Vulnerabilities / Threats // Insider Threats
News & Commentary
11 Heartbleed Facts: Vulnerability Discovery, Mitigation Continue
Mathew J. Schwartz, News
Millions of websites, applications from Cisco and VMware, Google Play apps, as well as millions of Android devices are vulnerable -- and the list keeps growing.
By Mathew J. Schwartz , 4/17/2014
Comment2 comments  |  Read  |  Post a Comment
Majority Of Users Have Not Received Security Awareness Training, Study Says
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Many users fail to follow policies on mobile, cloud security, EMA Research study says.
By Tim Wilson Editor in Chief, Dark Reading, 4/10/2014
Comment12 comments  |  Read  |  Post a Comment
Social Engineering Grows Up
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Fifth annual DEF CON Social Engineering Capture the Flag Contest kicks off today with new "tag team" rules to reflect realities of the threat.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/7/2014
Comment9 comments  |  Read  |  Post a Comment
Colleagues In Cuffs: When Employees Steal Patient Records
Alison Diana, Senior EditorCommentary
The Queens County DA recently arrested two Jamaica Hospital employees for stealing patient data, a lucrative crime occurring at hospitals across the nation.
By Alison Diana Senior Editor, 4/7/2014
Comment15 comments  |  Read  |  Post a Comment
NSAís Big Surprise: Govít Agency Is Actually Doing Its Job
Ira Winkler, Commentary
When people claimed after 9/11 that the NSA was ill equipped to deal with a changing world, I wonder what they expected to happen.
By Ira Winkler , 4/4/2014
Comment14 comments  |  Read  |  Post a Comment
'Thingularity' Triggers Security Warnings
Mathew J. Schwartz, News
The Internet of Things is creating 50 billion Internet-connected devices. Who is going to keep them updated and secure?
By Mathew J. Schwartz , 3/28/2014
Comment0 comments  |  Read  |  Post a Comment
A Cyber History Of The Ukraine Conflict
John Bumgarner, Chief Technology Officer for the U.S. Cyber Consequences UnitCommentary
The CTO for the US Cyber Consequences Unit offers a brief lesson in Russian geopolitics and related cyber flare-ups, and explains why we should be concerned.
By John Bumgarner Chief Technology Officer for the U.S. Cyber Consequences Unit, 3/27/2014
Comment5 comments  |  Read  |  Post a Comment
March Madness: Online Privacy Edition
Mark Weinstein, Founder & CEO, SgrouplesCommentary
Say hello to the privacy revolution where an emerging backlash is being spurred by NSA spying, mass data collection and plain old common sense.
By Mark Weinstein Founder & CEO, Sgrouples, 3/26/2014
Comment1 Comment  |  Read  |  Post a Comment
7 Behaviors That Could Indicate A Security Breach
Becca Lipman, News
Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.
By Becca Lipman , 3/14/2014
Comment1 Comment  |  Read  |  Post a Comment
Snowden: I'd Do It Again
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
NSA whistleblower fields questions via live video feed at South by Southwest, calls encryption "defense against the dark arts."
By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/10/2014
Comment10 comments  |  Read  |  Post a Comment
The Snowden Effect: Who Controls My Data?
Brad Garlinghouse, CEO, Hightail Commentary
In todayís post-NSA-spying world, the key to providing trustworthy digital services to customers is control coupled with transparency.
By Brad Garlinghouse CEO, Hightail , 2/14/2014
Comment8 comments  |  Read  |  Post a Comment
Data Security Dos & Doníts From The Target Breach
Bala Venkat, CMO, CenzicCommentary
The holidays brought attacks on the retail industry. If you arenít in retail, your industry could be next.
By Bala Venkat CMO, Cenzic, 2/13/2014
Comment7 comments  |  Read  |  Post a Comment
Behavior Analysis: New Weapon To Fight Hackers
Michael Fitzgerald, News
Israeli startup Cybereason says it breaks new security ground by spotting deviations in employee behavior and telling companies what to do next.
By Michael Fitzgerald , 2/12/2014
Comment1 Comment  |  Read  |  Post a Comment
Target Breach: HVAC Contractor Systems Investigated
Mathew J. Schwartz, News
Hackers may have used access credentials stolen from refrigeration and HVAC system contractor Fazio Mechanical Services to gain remote access to Target's network.
By Mathew J. Schwartz , 2/6/2014
Comment10 comments  |  Read  |  Post a Comment
Target Hackers Tapped Vendor Credentials
Mathew J. Schwartz, News
Investigators suspect that BMC software, Microsoft configuration management tools, and SQL injection were used as hacking tools and techniques in Target's massive data breach.
By Mathew J. Schwartz , 1/30/2014
Comment7 comments  |  Read  |  Post a Comment
The Scariest End-User Security Question: What Changed?
Bob Covello, Security Tech VeteranCommentary
Hitting employees over the head with fear, uncertainty, and doubt does little to help protect them from security threats. Is multi-factor authentication "by force" a better approach?
By Bob Covello Security Tech Veteran, 1/29/2014
Comment11 comments  |  Read  |  Post a Comment
Feds Arrest Bitcoin Celebrity In Money Laundering Case
Mathew J. Schwartz, News
Bitcoin Foundation vice chair Charlie Shrem accused of changing $1 million into bitcoins for users of Silk Road marketplace.
By Mathew J. Schwartz , 1/28/2014
Comment0 comments  |  Read  |  Post a Comment
Malware: More Hype Than Reality
Andrew Froehlich, President & Lead Network Architect, West Gate NetworksCommentary
Sure, malware exists, but is it really as bad as the news suggests?
By Andrew Froehlich President & Lead Network Architect, West Gate Networks, 1/17/2014
Comment18 comments  |  Read  |  Post a Comment
Name That Toon: Contest Winners Named
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
We enjoyed all the laughs on the road to choosing the winner of our first cartoon caption contest. Check out the funniest entries.
By Marilyn Cohodas Community Editor, Dark Reading, 1/6/2014
Comment4 comments  |  Read  |  Post a Comment
RSA Denies Trading Security For NSA Payout
Mathew J. Schwartz, News
EMC security subsidiary accused of accepting $10 million from the NSA to purposefully use encryption for which the intelligence agency enjoyed backdoor access.
By Mathew J. Schwartz , 12/23/2013
Comment13 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Marilyn Cohodas
Current Conversations LOL.
In reply to: Check out our new cartoon
Post Your Own Reply
More Conversations
Register for Dark Reading Newsletters
White Papers
Latest Comment: LOL.
Current Issue
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-04-19
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.

Published: 2014-04-19
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 9.05, 10.01, and 10.10 allows remote authenticated users to obtain sensitive information via unknown vectors, aka ZDI-CAN-2042.

Published: 2014-04-18
The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/.

Published: 2014-04-18
F-Secure Anti-Virus, Safe Anywhere, and PSB Workstation Security before 11500 for Mac OS X allows local users to disable the Mac OS X firewall via unspecified vectors.

Published: 2014-04-18
imapsync 1.564 and earlier performs a release check by default, which sends sensitive information (imapsync, operating system, and Perl version) to the developer's site.

Best of the Web