What Data Breaches Now Cost And Why
Moose Malware Uses Linux Routers For Social Network Fraud
Escalating Cyberattacks Threaten US Healthcare Systems
Data Encryption In The Cloud: Square Pegs In Round Holes
DR Radio: Incident Response War-Gaming
News & Commentary
UN Report Warns Encryption Backdoors Violate Human Rights
Sara Peters, Senior Editor at Dark ReadingNews
Report says States should be promoting strong encryption and anonymity tools, not restricting them.
By Sara Peters Senior Editor at Dark Reading, 5/28/2015
Comment0 comments  |  Read  |  Post a Comment
IRS Attack Demonstrates How Breaches Beget More Breaches
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Weak authentication validation assumed only taxpayers would know their Social Security Numbers and other information that criminals have been stealing for years.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/28/2015
Comment4 comments  |  Read  |  Post a Comment
Small-to Mid-sized Organizations Targeted By 'Grabit' Cyberspies
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Rare SMB-focused cyber espionage campaign hitting small firms worldwide.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/28/2015
Comment0 comments  |  Read  |  Post a Comment
'Tox' Offers Ransomware As A Service
Jai Vijayan, Freelance writerNews
The ransomware is free to use but site retains 20 percent of any ransom that is collected, McAfee researcher says.
By Jai Vijayan Freelance writer, 5/28/2015
Comment0 comments  |  Read  |  Post a Comment
What Are You Doing During The Golden Hour After An Attack?
Torry Campbell, Chief Technical Officer of Endpoint and Management at Intel Security
Take the time to detect the attack, isolate the infected machines, and restore them to a known state.
By Torry Campbell Chief Technical Officer of Endpoint and Management at Intel Security, 5/28/2015
Comment0 comments  |  Read  |  Post a Comment
FUD Watch: The Marketing Of Security Vulnerabilities
Bill Brenner, Information Security BloggerCommentary
Iím all for raising awareness, but making designer vulnerabilities, catchy logos and content part of the disclosure process is a step in the wrong direction.
By Bill Brenner Information Security Blogger, 5/28/2015
Comment0 comments  |  Read  |  Post a Comment
Data Theft The Goal Of BlackEnergy Attacks On Industrial Control Systems, Researchers Say
Jai Vijayan, Freelance writerNews
CyberX analysis of BlackEnergy module reveals most likely motive behind sophisticated multi-year attack campaign.
By Jai Vijayan Freelance writer, 5/28/2015
Comment0 comments  |  Read  |  Post a Comment
Oracle PeopleSoft In The Crosshairs
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Presenter at Hack In The Box says PeopleSoft is in worse security shape than SAP was five years ago.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/27/2015
Comment4 comments  |  Read  |  Post a Comment
Moose Malware Uses Linux Routers For Social Network Fraud
Sara Peters, Senior Editor at Dark ReadingNews
Linux/Moose is sophisticated enough to do DNS hijacks, DDoSes, and deep network penetration...so why is it wasting its time on Instagram?
By Sara Peters Senior Editor at Dark Reading, 5/27/2015
Comment7 comments  |  Read  |  Post a Comment
Escalating Cyberattacks Threaten US Healthcare Systems
Rick Kam and Larry Ponemon, Rick Kam, President & Co-founder, ID Experts & Larry Ponemon, Chairman & Founder, Ponemon InstituteCommentary
Electronic health records are prime targets because healthcare organizations lack the resources, processes, and technologies to protect them. And itís only going to get worse.
By Rick Kam and Larry Ponemon Rick Kam, President & Co-founder, ID Experts & Larry Ponemon, Chairman & Founder, Ponemon Institute, 5/27/2015
Comment0 comments  |  Read  |  Post a Comment
Iris Scans: Security Breakthrough Or Privacy Invasion?
David Wagner, Executive Editor, Community & IT LifeNews
New technology allows irises to be scanned from 40 feet away. Is this a wonder weapon against crime and terrorism or a way for governments to invade our privacy and track our movements?
By David Wagner Executive Editor, Community & IT Life, 5/27/2015
Comment3 comments  |  Read  |  Post a Comment
What Data Breaches Now Cost And Why
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New Ponemon report says the cost of a data breach has increased by 23% and healthcare and education breaches are the most pricey.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/27/2015
Comment1 Comment  |  Read  |  Post a Comment
IRS Breach Exposes 100,000 Taxpayers' Tax Returns, Other Data
Dark Reading Staff, Quick Hits
Online 'Get Transcript' service accessed from February to mid-May.
By Dark Reading Staff , 5/26/2015
Comment6 comments  |  Read  |  Post a Comment
Profile Of A Cybercrime Petty Thief
Sara Peters, Senior Editor at Dark ReadingNews
Trend Micro provides peek at methods of amateur, lone-wolf carder.
By Sara Peters Senior Editor at Dark Reading, 5/26/2015
Comment0 comments  |  Read  |  Post a Comment
A Threat Intelligence-Sharing Reality-Check
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Many organizations employ sharing one-way (gathering) and mainly for 'CYA,' experts say.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/26/2015
Comment1 Comment  |  Read  |  Post a Comment
State-Sponsored Cybercrime: A Growing Business Threat
David Venable,  Director, Professional Services, Masergy CommunicationsCommentary
You donít have to be the size of Sony -- or even mock North Korea -- to be a target.
By David Venable Director, Professional Services, Masergy Communications, 5/26/2015
Comment1 Comment  |  Read  |  Post a Comment
Android Factory Reset Leaves Your Data Exposed: Study
Nathan Eddy, Freelance WriterNews
Flaws in Googleís Android operating system mean the factory-reset option is unlikely to permanently wipe all your data -- or master token -- from the device.
By Nathan Eddy Freelance Writer, 5/25/2015
Comment3 comments  |  Read  |  Post a Comment
DR Radio: Incident Response War-Gaming
Sara Peters, Senior Editor at Dark ReadingCommentary
Learn how to practice the post-breach panicking.
By Sara Peters Senior Editor at Dark Reading, 5/25/2015
Comment2 comments  |  Read  |  Post a Comment
Google: Account Recovery Security Questions Not Very Secure
Jai Vijayan, Freelance writerNews
An analysis of millions of answers to security questions show many are predictable and easily guessable, says Google.
By Jai Vijayan Freelance writer, 5/22/2015
Comment2 comments  |  Read  |  Post a Comment
Cyber Threat Analysis: A Call for Clarity
Michael McMahon, Director, Cyber Strategy & Analysis, Innovative Analytics & Training, LLCCommentary
The general public deserves less hyperbole and more straight talk
By Michael McMahon Director, Cyber Strategy & Analysis, Innovative Analytics & Training, LLC, 5/22/2015
Comment11 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by anveshh
Current Conversations yup
In reply to: Re: Cartoon: Spring Fever
Post Your Own Reply
More Conversations
PR Newswire
Cyber Threat Analysis: A Call for Clarity
Michael McMahon, Director, Cyber Strategy & Analysis, Innovative Analytics & Training, LLC,  5/22/2015
Moose Malware Uses Linux Routers For Social Network Fraud
Sara Peters, Senior Editor at Dark Reading,  5/27/2015
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Drinking from the Malware Fire Hose
Take a staged approach to processing malware in bulk so that scarce and time-limited resources can be prioritized for only those threats that truly require them. Read >>
Cartoon
Latest Comment: yup
Dark Reading Radio
Archived Dark Reading Radio
After a serious cybersecurity incident, everyone will be looking to you for answers -- but youíll never have complete information and youíll never have enough time. So in those heated moments, when a business is on the brink of collapse, how will you and the rest of the board room executives respond?
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-6628
Published: 2015-05-28
Aruba Networks ClearPass Policy Manager (CPPM) before 6.5.0 allows remote administrators to execute arbitrary code via unspecified vectors.

CVE-2015-1389
Published: 2015-05-28
Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote attackers to inject arbitrary web script or HTML via the username parameter to tips/tipsLoginSubmit.action.

CVE-2015-1392
Published: 2015-05-28
Multiple SQL injection vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to execute arbitrary SQL commands via unspecified vectors.

CVE-2015-1550
Published: 2015-05-28
Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote administrators to execute arbitrary files via unspecified vectors.

CVE-2015-1551
Published: 2015-05-28
Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.4 allows remote administrators to read arbitrary files via unspecified vectors.

10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed