Database Security
Authentication
Privacy
Compliance
Careers & People
Identity & Access Management
Threat Intelligence
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Stocking Stuffers For Happy Hacking
2014: The Year of Privilege Vulnerabilities
5 Pitfalls to Avoid When Running Your SOC
'Grinch' Bug May Affect Most Linux Systems
The Coolest Hacks Of 2014
News & Commentary
4 Infosec Resolutions For The New Year
Lysa Myers, Security Researcher, ESETCommentary
Don’t look in the crystal ball, look in the mirror to protect data and defend against threats in 2015.
By Lysa Myers Security Researcher, ESET, 12/30/2014
Comment0 comments  |  Read  |  Post a Comment
20 Startups To Watch In 2015
Ericka Chickowski, Contributing Writer, Dark Reading
Check our list of security startups sure to start (or continue) making waves in the coming year.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/29/2014
Comment0 comments  |  Read  |  Post a Comment
A 2014 Lookback: Predictions vs. Reality
TK Keanini, CTO, LancopeCommentary
It was a tumultuous year for cyber security, but it drove the adoption of incident response plans and two-factor authentication.
By TK Keanini CTO, Lancope, 12/29/2014
Comment1 Comment  |  Read  |  Post a Comment
Sony Fallout: The Terrorists Win Our Networks
Patrick Hubbard, Head Geek & Senior Technical Product Marketing Manager, SolarWindsCommentary
It's time to get serious. Sony hack may mark the end of enterprise networks as we know them.
By Patrick Hubbard Head Geek & Senior Technical Product Marketing Manager, SolarWinds, 12/29/2014
Comment4 comments  |  Read  |  Post a Comment
The Cost Of Healthcare Data Access
Jutta Williams, Corporate Information Assurance Officer and Chief Compliance Officer, Health FirstCommentary
Does every healthcare department really need around-the-clock access to every file or image, or could security be tightened?
By Jutta Williams Corporate Information Assurance Officer and Chief Compliance Officer, Health First, 12/29/2014
Comment1 Comment  |  Read  |  Post a Comment
2014: IT's Good, Bad, & Ugly
Lawrence Garvin, Technical Product Marketing Manager, SolarWindsCommentary
Take a look back at some of the most memorable IT incidents -- for good and bad -- over the past year.
By Lawrence Garvin Technical Product Marketing Manager, SolarWinds, 12/29/2014
Comment9 comments  |  Read  |  Post a Comment
Attackers Leverage IT Tools As Cover
Jai Vijayan, Freelance writerNews
The line between attack and defense tools has blurred.
By Jai Vijayan Freelance writer, 12/26/2014
Comment0 comments  |  Read  |  Post a Comment
Why Digital Forensics In Incident Response Matter More Now
Craig Carpenter, President & COO, Resolution1 SecurityCommentary
By understanding what happened, when, how, and why, security teams can prevent similar breaches from occurring in the future.
By Craig Carpenter President & COO, Resolution1 Security, 12/24/2014
Comment6 comments  |  Read  |  Post a Comment
JPMorgan Hack: 2FA MIA In Breached Server
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Sources close to the breach investigation say a network server missing two-factor authentication let attackers make their way into JPMorgan's servers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/24/2014
Comment12 comments  |  Read  |  Post a Comment
Backoff Malware Validates Targets Through Infected IP Cameras
Ericka Chickowski, Contributing Writer, Dark ReadingNews
RSA report on Backoff dives deeper into clues about the POS software and hints at attackers potentially located in India.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/23/2014
Comment0 comments  |  Read  |  Post a Comment
How PCI DSS 3.0 Can Help Stop Data Breaches
Troy Leach and Christopher Strand, Chief Technology Officer, PCI Security Standards Council & Senior Director of Compliance, Bit9Commentary
New Payment Card Industry security standards that take effect January 1 aim to replace checkmark mindsets with business as usual processes. Here are three examples.
By Troy Leach and Christopher Strand Chief Technology Officer, PCI Security Standards Council & Senior Director of Compliance, Bit9, 12/23/2014
Comment1 Comment  |  Read  |  Post a Comment
North Korea's Internet Restored
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Restoration of service weakens arguments that the US was responsible for the outage.
By Sara Peters Senior Editor at Dark Reading, 12/23/2014
Comment7 comments  |  Read  |  Post a Comment
North Korea Experiencing Internet Outages, Raising Questions About US Retaliation
Sara Peters, Senior Editor at Dark ReadingNews
Is it coincidence, or is a DDoS on North Korea's Internet infrastructure a "proportional response" by the US?
By Sara Peters Senior Editor at Dark Reading, 12/22/2014
Comment3 comments  |  Read  |  Post a Comment
The Coolest Hacks Of 2014
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
TSA baggage scanners, evil USB sticks, and smart homes were among the targets in some of the most creative -- and yes, scary -- hacks this year by security researchers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/22/2014
Comment9 comments  |  Read  |  Post a Comment
CISO Holiday Bookshelf
Ericka Chickowski, Contributing Writer, Dark Reading
A selection of interesting security reads perfect as gifts from and to the typical CISO.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/22/2014
Comment1 Comment  |  Read  |  Post a Comment
Security News No One Saw Coming In 2014
John B. Dickson, CISSP, Principal, Denim GroupCommentary
John Dickson shares his list (and checks it twice) of five of the most surprising security headlines of the year.
By John B. Dickson CISSP, Principal, Denim Group, 12/22/2014
Comment12 comments  |  Read  |  Post a Comment
Startup Profile: Seculert Prioritizes Response Over Prevention
Andrew Conry Murray, Director of Content & Community, InteropCommentary
The cloud security newcomer Seculert aims to identify and validate data breaches to enable faster response and remediation.
By Andrew Conry Murray Director of Content & Community, Interop, 12/22/2014
Comment0 comments  |  Read  |  Post a Comment
The Internet's Winter Of Discontent
Paul Vixie, Chairman & CEO, Farsight Security, Inc.Commentary
The new great cybersecurity challenge in trying to sum up the most dangerous weaknesses in the world’s connected economy is that the hits just keep on coming.
By Paul Vixie Chairman & CEO, Farsight Security, Inc., 12/19/2014
Comment1 Comment  |  Read  |  Post a Comment
Obama: U.S. Will Respond 'Proportionately' To Sony Cyber Attack
Brian Prince, Contributing Writer, Dark ReadingNews
President Obama says the United States will take action against North Korea in response to the cyber-attack on Sony.
By Brian Prince Contributing Writer, Dark Reading, 12/19/2014
Comment20 comments  |  Read  |  Post a Comment
Time To Rethink Patching Strategies
Kevin E. Greene, Software Assurance Program Manager, Department of Homeland Security Science & Technology DirectorateCommentary
In 2014, the National Vulnerability Database is expected to log a record-breaking 8,000 vulnerabilities. That's 8,000 reasons to improve software quality at the outset.
By Kevin E. Greene Software Assurance Program Manager, Department of Homeland Security Science & Technology Directorate, 12/19/2014
Comment14 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Onapsis Research Labs Delivers 2014 SAP Security Advisories Trend Analysis with Almost Half Classified as ‘High priority’
Pulse Secure Simplifies Secure Device Onboarding and Compliance for BYOD
WatchGuard Uncovers Guest Network Security Lapses
IOActive Expands Vehicle Security Service Practice
Onapsis uncovers two new critical business application vulnerabilities in SAP BASIS and SAP BusinessObjects
Esentire Releases Cybersecurity Documentation Framework Featuring Infosec Policy, Incident Response Guidance
Entrust Datacard Adds Website Security Capabilities For SSL
Rapid7 Announces Additional Funding
More Products & Releases
PR Newswire
JPMorgan Hack: 2FA MIA In Breached Server
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/24/2014
Why Digital Forensics In Incident Response Matter More Now
Craig Carpenter, President & COO, Resolution1 Security,  12/24/2014
A 2014 Lookback: Predictions vs. Reality
TK Keanini, CTO, Lancope,  12/29/2014
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Balancing Accounting Policy & Security Strategy
A long-term approach involves focusing on security as a platform, instead of a selection of individual products and point defenses. Read >>
Partner Perspectives
What's This?
Malvertising: 5 Lessons for Companies & Employees
We could expect more from this repackaged e-threat. Read >>
Cartoon
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.
White Papers
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4630
Published: 2014-12-30
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA BSAFE SSL-J before 6.1.4 do not ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session ...

CVE-2014-4634
Published: 2014-12-30
Unquoted Windows search path vulnerability in EMC Replication Manager through 5.5.2 and AppSync before 2.1.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.

CVE-2011-2727
Published: 2014-12-29
The (1) templatewrap/templatefoot.php, (2) cmsjs/plugin.js.php, and (3) cmsincludes/cms_plugin_api_link.inc.php scripts in Tribal Tribiq CMS before 5.2.7c allow remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.

CVE-2013-3295
Published: 2014-12-29
Directory traversal vulnerability in install/popup.php in Exponent CMS before 2.2.0 RC1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter.

CVE-2014-1905
Published: 2014-12-29
Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then accessing the file via a direct request to a wp-...

Best of the Web
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed