Upcoming Webinars
Webinar Archives
Stop Malware in its Tracks with Crowd-Sourced Threat Intelligence
Date: Dec 08, 2014
View webinar
Register for this webinar to join AlienVault VP of Product Strategy, Russ Spitler, and Systems Engineer, Tom D'Aquino for a practical session covering how to use crowd-sourced threat intelligence to improve network security.

Game Over for Gameover Zeus: Disrupting a Global Cybercriminal Operation
Date: Jul 31, 2014
View webinar
During this interactive webcast, Ben Feinstein, Director of CTU Operations and Development, will discuss details of the adversary?s operations and tradecraft behind Gameover Zeus and Operation Tovar. Ben will also share clear guidance on how to defend against similar threats in the future.

How to Increase Transactions per Second (TPS) with Flash Storage
Date: Jul 30, 2014
View webinar
Register for this webinar to learn how to allow your working dataset to expand beyond limited and expensive DRAM capacities into terabytes of lower cost flash storage, improving Transactions Per Second (TPS), per dollar, by up to four times.

How to Avoid the Seven Deadly Sins of Integration
Date: Jul 29, 2014
View webinar
Register for this webinar to hear from Peter Evans, BI Evangelist for Dell Software, who will discuss how you can discover and analyze new data without breaking the rules.

How to Avoid Cyber Attack Tools of the Trade
Date: Jul 29, 2014
View webinar
Register for this webinar to hear about real threats from a researcher who monitors malicious activity across a wide range of customer environments, from traditional data centers to the cloud, and ask him questions about the ever-evolving threat landscape.

Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
DevOps’ Impact on Application Security
DevOps’ Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5104
Published: 2014-07-28
Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_banner.php, (3) country parameter in a process action ...

CVE-2014-5105
Published: 2014-07-28
Multiple cross-site scripting (XSS) vulnerabilities in ol-commerce 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) a_country parameter in a process action to affiliate_signup.php or (2) entry_country_id parameter in an edit action to admin/create_account.php.

CVE-2014-5106
Published: 2014-07-28
Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.4.x through 3.4.6 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to admin/install/index.php.

CVE-2014-5107
Published: 2014-07-28
concrete5 before 5.6.3 allows remote attackers to obtain the installation path via a direct request to (1) system/basics/editor.php, (2) system/view.php, (3) system/environment/file_storage_locations.php, (4) system/mail/importers.php, (5) system/mail/method.php, (6) system/permissions/file_types.ph...

CVE-2014-5108
Published: 2014-07-28
Cross-site scripting (XSS) vulnerability in single_pages\download_file.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to index.php/download_file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.