Q&A: Internet Encryption As The New Normal
How I Became a CISO: Jonathan Trull, Qualys
Leveraging The Kill Chain For Awesome
Breaking the Code: The Role of Visualization in Security Research
Cartoon: The Insider Threat
News & Commentary
IBM Reveals 'SpoofedMe' Attack Leveraging Social Login Vulnerability
Brian Prince, Contributing Writer, Dark ReadingNews
IBM researchers uncovered an attack that takes advantage of the social login feature.
By Brian Prince Contributing Writer, Dark Reading, 12/5/2014
Comment1 Comment  |  Read  |  Post a Comment
Senate Bill Prohibits Government-Mandated Backdoors
Thomas Claburn, Editor-at-LargeNews
Bill represents a response to government officials who want a way to bypass encryption in technology products.
By Thomas Claburn Editor-at-Large, 12/5/2014
Comment3 comments  |  Read  |  Post a Comment
FCC: Too Many Phones Still Being Stolen
Eric Zeman, News
FCC tasks carriers and law enforcement to do more to deter smartphone theft.
By Eric Zeman , 12/5/2014
Comment5 comments  |  Read  |  Post a Comment
Moving Beyond 2-Factor Authentication With ‘Context’
Keith Graham, CTO, SecureAuthCommentary
2FA isn’t cheap or infallible -- in more ways than two.
By Keith Graham CTO, SecureAuth, 12/5/2014
Comment2 comments  |  Read  |  Post a Comment
Sony Hackers Knew Details Of Sony's Entire IT Infrastructure
Sara Peters, Senior Editor at Dark ReadingNews
While trying to simultaneously recover from a data breach and a wiper attack, Sony watches attackers publish maps and credentials for everything from production servers to iTunes accounts.
By Sara Peters Senior Editor at Dark Reading, 12/4/2014
Comment17 comments  |  Read  |  Post a Comment
'DeathRing' Malware Found Pre-Installed On Smartphones
Jai Vijayan, Freelance writerNews
Phones from low-cost, third-tier vendors in Asia and Africa have been affected, but that doesn't mean it can't happen here.
By Jai Vijayan Freelance writer, 12/4/2014
Comment1 Comment  |  Read  |  Post a Comment
Ultra-Private Messaging Spreads To Apple Mac, Windows, Linux Desktops
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Wickr's secure mobile messaging app expands to the desktop amid explosion in encryption activity.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/4/2014
Comment0 comments  |  Read  |  Post a Comment
Why ‘Regin’ Malware Changes Threatscape Economics
Adam Firestone, President & GM, Kaspersky Government Security SolutionsCommentary
Never before have attackers been able to deploy a common malware platform and configure it as necessary with low-cost, quick-turnaround business logic apps.
By Adam Firestone President & GM, Kaspersky Government Security Solutions, 12/4/2014
Comment3 comments  |  Read  |  Post a Comment
New TLS/SSL Version Ready In 2015
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
One of the first steps in making encryption the norm across the Net is an update to the protocol itself and a set of best-practices for using encryption in applications.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/4/2014
Comment2 comments  |  Read  |  Post a Comment
The Real Cost of Cyber Incidents, According To Insurers
Sara Peters, Senior Editor at Dark ReadingNews
Healthcare is hit by the most malicious insiders and the highest legal costs, according to a NetDiligence report.
By Sara Peters Senior Editor at Dark Reading, 12/3/2014
Comment3 comments  |  Read  |  Post a Comment
Facebook Tackles Malware With ESET Partnership
Kristin Burnham, Senior Editor, InformationWeek.comNews
ESET joins two other Facebook security partners, Trend Micro and F-Secure, to help protect Facebook users from malicious software in news feeds and messages.
By Kristin Burnham Senior Editor, InformationWeek.com, 12/3/2014
Comment2 comments  |  Read  |  Post a Comment
Google Gets Better At Spotting Humans
Thomas Claburn, Editor-at-LargeNews
Google's revised reCAPTCHA test promises to help website users solve security puzzles faster -- unless they are using a browser's private mode or some other privacy measure.
By Thomas Claburn Editor-at-Large, 12/3/2014
Comment2 comments  |  Read  |  Post a Comment
With Operation Cleaver, Iran Emerges As A Cyberthreat
Jai Vijayan, Freelance writerNews
A hacker group's actions suggest that it is laying the groundwork for a future attack on critical infrastructure targets.
By Jai Vijayan Freelance writer, 12/3/2014
Comment0 comments  |  Read  |  Post a Comment
Endpoint Security Makes Quantum Shift
Michael A. Davis, Contributing EditorNews
We can't stop every attack, so we need a new mantra: Detect and respond. Here are the essential tools, skills, and processes.
By Michael A. Davis Contributing Editor, 12/3/2014
Comment2 comments  |  Read  |  Post a Comment
How Startups Can Jumpstart Security Innovation
Rick Gordon, Managing Partner, Mach37 Cyber AcceleratorCommentary
One of the best places for CISOs to turn for a cutting-edge cyber security strategy is the burgeoning world of startups. Here’s how to find them.
By Rick Gordon Managing Partner, Mach37 Cyber Accelerator, 12/3/2014
Comment1 Comment  |  Read  |  Post a Comment
Why FBI Is Wrong On Encryption Workaround
Daniel Castro, Senior Analyst, Information Technology and Innovation FoundationCommentary
Such a measure would invade privacy, extend government overreach, and hurt US tech companies.
By Daniel Castro Senior Analyst, Information Technology and Innovation Foundation, 12/3/2014
Comment2 comments  |  Read  |  Post a Comment
FBI Warning Shows Targeted Attacks Don't Just Steal Anymore
Ericka Chickowski, Contributing Writer, Dark ReadingNews
An FBI advisory points to an increasing trend of destructive malware for activist, anti-forensics purposes.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/2/2014
Comment0 comments  |  Read  |  Post a Comment
Too Many Data Protection Vendors Means More Data Loss, Downtime
Sara Peters, Senior Editor at Dark ReadingQuick Hits
When it comes to data backup, replication, archival, and recovery providers, less is more.
By Sara Peters Senior Editor at Dark Reading, 12/2/2014
Comment0 comments  |  Read  |  Post a Comment
The Case for Compelling Executive Dashboards
Kevin T. Reardon, VP, Worldwide Strategy at McAfee, part of Intel Security
How to make security relevant upstairs in the C-suites.
By Kevin T. Reardon VP, Worldwide Strategy at McAfee, part of Intel Security, 12/2/2014
Comment4 comments  |  Read  |  Post a Comment
Leveraging The Kill Chain For Awesome
Sean Mason, VP, Incident Response, Resolution1 SecurityCommentary
There are good reasons the Kill Chain is being used by some of the most successful information security teams around. Here are three.
By Sean Mason VP, Incident Response, Resolution1 Security, 12/2/2014
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Sony Hackers Knew Details Of Sony's Entire IT Infrastructure
Sara Peters, Senior Editor at Dark Reading,  12/4/2014
Q&A: Internet Encryption As The New Normal
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/1/2014
The Case for Compelling Executive Dashboards
Kevin T. Reardon, VP, Worldwide Strategy at McAfee, part of Intel Security,  12/2/2014
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Cartoon
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?
White Papers
Current Issue
Dark Reading Must Reads, Dec. 8, 2014
Our new Must Reads is a compendium of our best recent coverage of BYOD security. Learn how mobile employees challenge security models, why being paranoid about mobile security makes sense, how iOS 8 and Android system match up on security, and more.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8868
Published: 2014-12-07
EntryPass N5200 Active Network Control Panel does not properly restrict access, which allows remote attackers to obtain the administrator username and password, and possibly other sensitive information, via a request to /4.

CVE-2014-9300
Published: 2014-12-07
Cross-site request forgery (CSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Service (CMIS) in Alfresco Community Edition before 5.0.a allows remote attackers to hijack the authentication of users for requests that access unauthorized URLs and obtain user credent...

CVE-2014-9301
Published: 2014-12-07
Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parameter.

CVE-2014-9302
Published: 2014-12-07
Server-side request forgery (SSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Service (CMIS) in Alfresco Community Edition 5.0.a and earlier allows remote attackers to trigger outbound requests via a crafted URI in the url parameter.

CVE-2014-9303
Published: 2014-12-07
EntryPass N5200 Active Network Control Panel allows remote attackers to read device memory and obtain the administrator username and password via a URL starting with an ASCII character o through z or A through D, different vectors than CVE-2014-8868.

Best of the Web
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed