Risk
News & Commentary
Researchers Steal Door Badge Credentials Using Smartphone Bluetooth
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Weakness in facility access control protocol leaves most badge-in systems open to attack.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/28/2015
Comment0 comments  |  Read  |  Post a Comment
How To Put Data At The Heart Of Your Security Practice
Jay Jacobs, Senior Data Scientist, BitSight TechnologiesCommentary
First step: A good set of questions that seek out objective, measurable answers.
By Jay Jacobs Senior Data Scientist, BitSight Technologies, 7/28/2015
Comment1 Comment  |  Read  |  Post a Comment
The First 24 Hours In The Wake Of A Data Breach
Stephen Treglia, JD, HCISPP, Legal Counsel & HIPAA Compliance Officer- Investigations, Absolute SoftwareCommentary
There is a direct correlation between how quickly an organization can identify and contain a data breach and the financial consequences that may result.
By Stephen Treglia JD, HCISPP, Legal Counsel & HIPAA Compliance Officer- Investigations, Absolute Software, 7/27/2015
Comment0 comments  |  Read  |  Post a Comment
Detection: A Balanced Approach For Mitigating Risk
Joshua Goldfarb, VP & CTO - Americas, FireEye.Commentary
Only detection and response can complete the security picture that begins with prevention.
By Joshua Goldfarb VP & CTO - Americas, FireEye., 7/21/2015
Comment0 comments  |  Read  |  Post a Comment
Time’s Running Out For The $76 Billion Detection Industry
Simon Crosby, Co-founder & CTO, BromiumCommentary
The one strategy that can deliver the needle to the security team without the haystack is prevention.
By Simon Crosby Co-founder & CTO, Bromium, 7/21/2015
Comment2 comments  |  Read  |  Post a Comment
Photo Processing Vendor Exposes CVS, Wal-Mart, Costco
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Retail breaches highlight third-party risk -- again.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/20/2015
Comment0 comments  |  Read  |  Post a Comment
Mobile App Security: 4 Critical Issues
Subbu Sthanu, Director, Mobile Security & Application Security, IBMCommentary
Securing the mobile workforce in the age of BYOD is no easy task. You can begin with these four measures.
By Subbu Sthanu Director, Mobile Security & Application Security, IBM, 7/17/2015
Comment3 comments  |  Read  |  Post a Comment
Poor Priorities, Lack Of Resources Put Enterprises At Risk, Security Pros Say
Tim Wilson, Editor in Chief, Dark ReadingNews
In Black Hat survey, security professionals say misplaced enterprise priorities often leave them without the time and budget they need to address the most critical threats.
By Tim Wilson Editor in Chief, Dark Reading, 7/15/2015
Comment0 comments  |  Read  |  Post a Comment
Shared Passwords And No Accountability Plague Privileged Account Use
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Even IT decision-makers guilty of poor account hygiene.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/14/2015
Comment1 Comment  |  Read  |  Post a Comment
The Role of the Board In Cybersecurity: ‘Learn, Ensure, Inspect’
Jason Straight, Senior VP & Chief Privacy Officer, UnitedLexCommentary
Board members of the most forward-thinking U.S. companies are not just throwing money at the mounting problem of managing cyber risk.
By Jason Straight Senior VP & Chief Privacy Officer, UnitedLex, 7/8/2015
Comment1 Comment  |  Read  |  Post a Comment
New Google Search Poisoning Method Cloaks With PDF Docs
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Using PDF documents to keyword stuff is growing in popularity as it circumvents anti-cloaking mechanisms in Google's algorithms.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/7/2015
Comment0 comments  |  Read  |  Post a Comment
In The Cyber Realm, Let’s Be Knights Not Blacksmiths
Jeff Schilling, CSO, FirehostCommentary
Why the Internet of Things is our chance to finally get information security right.
By Jeff Schilling CSO, Firehost, 7/2/2015
Comment3 comments  |  Read  |  Post a Comment
PCI Update Paves Way For Expanding Point-to-Point Encryption
Jai Vijayan, Freelance writerNews
Move appears designed mainly for large organizations and big-box retailers looking to lock down payment card security.
By Jai Vijayan Freelance writer, 7/1/2015
Comment4 comments  |  Read  |  Post a Comment
Why We Need In-depth SAP Security Training
Juan Pablo Perez-Etchegoyen, CTO, OnapsisCommentary
SAP and Oracle are releasing tons of patches every month, but are enterprises up to this complex task? I have my doubts.
By Juan Pablo Perez-Etchegoyen CTO, Onapsis, 7/1/2015
Comment2 comments  |  Read  |  Post a Comment
Getting To Yes: Negotiating Technology Innovation & Security Risk
Tsion Gonen , Chief Strategy Office, Gemalto, Identity & Data ProtectionCommentary
As enterprises look for ways to leverage the cloud, mobility, Big Data, and social media for competitive advantage, CISOs can no longer give blanket refusals to IT experimentation.
By Tsion Gonen Chief Strategy Office, Gemalto, Identity & Data Protection, 6/30/2015
Comment0 comments  |  Read  |  Post a Comment
FireEye Report Prompts Reported SEC Probe Of FIN4 Hacking Gang
Jai Vijayan, Freelance writerNews
Security vendor's report from last year had warned about group targeting insider data from illegal trading.
By Jai Vijayan Freelance writer, 6/25/2015
Comment0 comments  |  Read  |  Post a Comment
User Monitoring Not Keeping Up With Risk Managers' Needs
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Biggest concern is negligence, but monitoring capabilities can't detect this type of activity within most applications.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/24/2015
Comment0 comments  |  Read  |  Post a Comment
CIOs And Security: Time To Rethink The Processes?
Paul Korzeniowski, Commentary
Businesses need to develop new security responses to address gigantic attacks, and the CIO is in the best position to lead the way.
By Paul Korzeniowski , 6/22/2015
Comment10 comments  |  Read  |  Post a Comment
9 Questions For A Healthy Application Security Program
Patrick Thomas, Senior Security Consultant, Cisco Security SolutionsCommentary
Teams often struggle with building secure software because fundamental supporting practices aren't in place. But those practices don't require magic, just commitment.
By Patrick Thomas Senior Security Consultant, Cisco Security Solutions, 6/19/2015
Comment1 Comment  |  Read  |  Post a Comment
Cybersecurity Advice From A Former White House CIO
Theresa Payton, Former White House CIO, CEO of Fortalice Solutions, LLCCommentary
Today's playbook demands 'human-centered' user education that assumes people will share passwords, forget them, and do unsafe things to get their jobs done.
By Theresa Payton Former White House CIO, CEO of Fortalice Solutions, LLC, 6/18/2015
Comment4 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by pentareddy
Current Conversations good video
In reply to: Re: Pending Review
Post Your Own Reply
Posted by suhasuseless
Current Conversations cool article..really cool
In reply to: good post
Post Your Own Reply
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0732
Published: 2015-07-28
Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9.0.0-193; Email Security Appliance (ESA) 8.5.6-113, 9.1.0-032, 9.1.1-000, and 9.6.0-000; and Content Security Management Appliance (SMA) 9.1.0-033 allows remote attackers to inject arbitrary web script or ...

CVE-2015-2974
Published: 2015-07-28
LEMON-S PHP Gazou BBS plus before 2.36 allows remote attackers to upload arbitrary HTML documents via vectors involving a crafted image file.

CVE-2015-4287
Published: 2015-07-28
Cisco Firepower Extensible Operating System 1.1(1.86) on Firepower 9000 devices allows remote attackers to bypass intended access restrictions and obtain sensitive device information by visiting an unspecified web page, aka Bug ID CSCuu82230.

CVE-2015-4288
Published: 2015-07-28
The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain s...

CVE-2015-4692
Published: 2015-07-27
The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call.

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!