Risk
News & Commentary
Cyber Hunting: 5 Tips To Bag Your Prey
David J. Bianco, Security Architect, SqrrlCommentary
Knowing the lay of the land and where attackers hide is a key element in hunting, both in nature and in the cyber realm.
By David J. Bianco Security Architect, Sqrrl, 3/26/2015
Comment5 comments  |  Read  |  Post a Comment
SDN Shows Promise For Security
Marcia Savage, Managing Editor, Network ComputingNews
Improved security is emerging as a major reason for adopting software-defined networking, but concerns about potential SDN risks persist.
By Marcia Savage Managing Editor, Network Computing, 3/26/2015
Comment0 comments  |  Read  |  Post a Comment
Researchers Use Heat To Breach Air-Gapped Systems
Jai Vijayan, Freelance writerNews
BitWhisper project is part of ongoing air gap security research at Israel's Ben-Gurion University.
By Jai Vijayan Freelance writer, 3/25/2015
Comment1 Comment  |  Read  |  Post a Comment
FBI Threat Intelligence Cyber-Analysts Still Marginalized In Agency
Sara Peters, Senior Editor at Dark ReadingNews
Despite good progress, 9/11 Review Commission says that analysts could have a greater impact on FBI counter-terrorism activities if they had more domain awareness, forensics capabilities, and were more empowered to question agents.
By Sara Peters Senior Editor at Dark Reading, 3/25/2015
Comment1 Comment  |  Read  |  Post a Comment
The Internet Of Bring-Your-Own Things
David Lindner, Global Practice Manager, Mobile Application Security Services, Aspect SecurityCommentary
Devices and interconnected systems are finding a foothold not only in our homes but in mainstream organizations. Here are three tips to mitigate the risk.
By David Lindner Global Practice Manager, Mobile Application Security Services, Aspect Security, 3/25/2015
Comment1 Comment  |  Read  |  Post a Comment
Typical Users Know Less About Mobile Privacy Than They Think
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New Mobile Privacy IQ survey shows a disconnect between perception and practice.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/24/2015
Comment0 comments  |  Read  |  Post a Comment
Educating The Cyberwarriors Of The Future
Jeff Schilling, CSO, FirehostCommentary
If I have to choose between hiring a university-educated CompSci grad or an IT specialist strong in sysadmin, networking or programming, I will pick the IT specialist every time.
By Jeff Schilling CSO, Firehost, 3/24/2015
Comment4 comments  |  Read  |  Post a Comment
Context: Finding The Story Inside Your Security Operations Program
Joshua Goldfarb, VP & CTO - Americas, FireEye.Commentary
Whatís missing in todayís chaotic, alert-driven incident response queue is the idea of a narrative that provides a detailed understanding of how an attack actually unfolds.
By Joshua Goldfarb VP & CTO - Americas, FireEye., 3/23/2015
Comment6 comments  |  Read  |  Post a Comment
The Clinton Email Kerfuffle & Shadow IT
Ojas Rege, VP Strategy, MobileIronCommentary
For security pros the issue is not government transparency. It's the fact that users, regardless of seniority, will always pick convenience over security.
By Ojas Rege VP Strategy, MobileIron, 3/20/2015
Comment8 comments  |  Read  |  Post a Comment
Risky Business: Why Monitoring Vulnerability Data Is Never Enough
Bill Ledingham, CTO & Executive VP of Engineering, Black Duck SoftwareCommentary
Keeping tabs on open source code used in your organizationís applications and infrastructure is daunting, especially if you are relying solely on manual methods.
By Bill Ledingham CTO & Executive VP of Engineering, Black Duck Software, 3/19/2015
Comment4 comments  |  Read  |  Post a Comment
Most Companies Expect To Be Hacked In The Next 12 Months
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Security spending increases, while confidence in stopping cyber attacks decreases, new report shows.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/16/2015
Comment16 comments  |  Read  |  Post a Comment
Has Security Ops Outlived Its Purpose?
Tal Klein, VP Strategy, AdallomCommentary
CISOs will need more than higher headcounts and better automation tools to solve today's security problems.
By Tal Klein VP Strategy, Adallom, 3/13/2015
Comment15 comments  |  Read  |  Post a Comment
7 In 10 Businesses Struggle To Sustain PCI Compliance
Jai Vijayan, Freelance writerNews
Maintaining PCI compliance is a bigger challenge that achieving it for many companies, Verizon study finds.
By Jai Vijayan Freelance writer, 3/12/2015
Comment1 Comment  |  Read  |  Post a Comment
Deconstructing Threat Models: 3 Tips
Peleus Uhley, Lead Security Strategist, AdobeCommentary
There is no one-size-fits-all approach for creating cyber threat models. Just be flexible and keep your eye on the who, what, why, how and when.
By Peleus Uhley Lead Security Strategist, Adobe, 3/12/2015
Comment0 comments  |  Read  |  Post a Comment
6 Ways The Sony Hack Changes Everything
John B. Dickson, CISSP,  Principal, Denim GroupCommentary
Security in a post-Sony world means that a company's very survival in the wake of a cyber attack is more of a concern than ever before.
By John B. Dickson CISSP, Principal, Denim Group, 3/11/2015
Comment5 comments  |  Read  |  Post a Comment
Lack of WordPress User Education Affecting Security Posture
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Survey shows many users lack knowledge to effectively protect their sites.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/10/2015
Comment7 comments  |  Read  |  Post a Comment
Authorities Strike Against Dozens Of Cyber Crooks
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Last week was a banner week for the arrest and indictment of criminals accused of data theft, massive fraud, and DDoS attacks against private and public sector targets.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/9/2015
Comment1 Comment  |  Read  |  Post a Comment
Second Look: Data Security In A Hybrid Cloud
Bill Kleyman, Director of Strategy & Innovation, MTM TechnologiesCommentary
Todayís big cloud providers were built around an architecture for hosting and securing data. They will continue to thrive, only by keeping your workloads safe.
By Bill Kleyman Director of Strategy & Innovation, MTM Technologies, 3/9/2015
Comment12 comments  |  Read  |  Post a Comment
Which Apps Should You Secure First? Wrong Question.
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
Instead, develop security instrumentation capability and stop wasting time on '4 terrible tactics' that focus on the trivial.
By Jeff Williams CTO, Aspect Security & Contrast Security, 3/5/2015
Comment1 Comment  |  Read  |  Post a Comment
How Secure Are You?
Scott Montgomery , VP and CTO-Americas & Public Sector, Intel Security
The NIST Cybersecurity Framework can help you understand your risks.
By Scott Montgomery VP and CTO-Americas & Public Sector, Intel Security, 3/5/2015
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Marilyn Cohodas
Current Conversations Great point. Touche'
In reply to: Re: Data science
Post Your Own Reply
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7437
Published: 2015-03-29
Multiple integer overflows in potrace 1.11 allow remote attackers to cause a denial of service (crash) via large dimensions in a BMP image, which triggers a buffer overflow.

CVE-2013-7438
Published: 2015-03-29
Multiple buffer overflows in pbm212030 allow remote attackers to cause a denial of service (crash) or possible execute arbitrary code via a crafted PBM image, related to (1) stream line data, which triggers a heap-based buffer overflow, or (2) vectors related to an "internal intermediate heap-based ...

CVE-2014-5427
Published: 2015-03-29
Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to read pa...

CVE-2014-5428
Published: 2015-03-29
Unrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integratio...

CVE-2014-9205
Published: 2015-03-29
Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.