Operations
News & Commentary
Compliance Is A Start, Not The End
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Regulatory compliance efforts may help you get a bigger budget and reach a baseline security posture. But "compliant" does not necessarily mean "secure."
By Sara Peters Senior Editor at Dark Reading, 10/21/2014
Comment0 comments  |  Read  |  Post a Comment
How To Become A CISO, Part 1
Sara Peters, Senior Editor at Dark ReadingNews
Think you're ready for the top job? Here's part 1 of a series to help you land that prime chief information security officer position.
By Sara Peters Senior Editor at Dark Reading, 10/20/2014
Comment16 comments  |  Read  |  Post a Comment
Nearly Half Of Consumers Will Punish Breached Retailers During Holidays
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Consumers say they'll talk with their wallets if they hear their favorite store has played fast and loose with customer data.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/20/2014
Comment9 comments  |  Read  |  Post a Comment
Insider Threats: Breaching The Human Barrier
Christopher Hadnagy, Founder & CEO, Social-Engineer, Inc.Commentary
A company can spend all the money it has on technical solutions to protect the perimeter and still not prevent the attack that comes from within.
By Christopher Hadnagy Founder & CEO, Social-Engineer, Inc., 10/20/2014
Comment2 comments  |  Read  |  Post a Comment
This Week In 60 Seconds: Google Phones, Mobile Trading & More
Andrew Conry Murray, Director of Content & Community, InteropCommentary
Our one-minute video wrap-up looks at mobile trading, new Nexus smartphones, tablets from Google, and other hot stories.
By Andrew Conry Murray Director of Content & Community, Interop, 10/18/2014
Comment2 comments  |  Read  |  Post a Comment
Facebook Doubles Bug Bounties For Ad-Related Flaws
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Is it a sign that online brands are treating malvertising more seriously?
By Ericka Chickowski Contributing Writer, Dark Reading, 10/16/2014
Comment0 comments  |  Read  |  Post a Comment
Cost Of A Data Breach Jumps By 23%
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Cleanup and resolution after a breach take an average of one month to complete, a new Ponemon Institute report finds.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/14/2014
Comment18 comments  |  Read  |  Post a Comment
Stolen Medical Data Is Now A Hot Commodity
Lysa Myers, Security Researcher, ESETCommentary
While credit cards are selling for a dollar or less on the black market, personal health credentials are commanding as much as $10 per patient. Here’s why.
By Lysa Myers Security Researcher, ESET, 10/14/2014
Comment5 comments  |  Read  |  Post a Comment
Shellshock Mayhem Marks The Start Of Malware Mess
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Existing Mayhem botnet malware kit now includes Shellshock exploit -- and experts say that'll be the model for more enterprising criminals.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/13/2014
Comment3 comments  |  Read  |  Post a Comment
4 ID Management Tips For Better Breach Resistance
Ericka Chickowski, Contributing Writer, Dark ReadingNews
AT&T insider attack case highlights the need for strong privileged identity management practices.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/13/2014
Comment1 Comment  |  Read  |  Post a Comment
Security Education K Through Life
W. Hord Tipton, Commentary
InfoSec professionals of the future need access to the right education and tools early on and throughout their entire work life.
By W. Hord Tipton , 10/10/2014
Comment11 comments  |  Read  |  Post a Comment
MBIA Breach Highlights Need For Tightened Security Ops
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Configuration change management and better monitoring could have prevented search engine indexing of sensitive financial information.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/9/2014
Comment1 Comment  |  Read  |  Post a Comment
How Retail Can Win Back Consumer Trust
Dan Ross, CEO & President, PromisecCommentary
Customer loyalty to their favorite brands is all about trust, which today has everything to do with security and privacy.
By Dan Ross CEO & President, Promisec, 10/9/2014
Comment1 Comment  |  Read  |  Post a Comment
Why Don't IT Generalists Understand Security?
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Why doesn't the rest of the IT department understand what encryption and passwords can and can't do? And does it matter?
By Sara Peters Senior Editor at Dark Reading, 10/8/2014
Comment29 comments  |  Read  |  Post a Comment
Good Job, Facebook: The Intersection Of Privacy, Identity & Security
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Birth names and legal names aren’t always the names people are best known by, concedes Facebook in the wake of a real-name policy usage flap.
By Dave Kearns Analyst, Kuppinger-Cole, 10/8/2014
Comment4 comments  |  Read  |  Post a Comment
Yahoo Server Hack: Shellshocked Or Not?
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Yahoo goes on the record to state that an attack over the weekend was not related to Shellshock, but an independent researcher insists the Bash bug is rearing its head on Yahoo infrastructure.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/7/2014
Comment1 Comment  |  Read  |  Post a Comment
Apple Makes Move To Shut Down Mac Botnet
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Cupertino engineers move swiftly to contain a Trojan outbreak reportedly propagated through pirated software.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/6/2014
Comment10 comments  |  Read  |  Post a Comment
83 Million Compromised In JPMorgan Chase Breach
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Bank says consumers and businesses don't even need to change passwords, but security experts believe attack is more serious than portrayed.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/3/2014
Comment6 comments  |  Read  |  Post a Comment
Cyberinsurance Resurges In The Wake Of Mega-Breaches
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Insurance policies customized for cyberattack protection are on the rise as businesses worry they could be the next Target.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/2/2014
Comment10 comments  |  Read  |  Post a Comment
Shellshock Attacks Spotted Against NAS Devices
Ericka Chickowski, Contributing Writer, Dark ReadingNews
First in-the-wild exploits found targeting QNAP network-attached storage devices.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/2/2014
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5242
Published: 2014-10-21
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action.

CVE-2012-5243
Published: 2014-10-21
functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.

CVE-2012-5702
Published: 2014-10-21
Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) company_name parameter in an addedit action to i...

CVE-2013-7406
Published: 2014-10-21
SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-2531
Published: 2014-10-21
SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the (1) NodeWorx , (2) SiteWorx, or (3) R...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.