Risk
News & Commentary
In The Cyber Realm, Let’s Be Knights Not Blacksmiths
Jeff Schilling, CSO, FirehostCommentary
Why the Internet of Things is our chance to finally get information security right.
By Jeff Schilling CSO, Firehost, 7/2/2015
Comment3 comments  |  Read  |  Post a Comment
PCI Update Paves Way For Expanding Point-to-Point Encryption
Jai Vijayan, Freelance writerNews
Move appears designed mainly for large organizations and big-box retailers looking to lock down payment card security.
By Jai Vijayan Freelance writer, 7/1/2015
Comment4 comments  |  Read  |  Post a Comment
Why We Need In-depth SAP Security Training
Juan Pablo Perez-Etchegoyen, CTO, OnapsisCommentary
SAP and Oracle are releasing tons of patches every month, but are enterprises up to this complex task? I have my doubts.
By Juan Pablo Perez-Etchegoyen CTO, Onapsis, 7/1/2015
Comment2 comments  |  Read  |  Post a Comment
Getting To Yes: Negotiating Technology Innovation & Security Risk
Tsion Gonen , Chief Strategy Office, Gemalto, Identity & Data ProtectionCommentary
As enterprises look for ways to leverage the cloud, mobility, Big Data, and social media for competitive advantage, CISOs can no longer give blanket refusals to IT experimentation.
By Tsion Gonen Chief Strategy Office, Gemalto, Identity & Data Protection, 6/30/2015
Comment0 comments  |  Read  |  Post a Comment
FireEye Report Prompts Reported SEC Probe Of FIN4 Hacking Gang
Jai Vijayan, Freelance writerNews
Security vendor's report from last year had warned about group targeting insider data from illegal trading.
By Jai Vijayan Freelance writer, 6/25/2015
Comment0 comments  |  Read  |  Post a Comment
User Monitoring Not Keeping Up With Risk Managers' Needs
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Biggest concern is negligence, but monitoring capabilities can't detect this type of activity within most applications.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/24/2015
Comment0 comments  |  Read  |  Post a Comment
CIOs And Security: Time To Rethink The Processes?
Paul Korzeniowski, Commentary
Businesses need to develop new security responses to address gigantic attacks, and the CIO is in the best position to lead the way.
By Paul Korzeniowski , 6/22/2015
Comment10 comments  |  Read  |  Post a Comment
9 Questions For A Healthy Application Security Program
Patrick Thomas, Senior Security Consultant, Cisco Security SolutionsCommentary
Teams often struggle with building secure software because fundamental supporting practices aren't in place. But those practices don't require magic, just commitment.
By Patrick Thomas Senior Security Consultant, Cisco Security Solutions, 6/19/2015
Comment1 Comment  |  Read  |  Post a Comment
Cybersecurity Advice From A Former White House CIO
Theresa Payton, Former White House CIO, CEO of Fortalice Solutions, LLCCommentary
Today's playbook demands 'human-centered' user education that assumes people will share passwords, forget them, and do unsafe things to get their jobs done.
By Theresa Payton Former White House CIO, CEO of Fortalice Solutions, LLC, 6/18/2015
Comment4 comments  |  Read  |  Post a Comment
Time to Focus on Data Integrity
Nate Lesser & Mary Yang, National Institute of Standards and TechnologyCommentary
Information security efforts have historically centered on data theft. But cybercriminals who alter corporate records and personal information can also cause serious harm.
By Nate Lesser & Mary Yang National Institute of Standards and Technology, 6/17/2015
Comment0 comments  |  Read  |  Post a Comment
Survival Tips For The Security Skills Shortage
Nimmy Reichenberg, VP of Strategy, AlgoSecCommentary
No matter how you slice it, creating a security professional with 10 years of experience takes, well, 10 years. Here are six suggestions for doing more with less.
By Nimmy Reichenberg VP of Strategy, AlgoSec, 6/12/2015
Comment5 comments  |  Read  |  Post a Comment
From GitHub to Great Cannon: A Mid-Year Analysis Of DDoS Attacks
Dave Larson, CTO & VP, Product, Corero Network SecurityCommentary
The new and common face of DDoS today is its use as a smokescreen to conceal malicious activity in an overwhelming burst of traffic that stretch security layers to the brink.
By Dave Larson CTO & VP, Product, Corero Network Security, 6/11/2015
Comment0 comments  |  Read  |  Post a Comment
Firewalls Sustain Foundation of Sound Security
Jody Brazil, Founder and CEO of FireMonCommentary
Simply put, organizations that cannot maintain rigid firewall enforcement are more likely to be compromised.
By Jody Brazil Founder and CEO of FireMon, 6/10/2015
Comment1 Comment  |  Read  |  Post a Comment
Security Metrics: It’s All Relative
Joshua Goldfarb, VP & CTO - Americas, FireEye.Commentary
What a haircut taught me about communicating the value of security to executives and non-security professionals.
By Joshua Goldfarb VP & CTO - Americas, FireEye., 6/9/2015
Comment2 comments  |  Read  |  Post a Comment
7 Critical Criteria for Data Encryption In The Cloud
Ron Zalkind, CTO & Co-founder, CloudLockCommentary
Encrypting the huge number of data files stored in a public cloud today is like bubble-wrapping an entire house. Better to focus on the fragile items that matter.
By Ron Zalkind CTO & Co-founder, CloudLock, 6/8/2015
Comment1 Comment  |  Read  |  Post a Comment
Help Wanted: Security Heroes & Heroines Only Need Apply
Malcolm Harkins, Chief Information Security Officer, Cylance Inc.Commentary
If we want to do more than simply defend ourselves, we need security champions and equally heroic security solutions.
By Malcolm Harkins Chief Information Security Officer, Cylance Inc., 6/3/2015
Comment1 Comment  |  Read  |  Post a Comment
Threat Intelligence Platforms: The Next 'Must-Have' For Harried Security Operations Teams
Tim Wilson, Editor in Chief, Dark ReadingNews
New category of technology promises to aggregate all threat intelligence feeds and help security teams find the attacks that could cause the most damage
By Tim Wilson Editor in Chief, Dark Reading, 6/2/2015
Comment2 comments  |  Read  |  Post a Comment
Today’s Requirements To Defend Against Tomorrow’s Insider Threats
Scott Weber, Managing Director, Stroz FriedbergCommentary
At its most basic, a consistent and meaningful insider threat detection program has two components: data and people. Here’s how to put them together.
By Scott Weber Managing Director, Stroz Friedberg, 6/1/2015
Comment0 comments  |  Read  |  Post a Comment
How I Would Secure The Internet With $4 Billion
Jim Manico, OWASP Global Board MemberCommentary
In an open letter to President Obama, a member of the Open Web Application Security Project tells why pending legislation on threat-intel sharing doesn’t go far enough.
By Jim Manico OWASP Global Board Member, 5/29/2015
Comment9 comments  |  Read  |  Post a Comment
IRS Attack Demonstrates How Breaches Beget More Breaches
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Weak authentication validation assumed only taxpayers would know their Social Security Numbers and other information that criminals have been stealing for years.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/28/2015
Comment16 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3653
Published: 2015-07-06
Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template.

CVE-2014-5406
Published: 2015-07-06
The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, ...

CVE-2014-9737
Published: 2015-07-06
Open redirect vulnerability in the Language Switcher Dropdown module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a block.

CVE-2014-9738
Published: 2015-07-06
Multiple cross-site scripting (XSS) vulnerabilities in the Tournament module 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via an (1) account username, a (2) node title, or a (3) team entity title.

CVE-2014-9739
Published: 2015-07-06
Cross-site scripting (XSS) vulnerability in the Node Field module 7.x-2.x before 7.x-2.45 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors involving internal fields.

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report