News & Commentary
Latest Content
Page 1 / 2   >   >>
Digital Security: Taking an Uncompromising Stand
Partner Perspectives  |  10/21/2014  | 
How to improve digital immunity by sharing Indicators of Attack.
Synthetic Identity Fraud A Fast-Growing Category
News  |  10/21/2014  | 
Real SSNs tied with fake identities are reaping criminals big profits.
Google Expands 2-Factor Authentication For Chrome, Gmail
Quick Hits  |  10/21/2014  | 
Google issues USB keys for Chrome users to log into Google accounts and any other websites that support FIDO universal two-factor authentication -- but it's no help to mobile users.
Several Staples Stores Suffer Data Breach
News  |  10/21/2014  | 
Attack appears smaller in scope but similar to incidents reported by several other major retailers this year.
Compliance Is A Start, Not The End
Compliance Is A Start, Not The End
Dark Reading Videos  |  10/21/2014  | 
Regulatory compliance efforts may help you get a bigger budget and reach a baseline security posture. But "compliant" does not necessarily mean "secure."
How To Become A CISO, Part 1
News  |  10/20/2014  | 
Think you're ready for the top job? Here's part 1 of a series to help you land that prime chief information security officer position.
Nearly Half Of Consumers Will Punish Breached Retailers During Holidays
News  |  10/20/2014  | 
Consumers say they'll talk with their wallets if they hear their favorite store has played fast and loose with customer data.
Insider Threats: Breaching The Human Barrier
Commentary  |  10/20/2014  | 
A company can spend all the money it has on technical solutions to protect the perimeter and still not prevent the attack that comes from within.
Why You Shouldn't Count On General Liability To Cover Cyber Risk
News  |  10/20/2014  | 
Travelers Insurance's legal spat with P.F. Chang's over who'll pay breach costs will likely illustrate why enterprises shouldn't think of their general liability policies as backstops for cyber risk.
Sophisticated Malvertising Campaign Targets US Defense Industry
News  |  10/17/2014  | 
Dubbed Operation DeathClick, the campaign puts a new twist on an old method of infecting users.
In Plain Sight: How Cyber Criminals Exfiltrate Data Via Video
Commentary  |  10/17/2014  | 
Just like Fortune 500 companies, attackers are investing in sophisticated measures that let them fly beneath the radar of conventional security.
Open Source v. Closed Source: What's More Secure?
Open Source v. Closed Source: What's More Secure?
Dark Reading Videos  |  10/17/2014  | 
In the wake of Shellshock and Heartbleed, has the glow of open-source application security dimmed?
FBI Director Urges New Encryption Legislation
News  |  10/16/2014  | 
Encryption algorithms do not acknowledge "lawful access."
'Silent' Fix For Windows USB Bug?
Quick Hits  |  10/16/2014  | 
Researchers say a newly patched Microsoft USB flaw in older versions of Windows had at some time previously been fixed in newer versions of the OS.
Facebook Doubles Bug Bounties For Ad-Related Flaws
News  |  10/16/2014  | 
Is it a sign that online brands are treating malvertising more seriously?
The Internet of Things: 7 Scary Security Scenarios
Slideshows  |  10/16/2014  | 
The IoT can be frightening when viewed from the vantage point of information security.
Berners-Lee Behind New Private Communications Network For Ultra-Privacy Conscious
Quick Hits  |  10/16/2014  | 
MeWe offers free, secure, and private communications.
'Hurricane Panda' Cyberspies Used Windows Zero-Day For Months
News  |  10/15/2014  | 
The vulnerability is one of multiple issues patched this week by Microsoft that have been targeted by attackers.
Russian Hackers Made $2.5B Over The Last 12 Months
News  |  10/15/2014  | 
The big bucks are in selling credit card data -- not using it for fraud -- and PoS and ATM attacks are on the rise.
'POODLE' Attacks, Kills Off SSL 3.0
News  |  10/15/2014  | 
A newly discovered design flaw in an older version of SSL encryption protocol could be used for man-in-the-middle attacks -- leading some browser vendors to remove SSL 3.0 for good.
Third-Party Code: Fertile Ground For Malware
Commentary  |  10/15/2014  | 
How big-brand corporate websites are becoming a popular method for mass distribution of exploit kits on vulnerable computers.
CMS Plug-Ins Put Sites At Risk
News  |  10/15/2014  | 
Content management systems are increasingly in attackers' crosshairs, with plug-ins, extensions, and themes broadening the attack surfaces for these platforms.
Cost Of A Data Breach Jumps By 23%
News  |  10/14/2014  | 
Cleanup and resolution after a breach take an average of one month to complete, a new Ponemon Institute report finds.
Mastering Security Analytics
News  |  10/14/2014  | 
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Hundreds Of DropBox Logins For Sale On Pastebin
Quick Hits  |  10/14/2014  | 
Trader says he's got 7 million more where those came from, but Dropbox says the accounts were expired.
Stolen Medical Data Is Now A Hot Commodity
Commentary  |  10/14/2014  | 
While credit cards are selling for a dollar or less on the black market, personal health credentials are commanding as much as $10 per patient. Here’s why.
Russian Cyberspies Hit Ukrainian, US Targets With Windows Zero-Day Attack
News  |  10/14/2014  | 
The Sandworm cyber espionage gang out of Russia intensifies its attacks in the wake of the Ukrainian conflict and sanctions against Russia with classic zero-day -- plus a popular cybercrime toolkit.
Shellshock Mayhem Marks The Start Of Malware Mess
News  |  10/13/2014  | 
Existing Mayhem botnet malware kit now includes Shellshock exploit -- and experts say that'll be the model for more enterprising criminals.
In AppSec, ‘Fast’ Is Everything
Commentary  |  10/13/2014  | 
The world has shifted. The SAST and DAST tools that were invented over a decade ago are no longer viable approaches to application security.
4 ID Management Tips For Better Breach Resistance
News  |  10/13/2014  | 
AT&T insider attack case highlights the need for strong privileged identity management practices.
Don’t Get Caught in a Compromising Position
Partner Perspectives  |  10/13/2014  | 
Relying on Indicators of Compromise is necessary, but not sufficient.
Dairy Queen Breach Shines Light On Impact Of 3rd-Party Breaches
News  |  10/10/2014  | 
Yet another retail chain confirms a data breach of customer payment information via a third-party vendor, and Kmart tosses its hat into the breached ring today.
Security Education K Through Life
Commentary  |  10/10/2014  | 
InfoSec professionals of the future need access to the right education and tools early on and throughout their entire work life.
2 Tech Challenges Preventing Online Voting In US
News  |  10/9/2014  | 
A new report explains that online voting in the US is a matter of "if, not when," but problems of anonymity and verifiability must be solved first.
How To Be A 'Compromise-Ready' Organization
News  |  10/9/2014  | 
Incident response pros share tips on how to have all your ducks in a row before the inevitable breach.
MBIA Breach Highlights Need For Tightened Security Ops
News  |  10/9/2014  | 
Configuration change management and better monitoring could have prevented search engine indexing of sensitive financial information.
How Retail Can Win Back Consumer Trust
Commentary  |  10/9/2014  | 
Customer loyalty to their favorite brands is all about trust, which today has everything to do with security and privacy.
Why Don't IT Generalists Understand Security?
Why Don't IT Generalists Understand Security?
Dark Reading Videos  |  10/8/2014  | 
Why doesn't the rest of the IT department understand what encryption and passwords can and can't do? And does it matter?
How One Criminal Hacker Group Stole Credentials for 800,000 Bank Accounts
News  |  10/8/2014  | 
Proofpoint report shows how one Russian-speaking criminal organization hides from security companies.
DHS Anti-Terrorism Program Could Provide Cyberattack Liability Protection
News  |  10/8/2014  | 
The SAFETY Act can offer a layer of legal protection for cyber security vendors, providers, and enterprise security policies in the wake of an attack, an attorney says.
MBIA Leaves Customer Data Exposed On Web
News  |  10/8/2014  | 
The breach was due to a misconfigured server that exposed sensitive data online.
Good Job, Facebook: The Intersection Of Privacy, Identity & Security
Commentary  |  10/8/2014  | 
Birth names and legal names aren’t always the names people are best known by, concedes Facebook in the wake of a real-name policy usage flap.
Former NSA Director Reflects On Snowden Leaks
News  |  10/8/2014  | 
Gen. Keith Alexander defends NSA's controversial spying programs as lawful.
Yahoo Server Hack: Shellshocked Or Not?
News  |  10/7/2014  | 
Yahoo goes on the record to state that an attack over the weekend was not related to Shellshock, but an independent researcher insists the Bash bug is rearing its head on Yahoo infrastructure.
Hackers Steal Millions In Cash From ATMs, Using Tyupkin Malware
Quick Hits  |  10/7/2014  | 
Attackers add in failsafes to prevent innocents from triggering attack and money mules from going rogue.
Tokenization: 6 Reasons The Card Industry Should Be Wary
Commentary  |  10/7/2014  | 
VISA’s new token service aims to provide consumers a simple, fraud-free digital payment experience. It’s a worthy goal, but one that may prove to be more aspirational than functional.
HBGary Founder Launches New Security Startup
Quick Hits  |  10/7/2014  | 
Greg Hoglund's new Outlier Security offers SaaS-based security and IR for endpoints.
Heartland CEO On Why Retailers Keep Getting Breached
News  |  10/6/2014  | 
Robert Carr, chairman and CEO of Heartland Payment Systems, says lack of end-to-end encryption and tokenization were factors in recent data breaches.
Apple Makes Move To Shut Down Mac Botnet
News  |  10/6/2014  | 
Cupertino engineers move swiftly to contain a Trojan outbreak reportedly propagated through pirated software.
How Cookie-Cutter Cyber Insurance Falls Short
Commentary  |  10/6/2014  | 
Many off-the-shelf cyber liability policies feature a broad range of exclusions that won’t protect your company from a data breach or ransomware attack.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5242
Published: 2014-10-21
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action.

CVE-2012-5243
Published: 2014-10-21
functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.

CVE-2012-5702
Published: 2014-10-21
Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) company_name parameter in an addedit action to i...

CVE-2013-7406
Published: 2014-10-21
SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-2531
Published: 2014-10-21
SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the (1) NodeWorx , (2) SiteWorx, or (3) R...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.