Database Security
Authentication
Privacy
Compliance
Careers & People
Identity & Access Management
Threat Intelligence
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Risk
News & Commentary
Why Security Awareness Alone Won’t Stop Hackers
Saryu Nayyar, CEO, GuruculCommentary
End-user training is a noble pursuit but it’s no defense against “low and slow” attacks that take months and years to carry out.
By Saryu Nayyar CEO, Gurucul, 3/2/2015
Comment0 comments  |  Read  |  Post a Comment
5 New Vulnerabilities Uncovered In SAP
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Onapsis researchers find bugs in SAP BusinessObjects and SAP HANA.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/26/2015
Comment0 comments  |  Read  |  Post a Comment
Our Governments Are Making Us More Vulnerable
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
Stuxnet opened Pandora’s box and today state-sponsored cyber security policies continue to put us at risk. Here are three reasons why.
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 2/19/2015
Comment11 comments  |  Read  |  Post a Comment
Researchers Report Details On Arabic-Speaking Cyberespionage Gang
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Trend Micro and Kaspersky researchers warn of Middle Eastern attack campaigns focused on "perceived enemies of Islam."
By Ericka Chickowski Contributing Writer, Dark Reading, 2/17/2015
Comment0 comments  |  Read  |  Post a Comment
Why The USA Hacks
Mike Walls, Managing Director Security Operations & Analysis, EdgeWaveCommentary
The U.S. government views cyberspace as just another theater of war akin to air, land and sea, and it operates in the domain for one basic reason: national defense.
By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 2/17/2015
Comment7 comments  |  Read  |  Post a Comment
Sony Hack: Poster Child For A New Era Of Cyber Attacks
Dmitri Alperovitch, Co-Founder & CTO, CrowdStrikeCommentary
What made the Sony breach unique is the combination of four common tactics into a single orchestrated campaign designed to bend a victim to the will of the attackers.
By Dmitri Alperovitch Co-Founder & CTO, CrowdStrike, 2/13/2015
Comment4 comments  |  Read  |  Post a Comment
A Winning Strategy: Must Patch, Should Patch, Can't Patch
Jeff Schilling, CSO, FirehostCommentary
The best way to have a significant impact on your company's security posture is to develop an organized effort for patching vulnerabilities.
By Jeff Schilling CSO, Firehost, 2/11/2015
Comment2 comments  |  Read  |  Post a Comment
Chinese Hacking Group Codoso Team Uses Forbes.com As Watering Hole
Ericka Chickowski, Contributing Writer, Dark ReadingNews
ASLR vulnerability patched today used in tandem with previously patched Flash vuln to carry out drive-by-downloads against political and economic targets
By Ericka Chickowski Contributing Writer, Dark Reading, 2/10/2015
Comment1 Comment  |  Read  |  Post a Comment
How Malware Bypasses Our Most Advanced Security Measures
Alon Nafta, Senior Security Researcher, SentinelOneCommentary
We unpack three common attack vectors and five evasion detection techniques.
By Alon Nafta Senior Security Researcher, SentinelOne, 2/10/2015
Comment8 comments  |  Read  |  Post a Comment
Bridging the Cybersecurity Skills Gap: 3 Big Steps
Michelle Drolet, Founder, TowerwallCommentary
The stakes are high. Establishing clear pathways into the industry, standardizing jobs, and assessing skills will require industry-wide consensus and earnest collaboration.
By Michelle Drolet Founder, Towerwall, 2/9/2015
Comment4 comments  |  Read  |  Post a Comment
Anthem Breach Should Convince Healthcare To Double Down On Security
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Mega breach brings focus back on inadequacies of healthcare security.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/6/2015
Comment6 comments  |  Read  |  Post a Comment
Why Israel Hacks
Mike Walls, Managing Director Security Operations & Analysis, EdgeWaveCommentary
Israel's tenuous position in the world drives its leaders to stay ahead of its cyber adversaries, chief among them the Islamic Republic of Iran.
By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 2/5/2015
Comment3 comments  |  Read  |  Post a Comment
A Mere 8 Days After Breach, Anthem Healthcare Notifies Customers
Sara Peters, Senior Editor at Dark ReadingNews
Was the data encrypted in storage? Investigators aren't saying, but they hint that it wouldn't matter either way.
By Sara Peters Senior Editor at Dark Reading, 2/5/2015
Comment13 comments  |  Read  |  Post a Comment
Shifting Paradigms: The Case for Cyber Counter-Intelligence
Adam Firestone, President & GM, Kaspersky Government Security SolutionsCommentary
Cyber Counter-Intelligence and traditional information security share many aspects. But CCI picks up where infosec ends -- with an emphasis on governance, automation, timeliness, and reporting.
By Adam Firestone President & GM, Kaspersky Government Security Solutions, 2/4/2015
Comment2 comments  |  Read  |  Post a Comment
Proposed Federal Data Breach Law Is Nice Gesture But No Panacea
Rick Kam, President & Co-founder, ID ExpertsCommentary
President Obama’s SOTU proposal demonstrates the growing importance of data protection for individuals but does little to address compliance complexities for business.
By Rick Kam President & Co-founder, ID Experts, 2/3/2015
Comment0 comments  |  Read  |  Post a Comment
How The Skills Shortage Is Killing Defense in Depth
David Holmes, World-Wide Security Evangelist, F5Commentary
It used to be easy to sell specialized security gizmos but these days when a point product gets pitched to a CSO, the response is likely “looks nifty, but I don’t have the staff to deploy it.”
By David Holmes World-Wide Security Evangelist, F5, 1/30/2015
Comment12 comments  |  Read  |  Post a Comment
WiIl Millennials Be The Death Of Data Security?
Chris Rouland, Founder & CEO, BastilleCommentary
Millennials, notoriously promiscuous with data and devices, this year will become the largest generation in the workforce. Is your security team prepared?
By Chris Rouland Founder & CEO, Bastille, 1/27/2015
Comment35 comments  |  Read  |  Post a Comment
Building A Cybersecurity Program: 3 Tips
Jason Sachowski, Senior Forensic Investigator, ScotiabankCommentary
Getting from “we need” to “we have” a cybersecurity program is an investment in time and resources that’s well worth the effort.
By Jason Sachowski Senior Forensic Investigator, Scotiabank, 1/26/2015
Comment6 comments  |  Read  |  Post a Comment
Why Russia Hacks
Mike Walls, Managing Director Security Operations & Analysis, EdgeWaveCommentary
Conventional wisdom holds that Russia hacks primarily for financial gain. But equally credible is the belief that the Russians engage in cyberwarfare to further their geopolitical ambitions.
By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 1/23/2015
Comment17 comments  |  Read  |  Post a Comment
What Government Can (And Can’t) Do About Cybersecurity
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
In his 2015 State of the Union address, President Obama introduced a number of interesting, if not terribly novel, proposals. Here are six that will have minimal impact.
By Jeff Williams CTO, Aspect Security & Contrast Security, 1/22/2015
Comment18 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
With $7M in New Funding, Sqrrl Launches Linked Data Analysis Platform
ZeroFOX Acquires Vulnr
Ed Survey Results: Insider Threats
Verizon Announces Security Enhancement for IoT Deployments
New GHOST Vuln Affecting Linux
RiskIQ Finds More Than 11 Percent of Android Banking and Finance- Related Apps are Suspicious
Waverley Labs and the Energy Production Infrastructure Center at UNC Charlotte Successfully Quantify Digital Risks for Power Grids
WatchGuard Uncovers Guest Network Security Lapses
More Products & Releases
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7421
Published: 2015-03-02
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.

CVE-2014-8160
Published: 2015-03-02
net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disall...

CVE-2014-9644
Published: 2015-03-02
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-201...

CVE-2015-0239
Published: 2015-03-02
The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYS...

CVE-2014-8921
Published: 2015-03-01
The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the automatic configuration option, which makes it easier for remote attackers to capture credentials by c...

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.