Database Security
Authentication
Privacy
Compliance
Careers & People
Identity & Access Management
Threat Intelligence
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Analytics // Security Monitoring
News & Commentary
Report: Some Retail Firms Still Don't Recognize Cyber Security Risks
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Nearly 10 percent of retail firms have not reported any cyber security exposure to the SEC since 2011, Willis Group says.
By Tim Wilson Editor in Chief, Dark Reading, 4/24/2014
Comment1 Comment  |  Read  |  Post a Comment
Workplace Data Privacy Vs. Security: The New Balance
David Melnick, Founder & CEO, WebLife BalanceCommentary
Is it time to rethink the traditional lock-down approach to employee use of corporate networks at work?
By David Melnick Founder & CEO, WebLife Balance, 4/23/2014
Comment10 comments  |  Read  |  Post a Comment
11 Heartbleed Facts: Vulnerability Discovery, Mitigation Continue
Mathew J. Schwartz, News
Millions of websites, applications from Cisco and VMware, Google Play apps, as well as millions of Android devices are vulnerable -- and the list keeps growing.
By Mathew J. Schwartz , 4/17/2014
Comment2 comments  |  Read  |  Post a Comment
Be Careful Beating Up Target
Craig Carpenter, Chief Cybersecurity Strategist, AccessDataCommentary
Target was actually better prepared than most retailers. The real problem lies with the current state of industry threat intelligence and IR practices.
By Craig Carpenter Chief Cybersecurity Strategist, AccessData, 4/1/2014
Comment13 comments  |  Read  |  Post a Comment
Incident Response Now Shaping Security Operations
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
How an organization reacts to hackers infiltrating its network is becoming the key to damage control for data -- and the corporate image.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/28/2014
Comment4 comments  |  Read  |  Post a Comment
Attacks Rise On Network 'Blind' Spot
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Interop speaker says DDoS attacks are not the only forms of abuse on the Domain Name Server.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/27/2014
Comment4 comments  |  Read  |  Post a Comment
Symantec Fires CEO In Surprise Move
Mathew J. Schwartz, News
Analysts question security and storage giant's turnaround after the board fires its second CEO in two years.
By Mathew J. Schwartz , 3/21/2014
Comment10 comments  |  Read  |  Post a Comment
Will Target Face FTC Probe?
Mathew J. Schwartz, News
Retailer's security practices remain under scrutiny as regulators ponder FTC investigation. Meanwhile, Sony options rights to Hollywood cyber-thriller based on breach story.
By Mathew J. Schwartz , 3/20/2014
Comment9 comments  |  Read  |  Post a Comment
Many Businesses Fail To Disclose Data Breaches
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Only about 35% of businesses worldwide say they share attack and threat information with others in their industry, even though 77% admit to suffering from a cyberattack.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/19/2014
Comment2 comments  |  Read  |  Post a Comment
Linux Takeover Artists Fling 35M Spam Messages Daily
Mathew J. Schwartz, News
"Operation Windigo" server takeover campaign controls 10,000 hacked servers, launches millions of spam, malware, and drive-by exploit kit attacks per day.
By Mathew J. Schwartz , 3/19/2014
Comment0 comments  |  Read  |  Post a Comment
Attackers Hit Clearinghouse Selling Stolen Target Data
Mathew J. Schwartz, News
Hackers interrupt and deface sites of black-market forums selling credit card data stolen from Target and other retailers.
By Mathew J. Schwartz , 3/18/2014
Comment4 comments  |  Read  |  Post a Comment
7 Behaviors That Could Indicate A Security Breach
Becca Lipman, News
Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.
By Becca Lipman , 3/14/2014
Comment1 Comment  |  Read  |  Post a Comment
Target Ignored Data Breach Alarms
Mathew J. Schwartz, News
Target's security team reviewed -- and ignored -- urgent warnings from threat-detection tool about unknown malware spotted on the network.
By Mathew J. Schwartz , 3/14/2014
Comment21 comments  |  Read  |  Post a Comment
Retail Industry May Pool Intel To Stop Breaches
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Target and other shopper-data breaches turn up the heat on retail industry to establish a cyberthreat Information-Sharing and Analysis Center.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/12/2014
Comment2 comments  |  Read  |  Post a Comment
Can We Control Our Digital Identities?
Mark Bregman, Senior Vice President & Chief Technology Officer, NeustarCommentary
The web and cloud need an identity layer for people to give us more control over our sprawling digital identities.
By Mark Bregman Senior Vice President & Chief Technology Officer, Neustar, 3/11/2014
Comment4 comments  |  Read  |  Post a Comment
Target CIO's Resignation: 7 Questions
Mathew J. Schwartz, News
After the data breach, why didn't the buck stop with PCI assessors or CEO? Search for accountability reveals flawed system, much finger-pointing.
By Mathew J. Schwartz , 3/6/2014
Comment10 comments  |  Read  |  Post a Comment
Target Starts Security, Compliance Makeover
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
With CIO departing, security and compliance get a higher profile at the beleaguered retailer in the wake of its massive data breach.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/6/2014
Comment0 comments  |  Read  |  Post a Comment
Data Breach: ‘Persistence’ Gives Hackers the Upper Hand
Martin Lee, Technical Lead, Threat Research, Analysis & Communications, CiscoCommentary
Hackers are winning on speed and determination. But we can stack the odds in our favor by shifting the time frames of an attack. Here's how.
By Martin Lee Technical Lead, Threat Research, Analysis & Communications, Cisco, 3/5/2014
Comment2 comments  |  Read  |  Post a Comment
Fresh Target Breach Cards Hitting Black Market
Mathew J. Schwartz, News
A Bitcoin-powered marketplace is selling stolen card data in small batches, offering card validity guarantees, an RSA presentation reveals.
By Mathew J. Schwartz , 2/28/2014
Comment15 comments  |  Read  |  Post a Comment
DDoS Attack! Is Regulation The Answer?
Dave Piscitello, VP Security, ICANNCommentary
Four security experts weigh in on why there’s been little progress in combating DDoS attacks and how companies can start fighting back.
By Dave Piscitello VP Security, ICANN, 2/28/2014
Comment9 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
North Kansas City Hospital Deploys SenSage's SIEM Solution
More Products & Releases
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web