Database Security
Authentication
Privacy
Compliance
Careers & People
Identity & Access Management
Threat Intelligence
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
7 Things You Should Know About Secure Payment Technology
From Hacking Systems To Hacking People
How To Get More Involved In The IT Security Community
Hackin' At The Car Wash, Yeah
Why The USA Hacks
News & Commentary
Hits Keep On Coming For Both SSL & Its Abusers
Dark Reading Staff, Quick Hits
Hacktivist group Lizard Squad punishes Lenovo with a DNS hijack. Will Comodo be next?
By Dark Reading Staff , 2/26/2015
Comment1 Comment  |  Read  |  Post a Comment
'Shadow' Cloud Services Rampant In Government Networks
Jai Vijayan, Freelance writerNews
Survey finds public sector employees use unmanaged cloud services just as much as private employees.
By Jai Vijayan Freelance writer, 2/26/2015
Comment1 Comment  |  Read  |  Post a Comment
How to Strengthen Enterprise Defenses against Ransomware
Alexandra Gheorghe, Security Specialist, Bitdefender
Eight essential ways that companies can enforce their borders.
By Alexandra Gheorghe Security Specialist, Bitdefender, 2/26/2015
Comment0 comments  |  Read  |  Post a Comment
How To Reduce Spam & Phishing With DMARC
Daniel Ingevaldson, CTO, Easy SolutionsCommentary
Providers of more than 3 billion email boxes have taken up a new Internet protocol to help put trust back into electronic messaging.
By Daniel Ingevaldson CTO, Easy Solutions, 2/26/2015
Comment0 comments  |  Read  |  Post a Comment
5 New Vulnerabilities Uncovered In SAP
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Onapsis researchers find bugs in SAP BusinessObjects and SAP HANA.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/26/2015
Comment0 comments  |  Read  |  Post a Comment
Millions Of Non-Anthem Customers Also Hit By Anthem Breach
Dark Reading Staff, Quick Hits
Blue Cross Blue Shield customers -- as many as 8.8 to 18.8 million of them -- might have also had their data compromised.
By Dark Reading Staff , 2/25/2015
Comment3 comments  |  Read  |  Post a Comment
Ramnit Botnet Disrupted By International Public-Private Collaboration
Sara Peters, Senior Editor at Dark ReadingNews
Europol leads the effort to bring down the bank credential-stealing botnet that infected 3.2 million computers across the globe.
By Sara Peters Senior Editor at Dark Reading, 2/25/2015
Comment0 comments  |  Read  |  Post a Comment
Gemalto: NSA, GCHQ May Have Been Behind Breaches It Suffered In 2010 And 2011
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
But the 'sophisticated' attacks hit only Gemalto office networks--not 'massive theft' of SIM crypto keys, vendor says, and such an attack, if waged, would only affect 2G networks, not 3G or 4G.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/25/2015
Comment3 comments  |  Read  |  Post a Comment
Five Easiest Ways to Get Hacked – Part 2
Carric Dooley, WW VP of Foundstone Services, Intel Security
Continuing a conversation with principal security consultant Amit Bagree
By Carric Dooley WW VP of Foundstone Services, Intel Security, 2/25/2015
Comment1 Comment  |  Read  |  Post a Comment
Customers Aren’t the Only Victims: 5 Stages Of Data Breach Grief
Ricky Link, Managing Director, Coalfire Systems, Southwest RegionCommentary
What can we learn from organizations that have experienced a data beach? For one thing, infosec teams on the front lines of cyber security are also victims.
By Ricky Link Managing Director, Coalfire Systems, Southwest Region, 2/25/2015
Comment2 comments  |  Read  |  Post a Comment
5 Ways To Prepare For IoT Security Risks
Jai Vijayan, Freelance writerNews
As the Internet of Things begins to take shape, IT organizations must prepare for change.
By Jai Vijayan Freelance writer, 2/24/2015
Comment0 comments  |  Read  |  Post a Comment
Medical Identity Theft Costs Victims $13,450 Apiece
Sara Peters, Senior Editor at Dark ReadingNews
New study shows not only is medical identity fraud costly for individuals, it's happening a lot more often.
By Sara Peters Senior Editor at Dark Reading, 2/24/2015
Comment6 comments  |  Read  |  Post a Comment
FBI Offers $3 Million Reward For Info On Whereabouts Of GameoverZeus Botnet Operator
Dark Reading Staff, Quick Hits
Evgeniy Mikhailovich Bogachev, who faces charges for his alleged role as an administrator of the GameOver Zeus botnet, is at large in Russia.
By Dark Reading Staff , 2/24/2015
Comment3 comments  |  Read  |  Post a Comment
Mobile Apps Remain Vulnerable For Months
Thomas Claburn, Editor-at-LargeNews
Developers are failing to respond quickly to reports of security flaws, Trojans are infecting corporate devices at an alarming rate, and even mundane data about your device's power consumption could threaten your privacy.
By Thomas Claburn Editor-at-Large, 2/24/2015
Comment11 comments  |  Read  |  Post a Comment
7 Things You Should Know About Secure Payment Technology
Sara Peters, Senior Editor at Dark Reading
Despite the existence of EMV and Apple Pay, we're a long way from true payment security, especially in the US.
By Sara Peters Senior Editor at Dark Reading, 2/24/2015
Comment13 comments  |  Read  |  Post a Comment
Cybercrime, Cyber Espionage Tactics Converge
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Real-world cyberattack investigations by incident response firm Mandiant highlight how hackers are adapting to better achieve their goals.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/24/2015
Comment3 comments  |  Read  |  Post a Comment
From Hacking Systems To Hacking People
Larry Ponemon, Chairman & Founder, Ponemon InstituteCommentary
New low-tech attack methods like ‘visual hacking’ demand an information security environment that values data privacy and a self-policing culture.
By Larry Ponemon Chairman & Founder, Ponemon Institute, 2/24/2015
Comment6 comments  |  Read  |  Post a Comment
DOJ R&D Agency Awards Grants For Speedier Digital Forensics
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The US Department of Justice's National Institute of Justice is funding new incident response technology to assist law enforcement.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/23/2015
Comment0 comments  |  Read  |  Post a Comment
Blackhat, The Movie: Good, Bad & Ridiculous
Jeff Schmidt, Founder & CEO of JAS Global Advisors LLCCommentary
It didn’t take home an Oscar, but in some instances Blackhat was right on point. Still, a white-hat hacker with the skills to take out armed opponents?
By Jeff Schmidt Founder & CEO of JAS Global Advisors LLC, 2/23/2015
Comment2 comments  |  Read  |  Post a Comment
NSA, GCHQ Theft Of SIM Crypto Keys Raises Fresh Security Concerns
Jai Vijayan, Freelance writerNews
Pilfered SIM card encryption keys also could allow the spy agencies to deploy malicious Java applets or to send rogue SMS messages from fake cell towers, experts say.
By Jai Vijayan Freelance writer, 2/20/2015
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Emailage Raises $3.8 Million
ForeScout Appoints Former Intel Security President Michael DeCesare as CEO
BMC and Qualys Join Forces to Improve Enterprise Security
Onapsis Uncovers Five New Vulnerabilities Affecting SAP BusinessObjects and SAP HANA
SEWORKS Launches AppSecu.re, SaaS-Based Security Service to Provide App Protection for Android Developers Worldwide
Lumeta Announces Strategic Partnership with Nordisk Systems, Inc.
Digital Guardian Launches Digital Guardian 7.0 for Data Protection Against All Threats
Onapsis Appoints CTO of Veracode, Chris Wysopal, to Board of Advisors
More Products & Releases
PR Newswire
Who Cares Who's Behind A Data Breach?
Kerstyn Clover, Attack & Defense Team Consultant,  2/20/2015
7 Things You Should Know About Secure Payment Technology
Sara Peters, Senior Editor at Dark Reading,  2/24/2015
Medical Identity Theft Costs Victims $13,450 Apiece
Sara Peters, Senior Editor at Dark Reading,  2/24/2015
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Five Easiest Ways to Get Hacked - Part 2
Continuing a conversation with principal security consultant Amit Bagree Read >>
Partner Perspectives
What's This?
How to Strengthen Enterprise Defenses against Ransomware
Eight essential ways that companies can enforce their borders. Read >>
Cartoon
Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.
White Papers
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-2086
Published: 2015-02-26
Cross-site scripting (XSS) vulnerability in the live preview in the Panopoly Magic module before 7.x-1.17 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a pane title.

CVE-2015-2087
Published: 2015-02-26
Unrestricted file upload vulnerability in the Avatar Uploader module before 6.x-1.3 for Drupal allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via unspecified vectors.

CVE-2015-2088
Published: 2015-02-26
Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Term Queue module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CVE-2015-2089
Published: 2015-02-26
Multiple cross-site request forgery (CSRF) vulnerabilities in the CrossSlide jQuery (crossslide-jquery-plugin-for-wordpress) plugin 2.0.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (...

CVE-2015-2090
Published: 2015-02-26
SQL injection vulnerability in the ajax_survey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for Wordpress allows remote attackers to execute arbitrary SQL commands via the survey_id parameter in an ajax_survey action to wp-admin/admin-ajax.php.

10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed