News & Commentary
Latest Content
Page 1 / 2   >   >>
How Clinton, Trump Could Champion Cybersecurity
News  |  10/27/2016  | 
The major party Presidential candidates, which both have experienced the aftermath of hacks and poor security practices of their own, could serve as 'poster children' and advocate for better cybersecurity, experts say.
'AtomBombing' Microsoft Windows Via Code Injection
News  |  10/27/2016  | 
Researchers have identified a new way to inject malicious code into Windows systems -- and it doesn't exploit a vulnerability.
How To Build A Strong Security Awareness Program
Commentary  |  10/27/2016  | 
To become more secure, focus your training and manage your top risks.
Jose Santana Pleads Guilty In Cell Phone Fraud Scheme
Quick Hits  |  10/27/2016  | 
Santana and co-conspirators committed identity theft costing victims $150,000, according to US Department of Justice.
Florida Man To Plead Guilty in JPMorgan, Bitcoin Hack Case
Quick Hits  |  10/27/2016  | 
In Manhattan District Court today Michael Murgio will admit to operating an illegal money transmitting business and paying a bribe to gain access to a credit union.
Healthcare Suffers Security Awareness Woes
News  |  10/27/2016  | 
Weak security practices are putting patient data at risk, new SecurityScorecard report shows.
DDos On Dyn Used Malicious TCP, UDP Traffic
News  |  10/26/2016  | 
Dyn confirms Mirai IoT botnet was 'primary source' of the attack, with some 100,000 infected devices sending the bogus traffic.
Adobe Rushes Out Emergency Patch For Critical Flash Player Vulnerability
News  |  10/26/2016  | 
Exploit, available in the wild, is being used in attacks against Windows users, company warns.
Warning: Healthcare Data Under Attack
Partner Perspectives  |  10/26/2016  | 
We as an industry must demand greater protection of our medical data.
20 Endpoint Security Questions You Never Thought to Ask
Commentary  |  10/26/2016  | 
The endpoint detection and response market is exploding! Heres how to make sense of the options, dig deeper, and separate vendor fact from fiction.
Lets Clean Up The Internet By Taking Responsibility For Our Actions
Partner Perspectives  |  10/26/2016  | 
Imagine an Internet with multiple levels of security that users need to earn.
Virginia Sen. Mark Warner Questions State Of IoT Security
News  |  10/26/2016  | 
US Senator Mark Warner (D-Va.) asks federal agencies about necessary tools to prevent cybercriminals and others from hacking consumer products, including IoT devices.
New DDoS Attacks Could Reach Tens Of Terabits-Per-Second
Quick Hits  |  10/26/2016  | 
Network security company Corero says LDAP could amplify DDoS attacks by as much as 55x.
Getting To The 'Just Right' Level Of Encryption
Commentary  |  10/26/2016  | 
The key to unlocking secure business messaging is controlling who has the key.
Chinese Firm Defends Webcam Security After DDoS Attacks
Quick Hits  |  10/26/2016  | 
Hangzhou Xiongmai Technology says devices sold in the US before April 2015 will be recalled after attack on Dyn servers.
NHTSA Issues Cybersecurity Best Practices For Automakers
News  |  10/25/2016  | 
Focus is on limiting access to electronic components and what someone can do with that access.
CloudFanta Malware Targets Victims Via Cloud Storage App
News  |  10/25/2016  | 
The malware campaign uses the Sugarsync cloud storage app to distribute malware that steals user credentials and monitors online banking activity.
7 Scary Ransomware Families
Slideshows  |  10/25/2016  | 
Here are seven ransomware variants that can creep up on you.
US Officials: Russian Hackers Could Spread Online Rumors Of Voter Fraud
Quick Hits  |  10/25/2016  | 
US authorities ask election officials to be alert to false documents posted online to influence public perception.
St. Jude Implant Case: Expert Validates Muddy Waters Claim
Quick Hits  |  10/25/2016  | 
Cybersecurity firm Bishop Fox says tests have confirmed that cardiac devices made by St. Jude are susceptible to hacking.
Blockchain & The Battle To Secure Digital Identities
Commentary  |  10/25/2016  | 
This emerging technology is a promising way to verify transactions without compromising your digital identity.
Growing Fear Of IP Theft Hits Power, Auto, Industrial Sectors Hardest
News  |  10/25/2016  | 
Survey finds 58% of respondents predict a rise in IP cyber theft and most feel inside employees are the greatest risk.
'Root' & The New Age Of IoT-Based DDoS Attacks
News  |  10/24/2016  | 
Last Friday's massive DDoS that exploited online cameras and DVRs was simple to pull off -- and a new chapter in online attacks.
New Kovter Trojan Variant Spreading Via Targeted Email Campaign
News  |  10/24/2016  | 
The authors of a malware sample that has been around for more than two years have yet another trick for distributing it.
New Financial System Analysis & Resilience Center Formed
Quick Hits  |  10/24/2016  | 
Associated with Financial Services ISAC (FS-ISAC), the new FSARC works more closely with government partners for deeper threat analysis and systemic defense of financial sector.
Vendor Security Alliance To Improve Cybersecurity Of Third-Party Providers
Partner Perspectives  |  10/24/2016  | 
Member companies can use their VSA rating when offering their services, effectively skipping the process of verification done by prospective businesses.
5 Tips For Preventing IoT Hacks
News  |  10/24/2016  | 
The recent DDoS attack on Dyn was powered in part by a bot army of home devices. How not to let your webcam or other IoT system go rogue.
Deleting Emails Original Sin: An Historical Perspective
Commentary  |  10/24/2016  | 
Can DMARC do for email security what SSL certificates did for e-commerce?
Microsoft's New Patch Tuesday Model Comes With Benefits And Risks
News  |  10/24/2016  | 
Microsoft has transitioned its Patch Tuesday update process to a cumulative rollup model. What businesses need to know about the new patching regimen.
A Proactive Approach To Vulnerability Management: 3 Steps
Commentary  |  10/22/2016  | 
Having the tools to detect a breach is important, but what if you could prevent the attack from happening in the first place?
NSA Contractor Over 20 Years Stole More Than 50 Terabytes Of Gov't Data
News  |  10/21/2016  | 
Harold Martin, now in custody, is a risk to himself and others if freed from custody, a US prosecutor warns in a detailed filing in the case.
Cyber Training For First Responders To Crime Scene
Quick Hits  |  10/21/2016  | 
FBI ties up with police association and Carnegie Mellon University to improve working knowledge of cyber investigations.
DDoS Attack On DNS Provider Disrupts Okta, Twitter, Pinterest, Reddit, CNN, Others
News  |  10/21/2016  | 
Brief but widespread attack illuminated vulnerability of the Internet's Domain Name System (DNS) infrastructure.
Indian Banks Hit By Debit Card Security Breach
Quick Hits  |  10/21/2016  | 
Around 3.25 million debit cards affected by breach of 90 ATMs, prompting card replacement and PIN change.
Flipping Security Awareness Training
Commentary  |  10/21/2016  | 
Threats can be minimized when teams understand business goals and objectives. These four tips can help turn things around.
7 Imminent IoT Threats
Slideshows  |  10/21/2016  | 
Attacks against smart home products, medical devices, SCADA systems, and other newly network-enabled systems signal the beginning of a new wave of attacks against the IoT.
How To Crash A Drone By Hacking Its 3D Propeller Design
News  |  10/20/2016  | 
Researchers from Israel's Ben-Gurion University of the Negev and two other universities show how attackers can exploit 3D manufacturing processes.
New Free Tool Stops Petya Ransomware & Rootkits
News  |  10/20/2016  | 
Meanwhile, Locky puts ransomware on the Check Point Top Three Global Malware List for the first time ever.
Why Arent We Talking More Proactively About Securing Smart Infrastructure?
Partner Perspectives  |  10/20/2016  | 
Lets not perpetuate the vicious cycle of security complexity and failure by trying to bolt on security after the fact.
Why Poor Cyber Hygiene Invites Risk
Commentary  |  10/20/2016  | 
Modern cybersecurity today is all about risk management. That means eliminating and mitigating risks where possible, and knowingly accepting those that remain.
Yahoo Demands Government Be More Transparent About Data Requests
Quick Hits  |  10/20/2016  | 
In a letter to the Director of National Intelligence, the tech company says this transparency would also help clear Yahoo's name in customer email scan case.
US Bank Regulators Draft Rules For Financial Services Cybersecurity
Quick Hits  |  10/20/2016  | 
Proposed standards will require financial firms to recover from any cyberattack within two hours.
9 Sources For Tracking New Vulnerabilities
Slideshows  |  10/20/2016  | 
Keeping up with the latest vulnerabilities -- especially in the context of the latest threats -- can be a real challenge.
Alleged Hacker Behind 2012 LinkedIn Breach Nabbed In Prague
News  |  10/19/2016  | 
Czech judge to decide on US extradition request.
CIO-CISO Relationship Continues To Evolve
News  |  10/19/2016  | 
The CISO has traditionally reported to the CIO, but this is changing as security becomes more important. How will this change their relationship, and how can they better work together?
Muddy Waters Releases New Info About St. Jude Medical Device Flaws
Quick Hits  |  10/19/2016  | 
Muddy Waters Capital, the short seller that teamed with security researchers at MedSec, posted the videos on a new site it launched:
Malvertising Trends: Dont Talk Ad Standards Without Ad Security
Commentary  |  10/19/2016  | 
How malvertising marries the strengths and weaknesses of the complex digital advertising ecosystem perfectly and what online publishers and security leaders need to do about it.
Smart Cities Have No Cybersecurity, Say 98% Of Government IT Pros
Quick Hits  |  10/19/2016  | 
Tripwire research indicates smart grids and transportation among the services most exposed to cyberattack risks.
St. Jude Medical Plans Cybersecurity Advisory Panel
Quick Hits  |  10/19/2016  | 
The medical device maker says committee will work with tech experts and external researchers on issues affecting patient care and safety.
'Kevin Durant Effect': What Skilled Cybersecurity Pros Want
News  |  10/19/2016  | 
For seasoned cybersecurity professionals, motivation for sticking with their current jobs doesn't mean big management promotions or higher salaries, a new Center for Strategic and International Studies (CSIS) report finds.
Page 1 / 2   >   >>

Register for Dark Reading Newsletters
White Papers
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
The Top Cybersecurity Risks And How Enterprises Are Responding
The Top Cybersecurity Risks And How Enterprises Are Responding
The information security landscape is a constantly shifting risk environment. Today's IT security department must manage both internal and external threats' ranging from malware to mobile device vulnerabilities, to cloud security and ransomware. Download the Dark Reading 2016 Strategic Security Survey to gain insight into how security professionals view these risks, and how they are addressing them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
According to industry estimates, about a million new IT security jobs will be created in the next two years but there aren't enough skilled professionals to fill them. On top of that, there isn't necessarily a clear path to a career in security. Dark Reading Executive Editor Kelly Jackson Higgins hosts guests Carson Sweet, co-founder and CTO of CloudPassage, which published a shocking study of the security gap in top US undergrad computer science programs, and Rodney Petersen, head of NIST's new National Initiative for Cybersecurity Education.