News & Commentary
Latest Content
Page 1 / 2   >   >>
Welcome To My Cyber Security Nightmare
Commentary  |  10/30/2014  | 
Happy Halloween. Here are three chilling scenarios that will keep even the most hardened infosec warrior awake all night.
Keep Calm & Verify: How To Spot A Fake Online Data Dump
News  |  10/29/2014  | 
Determining whether a data dump on Pastebin or elsewhere online is legit can be time-consuming and resource-intensive. Deloitte & Touche offers tips for how to weed out the fake hacks.
Infographic: The Many Faces of Today’s Hackers
Commentary  |  10/29/2014  | 
How many of these hacker personas are you dueling with in your organization?
Facebook Launches New Open-Source OS Monitoring Tool
News  |  10/29/2014  | 
Modular framework can be used to schedule and log SQL-based queries.
White House Says Unclassified Network Hit In Cyberattack
News  |  10/29/2014  | 
Mitigation efforts have caused temporary outages and loss of connectivity for some staff, but no computers have been damaged, official says.
Cyber Espionage Attacks Attributed To Russian Government
News  |  10/29/2014  | 
FireEye report meticulously details clues that all point to state-sponsorship of the Sofacy/Sourface malware and tracks its evolution over seven years.
Security Companies Team Up, Take Down Chinese Hacking Group
News  |  10/28/2014  | 
Novetta, Microsoft, and others form Operation SMN to eradicate Hikit malware and disrupt the cyber espionage gang Axiom's extensive information gathering.
Retailers Facing Intensified Cyberthreat This Holiday Season
News  |  10/28/2014  | 
After the Year of the Retail Breach, retail's annual holiday shopping season "freeze" on new technology and some security patching is just around the corner.
What Scares Me About Healthcare & Electric Power Security
Commentary  |  10/28/2014  | 
Both industries share many of the same issues as enterprises. But they also have a risk profile that makes them singularly unprepared for sophisticated threats
Researcher Shows Why Tor Anonymity Is No Guarantee Of Security
News  |  10/27/2014  | 
Tor exit node in Russia spotted downloading malicious code.
How I Became a CISO: Janet Levesque, RSA
News  |  10/27/2014  | 
RSA's newest chief information security officer says she landed the job because of her ability to build relationships, not a background in crypto or a pile of certs.
A Simple Formula For Usable Risk Intelligence
Commentary  |  10/27/2014  | 
How infosec can cut through the noise and gain real value from cyberdata.
Backoff PoS Malware Boomed In Q3
News  |  10/24/2014  | 
The security firm Damballa detected a 57% increase in infections of the notorious Backoff malware from August to September.
Poll: Patching Is Primary Response to Shellshock
Commentary  |  10/24/2014  | 
As potential threats mount, Dark Reading community members hone in on patching infrastructure but not devices, according to our latest poll.
US Military Officials, Defense Firms Targeted In 'Operation Pawn Storm'
News  |  10/23/2014  | 
Cyber espionage attackers "did their homework" in an attack campaign that has intensified in the wake of US-Russian tensions.
Financial Services Ranks Cyberattacks Top Industry Worry
Quick Hits  |  10/23/2014  | 
Depository Trust & Clearing Corporation (DTCC) survey says cyberrisk is one of the top five concerns for financial services firms.
Attacks On Patched Sandworm Flaw Force Microsoft To Issue Fix It
News  |  10/23/2014  | 
More than a week after Microsoft fixed a flaw affecting almost all Windows versions, attackers are continuing to exploit it.
20% Of 'Broadly Shared' Data Contains Regulated Info
News  |  10/23/2014  | 
Forget shadow IT. The new risk is "shadow data."
Incident Response: Is Your IR Plan A Glorified Phone Tree?
Commentary  |  10/23/2014  | 
Training internal security teams to be first responders can drastically improve an organization's effectiveness in the wake of a data breach. Here's why.
Enterprise Security: Why You Need a Digital Immune System
Partner Perspectives  |  10/23/2014  | 
Treating enterprise security like the human body's response to illness or injury is more effective than just a barrier approach
So You Think You Know Risk Management
So You Think You Know Risk Management
Dark Reading Videos  |  10/23/2014  | 
Infosec officers are coming around to the idea that their job is more about managing risk than putting the entire organization on permanent lockdown. But do security pros understand risk management as well as they think they do?
10 Things IT Probably Doesn't Know About Cyber Insurance
News  |  10/23/2014  | 
Understand the benefits and the pitfalls you might miss when evaluating cyber policies.
Open-Source Software Brings Bugs To Web Applications
News  |  10/22/2014  | 
An average of eight severe security flaws from open-source and third-party code can be found in each web application, according to new findings from Veracode.
Pharmaceuticals, Not Energy, May Have Been True Target Of Dragonfly, Energetic Bear
News  |  10/22/2014  | 
New research says the compromised companies were suppliers for OEMs that served pharma and biotech.
Insecure Protocol Puts 1.2M SOHO Devices At Risk
News  |  10/22/2014  | 
Enterprises should take care to prohibit NAT-PMP traffic on untrusted network interfaces.
Cyber Threats: Information vs. Intelligence
Commentary  |  10/22/2014  | 
Cyber threat intelligence or CTI is touted to be the next big thing in InfoSec. But does it narrow the security problem or compound it?
White Hat Hackers Fight For Legal Reform
News  |  10/21/2014  | 
Security researchers petition to update digital intellectual property and copyright protection laws that limit their work in finding and revealing security bugs.
Digital Security: Taking an Uncompromising Stand
Partner Perspectives  |  10/21/2014  | 
How to improve digital immunity by sharing Indicators of Attack.
Synthetic Identity Fraud A Fast-Growing Category
News  |  10/21/2014  | 
Real SSNs tied with fake identities are reaping criminals big profits.
Google Expands 2-Factor Authentication For Chrome, Gmail
Quick Hits  |  10/21/2014  | 
Google issues USB keys for Chrome users to log into Google accounts and any other websites that support FIDO universal two-factor authentication -- but it's no help to mobile users.
Several Staples Stores Suffer Data Breach
News  |  10/21/2014  | 
Attack appears smaller in scope but similar to incidents reported by several other major retailers this year.
Compliance Is A Start, Not The End
Compliance Is A Start, Not The End
Dark Reading Videos  |  10/21/2014  | 
Regulatory compliance efforts may help you get a bigger budget and reach a baseline security posture. But "compliant" does not necessarily mean "secure."
How To Become A CISO, Part 1
News  |  10/20/2014  | 
Think you're ready for the top job? Here's part 1 of a series to help you land that prime chief information security officer position.
Nearly Half Of Consumers Will Punish Breached Retailers During Holidays
News  |  10/20/2014  | 
Consumers say they'll talk with their wallets if they hear their favorite store has played fast and loose with customer data.
Insider Threats: Breaching The Human Barrier
Commentary  |  10/20/2014  | 
A company can spend all the money it has on technical solutions to protect the perimeter and still not prevent the attack that comes from within.
Why You Shouldn't Count On General Liability To Cover Cyber Risk
News  |  10/20/2014  | 
Travelers Insurance's legal spat with P.F. Chang's over who'll pay breach costs will likely illustrate why enterprises shouldn't think of their general liability policies as backstops for cyber risk.
Sophisticated Malvertising Campaign Targets US Defense Industry
News  |  10/17/2014  | 
Dubbed Operation DeathClick, the campaign puts a new twist on an old method of infecting users.
In Plain Sight: How Cyber Criminals Exfiltrate Data Via Video
Commentary  |  10/17/2014  | 
Just like Fortune 500 companies, attackers are investing in sophisticated measures that let them fly beneath the radar of conventional security.
Open Source v. Closed Source: What's More Secure?
Open Source v. Closed Source: What's More Secure?
Dark Reading Videos  |  10/17/2014  | 
In the wake of Shellshock and Heartbleed, has the glow of open-source application security dimmed?
FBI Director Urges New Encryption Legislation
News  |  10/16/2014  | 
Encryption algorithms do not acknowledge "lawful access."
'Silent' Fix For Windows USB Bug?
Quick Hits  |  10/16/2014  | 
Researchers say a newly patched Microsoft USB flaw in older versions of Windows had at some time previously been fixed in newer versions of the OS.
Facebook Doubles Bug Bounties For Ad-Related Flaws
News  |  10/16/2014  | 
Is it a sign that online brands are treating malvertising more seriously?
The Internet of Things: 7 Scary Security Scenarios
Slideshows  |  10/16/2014  | 
The IoT can be frightening when viewed from the vantage point of information security.
Berners-Lee Behind New Private Communications Network For Ultra-Privacy Conscious
Quick Hits  |  10/16/2014  | 
MeWe offers free, secure, and private communications.
'Hurricane Panda' Cyberspies Used Windows Zero-Day For Months
News  |  10/15/2014  | 
The vulnerability is one of multiple issues patched this week by Microsoft that have been targeted by attackers.
Russian Hackers Made $2.5B Over The Last 12 Months
News  |  10/15/2014  | 
The big bucks are in selling credit card data -- not using it for fraud -- and PoS and ATM attacks are on the rise.
'POODLE' Attacks, Kills Off SSL 3.0
News  |  10/15/2014  | 
A newly discovered design flaw in an older version of SSL encryption protocol could be used for man-in-the-middle attacks -- leading some browser vendors to remove SSL 3.0 for good.
Third-Party Code: Fertile Ground For Malware
Commentary  |  10/15/2014  | 
How big-brand corporate websites are becoming a popular method for mass distribution of exploit kits on vulnerable computers.
CMS Plug-Ins Put Sites At Risk
News  |  10/15/2014  | 
Content management systems are increasingly in attackers' crosshairs, with plug-ins, extensions, and themes broadening the attack surfaces for these platforms.
Cost Of A Data Breach Jumps By 23%
News  |  10/14/2014  | 
Cleanup and resolution after a breach take an average of one month to complete, a new Ponemon Institute report finds.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-3304
Published: 2014-10-30
Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI.

CVE-2013-7409
Published: 2014-10-30
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file.

CVE-2014-3446
Published: 2014-10-30
SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in BSS Continuity CMS 4.2.22640.0 allows remote attackers to execute arbitrary SQL commands via the nodeid parameter.

CVE-2014-3584
Published: 2014-10-30
The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before 2.7.8, and 3.0.x before 3.0.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted SAML token in the authorization header of a request to a JAX-RS service.

CVE-2014-3623
Published: 2014-10-30
Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vect...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.