Risk
News & Commentary
How I Would Secure The Internet With $4 Billion
Jim Manico, OWASP Global Board MemberCommentary
In an open letter to President Obama, a member of the Open Web Application Security Project tells why pending legislation on threat-intel sharing doesnít go far enough.
By Jim Manico OWASP Global Board Member, 5/29/2015
Comment3 comments  |  Read  |  Post a Comment
IRS Attack Demonstrates How Breaches Beget More Breaches
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Weak authentication validation assumed only taxpayers would know their Social Security Numbers and other information that criminals have been stealing for years.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/28/2015
Comment6 comments  |  Read  |  Post a Comment
Escalating Cyberattacks Threaten US Healthcare Systems
Rick Kam and Larry Ponemon, Rick Kam, President & Co-founder, ID Experts & Larry Ponemon, Chairman & Founder, Ponemon InstituteCommentary
Electronic health records are prime targets because healthcare organizations lack the resources, processes, and technologies to protect them. And itís only going to get worse.
By Rick Kam and Larry Ponemon Rick Kam, President & Co-founder, ID Experts & Larry Ponemon, Chairman & Founder, Ponemon Institute, 5/27/2015
Comment0 comments  |  Read  |  Post a Comment
State-Sponsored Cybercrime: A Growing Business Threat
David Venable,  Director, Professional Services, Masergy CommunicationsCommentary
You donít have to be the size of Sony -- or even mock North Korea -- to be a target.
By David Venable Director, Professional Services, Masergy Communications, 5/26/2015
Comment1 Comment  |  Read  |  Post a Comment
Hacking Airplanes: No One Benefits When Lives Are Risked To Prove A Point
Don Bailey, Founder & CEO, Lab Mouse SecurityCommentary
In the brave new world of self-driving cars and Wifi-enabled pacemakers, everything we do as information security professionals, everything we hack, every joke we make on Twitter, has real, quantifiable consequences.
By Don Bailey Founder & CEO, Lab Mouse Security, 5/19/2015
Comment7 comments  |  Read  |  Post a Comment
Why We Can't Afford To Give Up On Cybersecurity Defense
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
There is no quick fix, but organizations can massively reduce the complexity of building secure applications by empowering developers with four basic practices.
By Jeff Williams CTO, Aspect Security & Contrast Security, 5/18/2015
Comment3 comments  |  Read  |  Post a Comment
Taking A Security Program From Zero To Hero
Joshua Goldfarb, VP & CTO - Americas, FireEye.Commentary
Breaking the enigma of InfoSec into smaller bites is a proven method for building up an organizationís security capabilities. Here are six steps to get you started.
By Joshua Goldfarb VP & CTO - Americas, FireEye., 5/13/2015
Comment2 comments  |  Read  |  Post a Comment
First Example Of SAP Breach Surfaces
Ericka Chickowski, Contributing Writer, Dark ReadingNews
USIS attack in 2013 stealing background check information about government personnel with classified clearance came by way of an SAP exploit.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/12/2015
Comment0 comments  |  Read  |  Post a Comment
Deconstructing Mobile Fraud Risk
Subbu Sthanu, Director, Mobile Security & Application Security, IBMCommentary
Todayís enterprise security solutions donít do enough to manage BYOD risk, credit card theft and the reputational damage resulting from a major data breach.
By Subbu Sthanu Director, Mobile Security & Application Security, IBM, 5/5/2015
Comment1 Comment  |  Read  |  Post a Comment
Rapid7 Picks Up NTObjectives
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Adds 25 new employees and further diversifies testing capabilities.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/4/2015
Comment1 Comment  |  Read  |  Post a Comment
Security Product Liability Protections Emerge
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
WhiteHat Security, FireEye each offer product liability protections to their customers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/4/2015
Comment0 comments  |  Read  |  Post a Comment
Building a Stronger Security Strategy: 6 Tips
Harry Folloder, CIO, Advantage Waypoint LLC (AWP)Commentary
CIO offers his formula for achieving the right balance between data security and employee productivity and convenience
By Harry Folloder CIO, Advantage Waypoint LLC (AWP), 5/4/2015
Comment0 comments  |  Read  |  Post a Comment
Nine Years Later, IT Security Is Even More Important To Business
Tim Wilson, Editor in Chief, Dark ReadingCommentary
As Dark Reading celebrates its ninth year of publication, the security industry prepares for its next round of evolution.
By Tim Wilson Editor in Chief, Dark Reading, 5/1/2015
Comment2 comments  |  Read  |  Post a Comment
Dyre Trojan Adds New Sandbox-Evasion Feature
Jai Vijayan, Freelance writerNews
New tactic makes it that much harder to detect, says Seculert.
By Jai Vijayan Freelance writer, 5/1/2015
Comment1 Comment  |  Read  |  Post a Comment
IRC Botnets Are Not Quite Dead Yet
Jai Vijayan, Freelance writerNews
The handful that still operate are more sophisticated and resilient than before, Zscaler says.
By Jai Vijayan Freelance writer, 4/29/2015
Comment2 comments  |  Read  |  Post a Comment
RSA Highlighted Impending IoT Troubles
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Same mistakes made all over again with a new technology game changer, but the stakes are higher this time.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/28/2015
Comment3 comments  |  Read  |  Post a Comment
Note To Vendors: CISOs Donít Want Your Analytical Tools
Rick Gordon, Managing Partner, Mach37 Cyber AcceleratorCommentary
What they need are solutions that deliver prioritized recommendations and confidence in the analytical rigor behind those recommendations to take meaningful action.
By Rick Gordon Managing Partner, Mach37 Cyber Accelerator, 4/28/2015
Comment6 comments  |  Read  |  Post a Comment
Third-Party Risk and Organizational Situational Awareness
Emilio Iasiello, Senior Cyber Intelligence Analyst, Fidelis Cybersecurity
A rigorous risk management approach will help organizations understand the potential risks posed by their partners.
By Emilio Iasiello Senior Cyber Intelligence Analyst, Fidelis Cybersecurity, 4/27/2015
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity: Donít Bank On It With 3rd Parties
Greg Dickinson, CEO, HiperosCommentary
Not knowing that a contractorís employee had access to system passwords is not a valid excuse when your clientís records are stolen.
By Greg Dickinson CEO, Hiperos, 4/24/2015
Comment1 Comment  |  Read  |  Post a Comment
The Bad News For Infosec In The Target Settlement
Giora Engel, VP Product & Strategy, LightCyberCommentary
The legal argument behind the $10 million Class Action lawsuit and subsequent settlement is a gross misrepresentation of how attackers operate.
By Giora Engel VP Product & Strategy, LightCyber, 4/22/2015
Comment5 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7441
Published: 2015-05-29
The modern style negotiation in Network Block Device (nbd-server) 2.9.22 through 3.3 allows remote attackers to cause a denial of service (root process termination) by (1) closing the connection during negotiation or (2) specifying a name for a non-existent export.

CVE-2014-9727
Published: 2015-05-29
AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm.

CVE-2015-0200
Published: 2015-05-29
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x before 7.0.0.8 IF2 allows local users to obtain sensitive database information via unspecified vectors.

CVE-2015-0751
Published: 2015-05-29
Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800.

CVE-2015-0752
Published: 2015-05-29
Cross-site scripting (XSS) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27635.

Dark Reading Radio
Archived Dark Reading Radio
After a serious cybersecurity incident, everyone will be looking to you for answers -- but youíll never have complete information and youíll never have enough time. So in those heated moments, when a business is on the brink of collapse, how will you and the rest of the board room executives respond?