Content posted in July 2014
InfoSecs Holy Grail: Data Sharing & Collaboration
Commentary  |  7/31/2014
Despite all the best intentions, cooperation around Internet security is still a work in progress. Case in point: Microsofts unilateral action against No-IP.
Phishing: What Once Was Old Is New Again
Commentary  |  7/30/2014
I used to think the heyday of phishing had passed. But as Symantec notes in its 2014 Internet Security Threat Report, I was wrong!
Dark Reading Radio: Data Loss Prevention (DLP) Fail
Commentary  |  7/29/2014
Learn about newly found vulnerabilities in commercial and open-source DLP software in our latest episode of Dark Reading Radio with security researchers Zach Lanier and Kelly Lum.
The Perfect InfoSec Mindset: Paranoia + Skepticism
Commentary  |  7/29/2014
A little skeptical paranoia will ensure that you have the impulse to react quickly to new threats while retaining the logic to separate fact from fiction.
Weak Password Advice From Microsoft
Commentary  |  7/28/2014
Tempting as it may seem to do away with strong passwords for low-risk websites, password reuse is still a significant threat to both users and business.
Internet of Things: 4 Security Tips From The Military
Commentary  |  7/25/2014
The military has been connecting mobile command posts, unmanned vehicles, and wearable computers for decades. Its time to take a page from their battle plan.
Passwords Be Gone! Removing 4 Barriers To Strong Authentication
Commentary  |  7/24/2014
As biometric factors become more prevalent on mobile devices, FIDO Alliance standards will gain traction as an industry-wide authentication solution.
RAM Scraper Malware: Why PCI DSS Can't Fix Retail
Commentary  |  7/23/2014
There is a gaping hole in the pre-eminent industry security standard aimed at protecting customers, credit card and personal data
Dark Reading Radio: The Winners & Losers of Botnet Takedowns
Commentary  |  7/23/2014
Our guests are Cheri McGuire, VP of global government affairs and cyber security policy for Symantec, and Craig D. Spiezle, executive director and founder of the Online Trust Alliance.
Infographic: With BYOD, Mobile Is The New Desktop
Commentary  |  7/22/2014
Security teams have no choice but to embrace the rapid proliferation of BYO devices, apps, and cloud services. To ignore it is to put your head in the sand.
Internet of Things: Security For A World Of Ubiquitous Computing
Commentary  |  7/21/2014
Endpoint security is hardly dead, and claiming that it is oversimplifies the challenges corporations face now and in the not-very-distant future.
CEO Report Card: Low Grades for Risk Management
Commentary  |  7/18/2014
Dark Reading's latest community poll shows a stunning lack of confidence in chief execs' commitment to cyber security.
A New Age in Cyber Security: Public Cyberhealth
Commentary  |  7/17/2014
The cleanup aimed at disrupting GameOver Zeus and CryptoLocker offers an instructive template for managing mass cyber infections.
Passwords & The Future Of Identity: Payment Networks?
Commentary  |  7/16/2014
The solution to the omnipresent and enduring password problem may be closer than you think.
Payment Card Data Theft: Tips For Small Business
Commentary  |  7/15/2014
For small businesses looking to reduce their exposure to data theft the good news is the advantage of being small.
Dark Reading Radio: Where Do Security Startups Come From?
Commentary  |  7/15/2014
This week's radio broadcast will discuss how hot new security companies are born and how they are funded. Showtime is 1:00 p.m. ET.
How Next-Generation Security Is Redefining The Cloud
Commentary  |  7/14/2014
Your cloud, datacenter, and infrastructure all contain flexible and agile components. Your security model should be the same.
Strategic Security: Begin With The End In Mind
Commentary  |  7/11/2014
The trouble with traditional infosec methodology is that it doesnt show us how to implement a strategic security plan in the real world.
Cloud & The Fuzzy Math of Shadow IT
Commentary  |  7/10/2014
Do you know how many cloud apps, on average, are running in your organization? The number is probably greater than you think.
In Fog Of Cyberwar, US Tech Is Caught In Crossfire
Commentary  |  7/9/2014
Distrust of the US intelligence community is eroding consumer confidence and hampering US technology firms on the global stage at a time when the sector should be showing unprecedented growth.
6 Tips for Using Big Data to Hunt Cyberthreats
Commentary  |  7/8/2014
You need to be smart about harnessing big data to defend against todays security threats, data breaches, and attacks.
Dark Reading Radio: The Changing Role Of The CISO
Commentary  |  7/8/2014
Why does the CISO report to the CIO? Join us for a panel discussion. Showtime is today, Wednesday, 1:00 p.m., New York, 10 a.m., San Francisco.
Why Your Application Security Program May Backfire
Commentary  |  7/2/2014
You have to consider the human factor when youre designing security interventions, because the best intentions can have completely opposite consequences.
Dark Reading Radio: Oracle Database Security Hacked
Commentary  |  7/1/2014
Learn about newly found vulnerabilities in a key database security feature tomorrow in the next episode of Dark Reading Radio.

Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
Microsoft Report Details Different Forms of Cryptominers
Kelly Sheridan, Staff Editor, Dark Reading,  3/13/2018
New 'Mac-A-Mal' Tool Automates Mac Malware Hunting & Analysis
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/14/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.