Risk
News & Commentary
Hacking Airplanes: No One Benefits When Lives Are Risked To Prove A Point
Don Bailey, Founder & CEO, Lab Mouse SecurityCommentary
In the brave new world of self-driving cars and Wifi-enabled pacemakers, everything we do as information security professionals, everything we hack, every joke we make on Twitter, has real, quantifiable consequences.
By Don Bailey Founder & CEO, Lab Mouse Security, 5/19/2015
Comment7 comments  |  Read  |  Post a Comment
Why We Can't Afford To Give Up On Cybersecurity Defense
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
There is no quick fix, but organizations can massively reduce the complexity of building secure applications by empowering developers with four basic practices.
By Jeff Williams CTO, Aspect Security & Contrast Security, 5/18/2015
Comment3 comments  |  Read  |  Post a Comment
Taking A Security Program From Zero To Hero
Joshua Goldfarb, VP & CTO - Americas, FireEye.Commentary
Breaking the enigma of InfoSec into smaller bites is a proven method for building up an organizationís security capabilities. Here are six steps to get you started.
By Joshua Goldfarb VP & CTO - Americas, FireEye., 5/13/2015
Comment2 comments  |  Read  |  Post a Comment
First Example Of SAP Breach Surfaces
Ericka Chickowski, Contributing Writer, Dark ReadingNews
USIS attack in 2013 stealing background check information about government personnel with classified clearance came by way of an SAP exploit.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/12/2015
Comment0 comments  |  Read  |  Post a Comment
Deconstructing Mobile Fraud Risk
Subbu Sthanu, Director, Mobile Security & Application Security, IBMCommentary
Todayís enterprise security solutions donít do enough to manage BYOD risk, credit card theft and the reputational damage resulting from a major data breach.
By Subbu Sthanu Director, Mobile Security & Application Security, IBM, 5/5/2015
Comment1 Comment  |  Read  |  Post a Comment
Rapid7 Picks Up NTObjectives
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Adds 25 new employees and further diversifies testing capabilities.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/4/2015
Comment1 Comment  |  Read  |  Post a Comment
Security Product Liability Protections Emerge
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
WhiteHat Security, FireEye each offer product liability protections to their customers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/4/2015
Comment0 comments  |  Read  |  Post a Comment
Building a Stronger Security Strategy: 6 Tips
Harry Folloder, CIO, Advantage Waypoint LLC (AWP)Commentary
CIO offers his formula for achieving the right balance between data security and employee productivity and convenience
By Harry Folloder CIO, Advantage Waypoint LLC (AWP), 5/4/2015
Comment0 comments  |  Read  |  Post a Comment
Nine Years Later, IT Security Is Even More Important To Business
Tim Wilson, Editor in Chief, Dark ReadingCommentary
As Dark Reading celebrates its ninth year of publication, the security industry prepares for its next round of evolution.
By Tim Wilson Editor in Chief, Dark Reading, 5/1/2015
Comment2 comments  |  Read  |  Post a Comment
Dyre Trojan Adds New Sandbox-Evasion Feature
Jai Vijayan, Freelance writerNews
New tactic makes it that much harder to detect, says Seculert.
By Jai Vijayan Freelance writer, 5/1/2015
Comment1 Comment  |  Read  |  Post a Comment
IRC Botnets Are Not Quite Dead Yet
Jai Vijayan, Freelance writerNews
The handful that still operate are more sophisticated and resilient than before, Zscaler says.
By Jai Vijayan Freelance writer, 4/29/2015
Comment2 comments  |  Read  |  Post a Comment
RSA Highlighted Impending IoT Troubles
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Same mistakes made all over again with a new technology game changer, but the stakes are higher this time.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/28/2015
Comment3 comments  |  Read  |  Post a Comment
Note To Vendors: CISOs Donít Want Your Analytical Tools
Rick Gordon, Managing Partner, Mach37 Cyber AcceleratorCommentary
What they need are solutions that deliver prioritized recommendations and confidence in the analytical rigor behind those recommendations to take meaningful action.
By Rick Gordon Managing Partner, Mach37 Cyber Accelerator, 4/28/2015
Comment6 comments  |  Read  |  Post a Comment
Third-Party Risk and Organizational Situational Awareness
Emilio Iasiello, Senior Cyber Intelligence Analyst, Fidelis Cybersecurity
A rigorous risk management approach will help organizations understand the potential risks posed by their partners.
By Emilio Iasiello Senior Cyber Intelligence Analyst, Fidelis Cybersecurity, 4/27/2015
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity: Donít Bank On It With 3rd Parties
Greg Dickinson, CEO, HiperosCommentary
Not knowing that a contractorís employee had access to system passwords is not a valid excuse when your clientís records are stolen.
By Greg Dickinson CEO, Hiperos, 4/24/2015
Comment1 Comment  |  Read  |  Post a Comment
The Bad News For Infosec In The Target Settlement
Giora Engel, VP Product & Strategy, LightCyberCommentary
The legal argument behind the $10 million Class Action lawsuit and subsequent settlement is a gross misrepresentation of how attackers operate.
By Giora Engel VP Product & Strategy, LightCyber, 4/22/2015
Comment5 comments  |  Read  |  Post a Comment
RSA: Follow Keynote Sessions on Dark Reading
Sara Peters, Senior Editor at Dark ReadingNews
From the Cryptographer's Panel to the RSA CEO's advice for the security industry, here's how the conference kicked off in San Francisco Tuesday.
By Sara Peters Senior Editor at Dark Reading, 4/21/2015
Comment2 comments  |  Read  |  Post a Comment
Health Insurersí Digital Footprint Widening Attack Surface
Peter Zavlaris, Analyst, RiskIQCommentary
Insurers are ripe targets for attackers since theyíre efficient concentrators of every kind of data needed for identity theft, credit card and insurance fraud. Hereís proof.
By Peter Zavlaris Analyst, RiskIQ, 4/21/2015
Comment1 Comment  |  Read  |  Post a Comment
7 Deadly Sins That Get Users Hacked
Ericka Chickowski, Contributing Writer, Dark Reading
How users and their endpoints are leveraged by the bad guys to eventually find their way to critical data
By Ericka Chickowski Contributing Writer, Dark Reading, 4/16/2015
Comment11 comments  |  Read  |  Post a Comment
Harnessing The Power Of Cyber Threat Intelligence
Stu Solomon,  VP, General Counsel & Chief Risk Officer, iSIGHT PartnersCommentary
Here are six real-world examples of how changing your modus operandi from reactive to proactive can drive rapid response to the threats that matter.
By Stu Solomon VP, General Counsel & Chief Risk Officer, iSIGHT Partners, 4/16/2015
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by ODA155
Current Conversations Wow...
In reply to: Re: Remembering 911
Post Your Own Reply
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4774
Published: 2015-05-25
Cross-site request forgery (CSRF) vulnerability in the login page in IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 allows remote attackers to hijack the authentication of arbitrary users via vectors involving a FRAME element.

CVE-2014-4778
Published: 2015-05-25
IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 do not send an X-Frame-Options HTTP header in response to requests for the login page, which allows remote attackers to conduct clickjacking attacks via vectors involving a FRAME element.

CVE-2014-6190
Published: 2015-05-25
The log viewer in IBM Workload Deployer 3.1 before 3.1.0.7 allows remote attackers to obtain sensitive information via a direct request for the URL of a log document.

CVE-2014-6192
Published: 2015-05-25
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix10, 6.0.5 before 6.0.5.6, and 6.0.5.5a before 6.0.5.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CVE-2014-8146
Published: 2015-05-25
The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (hea...

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.