News & Commentary
Latest Content
Page 1 / 2   >   >>
What The EU’s Safe Harbor Ruling Means For Data Privacy In The Cloud
Commentary  |  10/6/2015  | 
The European Court of Justice today struck down the 15-year-old data transfer agreement between the European Union and the US. Here’s how to begin to prepare for the fallout.
Researchers Disrupt Angler Exploit Kit, Ransomware Operation
News  |  10/6/2015  | 
Cisco Talos Group estimates Angler is making $60 million per year from ransomware alone.
Don’t Be Fooled: In Cybersecurity Big Data Is Not The Goal
Commentary  |  10/6/2015  | 
In other words, the skills to be a security expert do not translate to being able to understand and extract meaning from security data.
10 Security Certifications To Boost Your Career
Slideshows  |  10/5/2015  | 
Earning a security credential can help you open the door to a great job. But you need to know which certification is the right one for you.
5 Signs Security's Finally Being Taken Seriously
News  |  10/5/2015  | 
It's taken years, but infosec may have finally won a seat at the table, as executive leadership reports more mature attitudes and practices.
Nuclear Plants' Cybersecurity Is Bad -- And Hard To Fix
News  |  10/5/2015  | 
Report: 'Very few' nuclear plants worldwide patch software, and operations engineers 'dislike' security pros.
Segmentation: A Fire Code For Network Security
Commentary  |  10/5/2015  | 
New technologies like software-defined segmentation are making it easier to prevent a compromise from spreading by separating users and network resources into zones.
A Wassenaar Arrangement Primer, With Katie Moussouris
A Wassenaar Arrangement Primer, With Katie Moussouris
Dark Reading Videos  |  10/5/2015  | 
The chief policy officer for HackerOne joins the Dark Reading News Desk at Black Hat to explain how the security community is working to prevent a policy 'dragnet' that would injure American infosec companies and researchers.
Scottrade Breach Hit 4.6 Million Customers, Began 2 Years Ago
Quick Hits  |  10/2/2015  | 
Social Security numbers might have been exposed, but the main target appears to have been contact information.
Amazon Downplays New Hack For Stealing Crypto Keys In Cloud
News  |  10/2/2015  | 
Attack works only under extremely rare conditions, cloud giant says of the latest research.
What Security Pros Really Worry About
What Security Pros Really Worry About
Dark Reading Videos  |  10/2/2015  | 
Editor-in-Chief Tim Wilson visits the Dark Reading News Desk to report what security pros have told us in latest Black Hat and Dark Reading surveys about their priorities and what keeps them from them.
The Evolution Of Malware
Commentary  |  10/2/2015  | 
Like the poor in the famous Biblical verse, malware will always be with us. Here’s a 33-year history from Elk Cloner to Cryptolocker. What will be next?
Experian Gets Hacked, Exposing SSNs, Data From 15 Million T-Mobile Customers
Quick Hits  |  10/2/2015  | 
Credit monitoring firm suffers its second major data breach.
Deceit As A Defense Against Cyberattacks
News  |  10/1/2015  | 
A new generation of 'threat deception' technology takes the honeypot to a new, enterprise level.
Stagefright 2.0 Vuln Affects Nearly All Android Devices
News  |  10/1/2015  | 
Worst threat is only to version 5.0 Lollipop and later.
And Now A Malware Tool That Has Your Back
News  |  10/1/2015  | 
In an unusual development, white hat malware is being used to secure thousands of infected systems, not to attack them, Symantec says.
Automating Breach Detection For The Way Security Professionals Think
Commentary  |  10/1/2015  | 
The missing ingredient in making a real difference in the cumbersome process of evaluating a flood of alerts versus a small, actionable number is context.
DHS Funds Project For Open Source 'Invisible Clouds'
News  |  9/30/2015  | 
Cloud Security Alliance and Waverley Labs to build software-defined perimeter (SDP) to protect cloud and critical infrastructure from DDoS attacks.
A Father’s Perspective On The Gender Gap In Cybersecurity
Commentary  |  9/30/2015  | 
There are multiple reasons for the dearth of women in infosec when the field is so rich with opportunity. The big question is what the industry is going to do about it.
State Trooper Vehicles Hacked
News  |  9/30/2015  | 
Car-hacking research initiative in Virginia shows how even older vehicles could be targeted in cyberattacks.
New Tactic Finds RAT Operators Fast
News  |  9/29/2015  | 
Low tolerance for latency makes RAT operators less likely to use proxies, easier to track back home.
3 Steps To Knowing Your Network
Partner Perspectives  |  9/29/2015  | 
Managing your IT assets is a daily effort requiring vigilance and persistence.
Visual Analytics And Threat Intelligence With Raffael Marty
Visual Analytics And Threat Intelligence With Raffael Marty
Dark Reading Videos  |  9/29/2015  | 
Raffael Marty, founder and CEO of PixlCloud, stops by Dark Reading News Desk at Black Hat to discuss how to harness security data, visualize it, and put it to use, so it's more than just pretty pictures.
Why Many Organizations Still Don't Use Threat Intelligence Portals
News  |  9/29/2015  | 
New data shows definite interest in adopting threat intel offerings, but also concerns about costs, resources.
The 'Remediation Gap:' A 4-Month Invitation To Attack
News  |  9/29/2015  | 
Organizations set out the welcome mat for cyberattackers by taking an average of 120 days to patch flaws.
The Unintended Attack Surface Of The Internet Of Things
Commentary  |  9/29/2015  | 
How a vulnerability in a common consumer WiFi device is challenging today’s enterprise security.
10 Password Managers For Business Use
Slideshows  |  9/28/2015  | 
Beyond helping end users keep track of their logins, some password managers can integrate with Active Directory and generate compliance reports.
Getting The Most From Your Security Investments
Getting The Most From Your Security Investments
Dark Reading Videos  |  9/28/2015  | 
In an interview at Black Hat, Shehzad Merchant, CTO of Gigamon, shares his thoughts with the Dark Reading News Desk on how CISOs can get the most out of their technology investments when it comes to fighting breaches.
Keep Your Digital Assets Safe
Keep Your Digital Assets Safe
Dark Reading Videos  |  9/28/2015  | 
Arian Evans, VP of product strategy at RiskIQ, talks to the Dark Reading News Desk at Black Hat about RiskIQ’s new online digital asset inventory discovery and security platform, Enterprise Digital Footprint.
Deconstructing The Challenges Of Software Assurance For Connected Cars
Commentary  |  9/28/2015  | 
Ensuring software security in the auto industry will entail careful attention to all aspects of software development: design, coding standards, testing, verification and run-time assurance.
New Data Finds Women Still Only 10% Of Security Workforce
News  |  9/28/2015  | 
But more women hold governance, risk and compliance (GRC) roles than men, new (ISC)2 report finds.
China, US Agree To Not Conduct Cyberespionage For Economic Gain
Quick Hits  |  9/27/2015  | 
Pledge applies to stealing trade secrets but stops short of banning traditional espionage via hacking.
Google, Others Seek to Make Cybercrime Costlier For Criminals
News  |  9/25/2015  | 
Most effective long-term strategy is to target the support infrastructure and financial services used by criminals, Google says
FTC v. Wyndham: ‘Naughty 9’ Security Fails to Avoid
Commentary  |  9/25/2015  | 
The Federal Trade Commission’s fair trade suit against Wyndham hotels offers insight into the brave new world of cybersecurity regulation of consumer data.
Chinese Military Behind South China Sea Cyber Espionage Attacks
News  |  9/24/2015  | 
An infamous advanced persistent threat hacking group known as Naikon is actually China's PLA Unit 78020 and a military intelligence expert there, traced to the attacks via his social media and other activity.
4 IoT Cybersecurity Issues You Never Thought About
Commentary  |  9/24/2015  | 
Government, industry and security professionals problem-solve the daunting challenges of the Internet of Things.
Cisco Offers Free Tool To Detect SYNful Knock Router Malware
News  |  9/24/2015  | 
Tool helps businesses detect routers running known version of newly discovered malicious implant.
Shellshock’s Cumulative Risk One Year Later
Commentary  |  9/24/2015  | 
How long does it take to patch an entire distribution and bring it up to date? Longer than you think.
Healthcare Organizations Twice As Likely To Experience Data Theft
News  |  9/23/2015  | 
Bad guys very willing to invest in attacking medical data, but healthcare not very willing to invest in defending it.
Cloud Security Visibility Gap Dogs Deployments
News  |  9/23/2015  | 
SANS says visibility is the top cloud security concern.
Gartner: Global Security Spending Rises Nearly 5% Despite 'Commoditization'
News  |  9/23/2015  | 
Security market to hit $75.4 billion in 2015, but endpoint and consumer software segments slowing due to saturation.
What Companies Want In A CISO
What Companies Want In A CISO
Dark Reading Videos  |  9/23/2015  | 
Joyce Brocaglia founder of the Executive Women's Forum and CEO of Alta Associates joins the Dark Reading News Desk at Black Hat to discuss closing the gender gap in security and what companies are looking for in a CISO.
OPM Finds Another 4 Million Fingerprints Stolen In Hack
Quick Hits  |  9/23/2015  | 
Fallout from the data breach at the Office of Personnel Management continues to swell.
Healthcare Biggest Offender In 10 Years Of Data Breaches
News  |  9/22/2015  | 
Missing devices and untrustworthy insiders made the healthcare industry responsible for more (reported) data breaches than any other sector all decade.
Free Tool Helps Companies Measure And Map Their Bug Reporting Programs
News  |  9/22/2015  | 
The new Vulnerability Coordination Maturity Model (VCMM) created by HackerOne's Katie Moussouris, includes an assessment tool, key elements, and best practices in a vulnerability coordination program.
The Common Core Of Application Security
Commentary  |  9/22/2015  | 
Why you will never succeed by teaching to the test.
Why It’s Insane To Trust Static Analysis
Commentary  |  9/22/2015  | 
If you care about achieving application security at scale, then your highest priority should be to move to tools that empower everyone, not just security experts.
Buyer Beware: How To Avoid Getting Sucked Into Shelfware
Partner Perspectives  |  9/22/2015  | 
Three simple questions can help ensure you get the most value out of your information security investments.
Run, Jump, Shoot, Infect: Trojanized Games Invade Google Play
News  |  9/22/2015  | 
ESET Researchers find Trojan Mapin bundled with games that look like popular titles such as Plants vs. Zombies and Candy Crush.
XcodeGhost Another Crack In Apple's Circle of Trust
News  |  9/21/2015  | 
On the heels of KeyRaider's attack on jailbroken iPhones, attackers show they can hit non-broken devices too, sneaking 39 weaponized apps onto the official App Store and around Apple's best efforts to lock down its developer environment.
Page 1 / 2   >   >>

Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Tech Digest September 7, 2015
Some security flaws go beyond simple app vulnerabilities. Have you checked for these?
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-06
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 21335999.

Published: 2015-10-06
Bluetooth in Android before 5.1.1 LMY48T allows attackers to remove stored SMS messages via a crafted application, aka internal bug 22343270.

Published: 2015-10-06
mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22954006.

Published: 2015-10-06
The Runtime subsystem in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23050463.

Published: 2015-10-06
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23213430.

Dark Reading Radio
Archived Dark Reading Radio
What can the information security industry do to solve the IoT security problem? Learn more and join the conversation on the next episode of Dark Reading Radio.