Insider Threats: Breaching The Human Barrier
How To Become A CISO, Part 1
In Plain Sight: How Cyber Criminals Exfiltrate Data Via Video
'POODLE' Attacks, Kills Off SSL 3.0
The Internet of Things: 7 Scary Security Scenarios
News & Commentary
Why Outlawing Encryption Is Wrong
Jonathan Feldman, CIO, City of Asheville, NCCommentary
Putting data encryption solely into the hands of government employees won't prevent bad things from happening -- and it might encourage wrongdoing.
By Jonathan Feldman CIO, City of Asheville, NC, 10/22/2014
Comment0 comments  |  Read  |  Post a Comment
White Hat Hackers Fight For Legal Reform
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Security researchers petition to update digital intellectual property and copyright protection laws that limit their work in finding and revealing security bugs.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/21/2014
Comment2 comments  |  Read  |  Post a Comment
Digital Security: Taking an Uncompromising Stand
Mike Fey, Director of Cyber Security for Technologies and Initiatives, Intel Corp
In my last post, I outlined the difference between relying on Indicators of Compromise versus Indicators of Attack for digital security. The emphasis here is not that these indicators are ...
By Mike Fey Director of Cyber Security for Technologies and Initiatives, Intel Corp, 10/21/2014
Comment1 Comment  |  Read  |  Post a Comment
Synthetic Identity Fraud A Fast-Growing Category
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Real SSNs tied with fake identities are reaping criminals big profits.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/21/2014
Comment0 comments  |  Read  |  Post a Comment
Google Expands 2-Factor Authentication For Chrome, Gmail
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Google issues USB keys for Chrome users to log into Google accounts and any other websites that support FIDO universal two-factor authentication -- but it's no help to mobile users.
By Sara Peters Senior Editor at Dark Reading, 10/21/2014
Comment5 comments  |  Read  |  Post a Comment
Several Staples Stores Suffer Data Breach
Jai Vijayan, Freelance writerNews
Attack appears smaller in scope but similar to incidents reported by several other major retailers this year.
By Jai Vijayan Freelance writer, 10/21/2014
Comment1 Comment  |  Read  |  Post a Comment
Compliance Is A Start, Not The End
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Regulatory compliance efforts may help you get a bigger budget and reach a baseline security posture. But "compliant" does not necessarily mean "secure."
By Sara Peters Senior Editor at Dark Reading, 10/21/2014
Comment0 comments  |  Read  |  Post a Comment
How To Become A CISO, Part 1
Sara Peters, Senior Editor at Dark ReadingNews
Think you're ready for the top job? Here's part 1 of a series to help you land that prime chief information security officer position.
By Sara Peters Senior Editor at Dark Reading, 10/20/2014
Comment16 comments  |  Read  |  Post a Comment
China Accused Of Attacking Apple iCloud
Thomas Claburn, Editor-at-LargeCommentary
Media freedom group GreatFire.org claims Apple's iCloud is being subject to a man-in-the-middle attack by China's censorship apparatus.
By Thomas Claburn Editor-at-Large, 10/20/2014
Comment4 comments  |  Read  |  Post a Comment
Nearly Half Of Consumers Will Punish Breached Retailers During Holidays
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Consumers say they'll talk with their wallets if they hear their favorite store has played fast and loose with customer data.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/20/2014
Comment9 comments  |  Read  |  Post a Comment
Insider Threats: Breaching The Human Barrier
Christopher Hadnagy, Founder & CEO, Social-Engineer, Inc.Commentary
A company can spend all the money it has on technical solutions to protect the perimeter and still not prevent the attack that comes from within.
By Christopher Hadnagy Founder & CEO, Social-Engineer, Inc., 10/20/2014
Comment2 comments  |  Read  |  Post a Comment
Internet Of Things Will Turn Networks Inside-Out
Patrick Hubbard, Head Geek & Senior Technical Product Marketing Manager, SolarWindsCommentary
If IoT is ever going to work, networks will have to grant access to devices that we'd refuse outright today.
By Patrick Hubbard Head Geek & Senior Technical Product Marketing Manager, SolarWinds, 10/20/2014
Comment2 comments  |  Read  |  Post a Comment
Why You Shouldn't Count On General Liability To Cover Cyber Risk
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Travelers Insurance's legal spat with P.F. Chang's over who'll pay breach costs will likely illustrate why enterprises shouldn't think of their general liability policies as backstops for cyber risk.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/20/2014
Comment6 comments  |  Read  |  Post a Comment
Sophisticated Malvertising Campaign Targets US Defense Industry
Brian Prince, Contributing Writer, Dark ReadingNews
Dubbed Operation DeathClick, the campaign puts a new twist on an old method of infecting users.
By Brian Prince Contributing Writer, Dark Reading, 10/17/2014
Comment0 comments  |  Read  |  Post a Comment
Facebook Automates Fight Against Hackers
Kristin Burnham, Senior Editor, InformationWeek.comCommentary
Here's a sneak peek into the system Facebook uses to secure your account when other websites are hacked.
By Kristin Burnham Senior Editor, InformationWeek.com, 10/17/2014
Comment18 comments  |  Read  |  Post a Comment
In Plain Sight: How Cyber Criminals Exfiltrate Data Via Video
Kaushik Narayan, CTO, Skyhigh NetworksCommentary
Just like Fortune 500 companies, attackers are investing in sophisticated measures that let them fly beneath the radar of conventional security.
By Kaushik Narayan CTO, Skyhigh Networks, 10/17/2014
Comment10 comments  |  Read  |  Post a Comment
Open Source v. Closed Source: What's More Secure?
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
In the wake of Shellshock and Heartbleed, has the glow of open-source application security dimmed?
By Sara Peters Senior Editor at Dark Reading, 10/17/2014
Comment6 comments  |  Read  |  Post a Comment
FBI Director Urges New Encryption Legislation
Sara Peters, Senior Editor at Dark ReadingNews
Encryption algorithms do not acknowledge "lawful access."
By Sara Peters Senior Editor at Dark Reading, 10/16/2014
Comment5 comments  |  Read  |  Post a Comment
'Silent' Fix For Windows USB Bug?
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Researchers say a newly patched Microsoft USB flaw in older versions of Windows had at some time previously been fixed in newer versions of the OS.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/16/2014
Comment2 comments  |  Read  |  Post a Comment
Facebook Doubles Bug Bounties For Ad-Related Flaws
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Is it a sign that online brands are treating malvertising more seriously?
By Ericka Chickowski Contributing Writer, Dark Reading, 10/16/2014
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
How To Become A CISO, Part 1
Sara Peters, Senior Editor at Dark Reading,  10/20/2014
Russian Hackers Made $2.5B Over The Last 12 Months
Sara Peters, Senior Editor at Dark Reading,  10/15/2014
In Plain Sight: How Cyber Criminals Exfiltrate Data Via Video
Kaushik Narayan, CTO, Skyhigh Networks,  10/17/2014
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Cartoon
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.
White Papers
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5242
Published: 2014-10-21
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action.

CVE-2012-5243
Published: 2014-10-21
functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.

CVE-2012-5702
Published: 2014-10-21
Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) company_name parameter in an addedit action to i...

CVE-2013-7406
Published: 2014-10-21
SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-2531
Published: 2014-10-21
SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the (1) NodeWorx , (2) SiteWorx, or (3) R...

Best of the Web
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed