Risk
News & Commentary
Cyber Threats: Information vs. Intelligence
Matt Hartley, VP Product Management, iSIGHT PartnersCommentary
Cyber threat intelligence or CTI is touted to be the next big thing in InfoSec. But does it narrow the security problem or compound it?
By Matt Hartley VP Product Management, iSIGHT Partners, 10/22/2014
Comment2 comments  |  Read  |  Post a Comment
Shellshock & Why EHRs Need Updating
Michael A.M. Davies, Founder & Chairman, Endeavour PartnersCommentary
Nearly half of all security breaches occur in healthcare, and outdated medical records systems make data more vulnerable. An up-to-date EHR system can help solve security concerns, save money, and improve patient care.
By Michael A.M. Davies Founder & Chairman, Endeavour Partners, 10/22/2014
Comment0 comments  |  Read  |  Post a Comment
Compliance Is A Start, Not The End
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Regulatory compliance efforts may help you get a bigger budget and reach a baseline security posture. But "compliant" does not necessarily mean "secure."
By Sara Peters Senior Editor at Dark Reading, 10/21/2014
Comment1 Comment  |  Read  |  Post a Comment
Why You Shouldn't Count On General Liability To Cover Cyber Risk
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Travelers Insurance's legal spat with P.F. Chang's over who'll pay breach costs will likely illustrate why enterprises shouldn't think of their general liability policies as backstops for cyber risk.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/20/2014
Comment6 comments  |  Read  |  Post a Comment
The Internet of Things: 7 Scary Security Scenarios
Marilyn Cohodas, Community Editor, Dark Reading
The IoT can be frightening when viewed from the vantage point of information security.
By Marilyn Cohodas Community Editor, Dark Reading, 10/16/2014
Comment7 comments  |  Read  |  Post a Comment
Cost Of A Data Breach Jumps By 23%
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Cleanup and resolution after a breach take an average of one month to complete, a new Ponemon Institute report finds.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/14/2014
Comment18 comments  |  Read  |  Post a Comment
Mastering Security Analytics
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
By Ericka Chickowski Contributing Writer, Dark Reading, 10/14/2014
Comment1 Comment  |  Read  |  Post a Comment
Stolen Medical Data Is Now A Hot Commodity
Lysa Myers, Security Researcher, ESETCommentary
While credit cards are selling for a dollar or less on the black market, personal health credentials are commanding as much as $10 per patient. Here’s why.
By Lysa Myers Security Researcher, ESET, 10/14/2014
Comment5 comments  |  Read  |  Post a Comment
Shellshock Mayhem Marks The Start Of Malware Mess
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Existing Mayhem botnet malware kit now includes Shellshock exploit -- and experts say that'll be the model for more enterprising criminals.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/13/2014
Comment3 comments  |  Read  |  Post a Comment
4 ID Management Tips For Better Breach Resistance
Ericka Chickowski, Contributing Writer, Dark ReadingNews
AT&T insider attack case highlights the need for strong privileged identity management practices.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/13/2014
Comment1 Comment  |  Read  |  Post a Comment
How Retail Can Win Back Consumer Trust
Dan Ross, CEO & President, PromisecCommentary
Customer loyalty to their favorite brands is all about trust, which today has everything to do with security and privacy.
By Dan Ross CEO & President, Promisec, 10/9/2014
Comment1 Comment  |  Read  |  Post a Comment
DHS Anti-Terrorism Program Could Provide Cyberattack Liability Protection
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The SAFETY Act can offer a layer of legal protection for cyber security vendors, providers, and enterprise security policies in the wake of an attack, an attorney says.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/8/2014
Comment1 Comment  |  Read  |  Post a Comment
Tokenization: 6 Reasons The Card Industry Should Be Wary
Pat Carroll, Executive Chairman & Founder, ValidSoftCommentary
VISA’s new token service aims to provide consumers a simple, fraud-free digital payment experience. It’s a worthy goal, but one that may prove to be more aspirational than functional.
By Pat Carroll Executive Chairman & Founder, ValidSoft, 10/7/2014
Comment4 comments  |  Read  |  Post a Comment
How Cookie-Cutter Cyber Insurance Falls Short
Kevin Smith, VP, The Graham CompanyCommentary
Many off-the-shelf cyber liability policies feature a broad range of exclusions that won’t protect your company from a data breach or ransomware attack.
By Kevin Smith VP, The Graham Company, 10/6/2014
Comment9 comments  |  Read  |  Post a Comment
Cyberinsurance Resurges In The Wake Of Mega-Breaches
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Insurance policies customized for cyberattack protection are on the rise as businesses worry they could be the next Target.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/2/2014
Comment10 comments  |  Read  |  Post a Comment
Ex-NSA Director Touts Cybersecurity As A Service
Elena Malykhina, Technology JournalistCommentary
Gen. Keith Alexander advocates a better way for companies, large and small, to deal with cyber threats.
By Elena Malykhina Technology Journalist, 10/2/2014
Comment1 Comment  |  Read  |  Post a Comment
Retailers Realize EMV Won't Save Them From Fraudsters
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Fraudsters hit retailers harder than ever in 2014 and many recognize that even though EMV's chip-and-pin authentication will stem skimming, breaches and other forms of fraud will persist.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/30/2014
Comment3 comments  |  Read  |  Post a Comment
FDA Pushes To Improve Medical Device Security
Jai Vijayan, Freelance writerCommentary
Cyber attacks pose a grave threat to the integrity of healthcare services, agency says.
By Jai Vijayan Freelance writer, 9/29/2014
Comment1 Comment  |  Read  |  Post a Comment
DoE Preps Privacy Standards For Smart Grid
Jai Vijayan, Freelance writerCommentary
Department of Energy has released a set of voluntary privacy recommendations for smart grid owners, operators, and third parties; industry stakeholders have until October 14 to comment on draft.
By Jai Vijayan Freelance writer, 9/29/2014
Comment1 Comment  |  Read  |  Post a Comment
Can We Talk? Finding A Common Security Language
Jason Polancich, Founder & Chief Architect, SurfWatchLabsCommentary
How engineers can get beyond the crippling vocabulary and semantic barrier of infosec and actually communicate about cyber risk with bosses and business colleagues.
By Jason Polancich Founder & Chief Architect, SurfWatchLabs, 9/29/2014
Comment13 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7407
Published: 2014-10-22
Cross-site request forgery (CSRF) vulnerability in the MRBS module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVE-2014-3675
Published: 2014-10-22
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.

CVE-2014-3676
Published: 2014-10-22
Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."

CVE-2014-3677
Published: 2014-10-22
Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.

CVE-2014-3828
Published: 2014-10-22
Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.