Operations
News & Commentary
Cyber Intelligence: Defining What You Know
Jason Polancich, Founder & Chief Architect, SurfWatchLabsCommentary
Too often management settles for security data about things that are assumed rather than things you can prove or that you know are definitely wrong.
By Jason Polancich Founder & Chief Architect, SurfWatchLabs, 2/27/2015
Comment0 comments  |  Read  |  Post a Comment
Ramnit Botnet Disrupted By International Public-Private Collaboration
Sara Peters, Senior Editor at Dark ReadingNews
Europol leads the effort to bring down the bank credential-stealing botnet that infected 3.2 million computers across the globe.
By Sara Peters Senior Editor at Dark Reading, 2/25/2015
Comment0 comments  |  Read  |  Post a Comment
Customers Aren’t the Only Victims: 5 Stages Of Data Breach Grief
Ricky Link, Managing Director, Coalfire Systems, Southwest RegionCommentary
What can we learn from organizations that have experienced a data beach? For one thing, infosec teams on the front lines of cyber security are also victims.
By Ricky Link Managing Director, Coalfire Systems, Southwest Region, 2/25/2015
Comment3 comments  |  Read  |  Post a Comment
From Hacking Systems To Hacking People
Larry Ponemon, Chairman & Founder, Ponemon InstituteCommentary
New low-tech attack methods like ‘visual hacking’ demand an information security environment that values data privacy and a self-policing culture.
By Larry Ponemon Chairman & Founder, Ponemon Institute, 2/24/2015
Comment8 comments  |  Read  |  Post a Comment
Blackhat, The Movie: Good, Bad & Ridiculous
Jeff Schmidt, Founder & CEO of JAS Global Advisors LLCCommentary
It didn’t take home an Oscar, but in some instances Blackhat was right on point. Still, a white-hat hacker with the skills to take out armed opponents?
By Jeff Schmidt Founder & CEO of JAS Global Advisors LLC, 2/23/2015
Comment2 comments  |  Read  |  Post a Comment
How To Get More Involved In The IT Security Community
Tim Wilson, Editor in Chief, Dark ReadingCommentary
Dark Reading Radio offers tips on how to network with your IT security peers, learn more about the industry and the profession, and participate in community outreach
By Tim Wilson Editor in Chief, Dark Reading, 2/18/2015
Comment6 comments  |  Read  |  Post a Comment
How We Can Prevent Another Anthem Breach
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Two things could have mitigated the damage and maybe even prevented any loss at all: behavioral analysis and context-aware access control.
By Dave Kearns Analyst, Kuppinger-Cole, 2/18/2015
Comment18 comments  |  Read  |  Post a Comment
Microsoft Fix For Critical Active Directory Bug A Year In The Making
Ericka Chickowski, Contributing Writer, Dark ReadingNews
This critical Active Directory vuln along with two other particularly 'nasty' critical flaws have experts pushing organizations to pick up patching pace.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/11/2015
Comment1 Comment  |  Read  |  Post a Comment
A Winning Strategy: Must Patch, Should Patch, Can't Patch
Jeff Schilling, CSO, FirehostCommentary
The best way to have a significant impact on your company's security posture is to develop an organized effort for patching vulnerabilities.
By Jeff Schilling CSO, Firehost, 2/11/2015
Comment2 comments  |  Read  |  Post a Comment
Bridging the Cybersecurity Skills Gap: 3 Big Steps
Michelle Drolet, Founder, TowerwallCommentary
The stakes are high. Establishing clear pathways into the industry, standardizing jobs, and assessing skills will require industry-wide consensus and earnest collaboration.
By Michelle Drolet Founder, Towerwall, 2/9/2015
Comment4 comments  |  Read  |  Post a Comment
Anthem Breach Should Convince Healthcare To Double Down On Security
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Mega breach brings focus back on inadequacies of healthcare security.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/6/2015
Comment6 comments  |  Read  |  Post a Comment
Why Israel Hacks
Mike Walls, Managing Director Security Operations & Analysis, EdgeWaveCommentary
Israel's tenuous position in the world drives its leaders to stay ahead of its cyber adversaries, chief among them the Islamic Republic of Iran.
By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 2/5/2015
Comment3 comments  |  Read  |  Post a Comment
A Mere 8 Days After Breach, Anthem Healthcare Notifies Customers
Sara Peters, Senior Editor at Dark ReadingNews
Was the data encrypted in storage? Investigators aren't saying, but they hint that it wouldn't matter either way.
By Sara Peters Senior Editor at Dark Reading, 2/5/2015
Comment13 comments  |  Read  |  Post a Comment
Shifting Paradigms: The Case for Cyber Counter-Intelligence
Adam Firestone, President & GM, Kaspersky Government Security SolutionsCommentary
Cyber Counter-Intelligence and traditional information security share many aspects. But CCI picks up where infosec ends -- with an emphasis on governance, automation, timeliness, and reporting.
By Adam Firestone President & GM, Kaspersky Government Security Solutions, 2/4/2015
Comment2 comments  |  Read  |  Post a Comment
RSA's Coviello To Retire Due To Health Reasons
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Amit Yoran to assume RSA executive's duties.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/4/2015
Comment0 comments  |  Read  |  Post a Comment
3 Disturbing New Trends in Vulnerability Disclosure
Sara Peters, Senior Editor at Dark ReadingNews
Who's winning and who's losing the battle of the bugs? While security pros and software companies fight amongst themselves, it looks like black hats are winning and users are losing.
By Sara Peters Senior Editor at Dark Reading, 2/3/2015
Comment7 comments  |  Read  |  Post a Comment
Browsers Are The Window To Enterprise Infection
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Ponemon report says infections dominated by browser-based exploits.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/2/2015
Comment9 comments  |  Read  |  Post a Comment
How The Skills Shortage Is Killing Defense in Depth
David Holmes, World-Wide Security Evangelist, F5Commentary
It used to be easy to sell specialized security gizmos but these days when a point product gets pitched to a CSO, the response is likely “looks nifty, but I don’t have the staff to deploy it.”
By David Holmes World-Wide Security Evangelist, F5, 1/30/2015
Comment12 comments  |  Read  |  Post a Comment
Small Changes Can Make A Big Difference In Tech Diversity
Lysa Myers, Security Researcher, ESETCommentary
There’s no doubt that many employers feel most comfortable hiring people like themselves. But in InfoSec, this approach can lead to stagnation.
By Lysa Myers Security Researcher, ESET, 1/28/2015
Comment6 comments  |  Read  |  Post a Comment
WiIl Millennials Be The Death Of Data Security?
Chris Rouland, Founder & CEO, BastilleCommentary
Millennials, notoriously promiscuous with data and devices, this year will become the largest generation in the workforce. Is your security team prepared?
By Chris Rouland Founder & CEO, Bastille, 1/27/2015
Comment35 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7421
Published: 2015-03-02
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.

CVE-2014-8160
Published: 2015-03-02
net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disall...

CVE-2014-9644
Published: 2015-03-02
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-201...

CVE-2015-0239
Published: 2015-03-02
The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYS...

CVE-2014-8921
Published: 2015-03-01
The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the automatic configuration option, which makes it easier for remote attackers to capture credentials by c...

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.