News & Commentary
Latest Content
Page 1 / 2   >   >>
Oracle PeopleSoft In The Crosshairs
News  |  5/27/2015  | 
Presenter at Hack In The Box says PeopleSoft is in worse security shape than SAP was five years ago.
Moose Malware Uses Linux Routers For Social Network Fraud
News  |  5/27/2015  | 
Linux/Moose is sophisticated enough to do DNS hijacks, DDoSes, and deep network penetration...so why is it wasting its time on Instagram?
Escalating Cyberattacks Threaten US Healthcare Systems
Commentary  |  5/27/2015  | 
Electronic health records are prime targets because healthcare organizations lack the resources, processes, and technologies to protect them. And itís only going to get worse.
What Data Breaches Now Cost And Why
News  |  5/27/2015  | 
New Ponemon report says the cost of a data breach has increased by 23% and healthcare and education breaches are the most pricey.
IRS Breach Exposes 100,000 Taxpayers' Tax Returns, Other Data
Quick Hits  |  5/26/2015  | 
Online 'Get Transcript' service accessed from February to mid-May.
Profile Of A Cybercrime Petty Thief
News  |  5/26/2015  | 
Trend Micro provides peek at methods of amateur, lone-wolf carder.
A Threat Intelligence-Sharing Reality-Check
News  |  5/26/2015  | 
Many organizations employ sharing one-way (gathering) and mainly for 'CYA,' experts say.
State-Sponsored Cybercrime: A Growing Business Threat
Commentary  |  5/26/2015  | 
You donít have to be the size of Sony -- or even mock North Korea -- to be a target.
DR Radio: Incident Response War-Gaming
Commentary  |  5/25/2015  | 
Wednesday, May 27: Learn how to practice the post-breach panicking.
Google: Account Recovery Security Questions Not Very Secure
News  |  5/22/2015  | 
An analysis of millions of answers to security questions show many are predictable and easily guessable, says Google.
Cyber Threat Analysis: A Call for Clarity
Commentary  |  5/22/2015  | 
The general public deserves less hyperbole and more straight talk
Hacking Virginia State Trooper Cruisers
News  |  5/22/2015  | 
Working group of federal agencies and private industry launched by the state of Virginia is studying car vulnerabilities and building tools to detect and protect against vehicle hacking and tampering.
Data Encryption In The Cloud: Square Pegs In Round Holes
Commentary  |  5/21/2015  | 
Conventional encryption is a surefire solution for protecting sensitive data -- except when it breaks cloud applications. ďFormat-preservingĒ encryption could change all that.
Half Of Retail, Healthcare Sites 'Always Vulnerable'
News  |  5/21/2015  | 
Finding vulnerabilities in custom web applications isn't the major problem; fixing them in a timely fashion is, a new report from WhiteHat Security finds.
1.1 Million Hit In Another BlueCross BlueShield Breach
Quick Hits  |  5/20/2015  | 
CareFirst BCBS announces breach, two months after Premera Blue Cross disclosed a breach of 11 million records.
Logjam Encryption Flaw Threatens Secure Communications On Web
News  |  5/20/2015  | 
Most major browsers, websites that support export ciphers impacted
The Cloud Revolution Requires High-Performance Attack Prevention
Partner Perspectives  |  5/20/2015  | 
Where there is traffic, there are bandits.
Planes, Tweets & Possible Hacks From Seats
News  |  5/20/2015  | 
There are conflicting reports over whether security researcher Chris Roberts hacked into flight controls and manipulated a plane.
5 Signs Credentials In Your Network Are Being Compromised
Commentary  |  5/20/2015  | 
Where should you start to keep ahead of attackers using insiders to steal corporate secrets or personal identifiable information? Check out these common scenarios.
Retailers Take 197 Days To Detect Advanced Threat, Study Says
News  |  5/19/2015  | 
Most common method of identifying them as advanced threats is a "gut feeling."
3 'Old' Attack Trends That Dominated Q1
News  |  5/19/2015  | 
What's old is new as attackers recycle their attack patterns.
Hacking Airplanes: No One Benefits When Lives Are Risked To Prove A Point
Commentary  |  5/19/2015  | 
In the brave new world of self-driving cars and Wifi-enabled pacemakers, everything we do as information security professionals, everything we hack, every joke we make on Twitter, has real, quantifiable consequences.
Every 4 Seconds New Malware Is Born
News  |  5/18/2015  | 
New report shows rate of new malware strains discovered increased by 77 percent in 2014.
Experts Urge InfoSec Info Sharing At Columbia-GCIG Conference
News  |  5/18/2015  | 
'It all starts at the bar with a beer.'
Why We Can't Afford To Give Up On Cybersecurity Defense
Commentary  |  5/18/2015  | 
There is no quick fix, but organizations can massively reduce the complexity of building secure applications by empowering developers with four basic practices.
Polish Security Firm Discloses Unpatched Security Flaws in Google App Engine
News  |  5/15/2015  | 
Google was given enough time to respond researcher says.
Drinking from the Malware Fire Hose
Partner Perspectives  |  5/15/2015  | 
Take a staged approach to processing malware in bulk so that scarce and time-limited resources can be prioritized for only those threats that truly require them.
The Cybercrime Carnival in Brazil: Loose Cyberlaws Make for Loose Cybercriminals
Commentary  |  5/15/2015  | 
Brazil loses over $8 billion a year to Internet crime, making it the second-largest cybercrime generator in the world.
Experts' Opinions Mixed On VENOM Vulnerability
News  |  5/14/2015  | 
Some say the virtualization vuln could be worse than Heartbleed, while others advise to patch, but don't panic.
When Encrypted Communication Is Not Good Enough
Commentary  |  5/14/2015  | 
For the vast majority of conversations -- on paper, by phone or computer -- encryption is a perfectly adequate form of protection. Unless, of course, a life or livelihood is at stake.
Cloud Security Alliance, Waverley Labs Collaborate On Open-Source Software-Defined Perimeter Spec
News  |  5/13/2015  | 
SDPs offer enterprises an alternative to traditional perimeter tools for protecting network assets, says CSA, Waverley
Teaming Up to Educate and Enable Better Defense Against Phishing
Partner Perspectives  |  5/13/2015  | 
Companies need to both educate their employees and implement prevention technology.
Oil & Gas Firms Hit By Cyberattacks That Forgo Malware
News  |  5/13/2015  | 
New spin on the 'Nigerian scam' scams crude oil buyers out of money with bait-and-switch.
Taking A Security Program From Zero To Hero
Commentary  |  5/13/2015  | 
Breaking the enigma of InfoSec into smaller bites is a proven method for building up an organizationís security capabilities. Here are six steps to get you started.
VENOM Zero-Day May Affect Thousands Of Cloud, Virtualization Products
News  |  5/13/2015  | 
Critical vulnerability in the open-source QEMU hypervisor lets attackers break out of a virtual machine, execute code on a host machine and access all the other VMs on the host.
Verizon 2015 Data Breach Cover Puzzler Solved: Defending Champs Win
News  |  5/12/2015  | 
The 2015 DBIR Cover Challenge is as highly anticipated by some as the DBIR report itself.
Vulnerability Disclosure Deja Vu: Prosecute Crime Not Research
Commentary  |  5/12/2015  | 
There is a lesson to be learned from a locksmith living 150 years ago: Attackers and criminals are the only parties who benefit when security researchers fear the consequences for reporting issues.
First Example Of SAP Breach Surfaces
News  |  5/12/2015  | 
USIS attack in 2013 stealing background check information about government personnel with classified clearance came by way of an SAP exploit.
Protecting The Data Lifecycle From Network To Cloud
Commentary  |  5/12/2015  | 
Enterprises are pushing more sensitive and regulated data into the public cloud than ever before. But the journey carries many new risks.
10 Security Questions To Ask A Cloud Service Provider
Slideshows  |  5/12/2015  | 
Help the business assess the risks of cloud services with these handy questions.
What Does China-Russia 'No Hack' Pact Mean For US?
News  |  5/11/2015  | 
It could be an Internet governance issue or a response to the U.S. DoD's new cyber strategy, but one thing is certain: it doesn't really mean China and Russia aren't spying on one another anymore.
Women In Security Speak Out On Why There Are Still So Few Of Them
News  |  5/11/2015  | 
They're now CISOs, security officials in DHS and the NSA, researchers, and key players in security -- but women remain a mere 10% of the industry population.
PHP Hash Comparison Weakness A Threat To Websites, Researcher Says
News  |  5/9/2015  | 
Flaw could allow attackers to compromise user accounts, WhiteHat Security's Robert Hansen -- aka "RSnake" -- says in new finding on 'Magic Hash' vulnerability.
Beginning Of The End For Patch Tuesday
News  |  5/7/2015  | 
Starting with Windows 10, Microsoft will introduce Windows Update for Business, issuing patches as they're available, instead of once a month.
White House Evaluating New Court Ruling Declaring NSA Data-Collection Program Illegal
News  |  5/7/2015  | 
Administration will continue to work with Congress to reform surveillance laws, NSC spokesman says.
Healthcare Data Breaches From Cyberattacks, Criminals Eclipse Employee Error For The First Time
News  |  5/7/2015  | 
New Ponemon Report reveals just how hot healthcare data is for hackers.
Vixie Proposes 'Cooling-Off Period' For New Domains To Deter Cybercrime
News  |  5/6/2015  | 
Short trial period would help detect malicious use of domain names, Internet expert says.
3 Ways Attackers Will Own Your SAP
News  |  5/5/2015  | 
SAP vulnerabilities that have been highlighted for years are now becoming attackers' favorite means of breaking into enterprises.
Law Enforcement Finding Few Allies On Encryption
News  |  5/5/2015  | 
Cloud providers, mobile device manufacturers, private citizens, and a bipartisan Congressional committee are lining up on the opposite side.
Deconstructing Mobile Fraud Risk
Commentary  |  5/5/2015  | 
Todayís enterprise security solutions donít do enough to manage BYOD risk, credit card theft and the reputational damage resulting from a major data breach.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-9710
Published: 2015-05-27
The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time windo...

CVE-2014-9715
Published: 2015-05-27
include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that trig...

CVE-2015-2666
Published: 2015-05-27
Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to t...

CVE-2015-2830
Published: 2015-05-27
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrate...

CVE-2015-2922
Published: 2015-05-27
The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.

Dark Reading Radio
Archived Dark Reading Radio
After a serious cybersecurity incident, everyone will be looking to you for answers -- but youíll never have complete information and youíll never have enough time. So in those heated moments, when a business is on the brink of collapse, how will you and the rest of the board room executives respond?