Database Security
Authentication
Privacy
Compliance
Careers & People
Identity & Access Management
Threat Intelligence
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Mobile Security By The Numbers
Dark Reading Offers Cyber Security Crash Course At Interop 2015
From Hacking Systems To Hacking People
How To Reduce Spam & Phishing With DMARC
7 Things You Should Know About Secure Payment Technology
News & Commentary
Scope Of FREAK Flaw Widens As Microsoft Says Windows Affected Too
Jai Vijayan, Freelance writerNews
Researchers had originally thought only Safari and Android affected by flaw.
By Jai Vijayan Freelance writer, 3/6/2015
Comment0 comments  |  Read  |  Post a Comment
Does Hollywood Have The Answer To The Security Skills Question?
Tsion Gonen , Chief Strategy Officer, SafeNetCommentary
The Oscar-winning biopic about famed WWII cryptanalyst Alan Turing -- the father of modern computing -- was long overdue. But a lot more needs to be done to inspire the next generation of computer scientists.
By Tsion Gonen Chief Strategy Officer, SafeNet, 3/6/2015
Comment3 comments  |  Read  |  Post a Comment
Efforts To Team Up And Fight Off Hackers Intensify
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New intelligence-sharing groups/ISACs emerge, software tools arrive and the White House adds a coordinating agency -- but not all of the necessary intel-sharing 'plumbing' is in place just yet.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/5/2015
Comment0 comments  |  Read  |  Post a Comment
Anthem Refuses To Let Inspector General Conduct Full Security Audit
Dark Reading Staff, Quick Hits
New Model Uses 'Malicious Language Of The Internet' To Find Threats Fast
Sara Peters, Senior Editor at Dark ReadingNews
OpenDNS's new NLPRank tool may identify malicious domains before they are even put to nefarious use.
By Sara Peters Senior Editor at Dark Reading, 3/5/2015
Comment1 Comment  |  Read  |  Post a Comment
Which Apps Should You Secure First? Wrong Question.
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
Instead, develop security instrumentation capability and stop wasting time on '4 terrible tactics' that focus on the trivial.
By Jeff Williams CTO, Aspect Security & Contrast Security, 3/5/2015
Comment1 Comment  |  Read  |  Post a Comment
How Secure Are You?
Scott Montgomery , VP and CTO-Americas & Public Sector, Intel Security
The NIST Cybersecurity Framework can help you understand your risks.
By Scott Montgomery VP and CTO-Americas & Public Sector, Intel Security, 3/5/2015
Comment0 comments  |  Read  |  Post a Comment
North Korean Government Not Likely Behind Malware On Nation's Official News Site
Jai Vijayan, Freelance writerNews
Contrary to initial assumptions of North Korean government involvement, watering hole attack appears to be the work of external hackers -- and contains similarities to Darkhotel campaign, security researchers say.
By Jai Vijayan Freelance writer, 3/5/2015
Comment0 comments  |  Read  |  Post a Comment
Apple Pay Fraud Gives Us A New Reason To Hate Data Breaches And SSNs
Sara Peters, Senior Editor at Dark ReadingNews
There may already be millions of dollars in losses, but you can't blame Apple for this one.
By Sara Peters Senior Editor at Dark Reading, 3/4/2015
Comment15 comments  |  Read  |  Post a Comment
Securing Our Electric Power Grid Is Critical
Lorie Wigle, Vice President, General Manager IOT Security Solutions, Intel Security Group
Highly complex infrastructure systems require protection against cyberattacks.
By Lorie Wigle Vice President, General Manager IOT Security Solutions, Intel Security Group, 3/4/2015
Comment0 comments  |  Read  |  Post a Comment
A ‘Building Code’ For Internet of Things Security, Privacy
Greg Shannon, Ph.D., chair, IEEE Cybersecurity Initiative & Chief Scientist, CERT Division, Carnegie Mellon University Software Engineering InstituteCommentary
In the fast-emerging IoT, medical device safety is reaching a critical juncture. Here are three challenges InfoSec professionals should begin to think about now.
By Greg Shannon Ph.D., chair, IEEE Cybersecurity Initiative & Chief Scientist, CERT Division, Carnegie Mellon University Software Engineering Institute, 3/4/2015
Comment3 comments  |  Read  |  Post a Comment
Enterprises Thirsting For Third-Party Threat Data
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New report shows enterprises more heavily weighing risks of data loss and cyber attacks in evaluation process.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/3/2015
Comment0 comments  |  Read  |  Post a Comment
Breach Victims Three Times Likelier To Be Identity Theft Victims
Sara Peters, Senior Editor at Dark ReadingNews
Twenty-eight percent of them say they later avoided the merchants that failed to protect their personal information.
By Sara Peters Senior Editor at Dark Reading, 3/3/2015
Comment1 Comment  |  Read  |  Post a Comment
FREAK Out: Yet Another New SSL/TLS Bug Found
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Old-school, export-grade crypto standard used until the 1990s can be triggered to downgrade security of client, servers, researchers find.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/3/2015
Comment2 comments  |  Read  |  Post a Comment
Compliance & Security: A Race To The Bottom?
Kevin E. Greene, Software Assurance Program Manager, Department of Homeland Security Science & Technology DirectorateCommentary
Compliance is meaningless if organizations don’t use it as a starting point to understand and mitigate risks within their environment.
By Kevin E. Greene Software Assurance Program Manager, Department of Homeland Security Science & Technology Directorate, 3/3/2015
Comment0 comments  |  Read  |  Post a Comment
What You Need To Know About Nation-State Hacked Hard Drives
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The nation-state Equation Group compromise of most popular hard drives won't be a widespread threat, but future disk security -- and forensic integrity -- remain unclear.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/2/2015
Comment19 comments  |  Read  |  Post a Comment
Uber Takes Over 5 Months To Issue Breach Notification
Dark Reading Staff, Quick Hits
50,000 Uber drives just being told now that their names and license numbers were exposed.
By Dark Reading Staff , 3/2/2015
Comment0 comments  |  Read  |  Post a Comment
5 Signs That The Firewall's Not Dead Yet
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Demise of firewall is a long way off, according to recent survey results.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/2/2015
Comment0 comments  |  Read  |  Post a Comment
No Silver Bullets for Security
Lorie Wigle, Vice President, General Manager IOT Security Solutions, Intel Security Group
A quick-fix security solution for cyberphysical systems doesn’t exist.
By Lorie Wigle Vice President, General Manager IOT Security Solutions, Intel Security Group, 3/2/2015
Comment2 comments  |  Read  |  Post a Comment
Why Security Awareness Alone Won’t Stop Hackers
Saryu Nayyar, CEO, GuruculCommentary
End-user training is a noble pursuit but it’s no defense against “low and slow” attacks that take months and years to carry out.
By Saryu Nayyar CEO, Gurucul, 3/2/2015
Comment9 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Three Defendants Charged with One of the Largest Reported Data Breaches in U.S. History
Healthcare Organizations Lack Tools for Cyber Situational Awareness and Threat Assessment
Cloud Security Alliance Announces Release of Security Framework for Governmental Clouds
News: RADAR goes international/manages breaches in EU
Dtex Systems Closes $15M Series A Funding to Expand to U.S. Market and Relocate Headquarters to Silicon Valley
PandaLabs neutralized 75 million new malware samples in 2014, twice as many as in 2013
Hypori Unveils Virtual Mobile Infrastructure at Mobile World Congress
Survey Report: Majority of Service Providers Experienced DDoS Attacks, 85 Percent Experienced Customer Churn As a Result
More Products & Releases
PR Newswire
What You Need To Know About Nation-State Hacked Hard Drives
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/2/2015
Apple Pay Fraud Gives Us A New Reason To Hate Data Breaches And SSNs
Sara Peters, Senior Editor at Dark Reading,  3/4/2015
Why Security Awareness Alone Won't Stop Hackers
Saryu Nayyar, CEO, Gurucul,  3/2/2015
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
How Secure Are You?
The NIST Cybersecurity Framework can help you understand your risks. Read >>
Partner Perspectives
What's This?
How to Strengthen Enterprise Defenses against Ransomware
Eight essential ways that companies can enforce their borders. Read >>
Cartoon
Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-1637
Published: 2015-03-06
Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for r...

CVE-2014-2130
Published: 2015-03-05
Cisco Secure Access Control Server (ACS) provides an unintentional administration web interface based on Apache Tomcat, which allows remote authenticated users to modify application files and configuration files, and consequently execute arbitrary code, by leveraging administrative privileges, aka B...

CVE-2014-9688
Published: 2015-03-05
Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users.

CVE-2015-0598
Published: 2015-03-05
The RADIUS implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted IPv6 Attributes in Access-Accept packets, aka Bug IDs CSCur84322 and CSCur27693.

CVE-2015-0607
Published: 2015-03-05
The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connecti...

10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed