Database Security
Authentication
Privacy
Compliance
Careers & People
Identity & Access Management
Threat Intelligence
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Analytics // Security Monitoring
News & Commentary
Workplace Data Privacy Vs. Security: The New Balance
David Melnick, Founder & CEO, WebLife BalanceCommentary
Is it time to rethink the traditional lock-down approach to employee use of corporate networks at work?
By David Melnick Founder & CEO, WebLife Balance, 4/23/2014
Comment6 comments  |  Read  |  Post a Comment
11 Heartbleed Facts: Vulnerability Discovery, Mitigation Continue
Mathew J. Schwartz, News
Millions of websites, applications from Cisco and VMware, Google Play apps, as well as millions of Android devices are vulnerable -- and the list keeps growing.
By Mathew J. Schwartz , 4/17/2014
Comment2 comments  |  Read  |  Post a Comment
Be Careful Beating Up Target
Craig Carpenter, Chief Cybersecurity Strategist, AccessDataCommentary
Target was actually better prepared than most retailers. The real problem lies with the current state of industry threat intelligence and IR practices.
By Craig Carpenter Chief Cybersecurity Strategist, AccessData, 4/1/2014
Comment13 comments  |  Read  |  Post a Comment
Incident Response Now Shaping Security Operations
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
How an organization reacts to hackers infiltrating its network is becoming the key to damage control for data -- and the corporate image.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/28/2014
Comment4 comments  |  Read  |  Post a Comment
Attacks Rise On Network 'Blind' Spot
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Interop speaker says DDoS attacks are not the only forms of abuse on the Domain Name Server.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/27/2014
Comment4 comments  |  Read  |  Post a Comment
Symantec Fires CEO In Surprise Move
Mathew J. Schwartz, News
Analysts question security and storage giant's turnaround after the board fires its second CEO in two years.
By Mathew J. Schwartz , 3/21/2014
Comment10 comments  |  Read  |  Post a Comment
Will Target Face FTC Probe?
Mathew J. Schwartz, News
Retailer's security practices remain under scrutiny as regulators ponder FTC investigation. Meanwhile, Sony options rights to Hollywood cyber-thriller based on breach story.
By Mathew J. Schwartz , 3/20/2014
Comment9 comments  |  Read  |  Post a Comment
Many Businesses Fail To Disclose Data Breaches
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Only about 35% of businesses worldwide say they share attack and threat information with others in their industry, even though 77% admit to suffering from a cyberattack.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/19/2014
Comment2 comments  |  Read  |  Post a Comment
Linux Takeover Artists Fling 35M Spam Messages Daily
Mathew J. Schwartz, News
"Operation Windigo" server takeover campaign controls 10,000 hacked servers, launches millions of spam, malware, and drive-by exploit kit attacks per day.
By Mathew J. Schwartz , 3/19/2014
Comment0 comments  |  Read  |  Post a Comment
Attackers Hit Clearinghouse Selling Stolen Target Data
Mathew J. Schwartz, News
Hackers interrupt and deface sites of black-market forums selling credit card data stolen from Target and other retailers.
By Mathew J. Schwartz , 3/18/2014
Comment4 comments  |  Read  |  Post a Comment
7 Behaviors That Could Indicate A Security Breach
Becca Lipman, News
Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.
By Becca Lipman , 3/14/2014
Comment1 Comment  |  Read  |  Post a Comment
Target Ignored Data Breach Alarms
Mathew J. Schwartz, News
Target's security team reviewed -- and ignored -- urgent warnings from threat-detection tool about unknown malware spotted on the network.
By Mathew J. Schwartz , 3/14/2014
Comment21 comments  |  Read  |  Post a Comment
Retail Industry May Pool Intel To Stop Breaches
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Target and other shopper-data breaches turn up the heat on retail industry to establish a cyberthreat Information-Sharing and Analysis Center.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/12/2014
Comment2 comments  |  Read  |  Post a Comment
Can We Control Our Digital Identities?
Mark Bregman, Senior Vice President & Chief Technology Officer, NeustarCommentary
The web and cloud need an identity layer for people to give us more control over our sprawling digital identities.
By Mark Bregman Senior Vice President & Chief Technology Officer, Neustar, 3/11/2014
Comment4 comments  |  Read  |  Post a Comment
Target CIO's Resignation: 7 Questions
Mathew J. Schwartz, News
After the data breach, why didn't the buck stop with PCI assessors or CEO? Search for accountability reveals flawed system, much finger-pointing.
By Mathew J. Schwartz , 3/6/2014
Comment10 comments  |  Read  |  Post a Comment
Target Starts Security, Compliance Makeover
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
With CIO departing, security and compliance get a higher profile at the beleaguered retailer in the wake of its massive data breach.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/6/2014
Comment0 comments  |  Read  |  Post a Comment
Data Breach: ‘Persistence’ Gives Hackers the Upper Hand
Martin Lee, Technical Lead, Threat Research, Analysis & Communications, CiscoCommentary
Hackers are winning on speed and determination. But we can stack the odds in our favor by shifting the time frames of an attack. Here's how.
By Martin Lee Technical Lead, Threat Research, Analysis & Communications, Cisco, 3/5/2014
Comment2 comments  |  Read  |  Post a Comment
Fresh Target Breach Cards Hitting Black Market
Mathew J. Schwartz, News
A Bitcoin-powered marketplace is selling stolen card data in small batches, offering card validity guarantees, an RSA presentation reveals.
By Mathew J. Schwartz , 2/28/2014
Comment15 comments  |  Read  |  Post a Comment
DDoS Attack! Is Regulation The Answer?
Dave Piscitello, VP Security, ICANNCommentary
Four security experts weigh in on why there’s been little progress in combating DDoS attacks and how companies can start fighting back.
By Dave Piscitello VP Security, ICANN, 2/28/2014
Comment9 comments  |  Read  |  Post a Comment
IBM Software Vulnerabilities Spiked In 2013
Mathew J. Schwartz, News
Most code flaws still involve non-Microsoft products, and overall patching speed has improved, study presented at RSA conference finds.
By Mathew J. Schwartz , 2/27/2014
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Marilyn Cohodas
Current Conversations LOL.
In reply to: Check out our new cartoon
Post Your Own Reply
More Conversations
Products & Releases
North Kansas City Hospital Deploys SenSage's SIEM Solution
More Products & Releases
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

CVE-2014-2392
Published: 2014-04-24
The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer log...

CVE-2014-2393
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the composer to add an e-mail attachment.

CVE-2011-5279
Published: 2014-04-23
CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header.

CVE-2012-0360
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

Best of the Web