Endpoint
News & Commentary
6 Million+ Email Accounts Worldwide Exposed In Past 3 Months
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Spike in number of stolen accounts likely due to uptick in major data breaches, researchers say.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/25/2014
Comment2 comments  |  Read  |  Post a Comment
The Week When Attackers Started Winning The War On Trust
Kevin Bocek, VP Security Strategy & Threat Intelligence, VenafiCommentary
The misuse of keys and certificates is not exotic or hypothetical. It’s a real threat that could undermine most, if not all, critical security controls, as recent headlines strongly show.
By Kevin Bocek VP Security Strategy & Threat Intelligence, Venafi, 11/21/2014
Comment1 Comment  |  Read  |  Post a Comment
New Citadel Attack Targets Password Managers
Jai Vijayan, Freelance writerNews
IBM researchers have found signs that the prolific data steal Trojan is now being used to attack widely used password managers.
By Jai Vijayan Freelance writer, 11/20/2014
Comment3 comments  |  Read  |  Post a Comment
Killing Passwords: Don’t Get A-Twitter Over ‘Digits’
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Twitter’s new service that eliminates passwords for authentication actually makes your mobile device less secure.
By Dave Kearns Analyst, Kuppinger-Cole, 11/19/2014
Comment5 comments  |  Read  |  Post a Comment
Is Security Awareness Training Really Worth It?
Fahmida Y. Rashid, News
Experts weigh in on the value of end-user security training, and how to make education more effective.
By Fahmida Y. Rashid , 11/18/2014
Comment9 comments  |  Read  |  Post a Comment
TRUSTe Not So Trustworthy
Thomas Claburn, Editor-at-LargeNews
Privacy certification company has agreed to pay $200,000 to settle FTC charges that it deceived consumers.
By Thomas Claburn Editor-at-Large, 11/17/2014
Comment0 comments  |  Read  |  Post a Comment
Why Cyber Security Starts At Home
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
Even the grandmas on Facebook need to know and practice basic security hygiene, because what happens anywhere on the Internet can eventually affect us all.
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 11/17/2014
Comment13 comments  |  Read  |  Post a Comment
Rethinking Security With A System Of 'Checks & Balances'
Brian Foster, CTO, DamballaCommentary
For too long, enterprises have given power to one branch of security governance -- prevention -- at the expense of the other two: detection and response.
By Brian Foster CTO, Damballa, 11/14/2014
Comment7 comments  |  Read  |  Post a Comment
Time To Turn The Tables On Attackers
Amit Yoran, President, RSACommentary
As a security industry, we need to arm business with innovative technologies that provide visibility, analysis, and action to prevent inevitable breaches from causing irreparable damage.
By Amit Yoran President, RSA, 11/13/2014
Comment5 comments  |  Read  |  Post a Comment
‘Walk & Stalk’: A New Twist In Cyberstalking
Ken Munro,  Partner & Founder, Pen Test Partners LLPCommentary
How hackers can turn Wifi signals from smartphones and tablets into a homing beacon that captures users' online credentials and follows them, undetected, throughout the course of the day.
By Ken Munro Partner & Founder, Pen Test Partners LLP, 11/11/2014
Comment4 comments  |  Read  |  Post a Comment
This Week in 60 Seconds: Net Neutrality, IT Hiring
Andrew Conry Murray, Director of Content & Community, InteropCommentary
Our video wrap-up shares how to win net neutrality, wades into the debate over an IT talent shortage, and more.
By Andrew Conry Murray Director of Content & Community, Interop, 11/7/2014
Comment6 comments  |  Read  |  Post a Comment
Stop Trusting Signed Malware: 3 Steps
Paul Drapeau, Principal Security Researcher, ConferCommentary
Cybercriminals who manipulate valid signatures and certificates to get malware into an organization is a more common tactic than you think.
By Paul Drapeau Principal Security Researcher, Confer, 11/7/2014
Comment0 comments  |  Read  |  Post a Comment
New Malware Targets iOS, OS X
Eric Zeman, News
WireLurker infects iPhones and iPads via USB cable when attached to Macs.
By Eric Zeman , 11/6/2014
Comment4 comments  |  Read  |  Post a Comment
iOS 8 Vs. Android: How Secure Is Your Data?
Adam Ely, COO, BlueboxCommentary
With iOS 8, the lines between iOS and Android are blurring. No longer is iOS the heavily fortified environment and Android the wide-open one.
By Adam Ely COO, Bluebox, 11/5/2014
Comment4 comments  |  Read  |  Post a Comment
Workplace Privacy: Big Brother Is Watching
David Melnick, Founder & CEO, WebLife BalanceCommentary
Companies may have the right to monitor employees who are checking their bank balances or shopping online on corporate networks. The real question is, should they?
By David Melnick Founder & CEO, WebLife Balance, 11/4/2014
Comment12 comments  |  Read  |  Post a Comment
4 Essentials For Mobile Device VPNs
Patrick Oliver Graf, GM, Americas, NCP EngineeringCommentary
VPNs for smartphones and tablets have different requirements than laptops. Here’s what you need to know.
By Patrick Oliver Graf GM, Americas, NCP Engineering, 10/31/2014
Comment10 comments  |  Read  |  Post a Comment
Verizon Wireless Embroiled In Tracking Controversy
Kristin Burnham, Senior Editor, InformationWeek.comNews
Verizon Wireless is in hot water with security and privacy advocates regarding unique identifier headers that function as what one EFF expert calls "perma-cookies."
By Kristin Burnham Senior Editor, InformationWeek.com, 10/29/2014
Comment13 comments  |  Read  |  Post a Comment
Google Expands 2-Factor Authentication For Chrome, Gmail
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Google issues USB keys for Chrome users to log into Google accounts and any other websites that support FIDO universal two-factor authentication -- but it's no help to mobile users.
By Sara Peters Senior Editor at Dark Reading, 10/21/2014
Comment6 comments  |  Read  |  Post a Comment
Insider Threats: Breaching The Human Barrier
Christopher Hadnagy, Founder & CEO, Social-Engineer, Inc.Commentary
A company can spend all the money it has on technical solutions to protect the perimeter and still not prevent the attack that comes from within.
By Christopher Hadnagy Founder & CEO, Social-Engineer, Inc., 10/20/2014
Comment5 comments  |  Read  |  Post a Comment
Internet Of Things Will Turn Networks Inside-Out
Patrick Hubbard, Head Geek & Senior Technical Product Marketing Manager, SolarWindsCommentary
If IoT is ever going to work, networks will have to grant access to devices that we'd refuse outright today.
By Patrick Hubbard Head Geek & Senior Technical Product Marketing Manager, SolarWinds, 10/20/2014
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7178
Published: 2014-11-28
Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function.

CVE-2014-7850
Published: 2014-11-28
Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation.

CVE-2014-8423
Published: 2014-11-28
Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to execute arbitrary commands via unknown vectors.

CVE-2014-8424
Published: 2014-11-28
ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication.

CVE-2014-8425
Published: 2014-11-28
The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?