Welcome To My Cyber Security Nightmare
What Scares Me About Healthcare & Electric Power Security
The Internet of Things: 7 Scary Security Scenarios
How I Became a CISO: Janet Levesque, RSA
Retailers Now Actively Sharing Cyberthreat Intelligence
News & Commentary
Drupal: Attacks Started Within Hours Of Patch Release
Brian Prince, Contributing Writer, Dark ReadingNews
If you didn't patch your site quickly, you should assume it was compromised, Drupal says.
By Brian Prince Contributing Writer, Dark Reading, 10/31/2014
Comment1 Comment  |  Read  |  Post a Comment
Facebook Adds Tor Support
Thomas Claburn, Editor-at-LargeCommentary
Facebook wants to allow people to use its service without being watched or censored. Is that some kind of privacy oxymoron?
By Thomas Claburn Editor-at-Large, 10/31/2014
Comment0 comments  |  Read  |  Post a Comment
Study: Chip-&-PIN Won't Cure Retail Breaches
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Online card payment transactions on the rise, according to Javelin Strategy & Research.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/31/2014
Comment1 Comment  |  Read  |  Post a Comment
4 Essentials For Mobile Device VPNs
Patrick Oliver Graf, GM, Americas, NCP EngineeringCommentary
VPNs for smartphones and tablets have different requirements than laptops. Here’s what you need to know.
By Patrick Oliver Graf GM, Americas, NCP Engineering, 10/31/2014
Comment1 Comment  |  Read  |  Post a Comment
Financial Breaches Show ‘Trust Model’ Is Broken
Bob West, Chief Trust Officer, CipherCloudCommentary
It’s a full-blown crisis when a dozen major financial services firms admit to having their networks probed by the same attackers as those behind the JPMorgan Chase breach.
By Bob West Chief Trust Officer, CipherCloud, 10/31/2014
Comment4 comments  |  Read  |  Post a Comment
The Performance Penalties of Bloatware-Based Next-Gen Firewalls
Mike Fey, EVP, GM of Corporate Products & CTO, Intel Security
At last month’s Oracle OpenWorld 2014, Intel president Renee James spoke of the need to eliminate the “performance penalties” of today’s most urgently needed ...
By Mike Fey EVP, GM of Corporate Products & CTO, Intel Security, 10/31/2014
Comment1 Comment  |  Read  |  Post a Comment
Big Data Software For Mainstream Users
Jeff Bertolucci, Commentary
Not everyone needs to be a data scientist, Red Lambda argues.
By Jeff Bertolucci , 10/31/2014
Comment1 Comment  |  Read  |  Post a Comment
Shellshock Attacks Stack Up
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Organizations are unable to keep up with patching processes and find incident response practices lag in wake of Bash bug.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/30/2014
Comment1 Comment  |  Read  |  Post a Comment
Retailers Now Actively Sharing Cyberthreat Intelligence
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The retail industry's R-CISC has been up and running for four months now and is looking for more retailers to sign up.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/30/2014
Comment8 comments  |  Read  |  Post a Comment
VA Buckles Down On Cyber Security, Program Management
Henry Kenyon, Commentary
Agency refocuses IT priorities on data protection, on-time project delivery to overcome past poor performance.
By Henry Kenyon , 10/30/2014
Comment0 comments  |  Read  |  Post a Comment
Welcome To My Cyber Security Nightmare
TK Keanini, CTO, LancopeCommentary
Happy Halloween. Here are three chilling scenarios that will keep even the most hardened infosec warrior awake all night.
By TK Keanini CTO, Lancope, 10/30/2014
Comment3 comments  |  Read  |  Post a Comment
Keep Calm & Verify: How To Spot A Fake Online Data Dump
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Determining whether a data dump on Pastebin or elsewhere online is legit can be time-consuming and resource-intensive. Deloitte & Touche offers tips for how to weed out the fake hacks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/29/2014
Comment5 comments  |  Read  |  Post a Comment
Infographic: The Many Faces of Today’s Hackers
John Trobough, CEO, NarusCommentary
How many of these hacker personas are you dueling with in your organization?
By John Trobough CEO, Narus, 10/29/2014
Comment8 comments  |  Read  |  Post a Comment
Facebook Launches New Open-Source OS Monitoring Tool
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Modular framework can be used to schedule and log SQL-based queries.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/29/2014
Comment1 Comment  |  Read  |  Post a Comment
White House Says Unclassified Network Hit In Cyberattack
Jai Vijayan, Freelance writerNews
Mitigation efforts have caused temporary outages and loss of connectivity for some staff, but no computers have been damaged, official says.
By Jai Vijayan Freelance writer, 10/29/2014
Comment2 comments  |  Read  |  Post a Comment
Verizon Wireless Embroiled In Tracking Controversy
Kristin Burnham, Senior Editor, InformationWeek.comCommentary
Verizon Wireless is in hot water with security and privacy advocates regarding unique identifier headers that function as what one EFF expert calls "perma-cookies."
By Kristin Burnham Senior Editor, InformationWeek.com, 10/29/2014
Comment11 comments  |  Read  |  Post a Comment
Cyber Espionage Attacks Attributed To Russian Government
Ericka Chickowski, Contributing Writer, Dark ReadingNews
FireEye report meticulously details clues that all point to state-sponsorship of the Sofacy/Sourface malware and tracks its evolution over seven years.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/29/2014
Comment0 comments  |  Read  |  Post a Comment
Security Companies Team Up, Take Down Chinese Hacking Group
Sara Peters, Senior Editor at Dark ReadingNews
Novetta, Microsoft, and others form Operation SMN to eradicate Hikit malware and disrupt the cyber espionage gang Axiom's extensive information gathering.
By Sara Peters Senior Editor at Dark Reading, 10/28/2014
Comment4 comments  |  Read  |  Post a Comment
Retailers Facing Intensified Cyberthreat This Holiday Season
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
After the Year of the Retail Breach, retail's annual holiday shopping season "freeze" on new technology and some security patching is just around the corner.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/28/2014
Comment10 comments  |  Read  |  Post a Comment
What Scares Me About Healthcare & Electric Power Security
John B. Dickson, CISSP,  Principal, Denim GroupCommentary
Both industries share many of the same issues as enterprises. But they also have a risk profile that makes them singularly unprepared for sophisticated threats
By John B. Dickson CISSP, Principal, Denim Group, 10/28/2014
Comment16 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
What Scares Me About Healthcare & Electric Power Security
John B. Dickson, CISSP, Principal, Denim Group,  10/28/2014
Retailers Facing Intensified Cyberthreat This Holiday Season
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/28/2014
How I Became a CISO: Janet Levesque, RSA
Sara Peters, Senior Editor at Dark Reading,  10/27/2014
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Cartoon
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.
White Papers
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8243
Published: 2014-11-01
Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote a...

CVE-2014-8244
Published: 2014-11-01
Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300, EA6400, EA6500, and EA6700 devices; and before 1.1.42 build 161129 on EA6900 devices allows remote a...

CVE-2013-0334
Published: 2014-10-31
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.

CVE-2014-2334
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

CVE-2014-2335
Published: 2014-10-31
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336.

Best of the Web
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed