News & Commentary
Latest Content
Page 1 / 2   >   >>
Scope Of FREAK Flaw Widens As Microsoft Says Windows Affected Too
News  |  3/6/2015  | 
Researchers had originally thought only Safari and Android affected by flaw.
Does Hollywood Have The Answer To The Security Skills Question?
Commentary  |  3/6/2015  | 
The Oscar-winning biopic about famed WWII cryptanalyst Alan Turing -- the father of modern computing -- was long overdue. But a lot more needs to be done to inspire the next generation of computer scientists.
Efforts To Team Up And Fight Off Hackers Intensify
News  |  3/5/2015  | 
New intelligence-sharing groups/ISACs emerge, software tools arrive and the White House adds a coordinating agency -- but not all of the necessary intel-sharing 'plumbing' is in place just yet.
Anthem Refuses To Let Inspector General Conduct Full Security Audit
Quick Hits  |  3/5/2015  | 
Security industry has mixed reactions.
New Model Uses 'Malicious Language Of The Internet' To Find Threats Fast
News  |  3/5/2015  | 
OpenDNS's new NLPRank tool may identify malicious domains before they are even put to nefarious use.
Which Apps Should You Secure First? Wrong Question.
Commentary  |  3/5/2015  | 
Instead, develop security instrumentation capability and stop wasting time on '4 terrible tactics' that focus on the trivial.
How Secure Are You?
Partner Perspectives  |  3/5/2015  | 
The NIST Cybersecurity Framework can help you understand your risks.
North Korean Government Not Likely Behind Malware On Nation's Official News Site
News  |  3/5/2015  | 
Contrary to initial assumptions of North Korean government involvement, watering hole attack appears to be the work of external hackers -- and contains similarities to Darkhotel campaign, security researchers say.
Apple Pay Fraud Gives Us A New Reason To Hate Data Breaches And SSNs
News  |  3/4/2015  | 
There may already be millions of dollars in losses, but you can't blame Apple for this one.
Securing Our Electric Power Grid Is Critical
Partner Perspectives  |  3/4/2015  | 
Highly complex infrastructure systems require protection against cyberattacks.
A ‘Building Code’ For Internet of Things Security, Privacy
Commentary  |  3/4/2015  | 
In the fast-emerging IoT, medical device safety is reaching a critical juncture. Here are three challenges InfoSec professionals should begin to think about now.
Enterprises Thirsting For Third-Party Threat Data
News  |  3/3/2015  | 
New report shows enterprises more heavily weighing risks of data loss and cyber attacks in evaluation process.
Breach Victims Three Times Likelier To Be Identity Theft Victims
News  |  3/3/2015  | 
Twenty-eight percent of them say they later avoided the merchants that failed to protect their personal information.
FREAK Out: Yet Another New SSL/TLS Bug Found
News  |  3/3/2015  | 
Old-school, export-grade crypto standard used until the 1990s can be triggered to downgrade security of client, servers, researchers find.
Compliance & Security: A Race To The Bottom?
Commentary  |  3/3/2015  | 
Compliance is meaningless if organizations don’t use it as a starting point to understand and mitigate risks within their environment.
What You Need To Know About Nation-State Hacked Hard Drives
News  |  3/2/2015  | 
The nation-state Equation Group compromise of most popular hard drives won't be a widespread threat, but future disk security -- and forensic integrity -- remain unclear.
Uber Takes Over 5 Months To Issue Breach Notification
Quick Hits  |  3/2/2015  | 
50,000 Uber drives just being told now that their names and license numbers were exposed.
5 Signs That The Firewall's Not Dead Yet
News  |  3/2/2015  | 
Demise of firewall is a long way off, according to recent survey results.
No Silver Bullets for Security
Partner Perspectives  |  3/2/2015  | 
A quick-fix security solution for cyberphysical systems doesn’t exist.
Why Security Awareness Alone Won’t Stop Hackers
Commentary  |  3/2/2015  | 
End-user training is a noble pursuit but it’s no defense against “low and slow” attacks that take months and years to carry out.
Dark Reading Offers Cyber Security Crash Course At Interop 2015
Commentary  |  3/2/2015  | 
New, one-day event offers a way for IT pros to quickly catch up with the latest threats and defenses in information security.
Mobile Security By The Numbers
Slideshows  |  3/2/2015  | 
Rounding up the latest research on mobile malware and security practices.
Cyber Intelligence: Defining What You Know
Commentary  |  2/27/2015  | 
Too often management settles for security data about things that are assumed rather than things you can prove or that you know are definitely wrong.
Hits Keep On Coming For Both SSL & Its Abusers
Quick Hits  |  2/26/2015  | 
Hacktivist group Lizard Squad punishes Lenovo with a DNS hijack. Will Comodo be next?
'Shadow' Cloud Services Rampant In Government Networks
News  |  2/26/2015  | 
Survey finds public sector employees use unmanaged cloud services just as much as private employees.
How To Reduce Spam & Phishing With DMARC
Commentary  |  2/26/2015  | 
Providers of more than 3 billion email boxes have taken up a new Internet protocol to help put trust back into electronic messaging.
How to Strengthen Enterprise Defenses against Ransomware
Partner Perspectives  |  2/26/2015  | 
Eight essential ways that companies can enforce their borders.
5 New Vulnerabilities Uncovered In SAP
News  |  2/26/2015  | 
Onapsis researchers find bugs in SAP BusinessObjects and SAP HANA.
Millions Of Non-Anthem Customers Also Hit By Anthem Breach
Quick Hits  |  2/25/2015  | 
Blue Cross Blue Shield customers -- as many as 8.8 to 18.8 million of them -- might have also had their data compromised.
Ramnit Botnet Disrupted By International Public-Private Collaboration
News  |  2/25/2015  | 
Europol leads the effort to bring down the bank credential-stealing botnet that infected 3.2 million computers across the globe.
Gemalto: NSA, GCHQ May Have Been Behind Breaches It Suffered In 2010 And 2011
News  |  2/25/2015  | 
But the 'sophisticated' attacks hit only Gemalto office networks--not 'massive theft' of SIM crypto keys, vendor says, and such an attack, if waged, would only affect 2G networks, not 3G or 4G.
Five Easiest Ways to Get Hacked – Part 2
Partner Perspectives  |  2/25/2015  | 
Continuing a conversation with principal security consultant Amit Bagree
Customers Aren’t the Only Victims: 5 Stages Of Data Breach Grief
Commentary  |  2/25/2015  | 
What can we learn from organizations that have experienced a data beach? For one thing, infosec teams on the front lines of cyber security are also victims.
5 Ways To Prepare For IoT Security Risks
News  |  2/24/2015  | 
As the Internet of Things begins to take shape, IT organizations must prepare for change.
Medical Identity Theft Costs Victims $13,450 Apiece
News  |  2/24/2015  | 
New study shows not only is medical identity fraud costly for individuals, it's happening a lot more often.
FBI Offers $3 Million Reward For Info On Whereabouts Of GameoverZeus Botnet Operator
Quick Hits  |  2/24/2015  | 
Evgeniy Mikhailovich Bogachev, who faces charges for his alleged role as an administrator of the GameOver Zeus botnet, is at large in Russia.
7 Things You Should Know About Secure Payment Technology
Slideshows  |  2/24/2015  | 
Despite the existence of EMV and Apple Pay, we're a long way from true payment security, especially in the US.
Cybercrime, Cyber Espionage Tactics Converge
News  |  2/24/2015  | 
Real-world cyberattack investigations by incident response firm Mandiant highlight how hackers are adapting to better achieve their goals.
From Hacking Systems To Hacking People
Commentary  |  2/24/2015  | 
New low-tech attack methods like ‘visual hacking’ demand an information security environment that values data privacy and a self-policing culture.
DOJ R&D Agency Awards Grants For Speedier Digital Forensics
News  |  2/23/2015  | 
The US Department of Justice's National Institute of Justice is funding new incident response technology to assist law enforcement.
Blackhat, The Movie: Good, Bad & Ridiculous
Commentary  |  2/23/2015  | 
It didn’t take home an Oscar, but in some instances Blackhat was right on point. Still, a white-hat hacker with the skills to take out armed opponents?
NSA, GCHQ Theft Of SIM Crypto Keys Raises Fresh Security Concerns
News  |  2/20/2015  | 
Pilfered SIM card encryption keys also could allow the spy agencies to deploy malicious Java applets or to send rogue SMS messages from fake cell towers, experts say.
Who Cares Who’s Behind A Data Breach?
Commentary  |  2/20/2015  | 
Attribution takes a long time, a lot of work, and a healthy dose of luck. But is it worth the effort?
Hackin' At The Car Wash, Yeah
News  |  2/19/2015  | 
Drive-through car washes can be hacked via the Internet, to wreak physical damage or to get a free wash for your ride.
Superfish Compromises All SSL Connections On Lenovo Gear
News  |  2/19/2015  | 
More than just pre-installed adware on some Lenovo laptops, Superfish acts as a man-in-the-middle certificate authority, hijacking every SSL session the laptop makes.
Our Governments Are Making Us More Vulnerable
Commentary  |  2/19/2015  | 
Stuxnet opened Pandora’s box and today state-sponsored cyber security policies continue to put us at risk. Here are three reasons why.
End Users Causing Bulk Of Infosec Headaches
News  |  2/18/2015  | 
Report shows 80 percent of IT pros blame users for their security woes.
Five Easiest Ways to Get Hacked – Part 1
Partner Perspectives  |  2/18/2015  | 
A conversation with principal security consultant Amit Bagree.
Russian Hacker Who Hit Heartland, NASDAQ, Extradited To US
News  |  2/18/2015  | 
Vladimir Drinkman, cohort of Albert Gonzalez, appears before US federal court after arrest and extradition by Dutch authorities.
How To Get More Involved In The IT Security Community
Commentary  |  2/18/2015  | 
Dark Reading Radio offers tips on how to network with your IT security peers, learn more about the industry and the profession, and participate in community outreach
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-1637
Published: 2015-03-06
Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for r...

CVE-2014-2130
Published: 2015-03-05
Cisco Secure Access Control Server (ACS) provides an unintentional administration web interface based on Apache Tomcat, which allows remote authenticated users to modify application files and configuration files, and consequently execute arbitrary code, by leveraging administrative privileges, aka B...

CVE-2014-9688
Published: 2015-03-05
Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users.

CVE-2015-0598
Published: 2015-03-05
The RADIUS implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted IPv6 Attributes in Access-Accept packets, aka Bug IDs CSCur84322 and CSCur27693.

CVE-2015-0607
Published: 2015-03-05
The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connecti...

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.