Upcoming Webinars
Webinar Archives
Stop Malware in its Tracks with Crowd-Sourced Threat Intelligence
Date: Dec 08, 2014
View webinar
Register for this webinar to join AlienVault VP of Product Strategy, Russ Spitler, and Systems Engineer, Tom D'Aquino for a practical session covering how to use crowd-sourced threat intelligence to improve network security.

Game Over for Gameover Zeus: Disrupting a Global Cybercriminal Operation
Date: Jul 31, 2014
View webinar
During this interactive webcast, Ben Feinstein, Director of CTU Operations and Development, will discuss details of the adversary?s operations and tradecraft behind Gameover Zeus and Operation Tovar. Ben will also share clear guidance on how to defend against similar threats in the future.

How to Increase Transactions per Second (TPS) with Flash Storage
Date: Jul 30, 2014
View webinar
Register for this webinar to learn how to allow your working dataset to expand beyond limited and expensive DRAM capacities into terabytes of lower cost flash storage, improving Transactions Per Second (TPS), per dollar, by up to four times.

How to Avoid the Seven Deadly Sins of Integration
Date: Jul 29, 2014
View webinar
Register for this webinar to hear from Peter Evans, BI Evangelist for Dell Software, who will discuss how you can discover and analyze new data without breaking the rules.

How to Avoid Cyber Attack Tools of the Trade
Date: Jul 29, 2014
View webinar
Register for this webinar to hear about real threats from a researcher who monitors malicious activity across a wide range of customer environments, from traditional data centers to the cloud, and ask him questions about the ever-evolving threat landscape.

Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
DevOps’ Impact on Application Security
DevOps’ Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2227
Published: 2014-07-25
The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which allows remote attackers to bypass the Same Origin Policy via a crafted SWF file.

CVE-2014-5027
Published: 2014-07-25
Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page.

CVE-2014-5100
Published: 2014-07-25
Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user account via a request to admin/users/add, (2) insert cross-site scripting (XSS) sequences via the api_key_...

CVE-2014-5101
Published: 2014-07-25
Multiple cross-site scripting (XSS) vulnerabilities in WeBid 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) TPL_name, (2) TPL_nick, (3) TPL_email, (4) TPL_year, (5) TPL_address, (6) TPL_city, (7) TPL_prov, (8) TPL_zip, (9) TPL_phone, (10) TPL_pp_email, (11) TPL_authn...

CVE-2014-5102
Published: 2014-07-25
SQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 allows remote attackers to execute arbitrary SQL commands via the criteria[startswith] parameter to ajax/render/memberlist_items.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.