Tech Center Security Management
Dark Reading's Security Management Tech Center is your destination for news and information surrounding the administrative and professional tasks that information security professionals must perform every day. Written for career security pros, The Security Management Tech Center is designed to provide insight on security career choices, staffing and budgetary issues, and day-to-day administrative tasks such as security reporting and architecture planning.
Data breach last year prompts CIO Beth Jacob to resign; Target will hire interim CIO and chief compliance officer
There's a lot of buzz around how certs aren't important. I'm calling BS, and here's why
Big data means big changes in the makeup of IT security teams at large vendors and enterprises
Interop New York is just around the corner. The show is packed with informative sessions and workshops. Here are a dozen to put on your schedule
Articles leading up to, live coverage from, and post-event analysis of Interop New York 2013
- Building And Maintaining Effective Firewall Configurations
- FileTrek Survey Reveals That Black Hat Attendees' Opinions Split On Snowden
- OpenDNS Integrates Predictive Detection Capabilities Into Cloud-Delivered Web Security Platform
- Caldwell Partners Launches Information Security Practice
- Digital Defense Announces New Offering To Thwart Social Engineering Attacks
By The Numbers
Information Security Salaries Split
Infosec managers saw their salaries rise, while staffers felt a slight dip in 2013.
Source: InformationWeek 2013 IT Salary Survey
Around the Web
Products & Releases
Free Research and Reports
- Application Performance Monitoring (APM) in the Age of Hybrid Cloud: Ten Key Findings by EMA
- IAM for the Real World - Privileged Account Management
- The Importance of Managing Privileged Accounts
- The 12 Critical Questions You Need To Ask When Choosing an AD Bridge Solution
- Real-world Identity and Access Management (IAM) for Unix-based Systems
- Keynote Interview: Box CEO, Aaron Levie - InformationWeek Conference
- Let the Digital Games Begin! - InformationWeek Conference
- Crash Course in Open Source Cloud Computing - Interop Las Vegas
- Find out more about the Business of IT Track at Interop Las Vegas - Interop Las Vegas
- Managing & Securing Converged Networks @ Enterprise Connect | 3/17-3/20 - Enterprise Connect
Dark Reading Digital Magazine
Quick Wins For Strengthening SMB Security
Time To Set Up That Honeypot
Securing Cisco IP Telephony
Attribution Is Much More Than A Source IP
New CA Group Has Big Names, Small Impact
How To Build An IT Security Budget
5 Approaches To Decaffeinating Java Exploits
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
SQL injection vulnerability in ImageCMS before 4.2 allows remote authenticated administrators to execute arbitrary SQL commands via the q parameter to admin/admin_search/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3, allows remote attackers to inject arbitrary web script or HTML via the get-data parameter.
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) new_name parameter to apps/bookmarks/ajax/renameTag.php or (2) multiple unspecified parameters to unknown files in apps/contacts/ajax/.
SQL injection vulnerability in addressbookprovider.php in ownCloud Server before 5.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to the contacts application.
SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.