Risk
News & Commentary
A ‘Building Code’ For Internet of Things Security, Privacy
Greg Shannon, Ph.D., chair, IEEE Cybersecurity Initiative & Chief Scientist, CERT Division, Carnegie Mellon University Software Engineering InstituteCommentary
In the fast-emerging IoT, medical device safety is reaching a critical juncture. Here are three challenges InfoSec professionals should begin to think about now.
By Greg Shannon Ph.D., chair, IEEE Cybersecurity Initiative & Chief Scientist, CERT Division, Carnegie Mellon University Software Engineering Institute, 3/4/2015
Comment1 Comment  |  Read  |  Post a Comment
FREAK Out: Yet Another New SSL/TLS Bug Found
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Old-school, export-grade crypto standard used until the 1990s can be triggered to downgrade security of client, servers, researchers find.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/3/2015
Comment2 comments  |  Read  |  Post a Comment
Compliance & Security: A Race To The Bottom?
Kevin E. Greene, Software Assurance Program Manager, Department of Homeland Security Science & Technology DirectorateCommentary
Compliance is meaningless if organizations don’t use it as a starting point to understand and mitigate risks within their environment.
By Kevin E. Greene Software Assurance Program Manager, Department of Homeland Security Science & Technology Directorate, 3/3/2015
Comment0 comments  |  Read  |  Post a Comment
Why Security Awareness Alone Won’t Stop Hackers
Saryu Nayyar, CEO, GuruculCommentary
End-user training is a noble pursuit but it’s no defense against “low and slow” attacks that take months and years to carry out.
By Saryu Nayyar CEO, Gurucul, 3/2/2015
Comment5 comments  |  Read  |  Post a Comment
5 New Vulnerabilities Uncovered In SAP
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Onapsis researchers find bugs in SAP BusinessObjects and SAP HANA.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/26/2015
Comment1 Comment  |  Read  |  Post a Comment
Our Governments Are Making Us More Vulnerable
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
Stuxnet opened Pandora’s box and today state-sponsored cyber security policies continue to put us at risk. Here are three reasons why.
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 2/19/2015
Comment11 comments  |  Read  |  Post a Comment
Researchers Report Details On Arabic-Speaking Cyberespionage Gang
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Trend Micro and Kaspersky researchers warn of Middle Eastern attack campaigns focused on "perceived enemies of Islam."
By Ericka Chickowski Contributing Writer, Dark Reading, 2/17/2015
Comment0 comments  |  Read  |  Post a Comment
Why The USA Hacks
Mike Walls, Managing Director Security Operations & Analysis, EdgeWaveCommentary
The U.S. government views cyberspace as just another theater of war akin to air, land and sea, and it operates in the domain for one basic reason: national defense.
By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 2/17/2015
Comment7 comments  |  Read  |  Post a Comment
Sony Hack: Poster Child For A New Era Of Cyber Attacks
Dmitri Alperovitch, Co-Founder & CTO, CrowdStrikeCommentary
What made the Sony breach unique is the combination of four common tactics into a single orchestrated campaign designed to bend a victim to the will of the attackers.
By Dmitri Alperovitch Co-Founder & CTO, CrowdStrike, 2/13/2015
Comment4 comments  |  Read  |  Post a Comment
A Winning Strategy: Must Patch, Should Patch, Can't Patch
Jeff Schilling, CSO, FirehostCommentary
The best way to have a significant impact on your company's security posture is to develop an organized effort for patching vulnerabilities.
By Jeff Schilling CSO, Firehost, 2/11/2015
Comment2 comments  |  Read  |  Post a Comment
Chinese Hacking Group Codoso Team Uses Forbes.com As Watering Hole
Ericka Chickowski, Contributing Writer, Dark ReadingNews
ASLR vulnerability patched today used in tandem with previously patched Flash vuln to carry out drive-by-downloads against political and economic targets
By Ericka Chickowski Contributing Writer, Dark Reading, 2/10/2015
Comment1 Comment  |  Read  |  Post a Comment
How Malware Bypasses Our Most Advanced Security Measures
Alon Nafta, Senior Security Researcher, SentinelOneCommentary
We unpack three common attack vectors and five evasion detection techniques.
By Alon Nafta Senior Security Researcher, SentinelOne, 2/10/2015
Comment8 comments  |  Read  |  Post a Comment
Bridging the Cybersecurity Skills Gap: 3 Big Steps
Michelle Drolet, Founder, TowerwallCommentary
The stakes are high. Establishing clear pathways into the industry, standardizing jobs, and assessing skills will require industry-wide consensus and earnest collaboration.
By Michelle Drolet Founder, Towerwall, 2/9/2015
Comment4 comments  |  Read  |  Post a Comment
Anthem Breach Should Convince Healthcare To Double Down On Security
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Mega breach brings focus back on inadequacies of healthcare security.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/6/2015
Comment6 comments  |  Read  |  Post a Comment
Why Israel Hacks
Mike Walls, Managing Director Security Operations & Analysis, EdgeWaveCommentary
Israel's tenuous position in the world drives its leaders to stay ahead of its cyber adversaries, chief among them the Islamic Republic of Iran.
By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 2/5/2015
Comment3 comments  |  Read  |  Post a Comment
A Mere 8 Days After Breach, Anthem Healthcare Notifies Customers
Sara Peters, Senior Editor at Dark ReadingNews
Was the data encrypted in storage? Investigators aren't saying, but they hint that it wouldn't matter either way.
By Sara Peters Senior Editor at Dark Reading, 2/5/2015
Comment13 comments  |  Read  |  Post a Comment
Shifting Paradigms: The Case for Cyber Counter-Intelligence
Adam Firestone, President & GM, Kaspersky Government Security SolutionsCommentary
Cyber Counter-Intelligence and traditional information security share many aspects. But CCI picks up where infosec ends -- with an emphasis on governance, automation, timeliness, and reporting.
By Adam Firestone President & GM, Kaspersky Government Security Solutions, 2/4/2015
Comment2 comments  |  Read  |  Post a Comment
Proposed Federal Data Breach Law Is Nice Gesture But No Panacea
Rick Kam, President & Co-founder, ID ExpertsCommentary
President Obama’s SOTU proposal demonstrates the growing importance of data protection for individuals but does little to address compliance complexities for business.
By Rick Kam President & Co-founder, ID Experts, 2/3/2015
Comment0 comments  |  Read  |  Post a Comment
How The Skills Shortage Is Killing Defense in Depth
David Holmes, World-Wide Security Evangelist, F5Commentary
It used to be easy to sell specialized security gizmos but these days when a point product gets pitched to a CSO, the response is likely “looks nifty, but I don’t have the staff to deploy it.”
By David Holmes World-Wide Security Evangelist, F5, 1/30/2015
Comment12 comments  |  Read  |  Post a Comment
WiIl Millennials Be The Death Of Data Security?
Chris Rouland, Founder & CEO, BastilleCommentary
Millennials, notoriously promiscuous with data and devices, this year will become the largest generation in the workforce. Is your security team prepared?
By Chris Rouland Founder & CEO, Bastille, 1/27/2015
Comment35 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8617
Published: 2015-03-04
Cross-site scripting (XSS) vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via the release parameter to module/re...

CVE-2015-0891
Published: 2015-03-04
Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Simple Board allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2015-0892
Published: 2015-03-04
Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Image Album allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2015-0893
Published: 2015-03-04
Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Relay Novel allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2015-2209
Published: 2015-03-04
DLGuard 4.5 allows remote attackers to obtain the installation path via the c parameter to index.php.

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.