Hacking Airplanes: No One Benefits When Lives Are Risked To Prove A Point
Planes, Tweets & Possible Hacks From Seats
Data Encryption In The Cloud: Square Pegs In Round Holes
VENOM Zero-Day May Affect Thousands Of Cloud, Virtualization Products
10 Security Questions To Ask A Cloud Service Provider
News & Commentary
Android Factory Reset Leaves Your Data Exposed: Study
Nathan Eddy, Freelance WriterNews
Flaws in Google’s Android operating system mean the factory-reset option is unlikely to permanently wipe all your data—or master token—from the device.
By Nathan Eddy Freelance Writer, 5/25/2015
Comment0 comments  |  Read  |  Post a Comment
DR Radio: Incident Response War-Gaming
Sara Peters, Senior Editor at Dark ReadingCommentary
Wednesday, May 27: Learn how to practice the post-breach panicking.
By Sara Peters Senior Editor at Dark Reading, 5/25/2015
Comment0 comments  |  Read  |  Post a Comment
Google: Account Recovery Security Questions Not Very Secure
Jai Vijayan, Freelance writerNews
An analysis of millions of answers to security questions show many are predictable and easily guessable, says Google.
By Jai Vijayan Freelance writer, 5/22/2015
Comment1 Comment  |  Read  |  Post a Comment
Cyber Threat Analysis: A Call for Clarity
Michael McMahon, Director, Cyber Strategy & Analysis, Innovative Analytics & Training, LLCCommentary
The general public deserves less hyperbole and more straight talk
By Michael McMahon Director, Cyber Strategy & Analysis, Innovative Analytics & Training, LLC, 5/22/2015
Comment3 comments  |  Read  |  Post a Comment
Hacking Virginia State Trooper Cruisers
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Working group of federal agencies and private industry launched by the state of Virginia is studying car vulnerabilities and building tools to detect and protect against vehicle hacking and tampering.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/22/2015
Comment1 Comment  |  Read  |  Post a Comment
Bots Outpace Humans Online: Study
Curtis Franklin Jr., Executive Editor, Technical ContentCommentary
Humans were responsible for only 41% of network traffic monitored by Distil Networks; bots made up the rest. What does this mean for your applications?
By Curtis Franklin Jr. Executive Editor, Technical Content, 5/22/2015
Comment2 comments  |  Read  |  Post a Comment
NSA Wanted To Hack Google App Store, Infect Android Phones
Eric Zeman, Commentary
The NSA and its Five Eyes allies researched a man-in-the-middle attack to infect Android smartphone users by hacking Google's App Store. It's the last revelation from Edward Snowden.
By Eric Zeman , 5/21/2015
Comment17 comments  |  Read  |  Post a Comment
Data Encryption In The Cloud: Square Pegs In Round Holes
Thomas Ristenpart, Asst. Professor, Computer Sciences, University of WisconsinCommentary
Conventional encryption is a surefire solution for protecting sensitive data -- except when it breaks cloud applications. “Format-preserving” encryption could change all that.
By Thomas Ristenpart Asst. Professor, Computer Sciences, University of Wisconsin, 5/21/2015
Comment0 comments  |  Read  |  Post a Comment
Half Of Retail, Healthcare Sites 'Always Vulnerable'
Sara Peters, Senior Editor at Dark ReadingNews
Finding vulnerabilities in custom web applications isn't the major problem; fixing them in a timely fashion is, a new report from WhiteHat Security finds.
By Sara Peters Senior Editor at Dark Reading, 5/21/2015
Comment0 comments  |  Read  |  Post a Comment
1.1 Million Hit In Another BlueCross BlueShield Breach
Dark Reading Staff, Quick Hits
CareFirst BCBS announces breach, two months after Premera Blue Cross disclosed a breach of 11 million records.
By Dark Reading Staff , 5/20/2015
Comment0 comments  |  Read  |  Post a Comment
Logjam Encryption Flaw Threatens Secure Communications On Web
Jai Vijayan, Freelance writerNews
Most major browsers, websites that support export ciphers impacted
By Jai Vijayan Freelance writer, 5/20/2015
Comment1 Comment  |  Read  |  Post a Comment
The Cloud Revolution Requires High-Performance Attack Prevention
Rees Johnson, Sr. VP and GM the Content Security Business Unit, Intel Security
Where there is traffic, there are bandits.
By Rees Johnson Sr. VP and GM the Content Security Business Unit, Intel Security, 5/20/2015
Comment0 comments  |  Read  |  Post a Comment
Planes, Tweets & Possible Hacks From Seats
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
There are conflicting reports over whether security researcher Chris Roberts hacked into flight controls and manipulated a plane.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/20/2015
Comment7 comments  |  Read  |  Post a Comment
5 Signs Credentials In Your Network Are Being Compromised
Idan Tendler, CEO, FortscaleCommentary
Where should you start to keep ahead of attackers using insiders to steal corporate secrets or personal identifiable information? Check out these common scenarios.
By Idan Tendler CEO, Fortscale, 5/20/2015
Comment1 Comment  |  Read  |  Post a Comment
Retailers Take 197 Days To Detect Advanced Threat, Study Says
Sara Peters, Senior Editor at Dark ReadingNews
Most common method of identifying them as advanced threats is a "gut feeling."
By Sara Peters Senior Editor at Dark Reading, 5/19/2015
Comment1 Comment  |  Read  |  Post a Comment
3 'Old' Attack Trends That Dominated Q1
Ericka Chickowski, Contributing Writer, Dark ReadingNews
What's old is new as attackers recycle their attack patterns.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/19/2015
Comment1 Comment  |  Read  |  Post a Comment
Hacking Airplanes: No One Benefits When Lives Are Risked To Prove A Point
Don Bailey, Founder & CEO, Lab Mouse SecurityCommentary
In the brave new world of self-driving cars and Wifi-enabled pacemakers, everything we do as information security professionals, everything we hack, every joke we make on Twitter, has real, quantifiable consequences.
By Don Bailey Founder & CEO, Lab Mouse Security, 5/19/2015
Comment7 comments  |  Read  |  Post a Comment
Google, Apple Urge Obama To Protect Phone Data Privacy
Nathan Eddy, Freelance WriterNews
The letter, signed by Google, Apple, and a number of tech companies and security organizations, is urging Obama to halt legislation that would allow government to access personal data stored on mobile devices.
By Nathan Eddy Freelance Writer, 5/19/2015
Comment1 Comment  |  Read  |  Post a Comment
Every 4 Seconds New Malware Is Born
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New report shows rate of new malware strains discovered increased by 77 percent in 2014.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/18/2015
Comment2 comments  |  Read  |  Post a Comment
Experts Urge InfoSec Info Sharing At Columbia-GCIG Conference
Sara Peters, Senior Editor at Dark ReadingNews
'It all starts at the bar with a beer.'
By Sara Peters Senior Editor at Dark Reading, 5/18/2015
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Hacking Airplanes: No One Benefits When Lives Are Risked To Prove A Point
Don Bailey, Founder & CEO, Lab Mouse Security,  5/19/2015
Planes, Tweets & Possible Hacks From Seats
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/20/2015
Cyber Threat Analysis: A Call for Clarity
Michael McMahon, Director, Cyber Strategy & Analysis, Innovative Analytics & Training, LLC,  5/22/2015
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Drinking from the Malware Fire Hose
Take a staged approach to processing malware in bulk so that scarce and time-limited resources can be prioritized for only those threats that truly require them. Read >>
Cartoon
Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4774
Published: 2015-05-25
Cross-site request forgery (CSRF) vulnerability in the login page in IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 allows remote attackers to hijack the authentication of arbitrary users via vectors involving a FRAME element.

CVE-2014-4778
Published: 2015-05-25
IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Options HTTP header in response to requests for the login page, which allows remote attackers to conduct clickjacking attacks via vectors involving a FRAME element.

CVE-2014-6190
Published: 2015-05-25
The log viewer in IBM Workload Deployer 3.1 before 3.1.0.7 allows remote attackers to obtain sensitive information via a direct request for the URL of a log document.

CVE-2014-6192
Published: 2015-05-25
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix10, 6.0.5 before 6.0.5.6, and 6.0.5.5a before 6.0.5.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CVE-2014-8926
Published: 2015-05-25
Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License Metric Tool 7.2.2, 7.5, and 9; Endpoint Manger for Software Use Analysis 9; and Tivoli Asset Discovery for Distributed 7.2.2 and 7.5 allows remote attackers to cause a denial of service (CPU consumption or application crash) via a cr...

10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed