A Tale Of Two IoT Security Outcomes
Ouch! Feeling The Pain Of Cybersecurity In Healthcare
Paul Vixie On DNS Security & Botnet Takedowns
Pen Testing A Smart City
Keyless Cars: A New Frontier For Bug Bounties?
News & Commentary
A CISO's View of Mobile Security Strategy, With Stacey Halota
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
CISO of Graham Holdings visits Dark Reading News Desk at Black Hat to discuss why mobile security is a top priority and how to use mobile devices as a security tool.
By Sara Peters Senior Editor at Dark Reading, 8/31/2015
Comment0 comments  |  Read  |  Post a Comment
10 Best Practices For BYOD Policy
Dark Reading Staff, News
Bring-your-own device doesn't have to mean bring your own security problems.
By Dark Reading Staff , 8/31/2015
Comment0 comments  |  Read  |  Post a Comment
Top Infosec Execs Will Eventually Report To CEOs, CISOs Say
Kevin West, CEO & founder, K logixCommentary
But becoming a trusted resource to the executive suite will demand major changes in the traditional chief information security officer role.
By Kevin West CEO & founder, K logix, 8/31/2015
Comment0 comments  |  Read  |  Post a Comment
Ashley Madison CEO Resigns
Dark Reading Staff, Quick Hits
Once again, a security breach claims an executive's job, but the business plans to continue operating.
By Dark Reading Staff , 8/28/2015
Comment4 comments  |  Read  |  Post a Comment
FBI Sounds Alarm Again On Business Email Compromise Threat
Jai Vijayan, Freelance writerNews
Over 7,000 US business have been victimized by so-called BEC fraud between October 2013 and August 2015 alone, the FBI said in an alert this week.
By Jai Vijayan Freelance writer, 8/28/2015
Comment2 comments  |  Read  |  Post a Comment
The 7 ‘Most Common’ RATS In Use Today
Udi Shamir, Chief Security Officer, SentinelOneCommentary
Sniffing out RATS -- remote access Trojans -- is a challenge for even the most hardened cyber defender. Here’s a guide to help you in the hunt.
By Udi Shamir Chief Security Officer, SentinelOne, 8/28/2015
Comment3 comments  |  Read  |  Post a Comment
Valasek Not Done With Car Hacking Just Yet
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Security Pro File: Chris Valasek chats up the daunting challenge of topping the Jeep Cherokee hack, '80s Adidas tracksuits, his loathing of coding, and his love for Windows -- and Hall & Oates.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/28/2015
Comment8 comments  |  Read  |  Post a Comment
Thousands Of Potentially Malicious Android Apps Unearthed In Google Play
Jai Vijayan, Freelance writerNews
Indiana University researchers develop a new scanning technique dubbed 'MassVet' for vetting mobile app stores at scale.
By Jai Vijayan Freelance writer, 8/27/2015
Comment1 Comment  |  Read  |  Post a Comment
The Security Of Applications And CISOs' Sanity, With Veracode's Chris Wysopal
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Veracode's Chris Wysopal visits the Dark Reading News Desk at Black Hat to discuss application security, what CISOs' top priorities are, and what they should be.
By Sara Peters Senior Editor at Dark Reading, 8/27/2015
Comment0 comments  |  Read  |  Post a Comment
A Virtual Tour of IBM’s SOCs, With Roger Hellman
Dark Reading Staff, CommentaryVideo
IBM's Roger Hellman visits the Dark Reading News Desk to talk about how IBM recreated a unique security operations center experience at Black Hat.
By Dark Reading Staff , 8/27/2015
Comment0 comments  |  Read  |  Post a Comment
Catching Attackers In The Act Of Stage Two, With Gigamon
Dark Reading Staff, CommentaryVideo
Shehzad Merchant, CTO of Gigamon, visits the Dark Reading News Desk to discuss a platform for finding and containing attackers once they've broken through your perimeter defense.
By Dark Reading Staff , 8/27/2015
Comment1 Comment  |  Read  |  Post a Comment
Cybersecurity Under FTC Authority: What Does it Mean?
Tom Kellermann, Chief Cybersecurity Office, Trend MicroCommentary
Consumers can now expect the same level of security and privacy in the digital realm as they do in the physical.
By Tom Kellermann Chief Cybersecurity Office, Trend Micro, 8/27/2015
Comment8 comments  |  Read  |  Post a Comment
Seeing Into Security 'Blind Spots' With Bay Dynamics' Gautam Aggarwal
Dark Reading Staff, CommentaryVideo
Gautam Aggarwal, CMO of Bay Dynamics, visits Dark Reading News Desk at Black Hat to explain that it’s important to not just develop a cybersecurity strategy, but to also better understand what your security blind spots are.
By Dark Reading Staff , 8/27/2015
Comment0 comments  |  Read  |  Post a Comment
Evolution Of The CISO And The Board: BAE Systems’ Jim Anderson Explains
Dark Reading Staff, CommentaryVideo
President of the Americas for BAE Systems Applied Intelligence, Jim Anderson, joins the Dark Reading News Desk at Black Hat to explain how the CISO has to improve communications with the corporate board and better explain overall security strategy.
By Dark Reading Staff , 8/27/2015
Comment0 comments  |  Read  |  Post a Comment
RiskIQ's Arian Evans Talks Up Hunting Down Digital Assets
Dark Reading Staff, CommentaryVideo
You can't protect what you can't find. Arian Evans, vice president of product marketing for RiskIQ, joins the Dark Reading News Desk at Black Hat to explain how to discover all your assets.
By Dark Reading Staff , 8/27/2015
Comment0 comments  |  Read  |  Post a Comment
Flash: Web Browser Plugins Are Vulnerable
Gavin Millard, Technical Director, EMEA, Tenable Network Security
Maybe it’s time to uninstall Flash for those that don’t need it and continuously monitor those that do.
By Gavin Millard Technical Director, EMEA, Tenable Network Security, 8/27/2015
Comment1 Comment  |  Read  |  Post a Comment
Consumers Want Password Alternatives
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Consumer confidence in online passwords wanes and their password hygiene remains as sketchy as ever, study finds.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/27/2015
Comment0 comments  |  Read  |  Post a Comment
A Tale Of Two IoT Security Outcomes
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Commandeered Jeep gets fixed but a 'hijacked' satellite network does not? Why Internet of Things security remains a work in progress.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/26/2015
Comment1 Comment  |  Read  |  Post a Comment
Getting To Yes, Cooperatively
Lysa Myers, Security Researcher, ESETCommentary
As security advocates, determining what “beneficial” means to a particular audience should be our first step in developing recommendations.
By Lysa Myers Security Researcher, ESET, 8/26/2015
Comment1 Comment  |  Read  |  Post a Comment
From Vicious To Virtuous: A Plan Of Attack For Incident Response
Torry Campbell, Chief Technical Officer of Endpoint and Management at Intel Security
How do you get there? Increase the cost and effort required by the bad guys and boost your efficiency.
By Torry Campbell Chief Technical Officer of Endpoint and Management at Intel Security, 8/26/2015
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Ouch! Feeling The Pain Of Cybersecurity In Healthcare
Marilyn Cohodas, Community Editor, Dark Reading,  8/25/2015
Cybersecurity Under FTC Authority: What Does it Mean?
Tom Kellermann, Chief Cybersecurity Office, Trend Micro,  8/27/2015
Valasek Not Done With Car Hacking Just Yet
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/28/2015
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Flash: Web Browser Plugins Are Vulnerable
Maybe it's time to uninstall Flash for those that don't need it and continuously monitor those that do. Read >>
Cartoon
Dark Reading Radio
Archived Dark Reading Radio
Another Black Hat is in the books and Dark Reading was there. Join the editors as they share their top stories, biggest lessons, and best conversations from the premier security conference.
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2329
Published: 2015-08-31
Multiple cross-site scripting (XSS) vulnerabilities in Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allow remote authenticated users to inject arbitrary web script or HTML via the (1) agent string for a check_mk agent, a (2) crafted request to a monitored host, which is not properly handled by ...

CVE-2014-2330
Published: 2015-08-31
Multiple cross-site request forgery (CSRF) vulnerabilities in the Multisite GUI in Check_MK before 1.2.5i2 allow remote attackers to hijack the authentication of users for requests that (1) upload arbitrary snapshots, (2) delete arbitrary files, or possibly have other unspecified impact via unknown ...

CVE-2014-2331
Published: 2015-08-31
Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a snapshot. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330.

CVE-2014-2332
Published: 2015-08-31
Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote authenticated users to delete arbitrary files via a request to an unspecified link, related to "Insecure Direct Object References." NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330.

CVE-2014-2570
Published: 2015-08-31
Cross-site scripting (XSS) vulnerability in www/make_subset.php in PHP Font Lib before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.

10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed