Database Security
Authentication
Privacy
Compliance
Careers & People
Identity & Access Management
Threat Intelligence
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Analytics // Security Monitoring
News & Commentary
11 Heartbleed Facts: Vulnerability Discovery, Mitigation Continue
Mathew J. Schwartz, News
Millions of websites, applications from Cisco and VMware, Google Play apps, as well as millions of Android devices are vulnerable -- and the list keeps growing.
By Mathew J. Schwartz , 4/17/2014
Comment2 comments  |  Read  |  Post a Comment
Be Careful Beating Up Target
Craig Carpenter, Chief Cybersecurity Strategist, AccessDataCommentary
Target was actually better prepared than most retailers. The real problem lies with the current state of industry threat intelligence and IR practices.
By Craig Carpenter Chief Cybersecurity Strategist, AccessData, 4/1/2014
Comment13 comments  |  Read  |  Post a Comment
Incident Response Now Shaping Security Operations
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
How an organization reacts to hackers infiltrating its network is becoming the key to damage control for data -- and the corporate image.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/28/2014
Comment4 comments  |  Read  |  Post a Comment
Attacks Rise On Network 'Blind' Spot
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Interop speaker says DDoS attacks are not the only forms of abuse on the Domain Name Server.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/27/2014
Comment4 comments  |  Read  |  Post a Comment
Symantec Fires CEO In Surprise Move
Mathew J. Schwartz, News
Analysts question security and storage giant's turnaround after the board fires its second CEO in two years.
By Mathew J. Schwartz , 3/21/2014
Comment10 comments  |  Read  |  Post a Comment
Will Target Face FTC Probe?
Mathew J. Schwartz, News
Retailer's security practices remain under scrutiny as regulators ponder FTC investigation. Meanwhile, Sony options rights to Hollywood cyber-thriller based on breach story.
By Mathew J. Schwartz , 3/20/2014
Comment9 comments  |  Read  |  Post a Comment
Many Businesses Fail To Disclose Data Breaches
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Only about 35% of businesses worldwide say they share attack and threat information with others in their industry, even though 77% admit to suffering from a cyberattack.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/19/2014
Comment2 comments  |  Read  |  Post a Comment
Linux Takeover Artists Fling 35M Spam Messages Daily
Mathew J. Schwartz, News
"Operation Windigo" server takeover campaign controls 10,000 hacked servers, launches millions of spam, malware, and drive-by exploit kit attacks per day.
By Mathew J. Schwartz , 3/19/2014
Comment0 comments  |  Read  |  Post a Comment
Attackers Hit Clearinghouse Selling Stolen Target Data
Mathew J. Schwartz, News
Hackers interrupt and deface sites of black-market forums selling credit card data stolen from Target and other retailers.
By Mathew J. Schwartz , 3/18/2014
Comment4 comments  |  Read  |  Post a Comment
7 Behaviors That Could Indicate A Security Breach
Becca Lipman, News
Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.
By Becca Lipman , 3/14/2014
Comment1 Comment  |  Read  |  Post a Comment
Target Ignored Data Breach Alarms
Mathew J. Schwartz, News
Target's security team reviewed -- and ignored -- urgent warnings from threat-detection tool about unknown malware spotted on the network.
By Mathew J. Schwartz , 3/14/2014
Comment21 comments  |  Read  |  Post a Comment
Retail Industry May Pool Intel To Stop Breaches
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Target and other shopper-data breaches turn up the heat on retail industry to establish a cyberthreat Information-Sharing and Analysis Center.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/12/2014
Comment2 comments  |  Read  |  Post a Comment
Can We Control Our Digital Identities?
Mark Bregman, Senior Vice President & Chief Technology Officer, NeustarCommentary
The web and cloud need an identity layer for people to give us more control over our sprawling digital identities.
By Mark Bregman Senior Vice President & Chief Technology Officer, Neustar, 3/11/2014
Comment4 comments  |  Read  |  Post a Comment
Target CIO's Resignation: 7 Questions
Mathew J. Schwartz, News
After the data breach, why didn't the buck stop with PCI assessors or CEO? Search for accountability reveals flawed system, much finger-pointing.
By Mathew J. Schwartz , 3/6/2014
Comment10 comments  |  Read  |  Post a Comment
Target Starts Security, Compliance Makeover
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
With CIO departing, security and compliance get a higher profile at the beleaguered retailer in the wake of its massive data breach.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/6/2014
Comment0 comments  |  Read  |  Post a Comment
Data Breach: ‘Persistence’ Gives Hackers the Upper Hand
Martin Lee, Technical Lead, Threat Research, Analysis & Communications, CiscoCommentary
Hackers are winning on speed and determination. But we can stack the odds in our favor by shifting the time frames of an attack. Here's how.
By Martin Lee Technical Lead, Threat Research, Analysis & Communications, Cisco, 3/5/2014
Comment2 comments  |  Read  |  Post a Comment
Fresh Target Breach Cards Hitting Black Market
Mathew J. Schwartz, News
A Bitcoin-powered marketplace is selling stolen card data in small batches, offering card validity guarantees, an RSA presentation reveals.
By Mathew J. Schwartz , 2/28/2014
Comment15 comments  |  Read  |  Post a Comment
DDoS Attack! Is Regulation The Answer?
Dave Piscitello, VP Security, ICANNCommentary
Four security experts weigh in on why there’s been little progress in combating DDoS attacks and how companies can start fighting back.
By Dave Piscitello VP Security, ICANN, 2/28/2014
Comment9 comments  |  Read  |  Post a Comment
IBM Software Vulnerabilities Spiked In 2013
Mathew J. Schwartz, News
Most code flaws still involve non-Microsoft products, and overall patching speed has improved, study presented at RSA conference finds.
By Mathew J. Schwartz , 2/27/2014
Comment3 comments  |  Read  |  Post a Comment
RSA Chairman: NSA Work Is 'Public Record'
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Art Coviello calls for global intelligence community reforms, says RSA's work with NSA was never secret.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 2/26/2014
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Marilyn Cohodas
Current Conversations LOL.
In reply to: Check out our new cartoon
Post Your Own Reply
More Conversations
Products & Releases
North Kansas City Hospital Deploys SenSage's SIEM Solution
More Products & Releases
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: LOL.
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6213
Published: 2014-04-19
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.

CVE-2013-6214
Published: 2014-04-19
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 9.05, 10.01, and 10.10 allows remote authenticated users to obtain sensitive information via unknown vectors, aka ZDI-CAN-2042.

CVE-2014-0778
Published: 2014-04-19
The TCPUploader module in Progea Movicon 11.4 before 11.4.1150 allows remote attackers to obtain potentially sensitive version information via network traffic to TCP port 10651.

CVE-2014-1974
Published: 2014-04-19
Directory traversal vulnerability in LYSESOFT AndExplorer before 20140403 and AndExplorerPro before 20140405 allows attackers to overwrite or create arbitrary files via unspecified vectors.

CVE-2014-1983
Published: 2014-04-19
Unspecified vulnerability in Cybozu Remote Service Manager through 2.3.0 and 3.x before 3.1.1 allows remote attackers to cause a denial of service (CPU consumption) via unknown vectors.

Best of the Web