Analytics
News & Commentary
InfoSec’s Holy Grail: Data Sharing & Collaboration
Levi Gundert, Technical Lead, Cisco Threat Research, Analysis, and Communications (TRAC)Commentary
Despite all the best intentions, cooperation around Internet security is a still a work in progress. Case in point: Microsoft’s unilateral action against No-IP.
By Levi Gundert Technical Lead, Cisco Threat Research, Analysis, and Communications (TRAC), 7/31/2014
Comment0 comments  |  Read  |  Post a Comment
The Perfect InfoSec Mindset: Paranoia + Skepticism
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
A little skeptical paranoia will ensure that you have the impulse to react quickly to new threats while retaining the logic to separate fact from fiction.
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 7/29/2014
Comment5 comments  |  Read  |  Post a Comment
Researchers Develop 'BlackForest' To Collect, Correlate Threat Intelligence
Brian Prince, Contributing Writer, Dark ReadingNews
Researchers at the Georgia Tech Research Institute develop the BlackForest system to help organizations uncover and anticipate cyberthreats.
By Brian Prince Contributing Writer, Dark Reading, 7/25/2014
Comment2 comments  |  Read  |  Post a Comment
Internet of Things: 4 Security Tips From The Military
Michael K. Daly, CTO, Cybersecurity & Special Missions, Raytheon Intelligence, Information & ServicesCommentary
The military has been connecting mobile command posts, unmanned vehicles, and wearable computers for decades. It’s time to take a page from their battle plan.
By Michael K. Daly CTO, Cybersecurity & Special Missions, Raytheon Intelligence, Information & Services, 7/25/2014
Comment13 comments  |  Read  |  Post a Comment
Government-Grade Stealth Malware In Hands Of Criminals
Sara Peters, News
"Gyges" can be bolted onto other malware to hide it from anti-virus, intrusion detection systems, and other security tools.
By Sara Peters , 7/17/2014
Comment13 comments  |  Read  |  Post a Comment
How Next-Generation Security Is Redefining The Cloud
Bill Kleyman, National Director of Strategy & Innovation, MTM TechnologiesCommentary
Your cloud, datacenter, and infrastructure all contain flexible and agile components. Your security model should be the same.
By Bill Kleyman National Director of Strategy & Innovation, MTM Technologies, 7/14/2014
Comment10 comments  |  Read  |  Post a Comment
While Brazilians Watch World Cup, Bank Fraudsters Are At Work
Sara Peters, News
Passive biometrics allow BioCatch to tell the difference between busy fraudsters and distraught soccer fans.
By Sara Peters , 7/11/2014
Comment8 comments  |  Read  |  Post a Comment
Strategic Security: Begin With The End In Mind
Jason Sachowski, Sr. Manager, Security R&D, ScotiabankCommentary
The trouble with traditional infosec methodology is that it doesn’t show us how to implement a strategic security plan in the real world.
By Jason Sachowski Sr. Manager, Security R&D, Scotiabank, 7/11/2014
Comment9 comments  |  Read  |  Post a Comment
Controversial Cyber Security Bill Advances
Thomas Claburn, Editor-at-LargeCommentary
Senate bill aims to promote information sharing to combat cyberthreats, but critics contend it lacks privacy protections.
By Thomas Claburn Editor-at-Large, 7/9/2014
Comment10 comments  |  Read  |  Post a Comment
6 Tips for Using Big Data to Hunt Cyberthreats
Timber Wolfe, Principal Security Engineer, TrainACECommentary
You need to be smart about harnessing big data to defend against today’s security threats, data breaches, and attacks.
By Timber Wolfe Principal Security Engineer, TrainACE, 7/8/2014
Comment10 comments  |  Read  |  Post a Comment
4 Facebook Privacy Intrusion Fixes
Kristin Burnham, Senior Editor, InformationWeek.comCommentary
Facebook may control most of your data, but you can take protective steps. Here's what you need to know.
By Kristin Burnham Senior Editor, InformationWeek.com, 6/30/2014
Comment16 comments  |  Read  |  Post a Comment
Dell Focuses On Security
Michael Endler, Associate Editor, InformationWeek.comCommentary
Dell made a flurry of security-minded announcements this week, highlighted by improvements to its Dropbox for Business integration.
By Michael Endler Associate Editor, InformationWeek.com, 6/26/2014
Comment5 comments  |  Read  |  Post a Comment
Crowdsourcing & Cyber Security: Who Do You Trust?
Robert R. Ackerman Jr., Founder & Managing Director, Allegis CapitalCommentary
A collective security defense can definitely tip the balance in favor of the good guys. But challenges remain.
By Robert R. Ackerman Jr. Founder & Managing Director, Allegis Capital, 6/24/2014
Comment3 comments  |  Read  |  Post a Comment
DNS Pioneer Founds New Security Startup
Kelly Jackson Higgins, Senior Editor, Dark ReadingQuick Hits
Paul Vixie launches Farsight Security, aimed at catching domain abuse early in the lifecycle.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 6/23/2014
Comment5 comments  |  Read  |  Post a Comment
P.F. Chang's Breach Went Undetected For Months
Lucas Zaichkowsky, Enterprise Defense Architect, AccessDataCommentary
Early reports indicate that the compromise involved a large number of restaurant locations and dates as far back as September 2013.
By Lucas Zaichkowsky Enterprise Defense Architect, AccessData, 6/23/2014
Comment4 comments  |  Read  |  Post a Comment
Phishing Scam Targeted 75 US Airports
William Welsh, Contributing WriterCommentary
Major cyberattack carried out in 2013 by an undisclosed nation-state sought to breach US commercial aviation networks, says Center for Internet Security report.
By William Welsh Contributing Writer, 6/23/2014
Comment0 comments  |  Read  |  Post a Comment
SMBs Ignoring Insider Threats
Henry Kenyon, Commentary
Many smaller organizations do not adequately protect against insider threats, CERT expert warns.
By Henry Kenyon , 6/23/2014
Comment7 comments  |  Read  |  Post a Comment
Monitor DNS Traffic & You Just Might Catch A RAT
Dave Piscitello, VP Security, ICANNCommentary
Criminals will exploit any Internet service or protocol when given the opportunity. Here are six signs of suspicious activity to watch for in the DNS.
By Dave Piscitello VP Security, ICANN, 6/12/2014
Comment3 comments  |  Read  |  Post a Comment
Putter Panda: Tip Of The Iceberg
George Kurtz, President & CEO, CrowdStrikeCommentary
What CrowdStrike's outing of Putter Panda -- the second hacking group linked to China's spying on US defense and European satellite and aerospace industries -- means for the security industry.
By George Kurtz President & CEO, CrowdStrike, 6/10/2014
Comment3 comments  |  Read  |  Post a Comment
BYOD: Build A Policy That Works
Ericka Chickowski, Contributing Writer, Dark ReadingCommentary
To secure employee-owned smartphones and tablets, it takes a practical, enforceable set of guidelines.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/9/2014
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Current Issue
Cartoon
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-6651
Published: 2014-07-31
Multiple directory traversal vulnerabilities in the Vitamin plugin before 1.1.0 for WordPress allow remote attackers to access arbitrary files via a .. (dot dot) in the path parameter to (1) add_headers.php or (2) minify.php.

CVE-2014-2970
Published: 2014-07-31
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5139. Reason: This candidate is a duplicate of CVE-2014-5139, and has also been used to refer to an unrelated topic that is currently outside the scope of CVE. This unrelated topic is a LibreSSL code change adding functionality ...

CVE-2014-3488
Published: 2014-07-31
The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.

CVE-2014-3554
Published: 2014-07-31
Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp allows remote routers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS Search List (DNSSL) in an IPv6 router advertisement.

CVE-2014-5171
Published: 2014-07-31
SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network.

Best of the Web
Dark Reading Radio