Upcoming Webinars
Webinar Archives
Stop Malware in its Tracks with Crowd-Sourced Threat Intelligence
Date: Dec 08, 2014
View webinar
Register for this webinar to join AlienVault VP of Product Strategy, Russ Spitler, and Systems Engineer, Tom D'Aquino for a practical session covering how to use crowd-sourced threat intelligence to improve network security.

Game Over for Gameover Zeus: Disrupting a Global Cybercriminal Operation
Date: Jul 31, 2014
View webinar
During this interactive webcast, Ben Feinstein, Director of CTU Operations and Development, will discuss details of the adversary?s operations and tradecraft behind Gameover Zeus and Operation Tovar. Ben will also share clear guidance on how to defend against similar threats in the future.

How to Increase Transactions per Second (TPS) with Flash Storage
Date: Jul 30, 2014
View webinar
Register for this webinar to learn how to allow your working dataset to expand beyond limited and expensive DRAM capacities into terabytes of lower cost flash storage, improving Transactions Per Second (TPS), per dollar, by up to four times.

How to Avoid the Seven Deadly Sins of Integration
Date: Jul 29, 2014
View webinar
Register for this webinar to hear from Peter Evans, BI Evangelist for Dell Software, who will discuss how you can discover and analyze new data without breaking the rules.

How to Avoid Cyber Attack Tools of the Trade
Date: Jul 29, 2014
View webinar
Register for this webinar to hear about real threats from a researcher who monitors malicious activity across a wide range of customer environments, from traditional data centers to the cloud, and ask him questions about the ever-evolving threat landscape.

PCI 3.0 makes it clear ? New rules demand better tools
Date: Jul 24, 2014
View webinar
Learn about the latest changes to PCI, and how an effective systems management solution can help you stay compliant.

How to Cancel No-Shows & Build Patient Engagement
Date: Jul 24, 2014
View webinar
No-shows cost the U.S. health system about $150 billion annually. Accounting for about 6% of appointments, they disrupt scheduling, harm their own health, and can cost practices tens of thousands of dollars in lost fees.

Keep your data safe with Dell Endpoint Encryption
Date: Jul 24, 2014
View webinar
Register from this webinar to learn from a thought leading security professional with well over 12 years? experience in network and endpoint security.

Convergence today, Hyperconvergence tomorrow?
Date: Jul 23, 2014
View webinar
Register for this webinar to learn the impact of choosing the right path for convergence based on organizational goals, and why future data center technologies like hyper-convergence or Software Defined X, should be considered as possible destinations.

Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
DevOps’ Impact on Application Security
DevOps’ Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7392
Published: 2014-07-22
Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/.

CVE-2014-2385
Published: 2014-07-22
Multiple cross-site scripting (XSS) vulnerabilities in the web UI in Sophos Anti-Virus for Linux before 9.6.1 allow local users to inject arbitrary web script or HTML via the (1) newListList:ExcludeFileOnExpression, (2) newListList:ExcludeFilesystems, or (3) newListList:ExcludeMountPaths parameter t...

CVE-2014-4326
Published: 2014-07-22
Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/.

CVE-2014-4511
Published: 2014-07-22
Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/.

CVE-2014-4911
Published: 2014-07-22
The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Where do information security startups come from? More important, how can I tell a good one from a flash in the pan? Learn how to separate ITSec wheat from chaff in this episode.