Risk
News & Commentary
Cyber Security Needs Its Ralph Nader
Tsion Gonen , Chief Strategy Officer, SafeNetCommentary
It took thousands of unnecessary traffic fatalities to create an environment for radical transformation of the auto industry. What will it take for a similar change to occur in data security?
By Tsion Gonen Chief Strategy Officer, SafeNet, 11/24/2014
Comment0 comments  |  Read  |  Post a Comment
The Week When Attackers Started Winning The War On Trust
Kevin Bocek, VP Security Strategy & Threat Intelligence, VenafiCommentary
The misuse of keys and certificates is not exotic or hypothetical. It’s a real threat that could undermine most, if not all, critical security controls, as recent headlines strongly show.
By Kevin Bocek VP Security Strategy & Threat Intelligence, Venafi, 11/21/2014
Comment1 Comment  |  Read  |  Post a Comment
OCR Audits: Don’t Fall Victim To Past Mistakes
Mark Fulford, Partner at LBMC’s Security & Risk ServicesCommentary
The Office of Civil Rights is not out to get you. But it does expect you to make good-faith efforts at protecting patient data.
By Mark Fulford Partner at LBMC’s Security & Risk Services, 11/21/2014
Comment0 comments  |  Read  |  Post a Comment
New Citadel Attack Targets Password Managers
Jai Vijayan, Freelance writerNews
IBM researchers have found signs that the prolific data steal Trojan is now being used to attack widely used password managers.
By Jai Vijayan Freelance writer, 11/20/2014
Comment3 comments  |  Read  |  Post a Comment
Enter The Digital Risk Officer
Nick Sanna, President, Digital Risk Management InstituteCommentary
In the brave new world of digital risk management, a CISO would report up to a DRO who manages risk from a business perspective and works with peers in business ops, compliance, and IT security.
By Nick Sanna President, Digital Risk Management Institute, 11/20/2014
Comment1 Comment  |  Read  |  Post a Comment
The Rise Of The Resilient Mobile Botnet
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New report on what researchers call one of the 'most sophisticated mobile botnets online' shows how profitable mobile malware has become.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/19/2014
Comment0 comments  |  Read  |  Post a Comment
Is Rogue IT Really A Problem?
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Rogue IT may be a misnomer for the subtleties of IT security's involvement in cloud procurement.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/17/2014
Comment1 Comment  |  Read  |  Post a Comment
Retail Hacking: What To Expect This Holiday Season
Kelly Jackson Higgins, Executive Editor at Dark ReadingCommentary
The next Dark Reading Radio episode on Nov. 19 at 1PM ET (10AM PT) features retail security experts from Mandiant and the retail industry.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/13/2014
Comment4 comments  |  Read  |  Post a Comment
New Attack Method Can Hit 95% Of iOS Devices
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Masque Attack replaces legit apps with malware using the same bundle identifier names.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/10/2014
Comment7 comments  |  Read  |  Post a Comment
The Staggering Complexity of Application Security
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
During the past few decades of high-speed coding we have automated our businesses so fast that we are now incapable of securing what we have built.
By Jeff Williams CTO, Aspect Security & Contrast Security, 11/10/2014
Comment6 comments  |  Read  |  Post a Comment
3 IT Practices That Add Risk To Cloud
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Poor governance, sloppy data handling, and IAM missteps all increase cloud risk.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/7/2014
Comment2 comments  |  Read  |  Post a Comment
Breach Fatigue Sets In With Consumers
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Report from Ponemon and RSA shows that consumers aren't really adjusting behavior due to mega breaches.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/4/2014
Comment3 comments  |  Read  |  Post a Comment
Marrying Monitoring With IAM
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Prevalence of stolen online credentials and rampant password reuse means enterprises must keep better tabs on how credentials are used.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/4/2014
Comment1 Comment  |  Read  |  Post a Comment
Preparing For A Data Breach: Think ‘Stop, Drop & Roll’
Phil Smith, SVP Security Solutions, TrustwaveCommentary
Breaches are going to happen, which is why we need to treat incident response readiness like fire drills, practicing time and time again until the response is practically instinctive.
By Phil Smith SVP Security Solutions, Trustwave, 11/3/2014
Comment0 comments  |  Read  |  Post a Comment
Cyberspace Expands Threat Matrix
Patience Wait, News
National security experts warn there is no privacy or security any more.
By Patience Wait , 11/3/2014
Comment1 Comment  |  Read  |  Post a Comment
Financial Breaches Show ‘Trust Model’ Is Broken
Bob West, Chief Trust Officer, CipherCloudCommentary
It’s a full-blown crisis when a dozen major financial services firms admit to having their networks probed by the same attackers as those behind the JPMorgan Chase breach.
By Bob West Chief Trust Officer, CipherCloud, 10/31/2014
Comment7 comments  |  Read  |  Post a Comment
Infographic: The Many Faces of Today’s Hackers
John Trobough, CEO, NarusCommentary
How many of these hacker personas are you dueling with in your organization?
By John Trobough CEO, Narus, 10/29/2014
Comment12 comments  |  Read  |  Post a Comment
Cyber Espionage Attacks Attributed To Russian Government
Ericka Chickowski, Contributing Writer, Dark ReadingNews
FireEye report meticulously details clues that all point to state-sponsorship of the Sofacy/Sourface malware and tracks its evolution over seven years.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/29/2014
Comment0 comments  |  Read  |  Post a Comment
What Scares Me About Healthcare & Electric Power Security
John B. Dickson, CISSP,  Principal, Denim GroupCommentary
Both industries share many of the same issues as enterprises. But they also have a risk profile that makes them singularly unprepared for sophisticated threats
By John B. Dickson CISSP, Principal, Denim Group, 10/28/2014
Comment16 comments  |  Read  |  Post a Comment
Chipmaker Disables Counterfeits With Software Update
Jai Vijayan, Freelance writerNews
FTDI's update, targeting counterfeit chips, could disable systems widely embedded in healthcare, critical infrastructure, and consumer products.
By Jai Vijayan Freelance writer, 10/28/2014
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2010-5312
Published: 2014-11-24
Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

CVE-2012-6662
Published: 2014-11-24
Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo.

CVE-2014-1424
Published: 2014-11-24
apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 in Ubuntu 14.04 allows attackers to bypass AppArmor policies via unspecified vectors, related to a "miscompilation flaw."

CVE-2014-7817
Published: 2014-11-24
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".

CVE-2014-7821
Published: 2014-11-24
OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?