Cartoon: Infosec Multitasking
Educating The Cyberwarriors Of The Future
New Secure Online Check-Out Tech Goes For Less Friction, More Biometrics
Worst Sports-Related Passwords
When DDoS Isn't All About Massive Disruption
News & Commentary
British Airways The Latest Loyalty Program Breach Victim
Sara Peters, Senior Editor at Dark ReadingNews
Who needs to steal credit cards when you can get airfare and luxury items for free?
By Sara Peters Senior Editor at Dark Reading, 3/30/2015
Comment0 comments  |  Read  |  Post a Comment
Study: Network Team's Security Role On The Rise
Dark Reading Staff, Quick Hits
New data shows how network engineers and other members of the network team are teaming up with their counterparts in security.
By Dark Reading Staff , 3/30/2015
Comment0 comments  |  Read  |  Post a Comment
Hacking Back: Two Wrongs Donít Make A Right
Anthony Di Bello, Director, Security Practice, Guidance SoftwareCommentary
Hereís the critical issue: Do you want to risk engaging your company in an ego-fueled war of revenge, or do you want to cut the bad guys off at the pass?
By Anthony Di Bello Director, Security Practice, Guidance Software, 3/30/2015
Comment0 comments  |  Read  |  Post a Comment
7 Bugs, Breaches, & Compromises To Rock 2015 (So Far)
Ericka Chickowski, Contributing Writer, Dark Reading
The year's started off with a bang; will we hear risk management pros whimper?
By Ericka Chickowski Contributing Writer, Dark Reading, 3/30/2015
Comment1 Comment  |  Read  |  Post a Comment
Defending Cyber-Physical Systems from Attack Chains
Lorie Wigle, Vice President, General Manager IOT Security Solutions, Intel Security Group
A strong defense against compromise involves three layers: hardening devices, securing communications, and monitoring behavior.
By Lorie Wigle Vice President, General Manager IOT Security Solutions, Intel Security Group, 3/30/2015
Comment0 comments  |  Read  |  Post a Comment
Hotel Router Vulnerability A Reminder Of Untrusted WiFi Risks
Jai Vijayan, Freelance writerNews
A flaw in a popular router product may have exposed millions of hotel guests, researchers from Cylance say.
By Jai Vijayan Freelance writer, 3/27/2015
Comment2 comments  |  Read  |  Post a Comment
Cyber Hunting: 5 Tips To Bag Your Prey
David J. Bianco, Security Architect, SqrrlCommentary
Knowing the lay of the land and where attackers hide is a key element in hunting, both in nature and in the cyber realm.
By David J. Bianco Security Architect, Sqrrl, 3/26/2015
Comment6 comments  |  Read  |  Post a Comment
SSL/TLS Suffers 'Bar Mitzvah Attack'
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researcher at Black Hat Asia shows how attackers could abuse a known-weak crypto algorithm to steal credentials and other data from encrypted communications.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/26/2015
Comment3 comments  |  Read  |  Post a Comment
SDN Shows Promise For Security
Marcia Savage, Managing Editor, Network ComputingNews
Improved security is emerging as a major reason for adopting software-defined networking, but concerns about potential SDN risks persist.
By Marcia Savage Managing Editor, Network Computing, 3/26/2015
Comment0 comments  |  Read  |  Post a Comment
Researchers Use Heat To Breach Air-Gapped Systems
Jai Vijayan, Freelance writerNews
BitWhisper project is part of ongoing air gap security research at Israel's Ben-Gurion University.
By Jai Vijayan Freelance writer, 3/25/2015
Comment1 Comment  |  Read  |  Post a Comment
FBI Threat Intelligence Cyber-Analysts Still Marginalized In Agency
Sara Peters, Senior Editor at Dark ReadingNews
Despite good progress, 9/11 Review Commission says that analysts could have a greater impact on FBI counter-terrorism activities if they had more domain awareness, forensics capabilities, and were more empowered to question agents.
By Sara Peters Senior Editor at Dark Reading, 3/25/2015
Comment1 Comment  |  Read  |  Post a Comment
Preparing for a Breach: The Charge of the Security Brigade
Ryan Allphin, Senior Vice President & General Manager, Security Management, McAfee
Automation is key to shorter response times and better containment.
By Ryan Allphin Senior Vice President & General Manager, Security Management, McAfee, 3/25/2015
Comment0 comments  |  Read  |  Post a Comment
The Internet Of Bring-Your-Own Things
David Lindner, Global Practice Manager, Mobile Application Security Services, Aspect SecurityCommentary
Devices and interconnected systems are finding a foothold not only in our homes but in mainstream organizations. Here are three tips to mitigate the risk.
By David Lindner Global Practice Manager, Mobile Application Security Services, Aspect Security, 3/25/2015
Comment1 Comment  |  Read  |  Post a Comment
Typical Users Know Less About Mobile Privacy Than They Think
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New Mobile Privacy IQ survey shows a disconnect between perception and practice.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/24/2015
Comment0 comments  |  Read  |  Post a Comment
New Secure Online Check-Out Tech Goes For Less Friction, More Biometrics
Sara Peters, Senior Editor at Dark ReadingNews
BioCatch, Zumigo, and Alibaba release tools to help merchants avoid those pesky charge-back costs.
By Sara Peters Senior Editor at Dark Reading, 3/24/2015
Comment2 comments  |  Read  |  Post a Comment
Retailers Adopt Intel-Sharing Portal Used By Banks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Th Retail Cyber Intelligence Sharing Center (R-CISC) is working with the Financial Services ISAC (FS-ISAC) on its new threat intelligence-sharing platform.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/24/2015
Comment0 comments  |  Read  |  Post a Comment
Networked Healthcare: Connecting You, Your Devices, and Your Health Practitioners
Pat Calhoun, Senior Vice President & General Manager, Network Security at Intel Security
Technology developers and policy makers must work closer with the security sector to ensure that innovation leads to real enablement, not cybercrime.
By Pat Calhoun Senior Vice President & General Manager, Network Security at Intel Security, 3/24/2015
Comment0 comments  |  Read  |  Post a Comment
Educating The Cyberwarriors Of The Future
Jeff Schilling, CSO, FirehostCommentary
If I have to choose between hiring a university-educated CompSci grad or an IT specialist strong in sysadmin, networking or programming, I will pick the IT specialist every time.
By Jeff Schilling CSO, Firehost, 3/24/2015
Comment9 comments  |  Read  |  Post a Comment
Will POSeidon Preempt BlackPOS?
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Research from Cisco Talos uncovers newly evolved POS malware with more sophistication than BlackPOS and similarities to Zeus for camouflage.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/23/2015
Comment1 Comment  |  Read  |  Post a Comment
When DDoS Isn't All About Massive Disruption
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New data shows prevalence of often-undetectable DDoS attacks aimed at quietly wreaking havoc on the network while performing data exfiltration and other attacks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/23/2015
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Educating The Cyberwarriors Of The Future
Jeff Schilling, CSO, Firehost,  3/24/2015
Cyber Hunting: 5 Tips To Bag Your Prey
David J. Bianco, Security Architect, Sqrrl,  3/26/2015
SSL/TLS Suffers 'Bar Mitzvah Attack'
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/26/2015
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Cartoon
Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7876
Published: 2015-03-31
Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27 and 4 before 2.03 and iLO Chassis Management (CM) firmware before 1.30 allows remote attackers to gain privileges, execute arbitrary code, or cause a denial of service via unknown vectors.

CVE-2015-0900
Published: 2015-03-31
Cross-site scripting (XSS) vulnerability in schedule.cgi in Nishishi Factory Fumy Teacher's Schedule Board 1.10 through 2.21 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

CVE-2015-0901
Published: 2015-03-31
Cross-site scripting (XSS) vulnerability in the duwasai flashy theme 1.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2015-2106
Published: 2015-03-31
Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27, 3 before 1.82, and 4 before 2.10 allows remote attackers to bypass intended access restrictions or cause a denial of service via unknown vectors.

CVE-2015-2108
Published: 2015-03-31
Unspecified vulnerability in Powershell Operations in HP Operations Orchestration 9.x and 10.x allows remote authenticated users to obtain sensitive information via unknown vectors.

10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed