Risk
News & Commentary
A CISO's View of Mobile Security Strategy, With Stacey Halota
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
CISO of Graham Holdings visits Dark Reading News Desk at Black Hat to discuss why mobile security is a top priority and how to use mobile devices as a security tool.
By Sara Peters Senior Editor at Dark Reading, 8/31/2015
Comment0 comments  |  Read  |  Post a Comment
Top Infosec Execs Will Eventually Report To CEOs, CISOs Say
Kevin West, CEO & founder, K logixCommentary
But becoming a trusted resource to the executive suite will demand major changes in the traditional chief information security officer role.
By Kevin West CEO & founder, K logix, 8/31/2015
Comment0 comments  |  Read  |  Post a Comment
FBI Sounds Alarm Again On Business Email Compromise Threat
Jai Vijayan, Freelance writerNews
Over 7,000 US business have been victimized by so-called BEC fraud between October 2013 and August 2015 alone, the FBI said in an alert this week.
By Jai Vijayan Freelance writer, 8/28/2015
Comment2 comments  |  Read  |  Post a Comment
Cybersecurity Under FTC Authority: What Does it Mean?
Tom Kellermann, Chief Cybersecurity Office, Trend MicroCommentary
Consumers can now expect the same level of security and privacy in the digital realm as they do in the physical.
By Tom Kellermann Chief Cybersecurity Office, Trend Micro, 8/27/2015
Comment8 comments  |  Read  |  Post a Comment
Seeing Into Security 'Blind Spots' With Bay Dynamics' Gautam Aggarwal
Dark Reading Staff, CommentaryVideo
Gautam Aggarwal, CMO of Bay Dynamics, visits Dark Reading News Desk at Black Hat to explain that it’s important to not just develop a cybersecurity strategy, but to also better understand what your security blind spots are.
By Dark Reading Staff , 8/27/2015
Comment2 comments  |  Read  |  Post a Comment
Evolution Of The CISO And The Board: BAE Systems’ Jim Anderson Explains
Dark Reading Staff, CommentaryVideo
President of the Americas for BAE Systems Applied Intelligence, Jim Anderson, joins the Dark Reading News Desk at Black Hat to explain how the CISO has to improve communications with the corporate board and better explain overall security strategy.
By Dark Reading Staff , 8/27/2015
Comment0 comments  |  Read  |  Post a Comment
RiskIQ's Arian Evans Talks Up Hunting Down Digital Assets
Dark Reading Staff, CommentaryVideo
You can't protect what you can't find. Arian Evans, vice president of product marketing for RiskIQ, joins the Dark Reading News Desk at Black Hat to explain how to discover all your assets.
By Dark Reading Staff , 8/27/2015
Comment0 comments  |  Read  |  Post a Comment
Consumers Want Password Alternatives
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Consumer confidence in online passwords wanes and their password hygiene remains as sketchy as ever, study finds.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/27/2015
Comment0 comments  |  Read  |  Post a Comment
A Tale Of Two IoT Security Outcomes
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Commandeered Jeep gets fixed but a 'hijacked' satellite network does not? Why Internet of Things security remains a work in progress.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/26/2015
Comment1 Comment  |  Read  |  Post a Comment
Beware The Hidden Risk Of Business Partners In The Cloud
Sekhar Sarukkai, Co-founder & VP, Engineering, Skyhigh NetworksCommentary
Enterprises vastly underestimate the cyber risk from digital connections to vendors, suppliers, agencies, consultants -- and any company with which employees do business.
By Sekhar Sarukkai Co-founder & VP, Engineering, Skyhigh Networks, 8/20/2015
Comment1 Comment  |  Read  |  Post a Comment
CISOs Spend Too Much Time On Tech, Not Enough On Strategy
Sara Peters, Senior Editor at Dark ReadingNews
Deloitte's CISO Transition Lab finds CISOs spend 77 percent of their time on technical aspects of the job, and is helping them become more strategic.
By Sara Peters Senior Editor at Dark Reading, 8/17/2015
Comment2 comments  |  Read  |  Post a Comment
Richard Bejtlich Talks Business Security Strategy, US Security Policy
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Chief security strategist of FireEye talks at the Dark Reading News Desk at Black Hat about attribution, the war on encryption, and what should drive your security department.
By Sara Peters Senior Editor at Dark Reading, 8/17/2015
Comment1 Comment  |  Read  |  Post a Comment
Securing Black Hat From Black Hat
Aamir Lakhani, Senior Security Strategist & Hacker, Fortinet, FortiGuard Advanced LabsCommentary
‘Dr. Chaos’ shares the inside scoop on the challenges and rewards of protecting one of the 'most hostile networks on the planet.'
By Aamir Lakhani Senior Security Strategist & Hacker, Fortinet, FortiGuard Advanced Labs, 8/14/2015
Comment1 Comment  |  Read  |  Post a Comment
View From The Top: Government’s Role In Cybersecurity
Sara Peters, Senior Editor at Dark Reading
At the DarkReading News Desk, live from Black Hat, industry experts Dan Kaminsky, Richard Bejtlich, Katie Moussouris, Paul Kurtz, and Rod Beckstrom talked about how government is hurting and could be helping infosec.
By Sara Peters Senior Editor at Dark Reading, 8/14/2015
Comment1 Comment  |  Read  |  Post a Comment
Former White House Advisor, Paul Kurtz, On Info Sharing & Government Action
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Former cybersecurity advisor to the White House talks to Sara Peters at Black Hat about information sharing, attribution, cybersecurity legislation, and his new start-up.
By Sara Peters Senior Editor at Dark Reading, 8/12/2015
Comment0 comments  |  Read  |  Post a Comment
FTC to Black Hat Attendees: Help Us Make Good Tech Policy
Fahmida Y. Rashid, Contributing Editor, Dark ReadingNews
The FTC’s chief technologist made a direct appeal to security, privacy, and technology communities to get involved and help shape tech laws and policies.
By Fahmida Y. Rashid Contributing Editor, Dark Reading, 8/12/2015
Comment1 Comment  |  Read  |  Post a Comment
Data Protection: The 98 Percent Versus The 2 Percent
Jeff Schilling, CSO, FirehostCommentary
Four steps for defending your most sensitive corporate information from the inside out.
By Jeff Schilling CSO, Firehost, 8/11/2015
Comment0 comments  |  Read  |  Post a Comment
Symantec Sells Veritas To Carlyle Group For $8 Billion
Marcia Savage, Managing Editor, Network ComputingNews
The cybersecurity giant sheds its data storage unit and puts an end to a failed foray into storage.
By Marcia Savage Managing Editor, Network Computing, 8/11/2015
Comment0 comments  |  Read  |  Post a Comment
Data Visibility: A Matter Of Perspective
Joshua Goldfarb, VP & CTO - Americas, FireEye.Commentary
You can't analyze what you can't see. True at the dentist and true in security.
By Joshua Goldfarb VP & CTO - Americas, FireEye., 8/10/2015
Comment0 comments  |  Read  |  Post a Comment
Why Cyber-Physical Hackers Have It Harder Than You
Sara Peters, Senior Editor at Dark ReadingNews
Before you pout about having to learn a new infosec application, remember you don't need to also know physics, chemistry, engineering and how to make a pipeline explosion look like an accident.
By Sara Peters Senior Editor at Dark Reading, 8/6/2015
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2329
Published: 2015-08-31
Multiple cross-site scripting (XSS) vulnerabilities in Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allow remote authenticated users to inject arbitrary web script or HTML via the (1) agent string for a check_mk agent, a (2) crafted request to a monitored host, which is not properly handled by ...

CVE-2014-2330
Published: 2015-08-31
Multiple cross-site request forgery (CSRF) vulnerabilities in the Multisite GUI in Check_MK before 1.2.5i2 allow remote attackers to hijack the authentication of users for requests that (1) upload arbitrary snapshots, (2) delete arbitrary files, or possibly have other unspecified impact via unknown ...

CVE-2014-2331
Published: 2015-08-31
Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a snapshot. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330.

CVE-2014-2332
Published: 2015-08-31
Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote authenticated users to delete arbitrary files via a request to an unspecified link, related to "Insecure Direct Object References." NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330.

CVE-2014-2570
Published: 2015-08-31
Cross-site scripting (XSS) vulnerability in www/make_subset.php in PHP Font Lib before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.

Dark Reading Radio
Archived Dark Reading Radio
Another Black Hat is in the books and Dark Reading was there. Join the editors as they share their top stories, biggest lessons, and best conversations from the premier security conference.