DR Radio: Incident Response War-Gaming
Data Encryption In The Cloud: Square Pegs In Round Holes
Planes, Tweets & Possible Hacks From Seats
Hacking Airplanes: No One Benefits When Lives Are Risked To Prove A Point
VENOM Zero-Day May Affect Thousands Of Cloud, Virtualization Products
News & Commentary
IRS Breach Exposes 100,000 Taxpayers' Tax Returns, Other Data
Dark Reading Staff, Quick Hits
Online 'Get Transcript' service accessed from February to mid-May.
By Dark Reading Staff , 5/26/2015
Comment1 Comment  |  Read  |  Post a Comment
Profile Of A Cybercrime Petty Thief
Sara Peters, Senior Editor at Dark ReadingNews
Trend Micro provides peek at methods of amateur, lone-wolf carder.
By Sara Peters Senior Editor at Dark Reading, 5/26/2015
Comment0 comments  |  Read  |  Post a Comment
A Threat Intelligence-Sharing Reality-Check
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Many organizations employ sharing one-way (gathering) and mainly for 'CYA,' experts say.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/26/2015
Comment0 comments  |  Read  |  Post a Comment
State-Sponsored Cybercrime: A Growing Business Threat
David Venable,  Director, Professional Services, Masergy CommunicationsCommentary
You don’t have to be the size of Sony -- or even mock North Korea -- to be a target.
By David Venable Director, Professional Services, Masergy Communications, 5/26/2015
Comment1 Comment  |  Read  |  Post a Comment
Android Factory Reset Leaves Your Data Exposed: Study
Nathan Eddy, Freelance WriterNews
Flaws in Google’s Android operating system mean the factory-reset option is unlikely to permanently wipe all your data -- or master token -- from the device.
By Nathan Eddy Freelance Writer, 5/25/2015
Comment3 comments  |  Read  |  Post a Comment
DR Radio: Incident Response War-Gaming
Sara Peters, Senior Editor at Dark ReadingCommentary
Wednesday, May 27: Learn how to practice the post-breach panicking.
By Sara Peters Senior Editor at Dark Reading, 5/25/2015
Comment2 comments  |  Read  |  Post a Comment
Google: Account Recovery Security Questions Not Very Secure
Jai Vijayan, Freelance writerNews
An analysis of millions of answers to security questions show many are predictable and easily guessable, says Google.
By Jai Vijayan Freelance writer, 5/22/2015
Comment2 comments  |  Read  |  Post a Comment
Cyber Threat Analysis: A Call for Clarity
Michael McMahon, Director, Cyber Strategy & Analysis, Innovative Analytics & Training, LLCCommentary
The general public deserves less hyperbole and more straight talk
By Michael McMahon Director, Cyber Strategy & Analysis, Innovative Analytics & Training, LLC, 5/22/2015
Comment8 comments  |  Read  |  Post a Comment
Hacking Virginia State Trooper Cruisers
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Working group of federal agencies and private industry launched by the state of Virginia is studying car vulnerabilities and building tools to detect and protect against vehicle hacking and tampering.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/22/2015
Comment1 Comment  |  Read  |  Post a Comment
Bots Outpace Humans Online: Study
Curtis Franklin Jr., Executive Editor, Technical ContentCommentary
Humans were responsible for only 41% of network traffic monitored by Distil Networks; bots made up the rest. What does this mean for your applications?
By Curtis Franklin Jr. Executive Editor, Technical Content, 5/22/2015
Comment3 comments  |  Read  |  Post a Comment
NSA Wanted To Hack Google App Store, Infect Android Phones
Eric Zeman, Commentary
The NSA and its Five Eyes allies researched a man-in-the-middle attack to infect Android smartphone users by hacking Google's App Store. It's the last revelation from Edward Snowden.
By Eric Zeman , 5/21/2015
Comment18 comments  |  Read  |  Post a Comment
Data Encryption In The Cloud: Square Pegs In Round Holes
Thomas Ristenpart, Asst. Professor, Computer Sciences, University of WisconsinCommentary
Conventional encryption is a surefire solution for protecting sensitive data -- except when it breaks cloud applications. “Format-preserving” encryption could change all that.
By Thomas Ristenpart Asst. Professor, Computer Sciences, University of Wisconsin, 5/21/2015
Comment0 comments  |  Read  |  Post a Comment
Half Of Retail, Healthcare Sites 'Always Vulnerable'
Sara Peters, Senior Editor at Dark ReadingNews
Finding vulnerabilities in custom web applications isn't the major problem; fixing them in a timely fashion is, a new report from WhiteHat Security finds.
By Sara Peters Senior Editor at Dark Reading, 5/21/2015
Comment0 comments  |  Read  |  Post a Comment
1.1 Million Hit In Another BlueCross BlueShield Breach
Dark Reading Staff, Quick Hits
CareFirst BCBS announces breach, two months after Premera Blue Cross disclosed a breach of 11 million records.
By Dark Reading Staff , 5/20/2015
Comment0 comments  |  Read  |  Post a Comment
Logjam Encryption Flaw Threatens Secure Communications On Web
Jai Vijayan, Freelance writerNews
Most major browsers, websites that support export ciphers impacted
By Jai Vijayan Freelance writer, 5/20/2015
Comment1 Comment  |  Read  |  Post a Comment
The Cloud Revolution Requires High-Performance Attack Prevention
Rees Johnson, Sr. VP and GM the Content Security Business Unit, Intel Security
Where there is traffic, there are bandits.
By Rees Johnson Sr. VP and GM the Content Security Business Unit, Intel Security, 5/20/2015
Comment0 comments  |  Read  |  Post a Comment
Planes, Tweets & Possible Hacks From Seats
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
There are conflicting reports over whether security researcher Chris Roberts hacked into flight controls and manipulated a plane.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/20/2015
Comment9 comments  |  Read  |  Post a Comment
5 Signs Credentials In Your Network Are Being Compromised
Idan Tendler, CEO, FortscaleCommentary
Where should you start to keep ahead of attackers using insiders to steal corporate secrets or personal identifiable information? Check out these common scenarios.
By Idan Tendler CEO, Fortscale, 5/20/2015
Comment1 Comment  |  Read  |  Post a Comment
Retailers Take 197 Days To Detect Advanced Threat, Study Says
Sara Peters, Senior Editor at Dark ReadingNews
Most common method of identifying them as advanced threats is a "gut feeling."
By Sara Peters Senior Editor at Dark Reading, 5/19/2015
Comment1 Comment  |  Read  |  Post a Comment
3 'Old' Attack Trends That Dominated Q1
Ericka Chickowski, Contributing Writer, Dark ReadingNews
What's old is new as attackers recycle their attack patterns.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/19/2015
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Planes, Tweets & Possible Hacks From Seats
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/20/2015
Cyber Threat Analysis: A Call for Clarity
Michael McMahon, Director, Cyber Strategy & Analysis, Innovative Analytics & Training, LLC,  5/22/2015
Google: Account Recovery Security Questions Not Very Secure
Jai Vijayan, Freelance writer,  5/22/2015
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Drinking from the Malware Fire Hose
Take a staged approach to processing malware in bulk so that scarce and time-limited resources can be prioritized for only those threats that truly require them. Read >>
Cartoon
Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0986
Published: 2015-05-26
Multiple stack-based buffer overflows in Moxa VPort ActiveX SDK Plus before 2.8 allow remote attackers to insert assembly-code lines via vectors involving a regkey (1) set or (2) get command.

CVE-2015-3808
Published: 2015-05-26
The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not reject a zero length, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

CVE-2015-3809
Published: 2015-05-26
The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1.12.x before 1.12.5 does not properly track the current offset, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

CVE-2015-3810
Published: 2015-05-26
epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses a recursive algorithm, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet.

CVE-2015-3811
Published: 2015-05-26
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-...

10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed