Database Security
Authentication
Privacy
Compliance
Careers & People
Identity & Access Management
Threat Intelligence
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Risk
News & Commentary
5 New Vulnerabilities Uncovered In SAP
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Onapsis researchers find bugs in SAP BusinessObjects and SAP HANA.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/26/2015
Comment0 comments  |  Read  |  Post a Comment
Our Governments Are Making Us More Vulnerable
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
Stuxnet opened Pandora’s box and today state-sponsored cyber security policies continue to put us at risk. Here are three reasons why.
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 2/19/2015
Comment11 comments  |  Read  |  Post a Comment
Researchers Report Details On Arabic-Speaking Cyberespionage Gang
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Trend Micro and Kaspersky researchers warn of Middle Eastern attack campaigns focused on "perceived enemies of Islam."
By Ericka Chickowski Contributing Writer, Dark Reading, 2/17/2015
Comment0 comments  |  Read  |  Post a Comment
Why The USA Hacks
Mike Walls, Managing Director Security Operations & Analysis, EdgeWaveCommentary
The U.S. government views cyberspace as just another theater of war akin to air, land and sea, and it operates in the domain for one basic reason: national defense.
By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 2/17/2015
Comment7 comments  |  Read  |  Post a Comment
Sony Hack: Poster Child For A New Era Of Cyber Attacks
Dmitri Alperovitch, Co-Founder & CTO, CrowdStrikeCommentary
What made the Sony breach unique is the combination of four common tactics into a single orchestrated campaign designed to bend a victim to the will of the attackers.
By Dmitri Alperovitch Co-Founder & CTO, CrowdStrike, 2/13/2015
Comment4 comments  |  Read  |  Post a Comment
A Winning Strategy: Must Patch, Should Patch, Can't Patch
Jeff Schilling, CSO, FirehostCommentary
The best way to have a significant impact on your company's security posture is to develop an organized effort for patching vulnerabilities.
By Jeff Schilling CSO, Firehost, 2/11/2015
Comment2 comments  |  Read  |  Post a Comment
Chinese Hacking Group Codoso Team Uses Forbes.com As Watering Hole
Ericka Chickowski, Contributing Writer, Dark ReadingNews
ASLR vulnerability patched today used in tandem with previously patched Flash vuln to carry out drive-by-downloads against political and economic targets
By Ericka Chickowski Contributing Writer, Dark Reading, 2/10/2015
Comment1 Comment  |  Read  |  Post a Comment
How Malware Bypasses Our Most Advanced Security Measures
Alon Nafta, Senior Security Researcher, SentinelOneCommentary
We unpack three common attack vectors and five evasion detection techniques.
By Alon Nafta Senior Security Researcher, SentinelOne, 2/10/2015
Comment8 comments  |  Read  |  Post a Comment
Bridging the Cybersecurity Skills Gap: 3 Big Steps
Michelle Drolet, Founder, TowerwallCommentary
The stakes are high. Establishing clear pathways into the industry, standardizing jobs, and assessing skills will require industry-wide consensus and earnest collaboration.
By Michelle Drolet Founder, Towerwall, 2/9/2015
Comment4 comments  |  Read  |  Post a Comment
Anthem Breach Should Convince Healthcare To Double Down On Security
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Mega breach brings focus back on inadequacies of healthcare security.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/6/2015
Comment6 comments  |  Read  |  Post a Comment
Why Israel Hacks
Mike Walls, Managing Director Security Operations & Analysis, EdgeWaveCommentary
Israel's tenuous position in the world drives its leaders to stay ahead of its cyber adversaries, chief among them the Islamic Republic of Iran.
By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 2/5/2015
Comment3 comments  |  Read  |  Post a Comment
A Mere 8 Days After Breach, Anthem Healthcare Notifies Customers
Sara Peters, Senior Editor at Dark ReadingNews
Was the data encrypted in storage? Investigators aren't saying, but they hint that it wouldn't matter either way.
By Sara Peters Senior Editor at Dark Reading, 2/5/2015
Comment13 comments  |  Read  |  Post a Comment
Shifting Paradigms: The Case for Cyber Counter-Intelligence
Adam Firestone, President & GM, Kaspersky Government Security SolutionsCommentary
Cyber Counter-Intelligence and traditional information security share many aspects. But CCI picks up where infosec ends -- with an emphasis on governance, automation, timeliness, and reporting.
By Adam Firestone President & GM, Kaspersky Government Security Solutions, 2/4/2015
Comment2 comments  |  Read  |  Post a Comment
Proposed Federal Data Breach Law Is Nice Gesture But No Panacea
Rick Kam, President & Co-founder, ID ExpertsCommentary
President Obama’s SOTU proposal demonstrates the growing importance of data protection for individuals but does little to address compliance complexities for business.
By Rick Kam President & Co-founder, ID Experts, 2/3/2015
Comment0 comments  |  Read  |  Post a Comment
How The Skills Shortage Is Killing Defense in Depth
David Holmes, World-Wide Security Evangelist, F5Commentary
It used to be easy to sell specialized security gizmos but these days when a point product gets pitched to a CSO, the response is likely “looks nifty, but I don’t have the staff to deploy it.”
By David Holmes World-Wide Security Evangelist, F5, 1/30/2015
Comment12 comments  |  Read  |  Post a Comment
WiIl Millennials Be The Death Of Data Security?
Chris Rouland, Founder & CEO, BastilleCommentary
Millennials, notoriously promiscuous with data and devices, this year will become the largest generation in the workforce. Is your security team prepared?
By Chris Rouland Founder & CEO, Bastille, 1/27/2015
Comment35 comments  |  Read  |  Post a Comment
Building A Cybersecurity Program: 3 Tips
Jason Sachowski, Senior Forensic Investigator, ScotiabankCommentary
Getting from “we need” to “we have” a cybersecurity program is an investment in time and resources that’s well worth the effort.
By Jason Sachowski Senior Forensic Investigator, Scotiabank, 1/26/2015
Comment6 comments  |  Read  |  Post a Comment
Why Russia Hacks
Mike Walls, Managing Director Security Operations & Analysis, EdgeWaveCommentary
Conventional wisdom holds that Russia hacks primarily for financial gain. But equally credible is the belief that the Russians engage in cyberwarfare to further their geopolitical ambitions.
By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 1/23/2015
Comment17 comments  |  Read  |  Post a Comment
What Government Can (And Can’t) Do About Cybersecurity
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
In his 2015 State of the Union address, President Obama introduced a number of interesting, if not terribly novel, proposals. Here are six that will have minimal impact.
By Jeff Williams CTO, Aspect Security & Contrast Security, 1/22/2015
Comment18 comments  |  Read  |  Post a Comment
President's Plan To Crack Down On Hacking Could Hurt Good Hackers
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Security experts critical of President Obama's new proposed cybersecurity legislation.
By Ericka Chickowski Contributing Writer, Dark Reading, 1/21/2015
Comment9 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
With $7M in New Funding, Sqrrl Launches Linked Data Analysis Platform
ZeroFOX Acquires Vulnr
Ed Survey Results: Insider Threats
Verizon Announces Security Enhancement for IoT Deployments
New GHOST Vuln Affecting Linux
RiskIQ Finds More Than 11 Percent of Android Banking and Finance- Related Apps are Suspicious
Waverley Labs and the Energy Production Infrastructure Center at UNC Charlotte Successfully Quantify Digital Risks for Power Grids
WatchGuard Uncovers Guest Network Security Lapses
More Products & Releases
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-9676
Published: 2015-02-27
The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service ("invalid memory handler") and possibly execute arbitrary code via a crafted video that triggers a use after free.

CVE-2014-9682
Published: 2015-02-27
The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function.

CVE-2015-0655
Published: 2015-02-27
Cross-site scripting (XSS) vulnerability in Unified Web Interaction Manager in Cisco Unified Web and E-Mail Interaction Manager allows remote attackers to inject arbitrary web script or HTML via vectors related to a POST request, aka Bug ID CSCus74184.

CVE-2015-0884
Published: 2015-02-27
Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.

CVE-2015-0885
Published: 2015-02-27
checkpw 1.02 and earlier allows remote attackers to cause a denial of service (infinite loop) via a -- (dash dash) in a username.

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.