Endpoint
News & Commentary
Internet of Things: 4 Security Tips From The Military
Michael K. Daly, CTO, Cybersecurity & Special Missions, Raytheon Intelligence, Information & ServicesCommentary
The military has been connecting mobile command posts, unmanned vehicles, and wearable computers for decades. It’s time to take a page from their battle plan.
By Michael K. Daly CTO, Cybersecurity & Special Missions, Raytheon Intelligence, Information & Services, 7/25/2014
Comment4 comments  |  Read  |  Post a Comment
Passwords Be Gone! Removing 4 Barriers To Strong Authentication
Phillip M. Dunkelberger, President & CEO, Nok Nok LabsCommentary
As biometric factors become more prevalent on mobile devices, FIDO Alliance standards will gain traction as an industry-wide authentication solution.
By Phillip M. Dunkelberger President & CEO, Nok Nok Labs, 7/24/2014
Comment6 comments  |  Read  |  Post a Comment
7 Arrested, 3 More Indicted For Roles in Cyber Fraud Ring That Stung StubHub
Sara Peters, News
Arrests made in New York state, London, Toronto, and Spain for money laundering, grand larceny, and using StubHub customers' credit cards to buy and sell 3,500 e-tickets to prime events.
By Sara Peters , 7/23/2014
Comment3 comments  |  Read  |  Post a Comment
Web Tracking Advances Beat Privacy Defenses
Thomas Claburn, Editor-at-LargeCommentary
Technologies such as canvas fingerprinting, evercookies, and cookie syncing prompt new call for privacy regulation.
By Thomas Claburn Editor-at-Large, 7/22/2014
Comment6 comments  |  Read  |  Post a Comment
Internet of Things: Security For A World Of Ubiquitous Computing
Candace Worley, SVP & GM, Endpoint Security, McAfeeCommentary
Endpoint security is hardly dead, and claiming that it is oversimplifies the challenges corporations face now and in the not-very-distant future.
By Candace Worley SVP & GM, Endpoint Security, McAfee, 7/21/2014
Comment5 comments  |  Read  |  Post a Comment
A New Age in Cyber Security: Public Cyberhealth
Brian Foster, CTO, DamballaCommentary
The cleanup aimed at disrupting GameOver Zeus and CryptoLocker offers an instructive template for managing mass cyber infections.
By Brian Foster CTO, Damballa, 7/17/2014
Comment5 comments  |  Read  |  Post a Comment
Ransomware: 5 Threats To Watch
Kelly Jackson Higgins, Senior Editor, Dark Reading
Cyber criminals have kicked it up a notch with nasty malware that locks you out of your machine and holds it for ransom.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/17/2014
Comment13 comments  |  Read  |  Post a Comment
Passwords & The Future Of Identity: Payment Networks?
Andre Boysen, EVP, Digital Identity Evangelist, SecureKeyCommentary
The solution to the omnipresent and enduring password problem may be closer than you think.
By Andre Boysen EVP, Digital Identity Evangelist, SecureKey, 7/16/2014
Comment17 comments  |  Read  |  Post a Comment
Payment Card Data Theft: Tips For Small Business
Chris Nutt, Director, Incident Response & Malware, MandiantCommentary
For small businesses looking to reduce their exposure to data theft the good news is the advantage of being small.
By Chris Nutt Director, Incident Response & Malware, Mandiant, 7/15/2014
Comment7 comments  |  Read  |  Post a Comment
While Brazilians Watch World Cup, Bank Fraudsters Are At Work
Sara Peters, News
Passive biometrics allow BioCatch to tell the difference between busy fraudsters and distraught soccer fans.
By Sara Peters , 7/11/2014
Comment8 comments  |  Read  |  Post a Comment
How Public Cloud Could Revive VDI
Jasmine  McTigue, Principal, McTigue AnalyticsCommentary
Consumer-class cloud services force IT to get aggressive with endpoint control or accept that sensitive data will be in the wind -- or take a new approach, such as reconsidering virtual desktops.
By Jasmine McTigue Principal, McTigue Analytics, 7/8/2014
Comment3 comments  |  Read  |  Post a Comment
Chinese Attackers Targeting U.S. Think Tanks, Researchers Say
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Government-backed group "Deep Panda" compromised "several" nonprofit national security policy research organizations, CrowdStrike says
By Tim Wilson Editor in Chief, Dark Reading, 7/7/2014
Comment0 comments  |  Read  |  Post a Comment
Retail Breaches Change Customer Behavior, Attitudes, Studies Say
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Recent breaches of retail and credit card data are making customers think twice about where they shop and how they pay, researchers say
By Tim Wilson Editor in Chief, Dark Reading, 7/3/2014
Comment4 comments  |  Read  |  Post a Comment
3 Mobile Security Tips For SMBs
Vijay Basani, Co-Founder, President & CEO, EIQ NetworksCommentary
Everyone in an organization has to work together to combat intrusions and data loss, but this is especially true for small businesses.
By Vijay Basani Co-Founder, President & CEO, EIQ Networks, 6/27/2014
Comment5 comments  |  Read  |  Post a Comment
Content Widget Maker Taboola Is Hacked On Reuters
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Syrian Electronic Army targets widget used by many publishers to surface content that the reader might like.
By Tim Wilson Editor in Chief, Dark Reading, 6/24/2014
Comment1 Comment  |  Read  |  Post a Comment
What Workplace Privacy Will Look Like In 10 Years
David Melnick, Founder & CEO, WebLife BalanceCommentary
New laws like Europe's "right to be forgotten" in Google search are just the latest examples of how quickly perceptions and practices about personal privacy in the workplace are changing.
By David Melnick Founder & CEO, WebLife Balance, 6/19/2014
Comment10 comments  |  Read  |  Post a Comment
Spyware Found On Chinese-Made Smartphone
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Unknown manufacturer ships smartphones loaded with app that could allow a hacker to steal personal data or spy on the user, German researcher says.
By Tim Wilson Editor in Chief, Dark Reading, 6/19/2014
Comment5 comments  |  Read  |  Post a Comment
Data Security Decisions In A World Without TrueCrypt
Cam Roberson, Director Reseller Channel, Beachhead SolutionsCommentary
The last days of TrueCrypt left many unanswered questions. But one thing is certain: When encryption freeware ends its life abruptly, being a freeloader can get you into a load of trouble.
By Cam Roberson Director Reseller Channel, Beachhead Solutions, 6/18/2014
Comment16 comments  |  Read  |  Post a Comment
Dark Reading Radio: The Human Side Of Online Attacks
Tim Wilson, Editor in Chief, Dark ReadingCommentary
Today's DR Radio show offers a look at phishing, social engineering, and the weakest link in the cyber defense chain: humans. Showtime is 1:00 p.m. EDT.
By Tim Wilson Editor in Chief, Dark Reading, 6/18/2014
Comment6 comments  |  Read  |  Post a Comment
P.F. Chang's Confirms Security Breach
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
After initial silence, P.F. Chang's restaurant chain goes live with website disclosing information on stolen credit card data.
By Tim Wilson Editor in Chief, Dark Reading, 6/14/2014
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4725
Published: 2014-07-27
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.

CVE-2014-4726
Published: 2014-07-27
Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors.

CVE-2014-2363
Published: 2014-07-26
Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request.

CVE-2014-2625
Published: 2014-07-26
Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input, aka ZDI-CAN-2023.

CVE-2014-2626
Published: 2014-07-26
Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.