Endpoint
News & Commentary
How Public Cloud Could Revive VDI
Jasmine  McTigue, Principal, McTigue AnalyticsCommentary
Consumer-class cloud services force IT to get aggressive with endpoint control or accept that sensitive data will be in the wind -- or take a new approach, such as reconsidering virtual desktops.
By Jasmine McTigue Principal, McTigue Analytics, 7/8/2014
Comment3 comments  |  Read  |  Post a Comment
Chinese Attackers Targeting U.S. Think Tanks, Researchers Say
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Government-backed group "Deep Panda" compromised "several" nonprofit national security policy research organizations, CrowdStrike says
By Tim Wilson Editor in Chief, Dark Reading, 7/7/2014
Comment0 comments  |  Read  |  Post a Comment
Retail Breaches Change Customer Behavior, Attitudes, Studies Say
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Recent breaches of retail and credit card data are making customers think twice about where they shop and how they pay, researchers say
By Tim Wilson Editor in Chief, Dark Reading, 7/3/2014
Comment4 comments  |  Read  |  Post a Comment
3 Mobile Security Tips For SMBs
Vijay Basani, Co-Founder, President & CEO, EIQ NetworksCommentary
Everyone in an organization has to work together to combat intrusions and data loss, but this is especially true for small businesses.
By Vijay Basani Co-Founder, President & CEO, EIQ Networks, 6/27/2014
Comment5 comments  |  Read  |  Post a Comment
Content Widget Maker Taboola Is Hacked On Reuters
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Syrian Electronic Army targets widget used by many publishers to surface content that the reader might like.
By Tim Wilson Editor in Chief, Dark Reading, 6/24/2014
Comment1 Comment  |  Read  |  Post a Comment
What Workplace Privacy Will Look Like In 10 Years
David Melnick, Founder & CEO, WebLife BalanceCommentary
New laws like Europe's "right to be forgotten" in Google search are just the latest examples of how quickly perceptions and practices about personal privacy in the workplace are changing.
By David Melnick Founder & CEO, WebLife Balance, 6/19/2014
Comment10 comments  |  Read  |  Post a Comment
Spyware Found On Chinese-Made Smartphone
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Unknown manufacturer ships smartphones loaded with app that could allow a hacker to steal personal data or spy on the user, German researcher says.
By Tim Wilson Editor in Chief, Dark Reading, 6/19/2014
Comment5 comments  |  Read  |  Post a Comment
Data Security Decisions In A World Without TrueCrypt
Cam Roberson, Director Reseller Channel, Beachhead SolutionsCommentary
The last days of TrueCrypt left many unanswered questions. But one thing is certain: When encryption freeware ends its life abruptly, being a freeloader can get you into a load of trouble.
By Cam Roberson Director Reseller Channel, Beachhead Solutions, 6/18/2014
Comment16 comments  |  Read  |  Post a Comment
Dark Reading Radio: The Human Side Of Online Attacks
Tim Wilson, Editor in Chief, Dark ReadingCommentary
Today's DR Radio show offers a look at phishing, social engineering, and the weakest link in the cyber defense chain: humans. Showtime is 1:00 p.m. EDT.
By Tim Wilson Editor in Chief, Dark Reading, 6/18/2014
Comment6 comments  |  Read  |  Post a Comment
P.F. Chang's Confirms Security Breach
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
After initial silence, P.F. Chang's restaurant chain goes live with website disclosing information on stolen credit card data.
By Tim Wilson Editor in Chief, Dark Reading, 6/14/2014
Comment3 comments  |  Read  |  Post a Comment
Heartbleed & The Long Tail Of Vulnerabilities
Martin McKeay, Senior Security Advocate, AkamaiCommentary
To this day there are still unpatched systems, still hackers scanning for vulnerable systems, and still cyber criminals using Heartbleed every day to break into companies.
By Martin McKeay Senior Security Advocate, Akamai, 6/13/2014
Comment5 comments  |  Read  |  Post a Comment
Monitor DNS Traffic & You Just Might Catch A RAT
Dave Piscitello, VP Security, ICANNCommentary
Criminals will exploit any Internet service or protocol when given the opportunity. Here are six signs of suspicious activity to watch for in the DNS.
By Dave Piscitello VP Security, ICANN, 6/12/2014
Comment3 comments  |  Read  |  Post a Comment
Donít Let Lousy Teachers Sink Security Awareness
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
You can't fix a human problem with a technology solution. Here are three reasons why user education can work and six tips on how to develop a corporate culture of security.
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 6/11/2014
Comment11 comments  |  Read  |  Post a Comment
TweetDeck Scammers Steal Twitter IDs Via OAuth
Brian Prince, Contributing Writer, Dark ReadingNews
Users who give up their TweetDeck ID are promised 20 followers for free or 100 to 5,000 new followers a day for five days.
By Brian Prince Contributing Writer, Dark Reading, 6/6/2014
Comment4 comments  |  Read  |  Post a Comment
If HTML5 Is The Future, What Happens To Access Control?
Garret Grajek, CTO & COO, SecureAuthCommentary
The solution for multi-device deployment is HTML5. The challenge, for the enterprise, is deploying it correctly. Here are seven tools you will need.
By Garret Grajek CTO & COO, SecureAuth, 6/5/2014
Comment1 Comment  |  Read  |  Post a Comment
A Peek Inside Enterprise BYOD App Security Policies
Kelly Jackson Higgins, Senior Editor, Dark ReadingQuick Hits
IBM company Fiberlink shares data on how enterprises are pushing and securing mobile apps.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 6/3/2014
Comment2 comments  |  Read  |  Post a Comment
Compliance: The Surprising Gift Of Windows XP
Glenn S. Phillips, Commentary
The end of Windows XP will force organizations to properly reinvest in a modern and compliant desktop infrastructure that will be easier to maintain and secure.
By Glenn S. Phillips , 6/3/2014
Comment3 comments  |  Read  |  Post a Comment
How The Math Of Biometric Authentication Adds Up
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Yes, it's true that if your authentication scheme only allows a single fingerprint you only have 10 choices. But there's no rule that says it has to be one, and only one.
By Dave Kearns Analyst, Kuppinger-Cole, 6/2/2014
Comment12 comments  |  Read  |  Post a Comment
The Mystery Of The TrueCrypt Encryption Software Shutdown
Brian Prince, Contributing Writer, Dark ReadingNews
Developers of the open-source software call it quits, saying software "may contain unfixed security issues."
By Brian Prince Contributing Writer, Dark Reading, 5/30/2014
Comment11 comments  |  Read  |  Post a Comment
A Year Later, Most Americans Think Snowden Did The Right Thing
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
On anniversary of whistleblowing, 55 percent of Americans say Snowden was right to expose NSA's surveillance program; 82 percent believe they are still being watched.
By Tim Wilson Editor in Chief, Dark Reading, 5/29/2014
Comment23 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2963
Published: 2014-07-10
Multiple cross-site scripting (XSS) vulnerabilities in group/control_panel/manage in Liferay Portal 6.1.2 CE GA3, 6.1.X EE, and 6.2.X EE allow remote attackers to inject arbitrary web script or HTML via the (1) _2_firstName, (2) _2_lastName, or (3) _2_middleName parameter.

CVE-2014-3310
Published: 2014-07-10
The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463.

CVE-2014-3311
Published: 2014-07-10
Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467.

CVE-2014-3315
Published: 2014-07-10
Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308.

CVE-2014-3316
Published: 2014-07-10
The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.