Database Security
Authentication
Privacy
Compliance
Careers & People
Identity & Access Management
Threat Intelligence
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Analytics // Security Monitoring
News & Commentary
While Brazilians Watch World Cup, Bank Fraudsters Are At Work
Sara Peters, News
Passive biometrics allow BioCatch to tell the difference between busy fraudsters and distraught soccer fans.
By Sara Peters , 7/11/2014
Comment5 comments  |  Read  |  Post a Comment
Controversial Cyber Security Bill Advances
Thomas Claburn, Editor-at-LargeCommentary
Senate bill aims to promote information sharing to combat cyberthreats, but critics contend it lacks privacy protections.
By Thomas Claburn Editor-at-Large, 7/9/2014
Comment9 comments  |  Read  |  Post a Comment
6 Tips for Using Big Data to Hunt Cyberthreats
Timber Wolfe, Principal Security Engineer, TrainACECommentary
You need to be smart about harnessing big data to defend against today’s security threats, data breaches, and attacks.
By Timber Wolfe Principal Security Engineer, TrainACE, 7/8/2014
Comment3 comments  |  Read  |  Post a Comment
Dell Focuses On Security
Michael Endler, Associate Editor, InformationWeek.comCommentary
Dell made a flurry of security-minded announcements this week, highlighted by improvements to its Dropbox for Business integration.
By Michael Endler Associate Editor, InformationWeek.com, 6/26/2014
Comment5 comments  |  Read  |  Post a Comment
Sensitive Data Protection Bedevils IT Security Pros
William Welsh, Contributing WriterCommentary
Most organizations don't know where their sensitive structured or unstructured data resides, says new Ponemon study.
By William Welsh Contributing Writer, 6/24/2014
Comment3 comments  |  Read  |  Post a Comment
Crowdsourcing & Cyber Security: Who Do You Trust?
Robert R. Ackerman Jr., Founder & Managing Director, Allegis CapitalCommentary
A collective security defense can definitely tip the balance in favor of the good guys. But challenges remain.
By Robert R. Ackerman Jr. Founder & Managing Director, Allegis Capital, 6/24/2014
Comment3 comments  |  Read  |  Post a Comment
Phishing Scam Targeted 75 US Airports
William Welsh, Contributing WriterCommentary
Major cyberattack carried out in 2013 by an undisclosed nation-state sought to breach US commercial aviation networks, says Center for Internet Security report.
By William Welsh Contributing Writer, 6/23/2014
Comment0 comments  |  Read  |  Post a Comment
SMBs Ignoring Insider Threats
Henry Kenyon, Commentary
Many smaller organizations do not adequately protect against insider threats, CERT expert warns.
By Henry Kenyon , 6/23/2014
Comment7 comments  |  Read  |  Post a Comment
Don’t Let Lousy Teachers Sink Security Awareness
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
You can't fix a human problem with a technology solution. Here are three reasons why user education can work and six tips on how to develop a corporate culture of security.
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 6/11/2014
Comment11 comments  |  Read  |  Post a Comment
BYOD: Build A Policy That Works
Ericka Chickowski, Contributing Writer, Dark ReadingCommentary
To secure employee-owned smartphones and tablets, it takes a practical, enforceable set of guidelines.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/9/2014
Comment1 Comment  |  Read  |  Post a Comment
Government Advances Continuous Security Monitoring
Henry Kenyon, Commentary
DOD, DHS expect smart technologies will defend networks against common attacks, free IT personnel to deal with more dangerous threats.
By Henry Kenyon , 6/6/2014
Comment3 comments  |  Read  |  Post a Comment
A Year Later, Most Americans Think Snowden Did The Right Thing
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
On anniversary of whistleblowing, 55 percent of Americans say Snowden was right to expose NSA's surveillance program; 82 percent believe they are still being watched.
By Tim Wilson Editor in Chief, Dark Reading, 5/29/2014
Comment23 comments  |  Read  |  Post a Comment
Data Pros' Salary Showdown
Doug Henschen, Executive Editor, InformationWeekCommentary
Our 2014 Salary Survey shows the typical analytics expert's salary is just keeping up with inflation, even while they're working harder on more diverse teams. What gives?
By Doug Henschen Executive Editor, InformationWeek, 5/22/2014
Comment1 Comment  |  Read  |  Post a Comment
Facebook Fights Malware With Free Security Software
Kristin Burnham, Senior Editor, InformationWeek.comCommentary
Facebook partners with Trend Micro and F-Secure to provide free antimalware scanning that sends alerts if your device becomes infected.
By Kristin Burnham Senior Editor, InformationWeek.com, 5/21/2014
Comment4 comments  |  Read  |  Post a Comment
A State of Security Event Overload
Kelly Jackson Higgins, Senior Editor, Dark ReadingQuick Hits
As many as 150,000 security events are logged each day in some enterprises, new data shows.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 5/15/2014
Comment3 comments  |  Read  |  Post a Comment
Beware Cognitive Bias
Levi Gundert, Technical Lead, Cisco Threat Research, Analysis, and Communications (TRAC)Commentary
Cognitive bias can compromise any profession. But when cognitive bias goes unrecognized in cyber security, far-reaching and serious consequences follow.
By Levi Gundert Technical Lead, Cisco Threat Research, Analysis, and Communications (TRAC), 5/15/2014
Comment9 comments  |  Read  |  Post a Comment
Dispelling The Myths Of Cyber Security
Mark Goldstein & Arun Sood, Principal, SafeSecurePrivate / PhD, Founder & CEO, SCIT LabsCommentary
Perfect security that focuses on eliminating threats is too expensive and impossible to achieve. Better to think about consequence management.
By Mark Goldstein & Arun Sood Principal, SafeSecurePrivate / PhD, Founder & CEO, SCIT Labs, 5/14/2014
Comment3 comments  |  Read  |  Post a Comment
Government Surveillance Criticism Heats Up
Thomas Claburn, Editor-at-LargeCommentary
As book on Snowden affair debuts, several organizations take steps to restrain the mass online surveillance that Snowden investigation exposed.
By Thomas Claburn Editor-at-Large, 5/14/2014
Comment5 comments  |  Read  |  Post a Comment
Money, Skills, And Hired Guns: 2014 Strategic Security Survey
Michael A. Davis, Contributing EditorCommentary
Tight budgets. A manpower crunch. More -- and more sophisticated -- threats. Are you sure you're up to this?
By Michael A. Davis Contributing Editor, 5/12/2014
Comment2 comments  |  Read  |  Post a Comment
Privacy, Cybercrime Headline the Infosecurity Europe Conference
Mathew J. Schwartz,
Attendees debate NSA surveillance, privacy reforms, cybercrime defenses, and sharpen their CISO skills.
By Mathew J. Schwartz , 5/2/2014
Comment6 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
LightCyber announces partnership with Check Point
ThreatTrack Security Rolls Out ThreatSecure
Exabeam Secures $10 Million in Series A Round From Norwest Venture Partners and Aspect Ventures
Lancope Introduces StealthWatch FlowSensor 4000
EiQ Networks Launches SOCVue Online
Lumeta Expands Professional Services Portfolio with Launch of New Bundled Services
Splunk Introduces Splunk Enterprise 6.1
Criminal network involved in payment card fraud dismantled with INTERPOL support
More Products & Releases
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.