Database Security
Authentication
Privacy
Compliance
Careers & People
Identity & Access Management
Threat Intelligence
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Analytics // Security Monitoring
News & Commentary
New Model Uses 'Malicious Language Of The Internet' To Find Threats Fast
Sara Peters, Senior Editor at Dark ReadingNews
OpenDNS's new NLPRank tool may identify malicious domains before they are even put to nefarious use.
By Sara Peters Senior Editor at Dark Reading, 3/5/2015
Comment1 Comment  |  Read  |  Post a Comment
Which Apps Should You Secure First? Wrong Question.
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
Instead, develop security instrumentation capability and stop wasting time on '4 terrible tactics' that focus on the trivial.
By Jeff Williams CTO, Aspect Security & Contrast Security, 3/5/2015
Comment1 Comment  |  Read  |  Post a Comment
Cyber Intelligence: Defining What You Know
Jason Polancich, Founder & Chief Architect, SurfWatchLabsCommentary
Too often management settles for security data about things that are assumed rather than things you can prove or that you know are definitely wrong.
By Jason Polancich Founder & Chief Architect, SurfWatchLabs, 2/27/2015
Comment1 Comment  |  Read  |  Post a Comment
Newly Discovered 'Master' Cyber Espionage Group Trumps Stuxnet
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The so-called Equation Group epitomizes the goal of persistence in cyber spying--reprogramming hard drives and hacking other targets such as air-gapped computers--and points to possible US connection.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/16/2015
Comment13 comments  |  Read  |  Post a Comment
Nation-State Cyber Espionage, Targeted Attacks Becoming Global Norm
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New report shows 2014 as the year of China's renewed resiliency in cyber espionage--with Hurricane Panda storming its targets--while Russia, Iran, and North Korea, emerging as major players in hacking for political, nationalistic, and competitive gain.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/10/2015
Comment2 comments  |  Read  |  Post a Comment
Security Budgets Going Up, Thanks To Mega-Breaches
Sara Peters, Senior Editor at Dark ReadingNews
Sixty percent of organizations have increased their security spending by one-third -- but many security managers still don't think that's enough, Ponemon study finds.
By Sara Peters Senior Editor at Dark Reading, 1/21/2015
Comment5 comments  |  Read  |  Post a Comment
New Technology Detects Cyberattacks By Their Power Consumption
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Startup's "power fingerprinting" approach catches stealthy malware within milliseconds in DOE test.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/20/2015
Comment2 comments  |  Read  |  Post a Comment
Why North Korea Hacks
Mike Walls, Managing Director Security Operations & Analysis, EdgeWaveCommentary
The motivation behind Democratic People’s Republic of Korea hacking is rooted in a mix of retribution, paranoia, and the immature behavior of an erratic leader.
By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 1/15/2015
Comment10 comments  |  Read  |  Post a Comment
Nation-State Cyberthreats: Why They Hack
Mike Walls, Managing Director Security Operations & Analysis, EdgeWaveCommentary
All nations are not created equal and, like individual hackers, each has a different motivation and capability.
By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 1/8/2015
Comment10 comments  |  Read  |  Post a Comment
Using Free Tools To Detect Attacks On ICS/SCADA Networks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
ICS/SCADA experts say open-source network security monitoring software is a simple and cheap way to catch hackers targeting plant operations.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/8/2015
Comment0 comments  |  Read  |  Post a Comment
Why Digital Forensics In Incident Response Matters More Now
Craig Carpenter, President & COO, Resolution1 SecurityCommentary
By understanding what happened, when, how, and why, security teams can prevent similar breaches from occurring in the future.
By Craig Carpenter President & COO, Resolution1 Security, 12/24/2014
Comment6 comments  |  Read  |  Post a Comment
JPMorgan Hack: 2FA MIA In Breached Server
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Sources close to the breach investigation say a network server missing two-factor authentication let attackers make their way into JPMorgan's servers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/24/2014
Comment17 comments  |  Read  |  Post a Comment
Why ‘Regin’ Malware Changes Threatscape Economics
Adam Firestone, President & GM, Kaspersky Government Security SolutionsCommentary
Never before have attackers been able to deploy a common malware platform and configure it as necessary with low-cost, quick-turnaround business logic apps.
By Adam Firestone President & GM, Kaspersky Government Security Solutions, 12/4/2014
Comment3 comments  |  Read  |  Post a Comment
Breaking the Code: The Role of Visualization in Security Research
Thibault Reuille, Security Researcher, OpenDNSCommentary
In today’s interconnected, data rich IT environments, passive inspection of information is not enough.
By Thibault Reuille Security Researcher, OpenDNS, 12/1/2014
Comment1 Comment  |  Read  |  Post a Comment
Data Management Vs. Data Loss Prevention: Vive La Différence!
Todd Feinman, President & CEO, Identity FinderCommentary
A sensitive data management strategy can include the use of DLP technology, but it also involves a comprehensive understanding of where your data is and what specifically is at risk.
By Todd Feinman President & CEO, Identity Finder, 11/25/2014
Comment4 comments  |  Read  |  Post a Comment
Deconstructing The Cyber Kill Chain
Giora Engel, VP Product & Strategy, LightCyberCommentary
As sexy as it is, the Cyber Kill Chain model can actually be detrimental to network security because it reinforces old-school, perimeter-focused, malware-prevention thinking.
By Giora Engel VP Product & Strategy, LightCyber, 11/18/2014
Comment5 comments  |  Read  |  Post a Comment
Rethinking Security With A System Of 'Checks & Balances'
Brian Foster, CTO, DamballaCommentary
For too long, enterprises have given power to one branch of security governance -- prevention -- at the expense of the other two: detection and response.
By Brian Foster CTO, Damballa, 11/14/2014
Comment7 comments  |  Read  |  Post a Comment
Time To Turn The Tables On Attackers
Amit Yoran, President, RSACommentary
As a security industry, we need to arm business with innovative technologies that provide visibility, analysis, and action to prevent inevitable breaches from causing irreparable damage.
By Amit Yoran President, RSA, 11/13/2014
Comment5 comments  |  Read  |  Post a Comment
Better Together: Why Cyber Security Vendors Are Teaming Up
Yoav Leitersdorf and Ofer Schreiber , Managing Partner & Partner, YL VenturesCommentary
Alliances, mergers, and acquisitions are ushering in an era of unprecedented “co-opetition” among former rivals for your point solution business.
By Yoav Leitersdorf and Ofer Schreiber Managing Partner & Partner, YL Ventures, 11/12/2014
Comment6 comments  |  Read  |  Post a Comment
Workplace Privacy: Big Brother Is Watching
David Melnick, Founder & CEO, WebLife BalanceCommentary
Companies may have the right to monitor employees who are checking their bank balances or shopping online on corporate networks. The real question is, should they?
By David Melnick Founder & CEO, WebLife Balance, 11/4/2014
Comment12 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
ForeScout Appoints Former Intel Security President Michael DeCesare as CEO
Lumeta Announces Strategic Partnership with Nordisk Systems, Inc.
With $7M in New Funding, Sqrrl Launches Linked Data Analysis Platform
ForgeRock and FireEye Join Forces to Detect Cyber Attacks with Identity-Aware Threat Intelligence Solution
Rapid7 Announces Additional Funding
ExtraHop and FireEye Team Up to Defend Against Security Threats
Tripwire Announces Adaptive Threat Protection
Zscaler Launches New Advanced Persistent Threat Protection
More Products & Releases
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-9688
Published: 2015-03-05
Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users.

CVE-2015-2214
Published: 2015-03-05
NetCat 5.01 and earlier allows remote attackers to obtain the installation path via the redirect_url parameter to netshop/post.php.

CVE-2015-2215
Published: 2015-03-05
Open redirect vulnerability in the Services single sign-on server helper (services_sso_server_helper) module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters.

CVE-2015-2216
Published: 2015-03-05
SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme 4.x for WordPress allows remote attackers to execute arbitrary SQL commands via the prod_id parameter.

CVE-2015-2218
Published: 2015-03-05
Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) item[name] or (2) item[customcss] parameter in a w...

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.