Compliance Is A Start, Not The End
Insider Threats: Breaching The Human Barrier
Cartoon: BYOD Meets Internet of Things
'POODLE' Attacks, Kills Off SSL 3.0
The Internet of Things: 7 Scary Security Scenarios
News & Commentary
Incident Response: Is Your IR Plan A Glorified Phone Tree?
Kerstyn Clover, Attack & Defense Team ConsultantCommentary
Training internal security teams to be first responders can drastically improve an organization's effectiveness in the wake of a data breach. Here's why.
By Kerstyn Clover Attack & Defense Team Consultant, 10/23/2014
Comment0 comments  |  Read  |  Post a Comment
Enterprise Security: Why You Need a Digital Immune System
Mike Fey, EVP, GM of Corporate Products & CTO, Intel Security
I’ve often talked about “trial and error” hacking tactics and how organizations frequently build “rat maze” defenses in response to them. Each time they learn ...
By Mike Fey EVP, GM of Corporate Products & CTO, Intel Security, 10/23/2014
Comment0 comments  |  Read  |  Post a Comment
DHS Investigates Dozens Of Medical Device Cybersecurity Flaws
Jai Vijayan, Freelance writerCommentary
Department of Homeland Security reportedly investigating two-dozen products from major medical device manufacturers for security holes.
By Jai Vijayan Freelance writer, 10/23/2014
Comment0 comments  |  Read  |  Post a Comment
10 Things IT Probably Doesn't Know About Cyber Insurance
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Understand the benefits and the pitfalls you might miss when evaluating cyber policies.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/23/2014
Comment0 comments  |  Read  |  Post a Comment
So You Think You Know Risk Management
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Infosec officers are coming around to the idea that their job is more about managing risk than putting the entire organization on permanent lockdown. But do security pros understand risk management as well as they think they do?
By Sara Peters Senior Editor at Dark Reading, 10/23/2014
Comment0 comments  |  Read  |  Post a Comment
Open-Source Software Brings Bugs To Web Applications
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
An average of eight severe security flaws from open-source and third-party code can be found in each web application, according to new findings from Veracode.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/22/2014
Comment4 comments  |  Read  |  Post a Comment
Pharmaceuticals, Not Energy, May Have Been True Target Of Dragonfly, Energetic Bear
Sara Peters, Senior Editor at Dark ReadingNews
New research says the compromised companies were suppliers for OEMs that served pharma and biotech.
By Sara Peters Senior Editor at Dark Reading, 10/22/2014
Comment0 comments  |  Read  |  Post a Comment
Insecure Protocol Puts 1.2M SOHO Devices At Risk
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Enterprises should take care to prohibit NAT-PMP traffic on untrusted network interfaces.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/22/2014
Comment1 Comment  |  Read  |  Post a Comment
Cyber Threats: Information vs. Intelligence
Matt Hartley, VP Product Management, iSIGHT PartnersCommentary
Cyber threat intelligence or CTI is touted to be the next big thing in InfoSec. But does it narrow the security problem or compound it?
By Matt Hartley VP Product Management, iSIGHT Partners, 10/22/2014
Comment2 comments  |  Read  |  Post a Comment
Illumio Takes New Cloud, Data Center Security Approach
Charles Babcock, Editor At Large, InformationWeek Commentary
Security startup Illumio has launched a granular scheme based on individual workloads, not firewalls or network monitoring.
By Charles Babcock Editor At Large, InformationWeek , 10/22/2014
Comment2 comments  |  Read  |  Post a Comment
Shellshock & Why EHRs Need Updating
Michael A.M. Davies, Founder & Chairman, Endeavour PartnersCommentary
Nearly half of all security breaches occur in healthcare, and outdated medical records systems make data more vulnerable. An up-to-date EHR system can help solve security concerns, save money, and improve patient care.
By Michael A.M. Davies Founder & Chairman, Endeavour Partners, 10/22/2014
Comment0 comments  |  Read  |  Post a Comment
Why Outlawing Encryption Is Wrong
Jonathan Feldman, CIO, City of Asheville, NCCommentary
Putting data encryption solely into the hands of government employees won't prevent bad things from happening -- and it might encourage wrongdoing.
By Jonathan Feldman CIO, City of Asheville, NC, 10/22/2014
Comment10 comments  |  Read  |  Post a Comment
White Hat Hackers Fight For Legal Reform
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Security researchers petition to update digital intellectual property and copyright protection laws that limit their work in finding and revealing security bugs.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/21/2014
Comment5 comments  |  Read  |  Post a Comment
Digital Security: Taking an Uncompromising Stand
Mike Fey, EVP, GM of Corporate Products & CTO, Intel Security
In my last post, I outlined the difference between relying on Indicators of Compromise versus Indicators of Attack for digital security. The emphasis here is not that these indicators are ...
By Mike Fey EVP, GM of Corporate Products & CTO, Intel Security, 10/21/2014
Comment1 Comment  |  Read  |  Post a Comment
Synthetic Identity Fraud A Fast-Growing Category
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Real SSNs tied with fake identities are reaping criminals big profits.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/21/2014
Comment1 Comment  |  Read  |  Post a Comment
Google Expands 2-Factor Authentication For Chrome, Gmail
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Google issues USB keys for Chrome users to log into Google accounts and any other websites that support FIDO universal two-factor authentication -- but it's no help to mobile users.
By Sara Peters Senior Editor at Dark Reading, 10/21/2014
Comment5 comments  |  Read  |  Post a Comment
Several Staples Stores Suffer Data Breach
Jai Vijayan, Freelance writerNews
Attack appears smaller in scope but similar to incidents reported by several other major retailers this year.
By Jai Vijayan Freelance writer, 10/21/2014
Comment1 Comment  |  Read  |  Post a Comment
Compliance Is A Start, Not The End
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Regulatory compliance efforts may help you get a bigger budget and reach a baseline security posture. But "compliant" does not necessarily mean "secure."
By Sara Peters Senior Editor at Dark Reading, 10/21/2014
Comment1 Comment  |  Read  |  Post a Comment
How To Become A CISO, Part 1
Sara Peters, Senior Editor at Dark ReadingNews
Think you're ready for the top job? Here's part 1 of a series to help you land that prime chief information security officer position.
By Sara Peters Senior Editor at Dark Reading, 10/20/2014
Comment17 comments  |  Read  |  Post a Comment
China Accused Of Attacking Apple iCloud
Thomas Claburn, Editor-at-LargeCommentary
Media freedom group GreatFire.org claims Apple's iCloud is being subject to a man-in-the-middle attack by China's censorship apparatus.
By Thomas Claburn Editor-at-Large, 10/20/2014
Comment4 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
How To Become A CISO, Part 1
Sara Peters, Senior Editor at Dark Reading,  10/20/2014
In Plain Sight: How Cyber Criminals Exfiltrate Data Via Video
Kaushik Narayan, CTO, Skyhigh Networks,  10/17/2014
Nearly Half Of Consumers Will Punish Breached Retailers During Holidays
Ericka Chickowski, Contributing Writer, Dark Reading,  10/20/2014
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Enterprise Security: Why You Need a Digital Immune System
Treating enterprise security like the human body's response to illness or injury is more effective than just a barrier approach Read >>
Cartoon
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.
White Papers
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7407
Published: 2014-10-22
Cross-site request forgery (CSRF) vulnerability in the MRBS module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVE-2014-3675
Published: 2014-10-22
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.

CVE-2014-3676
Published: 2014-10-22
Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."

CVE-2014-3677
Published: 2014-10-22
Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.

CVE-2014-3828
Published: 2014-10-22
Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id...

Best of the Web
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed