Microsoft's Remarkable Pivot: Windows 10 Abandons Privacy
RSA's Ex-CEO Coviello Back In The Game
Cyberspies Impersonate Security Researcher
Cartoon: Security Moment Of Zen
Valasek Not Done With Car Hacking Just Yet
News & Commentary
'SandBlast' A Different Spin On Sandboxing
Rutrell Yasin, Business Technology Writer, Tech Writers BureauNews
Hackers are finding ways to bypass sandboxes and sneak in their malware, so some vendors are creating new approaches to counter them.
By Rutrell Yasin Business Technology Writer, Tech Writers Bureau, 9/4/2015
Comment0 comments  |  Read  |  Post a Comment
Jeremiah Grossman's Tips For Black Hat Hopefuls & More
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Founder of WhiteHat Security visits the Dark Reading News Desk to dish on the Black Hat Briefings selection process, the state of Web security, the Wassenaar Arrangement, and Flash.
By Sara Peters Senior Editor at Dark Reading, 9/4/2015
Comment0 comments  |  Read  |  Post a Comment
Back To Basics: 10 Security Best Practices
Nimmy Reichenberg, VP of Strategy, AlgoSecCommentary
The most effective strategy for keeping organizations, users and customers safe is to focus on the fundamentals.
By Nimmy Reichenberg VP of Strategy, AlgoSec, 9/4/2015
Comment0 comments  |  Read  |  Post a Comment
HyTrust Claims Advances In Virtual Data Center Ops
Charles Babcock, Editor at Large, CloudNews
VMware security partner HyTrust has been pushing new steps in virtual machine and virtual network operations, including role-based access.
By Charles Babcock Editor at Large, Cloud, 9/4/2015
Comment2 comments  |  Read  |  Post a Comment
RSA's Ex-CEO Coviello Back In The Game
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Art Coviello, former head of RSA Security, has returned to the security industry after retiring from RSA for health reasons.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/3/2015
Comment0 comments  |  Read  |  Post a Comment
Stealing Data By 'Living Off The Land'
Rutrell Yasin, Business Technology Writer, Tech Writers BureauNews
Hackers latest tactic involves a malware-free attack using a company’s own system credentials and admin tools to gain access.
By Rutrell Yasin Business Technology Writer, Tech Writers Bureau, 9/3/2015
Comment0 comments  |  Read  |  Post a Comment
VMware Expands NSX Platform Security
Marcia Savage, Managing Editor, Network ComputingNews
VMware is working to add network encryption as a distributed service via its network virtualization platform.
By Marcia Savage Managing Editor, Network Computing, 9/3/2015
Comment1 Comment  |  Read  |  Post a Comment
China's Great Cannon: The Great Firewall's More Aggressive Partner
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Crowdstrike researchers visit Dark Reading News Desk at Black Hat to describe how China went on the offensive and extended its Internet censorship efforts beyond Chinese borders.
By Sara Peters Senior Editor at Dark Reading, 9/3/2015
Comment0 comments  |  Read  |  Post a Comment
New Shifu Banking Trojan An ‘Uber Patchwork’ Of Malware Tools
Jai Vijayan, Freelance writerNews
Sophisticated threat hitting banks in Japan combines best features of multiple previous banking malware, new IBM research says.
By Jai Vijayan Freelance writer, 9/2/2015
Comment0 comments  |  Read  |  Post a Comment
Malware Author Stamped Code 'For Targeted Attacks Only'
Sara Peters, Senior Editor at Dark ReadingNews
When the Microsoft Word Intruder Office malware creation kit got too high-profile, the developer changed terms of service, Sophos report says.
By Sara Peters Senior Editor at Dark Reading, 9/2/2015
Comment0 comments  |  Read  |  Post a Comment
Microsoft, Google, Mozilla Abandon RC4 Cryptographic Standard
Larry Loeb, Blogger, InformationweekCommentary
With Microsoft, Google, and Mozilla turning against the RC4 cryptographic suite, the standard will likely die in 2016.
By Larry Loeb Blogger, Informationweek, 9/2/2015
Comment0 comments  |  Read  |  Post a Comment
Endpoint Security Firm Tanium Valued At $3.5 Billion
Dark Reading Staff, Quick Hits
Highest-valued venture-backed cybersecurity company worldwide closes $120 million venture capital round.
By Dark Reading Staff , 9/2/2015
Comment1 Comment  |  Read  |  Post a Comment
Microsoft's Remarkable Pivot: Windows 10 Abandons Privacy
Mark Weinstein, CEO, MeWe.comCommentary
You can read all you want about Windows 10 powerful new privacy features, but that doesn’t mean you have them.
By Mark Weinstein CEO, MeWe.com, 9/2/2015
Comment5 comments  |  Read  |  Post a Comment
Baby Monitors Expose Home -- And Business -- Networks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers find major security flaws in popular networked video baby monitor products that could allow attackers to snoop on babies and businesses.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/2/2015
Comment2 comments  |  Read  |  Post a Comment
Cyberspies Impersonate Security Researcher
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
'Rocket Kitten' pro-Iranian regime hackers focusing more on targeting individuals for geopolitical espionage.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/1/2015
Comment3 comments  |  Read  |  Post a Comment
Report: Ransomware Jumped 58 Percent in Q2
Sara Peters, Senior Editor at Dark ReadingNews
McAfee Threat Labs Report also zooms in on GPU malware and looks back on the first five years of the Intel-McAfee marriage.
By Sara Peters Senior Editor at Dark Reading, 9/1/2015
Comment1 Comment  |  Read  |  Post a Comment
Malware Pre-Installed On Over Two-Dozen Android Smartphone Brands
Jai Vijayan, Freelance writerNews
Threat affects several smartphones shipping from Asia including some popular ones such as Lenovo, Huawei, and Xiaomi, says G Data.
By Jai Vijayan Freelance writer, 9/1/2015
Comment1 Comment  |  Read  |  Post a Comment
We Can Allow Cybersecurity Research Without Stifling Innovation
Gavin Reid, Vice President, Threat Intelligence, Lancope IncCommentary
The U.S. government is in a unique position to become a global leader in cybersecurity. But only if it retains the open spirit of the Internet that kick-started the Information Age.
By Gavin Reid Vice President, Threat Intelligence, Lancope Inc, 9/1/2015
Comment0 comments  |  Read  |  Post a Comment
Your Worst Day In IT
David Spark, Veteran Tech journalist and founder of Spark Media Solutions
Turns out the most common culprits aren't what you might think.
By David Spark Veteran Tech journalist and founder of Spark Media Solutions, 9/1/2015
Comment0 comments  |  Read  |  Post a Comment
Sights & Sounds Of Black Hat USA And DEF CON
Kelly Jackson Higgins, Executive Editor at Dark Reading
Some hackers call the week of Black Hat USA and DEF CON 'security summer camp' -- a look at some of the highlights of the two shows.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/31/2015
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Ashley Madison CEO Resigns
Dark Reading Staff 8/28/2015
Microsoft's Remarkable Pivot: Windows 10 Abandons Privacy
Mark Weinstein, CEO, MeWe.com,  9/2/2015
Cyberspies Impersonate Security Researcher
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/1/2015
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Cartoon
Dark Reading Radio
Archived Dark Reading Radio
Another Black Hat is in the books and Dark Reading was there. Join the editors as they share their top stories, biggest lessons, and best conversations from the premier security conference.
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-9605
Published: 2015-09-04
WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a ' (single quote) character in the login and password parameters to webup...

CVE-2015-5612
Published: 2015-09-04
Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via the caption tag of a profile image.

CVE-2015-5688
Published: 2015-09-04
Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.

CVE-2015-6807
Published: 2015-09-04
Cross-site scripting (XSS) vulnerability in the Mass Contact module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer mass contact" permission to inject arbitrary web script or HTML via a category label.

CVE-2015-6808
Published: 2015-09-04
Cross-site scripting (XSS) vulnerability in the Spotlight module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title.

10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed