Risk
News & Commentary
Apple Pay: A Necessary Push To Transform Consumer Payments
Lucas Zaichkowsky, Enterprise Defense Architect, AccessDataCommentary
Apple Pay is a strategic move that will rival PayPal and other contenders in the mobile wallet marketplace. The big question is whether consumers and businesses are ready to ditch the plastic.
By Lucas Zaichkowsky Enterprise Defense Architect, AccessData, 9/11/2014
Comment8 comments  |  Read  |  Post a Comment
Dark Reading Radio: CISO James Christiansen Shares Experiences
Tim Wilson, Editor in Chief, Dark ReadingCommentary
Former CISO at GM, Visa, and Experian answers questions about building security programs in large enterprises.
By Tim Wilson Editor in Chief, Dark Reading, 9/9/2014
Comment1 Comment  |  Read  |  Post a Comment
HealthCare.gov Breach: The Ripple Effect
Alison Diana, Senior EditorCommentary
Hackers breached a HealthCare.gov test server, reportedly affecting no records, but the repercussions could spread across many medical organizations.
By Alison Diana Senior Editor, 9/6/2014
Comment18 comments  |  Read  |  Post a Comment
Poll: Significant Insecurity About Internet of Things
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Fewer than one percent of more than 800 Dark Reading community members are ready for the fast approaching security onslaught of the IoT.
By Marilyn Cohodas Community Editor, Dark Reading, 9/5/2014
Comment3 comments  |  Read  |  Post a Comment
In Cloud We Trust: A New Model
Evelyn De Souza & Richard Noguera, Cloud Security Alliance Data Governance Chair & Cloud Compliance & Data Privacy Strategy Leader, CiscoCommentary
The solution to the problem of data security in the public cloud will require more than a traditional compliance-driven approach.
By Evelyn De Souza & Richard Noguera Cloud Security Alliance Data Governance Chair & Cloud Compliance & Data Privacy Strategy Leader, Cisco, 9/4/2014
Comment11 comments  |  Read  |  Post a Comment
Why Are Security Pros Blasé About Compliance?
François Amigorena, Founder & CEO, IS DecisionsCommentary
A survey of 500 IT and security decision makers in the UK and US shows that a majority are in the dark about regulatory requirements for their business organization.
By François Amigorena Founder & CEO, IS Decisions, 8/29/2014
Comment22 comments  |  Read  |  Post a Comment
Top 5 Reasons Your Small Business Website is Under Attack
Chris Weltzien, CEO, 6Scan Commentary
There is no such thing as “too small to hack.” If a business has a website, hackers can exploit it.
By Chris Weltzien CEO, 6Scan , 8/26/2014
Comment29 comments  |  Read  |  Post a Comment
Flash Poll: CSOs Need A New Boss
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Only one out of four respondents to our flash poll think the CSO should report to the CIO.
By Marilyn Cohodas Community Editor, Dark Reading, 8/22/2014
Comment4 comments  |  Read  |  Post a Comment
US House Inspector General: IT Audit Activist
David F Carr, Editor, InformationWeek Government/HealthcareCommentary
At the 2014 GRC Conference, House IG Theresa Grafenstine argues internal auditors must be more forward looking -- and explains why being exempt from regulations just makes her job harder.
By David F Carr Editor, InformationWeek Government/Healthcare, 8/20/2014
Comment4 comments  |  Read  |  Post a Comment
Debugging The Myths Of Heartbleed
Steve Riley, Technical Leader, Office of the CTO, Riverbed TechnologyCommentary
Does Heartbleed really wreak havoc without a trace? The media and many technical sites seemed convinced of this, but some of us were skeptical.
By Steve Riley Technical Leader, Office of the CTO, Riverbed Technology, 8/20/2014
Comment5 comments  |  Read  |  Post a Comment
Cybersecurity: How Involved Should Boards Of Directors Be?
David F Carr, Editor, InformationWeek Government/HealthcareCommentary
Security audit groups ISACA and IIA weigh in on what role the board of directors should play in an enterprise's cybersecurity strategies.
By David F Carr Editor, InformationWeek Government/Healthcare, 8/19/2014
Comment7 comments  |  Read  |  Post a Comment
Why John McAfee Is Paranoid About Mobile
Peter Zavlaris, Analyst, RiskIQCommentary
Mobile apps are posing expanding risks to both enterprises and their customers. But maybe being paranoid about mobile is actually healthy for security.
By Peter Zavlaris Analyst, RiskIQ, 8/19/2014
Comment13 comments  |  Read  |  Post a Comment
Cloud Apps & Security: When Sharing Matters
Krishna Narayanaswamy, Founder & Chief Scientist, NetskopeCommentary
Sharing documents and data is happening all over the cloud today but not all sharing activity carries equal risk.
By Krishna Narayanaswamy Founder & Chief Scientist, Netskope, 8/18/2014
Comment5 comments  |  Read  |  Post a Comment
Infographic: 70 Percent of World's Critical Utilities Breached
Mark L. Cohn, Chief Technology Officer, Unisys Federal SystemsCommentary
New research from Unisys and Ponemon Institute finds alarming security gaps in worldwide ICS and SCADA systems within the last 12 months.
By Mark L. Cohn Chief Technology Officer, Unisys Federal Systems, 8/15/2014
Comment8 comments  |  Read  |  Post a Comment
Why Patching Makes My Heart Bleed
John Rostern, CRISC, QSA, VP Technology Audit & Advisory Services, CoalfireCommentary
Heartbleed was a simple mistake that was allowed to propagate through "business as usual" patching cycles and change management. It could easily happen again.
By John Rostern CRISC, QSA, VP Technology Audit & Advisory Services, Coalfire, 8/14/2014
Comment2 comments  |  Read  |  Post a Comment
6 Biometric Factors That Are Working Today
Marilyn Cohodas, Community Editor, Dark Reading
From fingerprints to wearable ECG monitors, there are real options in the market that may relegate the despised password to the dustbin of history.
By Marilyn Cohodas Community Editor, Dark Reading, 8/12/2014
Comment23 comments  |  Read  |  Post a Comment
Cyber Risk Dashboards: False Sense Of Control?
(ISC)2 Writers Bureau, Commentary
Federal programs promoting the use of risk dashboards can boost real-time visibility, but only if they are used correctly.
By (ISC)2 Writers Bureau , 8/12/2014
Comment2 comments  |  Read  |  Post a Comment
The Hyperconnected World Has Arrived
Michael Sutton, VP Security Research, ZscalerCommentary
Yes, the ever-expanding attack surface of the Internet of Things is overwhelming. But next-gen security leaders gathered at Black Hat are up to the challenge.
By Michael Sutton VP Security Research, Zscaler, 8/8/2014
Comment6 comments  |  Read  |  Post a Comment
The Illegitimate Milliner’s Guide to Black Hat
Tal Klein, VP Strategy, AdallomCommentary
A less-than-honest "Abe" goes undercover to get a behind-the-scenes look at Black Hat and its infamous attendees.
By Tal Klein VP Strategy, Adallom, 8/6/2014
Comment9 comments  |  Read  |  Post a Comment
5 Steps To Supply Chain Security
Robert Lemos, Technology JournalistNews
The integrity of enterprise data is only as strong as your most vulnerable third-party supplier or business partner. It's time to shore up these connection points.
By Robert Lemos Technology Journalist, 8/6/2014
Comment5 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
Back To Basics
Back To Basics
By failing to execute on basic security, we’re making the attacker's job too easy.
Comment2 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-1556
Published: 2014-09-12
Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 for DiskStation Manager (DSM) 3.2-1955 allows remote attackers to inject arbitrary web script or HTML via the name parameter to photo/photo_one.php.

CVE-2014-2008
Published: 2014-09-12
SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter.

CVE-2014-2009
Published: 2014-09-12
The mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log.

CVE-2014-4735
Published: 2014-09-12
Cross-site scripting (XSS) vulnerability in MyWebSQL 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the table parameter to index.php.

CVE-2014-5259
Published: 2014-09-12
Cross-site scripting (XSS) vulnerability in cattranslate.php in the CatTranslate JQuery plugin in BlackCat CMS 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
CISO Insider: An Interview with James Christiansen, Vice President, Information Risk Management, Office of the CISO, Accuvant