Perimeter
News & Commentary
Security News No One Saw Coming In 2014
John B. Dickson, CISSP,  Principal, Denim GroupCommentary
John Dickson shares his list (and checks it twice) of five of the most surprising security headlines of the year.
By John B. Dickson CISSP, Principal, Denim Group, 12/22/2014
Comment3 comments  |  Read  |  Post a Comment
The Internet's Winter Of Discontent
Paul Vixie, Chairman & CEO, Farsight Security, Inc.Commentary
The new great cybersecurity challenge in trying to sum up the most dangerous weaknesses in the world’s connected economy is that the hits just keep on coming.
By Paul Vixie Chairman & CEO, Farsight Security, Inc., 12/19/2014
Comment1 Comment  |  Read  |  Post a Comment
ICANN Hit By Cyberattack
Jai Vijayan, Freelance writerNews
Spear phishing campaign led to attackers gaining administrative access to one system.
By Jai Vijayan Freelance writer, 12/18/2014
Comment0 comments  |  Read  |  Post a Comment
Bad Bots On The Rise
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Humans remain outnumbered by bots online, new data shows.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/18/2014
Comment0 comments  |  Read  |  Post a Comment
Millions Of Android Phones In China Have Backdoor
Jai Vijayan, Freelance writerNews
An Android backdoor is the topic of one of two advisories this week on mobile threats.
By Jai Vijayan Freelance writer, 12/17/2014
Comment0 comments  |  Read  |  Post a Comment
Cyberattacks Longer, More Continuous Than Before
Jai Vijayan, Freelance writerNews
A surprisingly large number of organizations experienced cyberattacks lasting more than one month, a new survey found.
By Jai Vijayan Freelance writer, 12/12/2014
Comment1 Comment  |  Read  |  Post a Comment
'Inception' Cyber Espionage Campaign Targets PCs, Smartphones
Jai Vijayan, Freelance writerNews
Blue Coat report details sophisticated attacks mainly against Russian targets, and Kaspersky Lab calls new campaign next-generation of Red October cyber spying operation.
By Jai Vijayan Freelance writer, 12/10/2014
Comment1 Comment  |  Read  |  Post a Comment
Poll: The Perimeter Has Shattered!
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
The traditional corporate network perimeter is not dead, but its amorphous shape is something new and indescribable.
By Marilyn Cohodas Community Editor, Dark Reading, 12/8/2014
Comment9 comments  |  Read  |  Post a Comment
Moving Beyond 2-Factor Authentication With ‘Context’
Keith Graham, CTO, SecureAuthCommentary
2FA isn’t cheap or infallible -- in more ways than two.
By Keith Graham CTO, SecureAuth, 12/5/2014
Comment11 comments  |  Read  |  Post a Comment
Why ‘Regin’ Malware Changes Threatscape Economics
Adam Firestone, President & GM, Kaspersky Government Security SolutionsCommentary
Never before have attackers been able to deploy a common malware platform and configure it as necessary with low-cost, quick-turnaround business logic apps.
By Adam Firestone President & GM, Kaspersky Government Security Solutions, 12/4/2014
Comment3 comments  |  Read  |  Post a Comment
Leveraging The Kill Chain For Awesome
Sean Mason, VP, Incident Response, Resolution1 SecurityCommentary
There are good reasons the Kill Chain is being used by some of the most successful information security teams around. Here are three.
By Sean Mason VP, Incident Response, Resolution1 Security, 12/2/2014
Comment1 Comment  |  Read  |  Post a Comment
Senate Explores Outsourcing Security Services
Jai Vijayan, Freelance writerNews
The US Senate might outsource core cyber security support to a managed security service. Candidate tasks include network security monitoring, threat analysis, incident reporting, vulnerability analysis, and security engineering and research.
By Jai Vijayan Freelance writer, 12/2/2014
Comment3 comments  |  Read  |  Post a Comment
Q&A: Internet Encryption As The New Normal
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Internet Architecture Board chairman Russ Housley explains what the IAB's game-changing statement about encryption means for the future of the Net.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/1/2014
Comment6 comments  |  Read  |  Post a Comment
Breaking the Code: The Role of Visualization in Security Research
Thibault Reuille, Security Researcher, OpenDNSCommentary
In today’s interconnected, data rich IT environments, passive inspection of information is not enough.
By Thibault Reuille Security Researcher, OpenDNS, 12/1/2014
Comment1 Comment  |  Read  |  Post a Comment
The Week When Attackers Started Winning The War On Trust
Kevin Bocek, VP Security Strategy & Threat Intelligence, VenafiCommentary
The misuse of keys and certificates is not exotic or hypothetical. It’s a real threat that could undermine most, if not all, critical security controls, as recent headlines strongly show.
By Kevin Bocek VP Security Strategy & Threat Intelligence, Venafi, 11/21/2014
Comment1 Comment  |  Read  |  Post a Comment
New Citadel Attack Targets Password Managers
Jai Vijayan, Freelance writerNews
IBM researchers have found signs that the prolific data steal Trojan is now being used to attack widely used password managers.
By Jai Vijayan Freelance writer, 11/20/2014
Comment4 comments  |  Read  |  Post a Comment
Internet Architecture Board Calls For Net Encryption By Default
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The Internet Architecture Board (IAB) urges encryption across the protocol stack to usher in an era where encrypted traffic is the norm. But there are possible security tradeoffs.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/19/2014
Comment10 comments  |  Read  |  Post a Comment
The Rise Of The Resilient Mobile Botnet
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New report on what researchers call one of the 'most sophisticated mobile botnets online' shows how profitable mobile malware has become.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/19/2014
Comment0 comments  |  Read  |  Post a Comment
Rethinking Security With A System Of 'Checks & Balances'
Brian Foster, CTO, DamballaCommentary
For too long, enterprises have given power to one branch of security governance -- prevention -- at the expense of the other two: detection and response.
By Brian Foster CTO, Damballa, 11/14/2014
Comment7 comments  |  Read  |  Post a Comment
Time To Turn The Tables On Attackers
Amit Yoran, President, RSACommentary
As a security industry, we need to arm business with innovative technologies that provide visibility, analysis, and action to prevent inevitable breaches from causing irreparable damage.
By Amit Yoran President, RSA, 11/13/2014
Comment5 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5208
Published: 2014-12-22
BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbit...

CVE-2014-7286
Published: 2014-12-22
Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors.

CVE-2014-8015
Published: 2014-12-22
The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor's guest account via a modified HTTP request, aka Bug ID CSCur64400.

CVE-2014-8017
Published: 2014-12-22
The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a reply, aka Bug ID CSCur41673.

CVE-2014-8018
Published: 2014-12-22
Multiple cross-site scripting (XSS) vulnerabilities in Business Voice Services Manager (BVSM) pages in the Application Software in Cisco Unified Communications Domain Manager 8 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCur19651, CSCur18555, CSCur1...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.