Upcoming Webinars
Webinar Archives
App Developer Conference @ GDC Next
Date: Nov 04, 2014
View webinar


iBeacons, BLE beacons and Everything in Between: Unpacking Proximity Sensing Technology @ Black Hat Europe
Date: Nov 04, 2014
View webinar


Mobile Conversion is Broken: How To Fix It with Smart Mobile Design @ App Developers Conference
Date: Nov 04, 2014
View webinar


Simplified IT 101: Efficient Enterprise Storage for Lower TCO
Date: Nov 03, 2014
View webinar
Improve storage efficiency and you benefit many areas of the data center, from performance speed to space and energy costs. Of course, storage characteristics, such as capacity allocation and utilization, data protection, and level of management, affect efficiency, especially with heavy use of server virtualization. Our instructor will explain how to evaluate the efficiency of your storage systems and suggest management tools that can help IT gain visibility and lower TCO.

eSecurity 105:Monitoring Threats and Measuring Risk
Date: Oct 31, 2014
View webinar
Once an online business has shored up its defenses against new threats, it must develop an ongoing program for monitoring its systems for potential compromises - and measuring the risk faced by the business. In this session, we offer tips for building systems and processes for tracking threat and fraud indicators, and for creating real metrics for benchmarking the current threat environment.

eSecurity 104: Understanding Retail Threats and Fraud
Date: Oct 30, 2014
View webinar
To develop an effective defense against online threats, an e-commerce company must understand its attackers and their methods. In this session, we outline the various types of attackers who target online commerce, including those who prey on the corporate website and those who prey upon the customers themselves.

eSecurity 103: Protecting Performance from Traffic Spikes
Date: Oct 29, 2014
View webinar
One of the great ironies of e-commerce is that online system security is usually at its weakest during the most critical time periods, such as the holiday shopping season. In this session, we provide counsel on the preventative and the operative measures that can be taken when traffic is at its highest - and system and human resources are stretched to the maximum.

Simplified IT 105: Making the Most Of the Cloud
Date: Oct 28, 2014
View webinar
Most midmarket businesses recognize that cloud services will be part of their IT portfolios. However, how do you decide which services are best run in IaaS, SaaS, and/or PaaS versus kept on internal systems? The decision points involve efficiency, agility, and TCO. Our instructor will help develop a decision matrix that can be applied to new and existing IT services.

eSecurity 102: Protecting Back-End Systems
Date: Oct 28, 2014
View webinar
Most attacks on retail and e-commerce websites are conducted by cyber criminals who want to steal large databases of personal information and credentials. In this session, we offer a closer look at the methods used to penetrate a retailer's back-end systems - including targeted attacks on databases, DDoS "smokescreens" used to obfuscate more sophisticated exploits -- and other surprises that can happen during a DDoS attack.

eSecurity 101: Protecting the Customer-Facing Website
Date: Oct 27, 2014
View webinar
One of the greatest challenges in e-commerce is to build a website that is extremely easy for customers to access and use - but extremely difficult for online criminals to attack. In this session, we offer an overview of defenses against Internet-based threats - including DDoS attacks, DNS exploits, and cross-site scripting - to help enterprises steel their sites against potential compromise.

Simplified IT 104: Reduce Your IT Footprint
Date: Oct 27, 2014
View webinar
There are worse growth mottos for midsize companies than: "Avoid IT Sprawl." The goal is a fully optimized infrastructure, with converged storage and LAN traffic and aggressive control over adoption of new applications. Our instructor will explain how to achieve maximum efficiency via advancements in servers, storage, networking, and data center management that are allowing IT to cut back on power, space, staffing, and complexity.

Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0619
Published: 2014-10-23
Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1.7 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the current working directory.

CVE-2014-2230
Published: 2014-10-23
Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php.

CVE-2014-7281
Published: 2014-10-23
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.

CVE-2014-7292
Published: 2014-10-23
Open redirect vulnerability in the Click-Through feature in Newtelligence dasBlog 2.1 (2.1.8102.813), 2.2 (2.2.8279.16125), and 2.3 (2.3.9074.18820) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to ct.ashx.

CVE-2014-8071
Published: 2014-10-23
Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject arbitrary web script or HTML via the (1) givenName, (2) familyName, (3) address1, or (4) address2 parameter to registrationapp/registerPatient.page; the (5) comment parameter to all...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.