...

Best of the Web
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed