Dark Reading Issue Archive
- Secure The Cloud: Cloud security needn't be an oxymoron. Here's how to get it right.
- A Deeper Look At The Data: Find out what types of cloud apps are in use and what the top cloud computing threats are.
- The IPS Makeover: Next-gen intrusion-prevention systems have fuller visibility into applications and data. But do newer firewalls make IPS redundant?
- A Deeper Look At The Data: Find out what our 2013 Strategic Security Survey respondents have to say about IPS and firewalls.
- Stop Data Leaks: The NSA leak showed that one rogue insider can do massive damage. Use these three steps to keep your information safe from internal threats.
- If You See Something, Say Something: Technology is critical, but corporate culture also plays a central role in stopping a big breach.
- Who's Who In Your Cloud: Managing and securing user identity in the cloud is complicated. Here's how to keep it under control.
- Security's Pain The Neck: Evolving Users: Enterprises need to build access management strategies that recognize changing user roles.
- Big Data Detectives: Could big data be the key to identifying sophisticated threats? Security experts are on the case.
- Secure The Perimeter, Then Add Big Data:Security analytics is the next generation of defense.
- How To Cushion The Impact Of A Data Breach:Steps security pros should take to understand what happened and prevent it from happening again.
- Don't Be The Security Pro Who Cried Wolf: The effectiveness of a warning depends on a security pro's credibility and the supporting data.
- The Changing Face of APTsThe Changing Face of APTs:Advanced persistent threats are evolving in motivation, malice and sophistication. Are you ready to stop the madness?.
- Cyber Espionage Goes From Unusual To Everyday: Governments aren't the only victims of targeted "intelligence gathering." Enterprises need to be on guard too.
- 10 Web-Based Attacks Targeting Your End Users: Make sure they recognize and know how to avoid the latest threats.
- Refresh Often For Effective Security Training: Security threats change like the weather, yet many companies only have security training once a year.
- Endpoint Security: End user security requires layers of tools and training as employees use more devices and apps.
- Security Isn't A Piece Of Cake: It's time we rethink the conventional wisdom about security layering.
- BYOD Is Here To Stay: Trying to keep employees' devices off the network is futile.
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
- How Hackers Fool Your Employees: People are your most vulnerable endpoint. Make sure your security strategy addresses that fact.
- Not All Or Nothing: Effective security doesn't mean stopping all attackers.
- 10 Web Threats: Easily overlooked vulnerabilities could put your data and business at risk
- Recent Zero-Day Attacks: How hackers compromised an iOS developers' website to exploit Java plug-in vulnerabilities and attack Apple, Facebook, Microsoft and Twitter.
- How To Sharpen Endpoint Security: Protect the most fragile part of your IT infrastructure -- the endpoints and the unpredictable users who control them.
- Technology Or Education? Some say the focus should be on education to deal with the endpoint security conundrum; some say technology. But it's not a binary choice.
- Malware's Next Generation: Attackers are using shape-shifting malware to fool your defenses. Are you ready?
- Targeted Cybercrime: The shift in hacking requires a new defense mindset.
- How Crimeware Kits Work: Hackers are using kits to automate the creation and spread of malware.
- Digital Certificates: Recent breaches have tarnished this Web security technology. Here are five ways to keep it going.
- Newer Technology Isn't Necessarily Better: There's a lot of pressure to keep up with the latest in security technology, but that doesn't mean some older tech isn't worth another look.
- The Many Flavors Of CA Compromises: There's more than one way for attackers to take down a certificate authority.
- 10 Ways To Secure Web Data: Help for online retailers stuck in a maze of e-business security and PCI compliance requirements.
- The High Stakes Of Data Hoarding: Being a data pack rat puts you at risk for a major breach and becoming the next headline.
- Holes In BYOD: Time to patch your security policy to address people bringing their own mobile devices to work.
- Five Tips For Better BYOD Security: Letting employees use their own devices for work doesn't have to be complicated.
- Mobile Device Security On The Road: Metasploit creator HD Moore has five practical tips for business travelers.
- Are You At Home Or At Work? Smartphones and tablets have erased the line between home and work, raising security issues.
- Armored Road Warriors: Mobile employees' data and apps need protecting. Here are 10 ways to get the job done.
- The New Mobile World: Mobile technology is forcing businesses to rethink the fundamentals of how their networks work.
- 10 Steps To E-Commerce Security: Cybercriminals are taking aim at your website. Is your security strategy up to the challenge?
- Web Bots Everywhere: About half of the traffic to e-commerce sites is machine generated--and much of it is malicious.
- Security In The Open Air: Protecting your e-commerce servers may require not only a shift in your technology but also a shift in your thinking.
- 10 Ways To Fail A PCI Audit: Don't get tripped up by these common payment card data security mistakes: failing to vet the auditor, skipping the pre-audit assessment, losing track of your data, and seven more.
- Practice Makes For Audit Success: Test data security before the auditor arrives, Tim Wilson recommends.
- Save Your Assets: Distributed denial-of-service attacks can do serious damage. Get ready before you're hit.
- New Age Of Political Hacktivism: Next-gen attackers aren't out to steal your money, and your old style of defense isn't going to stop them.
- DNSChanger Threat Could Re-Emerge: Temporary servers and efforts from ISPs have helped fight the Trojan, but problems aren't over.
- Critical Infrastructure Targeted: Banks, utilities, and other parts of the U.S. critical infrastructure face more cybersecurity threats.
- Endpoint Insecurity: Employees and their browsers might be the weak link in your security plan. Here's how to close the gap.
- Get Security Savvy: Tim Wilson explains why security-aware end users make such a difference.
- Close The Door On Data Leaks: Stop insider theft and accidental disclosure with network and host controls--and don't forget to keep employees on their toes.
- Make Security Everyone's Business: Even the best data leak prevention tools will fail if employees don't make security a priority.
- Lessons From The Global Payments Breach: Recent attack underscores problems with knowledge-based authentication and perimeter defense.
- FTC Proposes "Privacy By Design": The agency's privacy guidelines could raise issues for e-commerce and online advertising.
- Web Encryption That Works: Secure Sockets Layer isn't perfect, but there are ways to optimize it. Here are four places to start.
- Security Success: As you look at the way you use security technology, be sure to follow best practices and do your updates. Success is all in the execution.
- Digital Detectives: The right forensic tools in the right hands are just a start. Here's how to better apply the lessons they teach.
- Take The Offensive: It's time to be proactive, not reactive, with digital forensics.
- DoS Attack Cripples Web Servers: Researcher's proof-of-concept code takes a different spin on slow HTTP denial-of-service attacks.
- When Someone Else's Insider Is Your Threat: Protecting intellectual property is difficult when a third party has access to confidential information.
- Access Denied: Database access controls keep information out of the wrong hands. Limit who sees what to stop leaks -- accidental or otherwise.
- Take Aim At Database Access: User provisioning isn't as simple as it sounds.
- Search And Secure: Sensitive data is scattered in forgotten corners of your IT infrastructure. Find and protect it before it winds up in the wrong hands.
- The Practical Side Of Data Defense: The most common data breaches are the result of the simplest attacks.
- Dueling SIEM Deals: IBM is buying Q1 Labs, and McAfee is picking up NitroSecurity. Deals come amid concerns that security information and event management must meet today's advanced threats.
- Poor Marks For Training Programs: Experts say the security industry must figure out why cybersecurity awareness programs are so ineffective.
- The SQL Injection Threat: Knowing how attackers find and exploit these vulnerabilities can help you defend against them.
- Take The Defensive: 6 techniques you can use to stop these attacks.
- Constant Vigilance: Don't ignore this dull but dangerous threat, Tim Wilson warns.
- Threats In The Supply Chain: The suppliers and contractors coming through your door could be a security risk to your business. Here's what you need to watch out for.
- Look Beyond Security's Garden Path:Focusing solely on your own company's security ignores the bigger picture.
- Take Me Out To The Breach Game: What do baseball and incident response have in common? Teamwork.
- Homeland Security And IRS Vulnerabilities Cited: Vulnerabilities At Homeland Security And IRS Agencies have been cited for database security problems.
- Anonymous Hacks Booz Allen: Hacker group says it nabbed military email addresses and password hashes from the contractor.
- U.S.-Russia Cybersecurity Pact: U.S. plans to start regularly sharing cybersecurity information with Russia.
- Database Defenses: Lessons learned from five of the latest security breaches.
- The Harsh Reality: The possibility of a database breach may be remote, but the costs are huge if it happens.
- Diary Of A Breach: Our intrusion detection timeline illustrates common but costly errors in companies' risk management processes.
- Connect The Log Data Dots: Companies collect massive amounts of data for compliance and forensics, but don't use it to develop real security.
- Take Me Out To The Breach Game: What do baseball and incident response have in common? Teamwork.
- Epsilon Attack Means Long-Term Pain: The theft of millions of email addresses could lead to years of phishing, spamming, and targeted attacks.
- EMC Adds Forensic Capabilities: Its NetWitness acquisition brings tools for better incident investigation.
- Phishing Scam Snares RSA: Why didn't the security company use its own technology to prevent the attack that exposed its SecurID customers?
- What Makes DB2 Security Different? IBM and its database customers didn't always give much thought to protecting their DB2 data. Both are now stepping up. Here's how and why.
- Same Song, New Music For Database Security: As database attacks increase, many enterprises are looking to recentralize their sensitive data and reduce the size of the potential attack surface.
- Wicked Innovation: Cutting-edge attacks like Stuxnet and Zeus will be the everyday attacks of the future. We tell you what you need to know to keep your company safe
- Rationalizing Security: Rationalizing Security: Five best practices to improve the budgeting process for security spending
- Prosperous New Year For Hackers: Tim Wilson explores five prime targets for exploits, including social networks, mobile devices, and wireless services.
- TPM Chips Sit Idle: Could activating the authentication chips built into millions of machines solve our cybersecurity problems?
- Mobile Users Go Phishing: Smartphone users are far more apt than PC users to visit phishing Web sites, new research shows.
Free Research and Reports
- Dell Software Foglight APM 5.9: Introducing Big Data Repository/Reporting Supporting Web Analytics and User-Centric APM
- How Foglight Makes User Experience Management A Reality: Three Case Studies
- Application Performance Monitoring (APM) in the Age of Hybrid Cloud: Ten Key Findings by EMA
- Controlling and Managing Superuser Access
- 10 Steps to Cleaning up Active Directory
- Keynote Interview: CIO Randy Mott On GM's Unprecedented IT Transformation: Lessons Learned - InformationWeek Conference
- The Digital Disruptors - InformationWeek Conference
- Keynote Speaker: Michelle McKenna-Doyle, CIO, NFL - InformationWeek Conference
- Crash Course in Open Source Cloud Computing - Interop Las Vegas
- No CIO Ever Got Promoted For… - Interop Las Vegas
Dark Reading Digital Magazine
Quick Wins For Strengthening SMB Security
Time To Set Up That Honeypot
Securing Cisco IP Telephony
Attribution Is Much More Than A Source IP
New CA Group Has Big Names, Small Impact
How To Build An IT Security Budget
5 Approaches To Decaffeinating Java Exploits
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
SQL injection vulnerability in ImageCMS before 4.2 allows remote authenticated administrators to execute arbitrary SQL commands via the q parameter to admin/admin_search/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3, allows remote attackers to inject arbitrary web script or HTML via the get-data parameter.
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) new_name parameter to apps/bookmarks/ajax/renameTag.php or (2) multiple unspecified parameters to unknown files in apps/contacts/ajax/.
SQL injection vulnerability in addressbookprovider.php in ownCloud Server before 5.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to the contacts application.
SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.