Database Security
Authentication
Privacy
Compliance
Careers & People
Identity & Access Management
Threat Intelligence
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Next On Dark Reading Radio: Endpoint Security Transformed
Building A Winning Security Team From The Top Down
The State of Apple Security
'POODLE' One Year Later: Still Around? Not So Much
Police Car Hacks: Under The Hood
News & Commentary
New Technology Won't Remove Endpoint From The Bullseye
Kelly Jackson Higgins, Executive Editor at Dark ReadingCommentary
Dark Reading Radio guests from endpoint security vendor Tanium and Intel Security/McAfee may have different product views, but they concur on the problems plaguing end user machines.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/22/2015
Comment0 comments  |  Read  |  Post a Comment
Undermining Security By Attacking Computer Clocks
Jai Vijayan, Freelance writerNews
A team of researchers at Boston University has developed several attacks against the Network Time Protocol that is used to synchronize internal computer clocks on the Internet
By Jai Vijayan Freelance writer, 10/22/2015
Comment0 comments  |  Read  |  Post a Comment
Report: One-Quarter Of Malicious Sites Healthcare-Related
Sara Peters, Senior Editor at Dark ReadingNews
G DATA Security Labs report also shows a spike in banking Trojan action and a move by the Ukraine to be a top 5 player in the malicious hosting business.
By Sara Peters Senior Editor at Dark Reading, 10/22/2015
Comment0 comments  |  Read  |  Post a Comment
Fitbit Hacked In 10 Seconds
Larry Loeb, Blogger, InformationweekCommentary
A Fortinet security researcher says the fitness tracker can be hacked by anyone within Bluetooth range. It doesn't matter whether or not it's paired with another device.
By Larry Loeb Blogger, Informationweek, 10/22/2015
Comment0 comments  |  Read  |  Post a Comment
To Find The Needle, Chop Down the Haystack: 5 Steps For Effective Threat Monitoring
Jeff Schilling, Chief of Operations and Security, ArmorCommentary
Would bank security screen everyone entering the building then leave the vault door open with no one watching the money? Of course not!
By Jeff Schilling Chief of Operations and Security, Armor, 10/22/2015
Comment1 Comment  |  Read  |  Post a Comment
The Rebirth Of Endpoint Security
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
A slew of startups and veteran security firms are moving toward proactive and adaptive detection and mitigation for securing the endpoint. But few enterprises are ready to pull the antivirus plug.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/21/2015
Comment1 Comment  |  Read  |  Post a Comment
Apple, Dropbox Slam CISA Cyber-Security Bill
Larry Loeb, Blogger, InformationweekCommentary
Apple and Dropbox join the swelling ranks of tech companies voicing their opposition to the Cybersecurity Information Sharing Act (CISA) and the lack of privacy protections.
By Larry Loeb Blogger, Informationweek, 10/21/2015
Comment4 comments  |  Read  |  Post a Comment
Navigating New Security Architectures For Cloud Data Centers
Marc Woolward, CTO, vArmourCommentary
Micro-segmentation is a revolutionary approach to data center complexity and security. But not all architectures are created equal.
By Marc Woolward CTO, vArmour, 10/21/2015
Comment0 comments  |  Read  |  Post a Comment
Free Web Security Certificates Coming Soon
Thomas Claburn, Editor at Large, Enterprise MobilityNews
Let's Encrypt TLS/SSL certificates are now trusted by the major Web browsers. That sets the stage for easier, more affordable online security. Operated by the nonprofit Internet Security Research Group, their aim is to hasten the transition away from the Web's unprotected HTTP protocol to encrypted HTTPS.
By Thomas Claburn Editor at Large, Enterprise Mobility, 10/21/2015
Comment2 comments  |  Read  |  Post a Comment
Likeliest Fraudsters Are, Or Claim To Be, 85-90 Years Old
Sara Peters, Senior Editor at Dark ReadingNews
New report paints a composite picture of the 'Fraudiest Person in America'
By Sara Peters Senior Editor at Dark Reading, 10/20/2015
Comment1 Comment  |  Read  |  Post a Comment
State Of Employee Security Behavior
Ericka Chickowski, Contributing Writer, Dark ReadingNews
End users still lacking situational awareness of security risks, says CompTIA report.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/20/2015
Comment1 Comment  |  Read  |  Post a Comment
Building A Winning Security Team From The Top Down
Vincent Liu, Partner, Bishop FoxCommentary
Dropbox security chief Patrick Heim dishes about the need for strong industry leaders, the 'unique' cybersecurity personality and why successful organizations need 'cupcake.'
By Vincent Liu Partner, Bishop Fox, 10/20/2015
Comment1 Comment  |  Read  |  Post a Comment
Former White House Advisor: Marry Infosec To Economics
Sara Peters, Senior Editor at Dark ReadingNews
Melissa Hathaway, former cybersecurity policy advisor to the White House, says the security and economy agendas should go hand-in-hand, and Western nations' use of surveillance technology is 'alarming.'
By Sara Peters Senior Editor at Dark Reading, 10/19/2015
Comment3 comments  |  Read  |  Post a Comment
Next On Dark Reading Radio: Endpoint Security Transformed
Kelly Jackson Higgins, Executive Editor at Dark ReadingCommentary
Modern endpoint security technology is all about focusing on the client as both patient 0 and as a treasure trove of attack forensics intelligence.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/19/2015
Comment0 comments  |  Read  |  Post a Comment
Are You Making This Endpoint Security Mistake?
Manish Patel, Senior Product Marketing Manager, Tenable
Detecting threats isn’t enough. You must also remediate vulnerable endpoints and employ continuous monitoring to reduce exposure.
By Manish Patel Senior Product Marketing Manager, Tenable, 10/19/2015
Comment0 comments  |  Read  |  Post a Comment
'HIPAA Not Helping': Healthcare's Software Security Lagging
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The latest Building Security in Maturity Model (BSIMM) study illustrates the long learning curve for secure coding initiatives.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/19/2015
Comment2 comments  |  Read  |  Post a Comment
Secure Software Development in the IoT: 5 Golden Rules
Lev Lesokhin, Executive VP, Strategy, CASTCommentary
The evolving threat landscape doesn’t merely expose developers to new problems. It exposes them to old problems that they need to address sooner, faster, and more frequently.
By Lev Lesokhin Executive VP, Strategy, CAST, 10/19/2015
Comment0 comments  |  Read  |  Post a Comment
CrowdStrike Spots Chinese APTs Targeting US Firms Post-Pact
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
CrowdStrike says Chinese threat actors targeted intellectual property at US firms the day after Obama and Xi announced a pact banning cyber espionage for economic gain.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/19/2015
Comment0 comments  |  Read  |  Post a Comment
Enterprises Are Leaving Cloud Security Policies To Chance
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Only a third have a strategy for securing a mix of different data center and cloud deployment scenarios.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/19/2015
Comment1 Comment  |  Read  |  Post a Comment
From 55 Cents to $1,200: The Value Chain For Stolen Data
Jai Vijayan, Freelance writerNews
The latest pricing models for stolen information in the underground economy.
By Jai Vijayan Freelance writer, 10/16/2015
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
SITELOCK PARTNERS WITH MEDIA TEMPLE TO OFFER COMPREHENSIVE HOSTING PACKAGES
Judge Confirms Jury Finding of Willful Infringement of Veracode Patent
Bluefin To Provide USAePay Clients With PCI-Validated Point-to-Point Encryption Protection From Malware
MicroStrategy Announces Usher™ 3.0 Enterprise Security Platform
Distil Networks Releases New Data on The State of Digital Advertising Fraud
Cytegic Secures $3 Million in Second Angel Financing Round
E8 Security Unveils Behavioral Intelligence Solution
Synack Pairs Dynamic Human Expertise with Innovative Vulnerability Intelligence Platform, Securing Perimeter Against Breaches
More Products & Releases
PR Newswire
Former White House Advisor: Marry Infosec To Economics
Sara Peters, Senior Editor at Dark Reading,  10/19/2015
From 55 Cents to $1,200: The Value Chain For Stolen Data
Jai Vijayan, Freelance writer,  10/16/2015
'HIPAA Not Helping': Healthcare's Software Security Lagging
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2015
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
How Is Your Data Getting Out?
It's 11:00 p.m. Do you know where your data is? Read >>
Partner Perspectives
What's This?
Breach Defense Playbook: Cybersecurity Governance
Time to leave the island: Integrate cybersecurity into your risk management strategy. Read >>
Partner Perspectives
What's This?
Are You Making This Endpoint Security Mistake?
Detecting threats isn't enough. You must also remediate vulnerable endpoints and employ continuous monitoring to reduce exposure. Read >>
Cartoon
Dark Reading Radio
Archived Dark Reading Radio
Antivirus is officially dead as the main security defense for the endpoint: Join us for an in-depth discussion of why and how endpoint security is changing dramatically.
White Papers
Current Issue
Dark Reading Tech Digest September 7, 2015
Some security flaws go beyond simple app vulnerabilities. Have you checked for these?
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed