Risk
News & Commentary
Back To Basics: 10 Security Best Practices
Nimmy Reichenberg, VP of Strategy, AlgoSecCommentary
The most effective strategy for keeping organizations, users and customers safe is to focus on the fundamentals.
By Nimmy Reichenberg VP of Strategy, AlgoSec, 9/4/2015
Comment0 comments  |  Read  |  Post a Comment
Stealing Data By 'Living Off The Land'
Rutrell Yasin, Business Technology Writer, Tech Writers BureauNews
Hackers latest tactic involves a malware-free attack using a company’s own system credentials and admin tools to gain access.
By Rutrell Yasin Business Technology Writer, Tech Writers Bureau, 9/3/2015
Comment0 comments  |  Read  |  Post a Comment
VMware Expands NSX Platform Security
Marcia Savage, Managing Editor, Network ComputingNews
VMware is working to add network encryption as a distributed service via its network virtualization platform.
By Marcia Savage Managing Editor, Network Computing, 9/3/2015
Comment1 Comment  |  Read  |  Post a Comment
Baby Monitors Expose Home -- And Business -- Networks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers find major security flaws in popular networked video baby monitor products that could allow attackers to snoop on babies and businesses.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/2/2015
Comment2 comments  |  Read  |  Post a Comment
We Can Allow Cybersecurity Research Without Stifling Innovation
Gavin Reid, Vice President, Threat Intelligence, Lancope IncCommentary
The U.S. government is in a unique position to become a global leader in cybersecurity. But only if it retains the open spirit of the Internet that kick-started the Information Age.
By Gavin Reid Vice President, Threat Intelligence, Lancope Inc, 9/1/2015
Comment0 comments  |  Read  |  Post a Comment
A CISO's View of Mobile Security Strategy, With Stacey Halota
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
CISO of Graham Holdings visits Dark Reading News Desk at Black Hat to discuss why mobile security is a top priority and how to use mobile devices as a security tool.
By Sara Peters Senior Editor at Dark Reading, 8/31/2015
Comment0 comments  |  Read  |  Post a Comment
Top Infosec Execs Will Eventually Report To CEOs, CISOs Say
Kevin West, CEO & founder, K logixCommentary
But becoming a trusted resource to the executive suite will demand major changes in the traditional chief information security officer role.
By Kevin West CEO & founder, K logix, 8/31/2015
Comment1 Comment  |  Read  |  Post a Comment
FBI Sounds Alarm Again On Business Email Compromise Threat
Jai Vijayan, Freelance writerNews
Over 7,000 US business have been victimized by so-called BEC fraud between October 2013 and August 2015 alone, the FBI said in an alert this week.
By Jai Vijayan Freelance writer, 8/28/2015
Comment2 comments  |  Read  |  Post a Comment
Cybersecurity Under FTC Authority: What Does it Mean?
Tom Kellermann, Chief Cybersecurity Office, Trend MicroCommentary
Consumers can now expect the same level of security and privacy in the digital realm as they do in the physical.
By Tom Kellermann Chief Cybersecurity Office, Trend Micro, 8/27/2015
Comment8 comments  |  Read  |  Post a Comment
Seeing Into Security 'Blind Spots' With Bay Dynamics' Gautam Aggarwal
Dark Reading Staff, CommentaryVideo
Gautam Aggarwal, CMO of Bay Dynamics, visits Dark Reading News Desk at Black Hat to explain that it’s important to not just develop a cybersecurity strategy, but to also better understand what your security blind spots are.
By Dark Reading Staff , 8/27/2015
Comment3 comments  |  Read  |  Post a Comment
Evolution Of The CISO And The Board: BAE Systems’ Jim Anderson Explains
Dark Reading Staff, CommentaryVideo
President of the Americas for BAE Systems Applied Intelligence, Jim Anderson, joins the Dark Reading News Desk at Black Hat to explain how the CISO has to improve communications with the corporate board and better explain overall security strategy.
By Dark Reading Staff , 8/27/2015
Comment0 comments  |  Read  |  Post a Comment
RiskIQ's Arian Evans Talks Up Hunting Down Digital Assets
Dark Reading Staff, CommentaryVideo
You can't protect what you can't find. Arian Evans, vice president of product marketing for RiskIQ, joins the Dark Reading News Desk at Black Hat to explain how to discover all your assets.
By Dark Reading Staff , 8/27/2015
Comment0 comments  |  Read  |  Post a Comment
Consumers Want Password Alternatives
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Consumer confidence in online passwords wanes and their password hygiene remains as sketchy as ever, study finds.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/27/2015
Comment0 comments  |  Read  |  Post a Comment
A Tale Of Two IoT Security Outcomes
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Commandeered Jeep gets fixed but a 'hijacked' satellite network does not? Why Internet of Things security remains a work in progress.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/26/2015
Comment1 Comment  |  Read  |  Post a Comment
Beware The Hidden Risk Of Business Partners In The Cloud
Sekhar Sarukkai, Co-founder & VP, Engineering, Skyhigh NetworksCommentary
Enterprises vastly underestimate the cyber risk from digital connections to vendors, suppliers, agencies, consultants -- and any company with which employees do business.
By Sekhar Sarukkai Co-founder & VP, Engineering, Skyhigh Networks, 8/20/2015
Comment1 Comment  |  Read  |  Post a Comment
CISOs Spend Too Much Time On Tech, Not Enough On Strategy
Sara Peters, Senior Editor at Dark ReadingNews
Deloitte's CISO Transition Lab finds CISOs spend 77 percent of their time on technical aspects of the job, and is helping them become more strategic.
By Sara Peters Senior Editor at Dark Reading, 8/17/2015
Comment2 comments  |  Read  |  Post a Comment
Richard Bejtlich Talks Business Security Strategy, US Security Policy
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Chief security strategist of FireEye talks at the Dark Reading News Desk at Black Hat about attribution, the war on encryption, and what should drive your security department.
By Sara Peters Senior Editor at Dark Reading, 8/17/2015
Comment1 Comment  |  Read  |  Post a Comment
Securing Black Hat From Black Hat
Aamir Lakhani, Senior Security Strategist & Hacker, Fortinet, FortiGuard Advanced LabsCommentary
‘Dr. Chaos’ shares the inside scoop on the challenges and rewards of protecting one of the 'most hostile networks on the planet.'
By Aamir Lakhani Senior Security Strategist & Hacker, Fortinet, FortiGuard Advanced Labs, 8/14/2015
Comment1 Comment  |  Read  |  Post a Comment
View From The Top: Government’s Role In Cybersecurity
Sara Peters, Senior Editor at Dark Reading
At the DarkReading News Desk, live from Black Hat, industry experts Dan Kaminsky, Richard Bejtlich, Katie Moussouris, Paul Kurtz, and Rod Beckstrom talked about how government is hurting and could be helping infosec.
By Sara Peters Senior Editor at Dark Reading, 8/14/2015
Comment1 Comment  |  Read  |  Post a Comment
Former White House Advisor, Paul Kurtz, On Info Sharing & Government Action
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Former cybersecurity advisor to the White House talks to Sara Peters at Black Hat about information sharing, attribution, cybersecurity legislation, and his new start-up.
By Sara Peters Senior Editor at Dark Reading, 8/12/2015
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-9605
Published: 2015-09-04
WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a ' (single quote) character in the login and password parameters to webup...

CVE-2015-5612
Published: 2015-09-04
Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via the caption tag of a profile image.

CVE-2015-5688
Published: 2015-09-04
Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.

CVE-2015-6807
Published: 2015-09-04
Cross-site scripting (XSS) vulnerability in the Mass Contact module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer mass contact" permission to inject arbitrary web script or HTML via a category label.

CVE-2015-6808
Published: 2015-09-04
Cross-site scripting (XSS) vulnerability in the Spotlight module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title.

Dark Reading Radio
Archived Dark Reading Radio
Another Black Hat is in the books and Dark Reading was there. Join the editors as they share their top stories, biggest lessons, and best conversations from the premier security conference.