Operations
News & Commentary
Why We Need In-depth SAP Security Training
Juan Pablo Perez-Etchegoyen, CTO, OnapsisCommentary
SAP and Oracle are releasing tons of patches every month, but are enterprises up to this complex task? I have my doubts.
By Juan Pablo Perez-Etchegoyen CTO, Onapsis, 7/1/2015
Comment0 comments  |  Read  |  Post a Comment
Getting To Yes: Negotiating Technology Innovation & Security Risk
Tsion Gonen , Chief Strategy Office, Gemalto, Identity & Data ProtectionCommentary
As enterprises look for ways to leverage the cloud, mobility, Big Data, and social media for competitive advantage, CISOs can no longer give blanket refusals to IT experimentation.
By Tsion Gonen Chief Strategy Office, Gemalto, Identity & Data Protection, 6/30/2015
Comment0 comments  |  Read  |  Post a Comment
4 Signs Your Board Thinks Security Readiness Is Better Than It Is
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Ponemon Institute survey shows a gap in perception between boards of directors and IT executives when it comes to IT risk posture.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/30/2015
Comment1 Comment  |  Read  |  Post a Comment
Social Engineering & Black Hat: Do As I Do Not As I Say
Tal Klein, VP Strategy, Lakeside Software.Commentary
Yes, I will be at Black Hat, where people will yell at me about NOT giving my PII to anyone, especially if they ask me for it via email.
By Tal Klein VP Strategy, Lakeside Software., 6/29/2015
Comment2 comments  |  Read  |  Post a Comment
3 Simple Steps For Minimizing Ransomware Exposure
Michelle Drolet, Founder, TowerwallCommentary
If your data is important enough to pay a ransom, why wasn't it important enough to properly backup and protect in the first place?
By Michelle Drolet Founder, Towerwall, 6/26/2015
Comment0 comments  |  Read  |  Post a Comment
Why China Wants Your Sensitive Data
Adam Meyers, VP of Intelligence, CrowdStrikeCommentary
Since May 2014, the Chinese government has been amassing a 'Facebook for human intelligence.' Here's what it's doing with the info.
By Adam Meyers VP of Intelligence, CrowdStrike, 6/24/2015
Comment15 comments  |  Read  |  Post a Comment
Child Exploitation & Assassins For Hire On The Deep Web
Sara Peters, Senior Editor at Dark ReadingNews
'Census report' of the unindexed parts of the Internet unearths everything from Bitcoin-laundering services to assassins for hire.
By Sara Peters Senior Editor at Dark Reading, 6/23/2015
Comment9 comments  |  Read  |  Post a Comment
The Dark Web: An Untapped Source For Threat Intelligence
Jason Polancich, Founder & Chief Architect, SurfWatchLabsCommentary
Most organizations already have the tools for starting a low-cost, high-return Dark Web cyber intelligence program within their existing IT and cybersecurity teams. Hereís how.
By Jason Polancich Founder & Chief Architect, SurfWatchLabs, 6/23/2015
Comment1 Comment  |  Read  |  Post a Comment
Security Surveys: Read With Caution
Bill Brenner, Information Security BloggerCommentary
Iím skeptical of industry surveys that tell security practitioners what they already know. Donít state the obvious. Tell us the way forward.
By Bill Brenner Information Security Blogger, 6/22/2015
Comment1 Comment  |  Read  |  Post a Comment
CIOs And Security: Time To Rethink The Processes?
Paul Korzeniowski, Commentary
Businesses need to develop new security responses to address gigantic attacks, and the CIO is in the best position to lead the way.
By Paul Korzeniowski , 6/22/2015
Comment8 comments  |  Read  |  Post a Comment
7 Top Security Quotes From London Technology Week
Sara Peters, Senior Editor at Dark Reading
Tech events across the city hit on IoT, smart cities, mobility and Legos.
By Sara Peters Senior Editor at Dark Reading, 6/19/2015
Comment9 comments  |  Read  |  Post a Comment
9 Questions For A Healthy Application Security Program
Patrick Thomas, Senior Security Consultant, Cisco Security SolutionsCommentary
Teams often struggle with building secure software because fundamental supporting practices aren't in place. But those practices don't require magic, just commitment.
By Patrick Thomas Senior Security Consultant, Cisco Security Solutions, 6/19/2015
Comment1 Comment  |  Read  |  Post a Comment
Cybersecurity Advice From A Former White House CIO
Theresa Payton, Former White House CIO, CEO of Fortalice Solutions, LLCCommentary
Today's playbook demands 'human-centered' user education that assumes people will share passwords, forget them, and do unsafe things to get their jobs done.
By Theresa Payton Former White House CIO, CEO of Fortalice Solutions, LLC, 6/18/2015
Comment4 comments  |  Read  |  Post a Comment
Is Your Security Operation Hooked On Malware?
Giora Engel, VP Product & Strategy, LightCyberCommentary
It may seem counterintuitive, but an overzealous focus on malware may be preventing you from detecting even bigger threats.
By Giora Engel VP Product & Strategy, LightCyber, 6/16/2015
Comment8 comments  |  Read  |  Post a Comment
Survival Tips For The Security Skills Shortage
Nimmy Reichenberg, VP of Strategy, AlgoSecCommentary
No matter how you slice it, creating a security professional with 10 years of experience takes, well, 10 years. Here are six suggestions for doing more with less.
By Nimmy Reichenberg VP of Strategy, AlgoSec, 6/12/2015
Comment5 comments  |  Read  |  Post a Comment
Security Metrics: Itís All Relative
Joshua Goldfarb, VP & CTO - Americas, FireEye.Commentary
What a haircut taught me about communicating the value of security to executives and non-security professionals.
By Joshua Goldfarb VP & CTO - Americas, FireEye., 6/9/2015
Comment2 comments  |  Read  |  Post a Comment
Cybercrime Can Give Attackers 1,425% Return on Investment
Sara Peters, Senior Editor at Dark ReadingNews
Going rates on the black market show ransomware and carding attack campaign managers have plenty to gain.
By Sara Peters Senior Editor at Dark Reading, 6/9/2015
Comment1 Comment  |  Read  |  Post a Comment
Quantifying Shadow Data In The Cloud
Ericka Chickowski, Contributing Writer, Dark Reading
Report shows how much data users really are exposing on SaaS services.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/8/2015
Comment1 Comment  |  Read  |  Post a Comment
Tim Cook: Customers, Not Companies, Should Control Their Data
Nathan Eddy, Freelance WriterNews
Apple CEO Tim Cook told a crowd that consumer data should be theirs to keep and not used to make businesses money. He targeted Google and Facebook without mentioning them.
By Nathan Eddy Freelance Writer, 6/3/2015
Comment9 comments  |  Read  |  Post a Comment
Help Wanted: Security Heroes & Heroines Only Need Apply
Malcolm Harkins, Chief Information Security Officer, Cylance Inc.Commentary
If we want to do more than simply defend ourselves, we need security champions and equally heroic security solutions.
By Malcolm Harkins Chief Information Security Officer, Cylance Inc., 6/3/2015
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: nice post
Current Issue
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1750
Published: 2015-07-01
Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps & Places plugin 1.6.6 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the href parameter to page/place.html. NOTE: this was originally reported as cross-sit...

CVE-2014-1836
Published: 2015-07-01
Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.

CVE-2015-0848
Published: 2015-07-01
Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image.

CVE-2015-1330
Published: 2015-07-01
unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vecto...

CVE-2015-1950
Published: 2015-07-01
IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain PowerVC credentials and bypass intended access restrictions via unspecified Python code.

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report