Upcoming Webinars
Webinar Archives
Lower Your VDI Solution Costs Today with Flash Memory
Date: Nov 05, 2014
View webinar
How can flash memory for VDI solutions help your company? The benefits might be greater than you thought. Register for this webinar to learn how to simplify and dramatically lower the costs of your VDI solution.

App Developer Conference @ GDC Next
Date: Nov 04, 2014
View webinar


Mobile Conversion is Broken: How To Fix It with Smart Mobile Design @ App Developers Conference
Date: Nov 04, 2014
View webinar


iBeacons, BLE beacons and Everything in Between: Unpacking Proximity Sensing Technology @ Black Hat Europe
Date: Nov 04, 2014
View webinar


Simplified IT 101: Efficient Enterprise Storage for Lower TCO
Date: Nov 03, 2014
View webinar
Improve storage efficiency and you benefit many areas of the data center, from performance speed to space and energy costs. Of course, storage characteristics, such as capacity allocation and utilization, data protection, and level of management, affect efficiency, especially with heavy use of server virtualization. Our instructor will explain how to evaluate the efficiency of your storage systems and suggest management tools that can help IT gain visibility and lower TCO.

eSecurity 105:Monitoring Threats and Measuring Risk
Date: Oct 31, 2014
View webinar
Once an online business has shored up its defenses against new threats, it must develop an ongoing program for monitoring its systems for potential compromises - and measuring the risk faced by the business. In this session, we offer tips for building systems and processes for tracking threat and fraud indicators, and for creating real metrics for benchmarking the current threat environment.

eSecurity 104: Understanding Retail Threats and Fraud
Date: Oct 30, 2014
View webinar
To develop an effective defense against online threats, an e-commerce company must understand its attackers and their methods. In this session, we outline the various types of attackers who target online commerce, including those who prey on the corporate website and those who prey upon the customers themselves.

eSecurity 103: Protecting Performance from Traffic Spikes
Date: Oct 29, 2014
View webinar
One of the great ironies of e-commerce is that online system security is usually at its weakest during the most critical time periods, such as the holiday shopping season. In this session, we provide counsel on the preventative and the operative measures that can be taken when traffic is at its highest - and system and human resources are stretched to the maximum.

eSecurity 102: Protecting Back-End Systems
Date: Oct 28, 2014
View webinar
Most attacks on retail and e-commerce websites are conducted by cyber criminals who want to steal large databases of personal information and credentials. In this session, we offer a closer look at the methods used to penetrate a retailer's back-end systems - including targeted attacks on databases, DDoS "smokescreens" used to obfuscate more sophisticated exploits -- and other surprises that can happen during a DDoS attack.

Simplified IT 105: Making the Most Of the Cloud
Date: Oct 28, 2014
View webinar
Most midmarket businesses recognize that cloud services will be part of their IT portfolios. However, how do you decide which services are best run in IaaS, SaaS, and/or PaaS versus kept on internal systems? The decision points involve efficiency, agility, and TCO. Our instructor will help develop a decision matrix that can be applied to new and existing IT services.

Simplified IT 104: Reduce Your IT Footprint
Date: Oct 27, 2014
View webinar
There are worse growth mottos for midsize companies than: "Avoid IT Sprawl." The goal is a fully optimized infrastructure, with converged storage and LAN traffic and aggressive control over adoption of new applications. Our instructor will explain how to achieve maximum efficiency via advancements in servers, storage, networking, and data center management that are allowing IT to cut back on power, space, staffing, and complexity.

eSecurity 101: Protecting the Customer-Facing Website
Date: Oct 27, 2014
View webinar
One of the greatest challenges in e-commerce is to build a website that is extremely easy for customers to access and use - but extremely difficult for online criminals to attack. In this session, we offer an overview of defenses against Internet-based threats - including DDoS attacks, DNS exploits, and cross-site scripting - to help enterprises steel their sites against potential compromise.

Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3409
Published: 2014-10-25
The Ethernet Connectivity Fault Management (CFM) handling feature in Cisco IOS 12.2(33)SRE9a and earlier and IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (device reload) via malformed CFM packets, aka Bug ID CSCuq93406.

CVE-2014-4620
Published: 2014-10-25
The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive information by reading these files.

CVE-2014-4623
Published: 2014-10-25
EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force a...

CVE-2014-4624
Published: 2014-10-25
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and GSAN passwords via a crafted call.

CVE-2014-6151
Published: 2014-10-25
CRLF injection vulnerability in IBM Tivoli Integrated Portal (TIP) 2.2.x allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.