Operations
News & Commentary
Security Budgets Going Up, Thanks To Mega-Breaches
Sara Peters, Senior Editor at Dark ReadingNews
Sixty percent of organizations have increased their security spending by one-third -- but many security managers still don't think that's enough, Ponemon study finds.
By Sara Peters Senior Editor at Dark Reading, 1/21/2015
Comment5 comments  |  Read  |  Post a Comment
Ransomware Leads Surge In 2014 Mobile Malware Onslaught
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Mobile malware increases 75 percent in U.S.
By Ericka Chickowski Contributing Writer, Dark Reading, 1/20/2015
Comment3 comments  |  Read  |  Post a Comment
'123456' & 'Password' Are The 2 Most Common Passwords, Again
Sara Peters, Senior Editor at Dark ReadingQuick Hits
New entrants to the top 25 show that bad password creators are fans of sports, superheroes, dragons, and NSFW numeral combos.
By Sara Peters Senior Editor at Dark Reading, 1/20/2015
Comment3 comments  |  Read  |  Post a Comment
A Lot of Security Purchases Remain Shelfware
Jai Vijayan, Freelance writerNews
Companies may be investing more in security, but many are either underutilizing their new purchases or not using them at all, an Osterman Research survey shows.
By Jai Vijayan Freelance writer, 1/16/2015
Comment9 comments  |  Read  |  Post a Comment
Why North Korea Hacks
Mike Walls, Managing Director Security Operations & Analysis, EdgeWaveCommentary
The motivation behind Democratic People’s Republic of Korea hacking is rooted in a mix of retribution, paranoia, and the immature behavior of an erratic leader.
By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 1/15/2015
Comment10 comments  |  Read  |  Post a Comment
Majority Of Enterprises Finally Recognize Users As Endpoint's Weakest Vulnerability
Ericka Chickowski, Contributing Writer, Dark ReadingNews
The Ponemon State of the Endpoint report shows endpoint management continues to grow more difficult.
By Ericka Chickowski Contributing Writer, Dark Reading, 1/14/2015
Comment0 comments  |  Read  |  Post a Comment
Insider Threats in the Cloud: 6 Harrowing Tales
Kaushik Narayan, Co-Founder and CTO at Skyhigh NetworksCommentary
The cloud has vastly expanded the scope of rogue insiders. Read on to discover the latest threat actors and scenarios.
By Kaushik Narayan Co-Founder and CTO at Skyhigh Networks, 1/13/2015
Comment5 comments  |  Read  |  Post a Comment
How NOT To Be The Next Sony: Defending Against Destructive Attacks
Sara Peters, Senior Editor at Dark ReadingNews
When an attacker wants nothing more than to bring ruin upon your business, you can't treat them like just any other criminal.
By Sara Peters Senior Editor at Dark Reading, 1/8/2015
Comment12 comments  |  Read  |  Post a Comment
Nation-State Cyberthreats: Why They Hack
Mike Walls, Managing Director Security Operations & Analysis, EdgeWaveCommentary
All nations are not created equal and, like individual hackers, each has a different motivation and capability.
By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 1/8/2015
Comment8 comments  |  Read  |  Post a Comment
It’s Time to Treat Your Cyber Strategy Like a Business
Jason Polancich, Founder & Chief Architect, SurfWatchLabsCommentary
How do we win against cybercrime? Take a cue from renowned former GE chief exec Jack Welch and start with a clearly-defined mission.
By Jason Polancich Founder & Chief Architect, SurfWatchLabs, 1/7/2015
Comment6 comments  |  Read  |  Post a Comment
Dear Cyber Criminals: We’re Not Letting Our Guard Down in 2015
Sergio Galindo, GM, GFI SoftwareCommentary
Next year, you’ll keep exploiting vulnerabilities, and we’ll make sure our systems are patched, our antivirus is up to date, and our people are too smart to click the links you send them.
By Sergio Galindo GM, GFI Software, 12/31/2014
Comment5 comments  |  Read  |  Post a Comment
4 Infosec Resolutions For The New Year
Lysa Myers, Security Researcher, ESETCommentary
Don’t look in the crystal ball, look in the mirror to protect data and defend against threats in 2015.
By Lysa Myers Security Researcher, ESET, 12/30/2014
Comment9 comments  |  Read  |  Post a Comment
Why Digital Forensics In Incident Response Matters More Now
Craig Carpenter, President & COO, Resolution1 SecurityCommentary
By understanding what happened, when, how, and why, security teams can prevent similar breaches from occurring in the future.
By Craig Carpenter President & COO, Resolution1 Security, 12/24/2014
Comment6 comments  |  Read  |  Post a Comment
How PCI DSS 3.0 Can Help Stop Data Breaches
Troy Leach and Christopher Strand, Chief Technology Officer, PCI Security Standards Council & Senior Director of Compliance, Bit9Commentary
New Payment Card Industry security standards that took effect January 1 aim to replace checkmark mindsets with business as usual processes. Here are three examples.
By Troy Leach and Christopher Strand Chief Technology Officer, PCI Security Standards Council & Senior Director of Compliance, Bit9, 12/23/2014
Comment9 comments  |  Read  |  Post a Comment
Security News No One Saw Coming In 2014
John B. Dickson, CISSP,  Principal, Denim GroupCommentary
John Dickson shares his list (and checks it twice) of five of the most surprising security headlines of the year.
By John B. Dickson CISSP, Principal, Denim Group, 12/22/2014
Comment12 comments  |  Read  |  Post a Comment
The Internet's Winter Of Discontent
Paul Vixie, Chairman & CEO, Farsight Security, Inc.Commentary
The new great cybersecurity challenge in trying to sum up the most dangerous weaknesses in the world’s connected economy is that the hits just keep on coming.
By Paul Vixie Chairman & CEO, Farsight Security, Inc., 12/19/2014
Comment1 Comment  |  Read  |  Post a Comment
SDN And Security: Start Slow, But Start
Greg Ferro, Network Architect & BloggerNews
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul policies
By Greg Ferro Network Architect & Blogger, 12/19/2014
Comment0 comments  |  Read  |  Post a Comment
5 Pitfalls to Avoid When Running Your SOC
Jeff Schilling, CSO, FirehostCommentary
The former head of the US Army Cyber Command SOC shares his wisdom and battle scars about playing offense not defense against attackers.
By Jeff Schilling CSO, Firehost, 12/18/2014
Comment6 comments  |  Read  |  Post a Comment
2014's Top Malware: Less Money, Mo' Problems
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Here are the five most active malware packages to give attackers a huge ROI on a small investment.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/16/2014
Comment0 comments  |  Read  |  Post a Comment
2014: The Year of Privilege Vulnerabilities
Marc Maiffret, CTO, BeyondTrustCommentary
Of the 30 critical-rated Microsoft Security Bulletins this year, 24 involved vulnerabilities where the age-old best practice of "least privilege" could limit the impact of malware and raise the bar of difficulty for attackers.
By Marc Maiffret CTO, BeyondTrust, 12/16/2014
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8802
Published: 2015-01-23
The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to (1) add a user by uploading a crafted CSV file or (2) activate a user account via a verifyit action.

CVE-2014-9623
Published: 2015-01-23
OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quote and cause a denial of service (disk consumption) by deleting an image in the saving state.

CVE-2014-9638
Published: 2015-01-23
oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero.

CVE-2014-9639
Published: 2015-01-23
Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.

CVE-2014-9640
Published: 2015-01-23
oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.