News & Commentary
Latest Content
Page 1 / 2   >   >>
Fewer Than One-Fourth Of Cybersecurity Job Candidates Are Qualified
News  |  2/22/2017  | 
ISACA report finds that 55% of security jobs take three- to six months to fill, and under 25% of candidates are qualified for the jobs they apply for.
Tunneling Through The "Walls" Of IoT In The Enterprise
Commentary  |  2/22/2017  | 
The movie "Die Hard" has a thing or two to teach us about the pitfalls of the Internet of Things.
Why We Need To Reinvent How We Catalogue Malware
Commentary  |  2/22/2017  | 
One obvious trend: crimeware technologies that come with simple user consoles and functionality to create unique binaries at the click of a button.
6 Tips for Preventing Laptop Data Theft
News  |  2/22/2017  | 
Experts point to stronger passwords, full-disk encryption, and multi-factor authentication as ways to stop data theft in the event a laptop is lost or stolen.
80% Of Web Applications Contain At Least One Security Bug
Quick Hits  |  2/22/2017  | 
Study by Contrast Security finds an average of 45 vulnerabilities per Web application.
Yahoo Trims Its Price Tag To Verizon By $350 Million
Quick Hits  |  2/22/2017  | 
Announcement of new deal price from the previous $4.8 billion allays fears of deal cancellation or even bigger price cut.
Speak Up: Ransomware Attack Uses Voice Recognition
News  |  2/22/2017  | 
New variant of Android ransomware comes with a bizarre twist.
Survey: 14% Of IT Execs Would Pay $500K To Avoid Shaming After A Breach
Partner Perspectives  |  2/22/2017  | 
Bitdefender report shows how negative media headlines following an attack can cause financial damage, ruin business forecasts and severely damage reputations.
Stolen Health Record Databases Sell For $500,000 In The Deep Web
News  |  2/21/2017  | 
Electronic health record databases proving to be some of the most lucrative stolen data sets in cybercrime underground.
Google Shines Light On Corporate Gmail Threats
Quick Hits  |  2/21/2017  | 
New data highlights the diversity of security threats putting corporate Gmail inboxes at risk.
Social Media Impersonators Drive Security Risk
News  |  2/21/2017  | 
A new pool of research digs into the fraudulent social media accounts, a growing threat to individuals and businesses.
Law Enforcement At RSAC: Collaboration Is Key To Online Crime Fighting
News  |  2/21/2017  | 
Agencies and investigators are reaching out across jurisdictions and international borders to vanquish spammers, botnet operators, and worse.
8 Valuable Security Certifications For 2017
Slideshows  |  2/21/2017  | 
A security credential could be the step towards your next job title. But which one to get?
Preparing Security For Windows 7 End-Of-Life Support
Commentary  |  2/21/2017  | 
Moving to Microsoft's latest OS may give you flashbacks to when XP support ended.
FBI Pursues Three Probes Into Russian Hacking Of US Elections
Quick Hits  |  2/21/2017  | 
Sources say the bureau's offices in Pittsburgh, San Francisco, and Washington are investigating the alleged hack.
Two More Sentenced In $1.3 Million Spam Email Scheme
Quick Hits  |  2/21/2017  | 
Tomasz Chmielarz and Devin McArthur get two years of probation for involvement in a hacking scheme affecting 60M people.
Controlling Privileged Access To Prevent Rogue Users In Active Directory
Commentary  |  2/20/2017  | 
Knowing which of your employees have which privileges is the first step to staying safe.
Voice Biometrics Prone To Error, Study Shows
News  |  2/20/2017  | 
New research shows the need for a holistic solution to authentication, not just voice biometrics alone.
Do Software-Defined Data Centers Pose Security Concerns?
Partner Perspectives  |  2/20/2017  | 
SDDC adoption is likely to trigger widespread data security governance programs, with 20 percent of organizations considering them necessary to prevent data breaches.
At Least 70 Organizations Targeted In Sophisticated Cyber Surveillance Operation
News  |  2/17/2017  | 
Most of the targets are in Ukraine, though a few have been spotted in Russia and elsewhere, CyberX says
Yahoo Explains Cookie Forgery Related To Two 2016 Breaches
Quick Hits  |  2/17/2017  | 
Yahoo's recent update on forged cookies is in relation to two, not three, security breaches announced last year.
Closing The Cybersecurity Skills Gap With STEM
Commentary  |  2/17/2017  | 
As a nation, we should be doing more to promote educational programs that prepare today's students for tomorrow's jobs.
After Election Interference, RSA Conference Speakers Ask What Comes Next
News  |  2/17/2017  | 
Election-tampering called 'a red line we should not allow anyone to cross.'
Man Jailed For Hacking Ex-Employer's Operations
Quick Hits  |  2/17/2017  | 
Louisiana resident Brian Johnson was sentenced to 34 months in prison and ordered to pay more than $1.1 million in damages.
Florida Man Gets 48 Months For $1.3M Spam Email Scheme
Quick Hits  |  2/17/2017  | 
Timothy Livingston committed identity theft and sent bulk spam emails on behalf of clients, generating $1.3 million in profit.
NSS Labs Talks Operationalizing Security
NSS Labs Talks Operationalizing Security
Dark Reading Videos  |  2/17/2017  | 
At RSA, NSS Labs CTO Jason Brvenik discusses how to find the gaps in your current web of security products and how to discover what you're not finding.
Iran Intensifies Its Cyberattack Activity
News  |  2/16/2017  | 
Middle East targets namely Saudi Arabia are feeling the brunt of the attacks, but experts anticipate Iran will double down on hacking US targets.
Ransomware Growth Fueled By Russian-Speaking Cybercriminals
News  |  2/16/2017  | 
Individuals and groups from Russian-speaking countries responsible for a lot of ransomware activity, Kaspersky Lab says.
Recorded Future Talks Threat Intel
Recorded Future Talks Threat Intel
Dark Reading Videos  |  2/16/2017  | 
At the RSA Conference, Recorded Future's vice president of intelligence and strategy Levi Gundert and director of advanced collection Andrei Barysevich discuss threat intelligence.
The Era Of Data-Jacking Is Here. Are You Ready?
Commentary  |  2/16/2017  | 
As data in the cloud becomes more valuable, the cost of weak security will soon be higher than many organizations can bear. Here's why.
Ukraine Blames Russia For New Virus Targeting Infrastructure
Quick Hits  |  2/16/2017  | 
The Russian security service, software firms, and criminal hackers are accused of orchestrating cyberattacks on Ukraine's infrastructure.
Yahoo Warns Users Of Forged Cookies In Third Breach
Quick Hits  |  2/16/2017  | 
The company sent a warning to users about forged cookies used in a third data breach originally reported in December 2016.
MEDJACK.3 Poses Advanced Threat To Hospital Devices
News  |  2/16/2017  | 
A newly discovered version of the "medical device hijack" attack targets older operating systems to bypass security measures and steal patient data.
New Attack Threatens Android For Work Security
News  |  2/16/2017  | 
The enterprise privacy app, designed to separate personal and business information, is open to attacks putting corporate data at risk.
Mimecast Tackles Email-Bound Risks
Mimecast Tackles Email-Bound Risks
Dark Reading Videos  |  2/16/2017  | 
At RSA, Mimecast cyber security strategy Bob Adams discusses graduating from basic filtering to true email security risk assessment.
Raytheon Foreground Security Talks Proactive Risk-Based Security
Raytheon Foreground Security Talks Proactive Risk-Based Security
Dark Reading Videos  |  2/16/2017  | 
At RSA, Raytheon Foreground Security's president, Paul Perkinson, and chief strategy officer, Joshua Douglas discuss how to get proactive with advanced threat hunting and managed detection response.
Cylance Talks Third-Party Testing
Cylance Talks Third-Party Testing
Dark Reading Videos  |  2/16/2017  | 
At the RSA Conference, Chad Skipper, vice president of industry relations and product testing for Cylance, discusses the customs and controversies of third-party testing and verification of security products.
CA Technologies Views On How Machine Learning Is Powering The Next Generation Of Security
CA Technologies Views On How Machine Learning Is Powering The Next Generation Of Security
Dark Reading Videos  |  2/16/2017  | 
At RSA, Mordecai Rosen, SVP and general manager of security business for CA Technologies talks machine learning, analytics, and identity management.
Juniper Discusses The New Network & How To Secure It
Juniper Discusses The New Network & How To Secure It
Dark Reading Videos  |  2/16/2017  | 
At RSA, Mihir Maniar, Juniper Networks' vice president of security products and strategy, and Laurence Pitt, Juniper Networks' EMEA security strategy director, discuss how the network has not disappeared, it's just become more elastic.
Clinton Campaign Tested Staffers With Fake Phishing Emails
News  |  2/15/2017  | 
Campaign stressed good IT hygiene, according to manager Robby Mook, who said the fake phishing emails were used to gauge effectiveness of security training for staffers,
Russian-Speaking Rasputin Breaches Dozens Of Organizations
News  |  2/15/2017  | 
Attacker behind Election Assistance Commission hack now using SQL injection as his weapon of choice against universities and government agencies.
What To Do When All Malware Is Zero-Day
Commentary  |  2/15/2017  | 
The industry needs new methods to fingerprint malware in order to determine who's behind breaches, and what can be done to stop them.
IoT Security: A Ways To Go, But Some Interim Steps For Safety
News  |  2/15/2017  | 
The Internet of Things remains vulnerable to botnets and malware, but Cisco's Anthony Grieco offers some tips to keep networks and users more secure
FBIs N-DEx System Helps Unearth Credit Card Fraud Ring
Quick Hits  |  2/15/2017  | 
An intelligence analyst used the N-DEx system to discover a 16-member gang cheating liquor and cigarette stores across eight states.
Microsoft Delays February Security Fixes
Quick Hits  |  2/15/2017  | 
The company delayed its monthly Patch Tuesday update, which was supposed to replace detailed security bulletins with the "Security Updates Guide."
The 10 Most Cyber-Exposed Cities In The US
News  |  2/15/2017  | 
At RSAC, Trend Micro researchers showcase municipalities with the highest percentage of discoverable devices and systems connected via the public Internet.
Veracode Tackles App Sec & The Pace Of DevOps
Veracode Tackles App Sec & The Pace Of DevOps
Dark Reading Videos  |  2/15/2017  | 
At the RSA Conference, Pete Chestna, Director of Developer Engagement at Veracode, discusses the persistent challenges of both continuous delivery and relentless attacks on the application layer.
Anomali Talks Threat Intelligence & Info Sharing
Anomali Talks Threat Intelligence & Info Sharing
Dark Reading Videos  |  2/15/2017  | 
At RSA Conference, Hugh Njemanze, CEO of Anomali talks about threat intelligence and the benefit of bi-directional information sharing with government agencies, as well as the benefit of free software.
Deloitte Tackles Identity Management
Deloitte Tackles Identity Management
Dark Reading Videos  |  2/15/2017  | 
At RSA Conference, Mike Wyatt, Managing Director of Deloitte Advisory Cyber Risk Service, discusses the identity management landscape and its growing importance, from "least privileges" to identity-as-a-service.
New BAE Systems Study Digs Into Defense
New BAE Systems Study Digs Into Defense
Dark Reading Videos  |  2/15/2017  | 
At RSA Conference, BAE Systems Vice President of Cyber Security Strategy Colin McKinty discusses businesses' wide challenges of understanding and responding to the threat landscape.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.