Endpoint
News & Commentary
New Patent Eliminates Passwords
Commentary, Commentary
Patented technology from TextPower verifies your identity while simplifying website logins; introduces SnapID™ that replaces usernames and passwords
By Commentary , 1/28/2015
Comment0 comments  |  Read  |  Post a Comment
FTC Seeks Internet Of Things Rules
Thomas Claburn, Editor-at-LargeNews
More responsible business practices and new laws are needed to make the Internet of Things viable, the FTC says.
By Thomas Claburn Editor-at-Large, 1/27/2015
Comment2 comments  |  Read  |  Post a Comment
WiIl Millennials Be The Death Of Data Security?
Chris Rouland, Founder & CEO, BastilleCommentary
Millennials, notoriously promiscuous with data and devices, this year will become the largest generation in the workforce. Is your security team prepared?
By Chris Rouland Founder & CEO, Bastille, 1/27/2015
Comment13 comments  |  Read  |  Post a Comment
NFL Mobile Sports App Contains Super Bowl-Sized Vulns
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Lack of protections puts users at risk of exposed information by way of man-in-the-middle attacks.
By Ericka Chickowski Contributing Writer, Dark Reading, 1/27/2015
Comment6 comments  |  Read  |  Post a Comment
Adobe Fixes Second Flash Flaw Exploited By Angler
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Second 0-day fix addresses UAF vulnerability.
By Ericka Chickowski Contributing Writer, Dark Reading, 1/26/2015
Comment1 Comment  |  Read  |  Post a Comment
Video: Zombie Cookies, IT Budgets & Twitter Hacks
Andrew Conry Murray, Director of Content & Community, InteropCommentary
This Week In 60 Seconds looks at zombie cookies, your 2015 IT budget, the rise of open source storage, and more.
By Andrew Conry Murray Director of Content & Community, Interop, 1/16/2015
Comment0 comments  |  Read  |  Post a Comment
Bank Fraud Toolkit Circumvents 2FA & Device Identification
Sara Peters, Senior Editor at Dark ReadingNews
KL-Remote is giving Brazilian fraudsters a user-friendly "virtual mugging" platform.
By Sara Peters Senior Editor at Dark Reading, 1/14/2015
Comment5 comments  |  Read  |  Post a Comment
Majority Of Enterprises Finally Recognize Users As Endpoint's Weakest Vulnerability
Ericka Chickowski, Contributing Writer, Dark ReadingNews
The Ponemon State of the Endpoint report shows endpoint management continues to grow more difficult.
By Ericka Chickowski Contributing Writer, Dark Reading, 1/14/2015
Comment0 comments  |  Read  |  Post a Comment
2015: The Year Of The Security Startup – Or Letdown
Tim Wilson, Editor in Chief, Dark ReadingCommentary
While stealth startup Ionic and other newcomers promise to change the cyber security game, ISC8 may be the first of many to head for the showers.
By Tim Wilson Editor in Chief, Dark Reading, 1/13/2015
Comment5 comments  |  Read  |  Post a Comment
'Skeleton Key' Malware Bypasses Active Directory
Sara Peters, Senior Editor at Dark ReadingNews
Malware lets an attacker log in as any user, without needing to know or change the user's password, and doesn't raise any IDS alarms.
By Sara Peters Senior Editor at Dark Reading, 1/12/2015
Comment0 comments  |  Read  |  Post a Comment
Cloud Services Adoption: Rates, Reasons & Security Fears
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Concern over data breaches and privacy are two reasons enterprises in the European Union didn’t increase their use of cloud services in 2014, according to the EU’s recent Eurostat report.
By Dave Kearns Analyst, Kuppinger-Cole, 1/12/2015
Comment3 comments  |  Read  |  Post a Comment
CES 2015: 8 Innovative Security Products
Luke Bilton, Luke Bilton, Director, Digital & Content, UBMNews
The explosion in smart technologies that connect everyday objects to the internet is transforming both home and personal security.
By Luke Bilton, Director, Digital & Content, UBM , 1/7/2015
Comment0 comments  |  Read  |  Post a Comment
4 Infosec Resolutions For The New Year
Lysa Myers, Security Researcher, ESETCommentary
Don’t look in the crystal ball, look in the mirror to protect data and defend against threats in 2015.
By Lysa Myers Security Researcher, ESET, 12/30/2014
Comment9 comments  |  Read  |  Post a Comment
20 Startups To Watch In 2015
Ericka Chickowski, Contributing Writer, Dark Reading
Check our list of security startups sure to start (or continue) making waves in the coming year.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/29/2014
Comment6 comments  |  Read  |  Post a Comment
A 2014 Lookback: Predictions vs. Reality
TK Keanini, CTO, LancopeCommentary
It was a tumultuous year for cyber security, but it drove the adoption of incident response plans and two-factor authentication.
By TK Keanini CTO, Lancope, 12/29/2014
Comment5 comments  |  Read  |  Post a Comment
Why Digital Forensics In Incident Response Matters More Now
Craig Carpenter, President & COO, Resolution1 SecurityCommentary
By understanding what happened, when, how, and why, security teams can prevent similar breaches from occurring in the future.
By Craig Carpenter President & COO, Resolution1 Security, 12/24/2014
Comment6 comments  |  Read  |  Post a Comment
How PCI DSS 3.0 Can Help Stop Data Breaches
Troy Leach and Christopher Strand, Chief Technology Officer, PCI Security Standards Council & Senior Director of Compliance, Bit9Commentary
New Payment Card Industry security standards that took effect January 1 aim to replace checkmark mindsets with business as usual processes. Here are three examples.
By Troy Leach and Christopher Strand Chief Technology Officer, PCI Security Standards Council & Senior Director of Compliance, Bit9, 12/23/2014
Comment9 comments  |  Read  |  Post a Comment
2014: The Year of Privilege Vulnerabilities
Marc Maiffret, CTO, BeyondTrustCommentary
Of the 30 critical-rated Microsoft Security Bulletins this year, 24 involved vulnerabilities where the age-old best practice of "least privilege" could limit the impact of malware and raise the bar of difficulty for attackers.
By Marc Maiffret CTO, BeyondTrust, 12/16/2014
Comment0 comments  |  Read  |  Post a Comment
Smartphones Get Headlines, But Lax USB Security Is Just As Risky
Cam Roberson, Director Reseller Channel, Beachhead SolutionsCommentary
Most companies use no software to detect or secure sensitive data when it is moved to a USB flash drive, or even check USB drives for viruses or malware.
By Cam Roberson Director Reseller Channel, Beachhead Solutions, 12/10/2014
Comment8 comments  |  Read  |  Post a Comment
Healthcare Security In 2015: 9 Hotspots
Alison Diana, Senior Editor
With data breaches growing, 2015 promises to be the healthcare industry's most challenging security year yet. These nine areas demand attention in 2015.
By Alison Diana Senior Editor, 12/10/2014
Comment4 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-1375
Published: 2015-01-28
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.

CVE-2015-1376
Published: 2015-01-28
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com.

CVE-2015-1419
Published: 2015-01-28
Unspecified vulnerability in vsftp 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.

CVE-2014-5211
Published: 2015-01-27
Stack-based buffer overflow in the Attachmate Reflection FTP Client before 14.1.433 allows remote FTP servers to execute arbitrary code via a large PWD response.

CVE-2014-8154
Published: 2015-01-27
The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overf...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.