News & Commentary
Latest Content
Page 1 / 2   >   >>
CryptoWall More Pervasive, Less Profitable Than CryptoLocker
News  |  8/28/2014  | 
The former CryptoLocker wannabe has netted 625,000 infected systems and more than $1 million in ransoms.
Feds Investigating Breaches At JP Morgan, Other Banks
News  |  8/28/2014  | 
JP Morgan working with FBI, US Secret Service to determine scope of breach, but other newly reported intrusions at financial firms may not be related.
Backoff, Dairy Queen, UPS & Retail's Growing PoS Security Problem
News  |  8/27/2014  | 
Retail brands are trying to pass the buck for data security to banks and franchisees, say some experts.
10 Common Software Security Design Flaws
News  |  8/27/2014  | 
Google, Twitter, and others identify the most common software design mistakes -- compiled from their own organizations -- that lead to security woes and how to avoid them.
How I Hacked My Home, IoT Style
Commentary  |  8/27/2014  | 
It didn’t take long to find a score of vulnerabilities in my home entertainment, gaming, and network storage systems.
Online Tools For Bug Disclosure Abound
News  |  8/26/2014  | 
What's driving the bounty of software vulnerability disclosure offerings today from Bugcrowd, HackerOne, and Synack.
Sony, XBox Victims Of DDoS, Hacktivist Threats
Quick Hits  |  8/26/2014  | 
Hacktivists from Anonymous and from a presumed Islamic extremist group targeted a variety of online gaming services.
Top 5 Reasons Your Small Business Website is Under Attack
Commentary  |  8/26/2014  | 
There is no such thing as “too small to hack.” If a business has a website, hackers can exploit it.
27 Million South Koreans Victimized In Online Gaming Heist
News  |  8/25/2014  | 
16 suspects arrested in South Korea as authorities pursue additional suspects, including a Chinese hacker.
Breach of Homeland Security Background Checks Raises Red Flags
News  |  8/25/2014  | 
"We should be burning down the house over this," says a GRC expert.
All In For The Coming World of 'Things'
Commentary  |  8/25/2014  | 
At a Black Hat round table, experts discuss the strategies necessary to lock down the Internet of Things, the most game-changing concept in Internet history.
Healthcare Industry, Feds Talk Information Sharing
News  |  8/22/2014  | 
Representatives from the healthcare industry as well as government discuss importance of threat intelligence-sharing in light of the Community Health Systems breach.
JP Morgan Targeted In New Phishing Campaign
Quick Hits  |  8/22/2014  | 
Double-whammy 'Smash and Grab' hits targets with two ways to steal credentials.
Flash Poll: CSOs Need A New Boss
Commentary  |  8/22/2014  | 
Only one out of four respondents to our flash poll think the CSO should report to the CIO.
Hacker Or Military? Best Of Both In Cyber Security
Commentary  |  8/21/2014  | 
How radically different approaches play out across the security industry.
51 UPS Stores' Point-of-Sale Systems Breached
News  |  8/21/2014  | 
Customers will not receive individual breach notifications.
Heartbleed Not Only Reason For Health Systems Breach
News  |  8/20/2014  | 
Community Health Systems' bad patching practices are nothing compared to its poor encryption, network monitoring, fraud detection, and data segmentation, experts say.
Website Attack Attempts Via Vegas Rose During Black Hat, DEF CON
Quick Hits  |  8/20/2014  | 
Data snapshot from Imperva shows major jump in malicious activity during security and hacker conferences in Sin City.
US, German Researchers Build Android Security Framework
News  |  8/20/2014  | 
The Android Security Modules (ASM) framework aims to streamline and spread security features, updates to Android devices.
Debugging The Myths Of Heartbleed
Commentary  |  8/20/2014  | 
Does Heartbleed really wreak havoc without a trace? The media and many technical sites seemed convinced of this, but some of us were skeptical.
Q&A: DEF CON At 22
News  |  8/19/2014  | 
DEF CON founder Jeff Moss, a.k.a. The Dark Tangent, reflects on DEF CON's evolution, the NSA fallout, and wider security awareness.
Nuclear Regulatory Commission Compromised 3 Times In Past 3 Years
Quick Hits  |  8/19/2014  | 
Unnamed actors try to swipe privileged credentials.
Access Point Pinched From Black Hat Show WLAN
Commentary  |  8/19/2014  | 
A few apparent pranks, practice DDoS attacks, and other mischievous activities were spotted on the Black Hat USA wireless network in Las Vegas this month.
Why John McAfee Is Paranoid About Mobile
Commentary  |  8/19/2014  | 
Mobile apps are posing expanding risks to both enterprises and their customers. But maybe being paranoid about mobile is actually healthy for security.
Community Health Systems Breach Atypical For Chinese Hackers
News  |  8/18/2014  | 
Publicly traded healthcare organization's stock goes up as breach notifications go out.
Pakistan The Latest Cyberspying Nation
Quick Hits  |  8/18/2014  | 
A look at Operation Arachnophobia, a suspected cyber espionage campaign against India.
Hacker Couture: As Seen At Black Hat USA, BSides, DEF CON
Slideshows  |  8/18/2014  | 
'Leet tattoos, piercings, mega-beards, (the real) John McAfee, and even a cute puppy were among the colorful sights in Las Vegas this month.
Cloud Apps & Security: When Sharing Matters
Commentary  |  8/18/2014  | 
Sharing documents and data is happening all over the cloud today but not all sharing activity carries equal risk.
Identity And Access Management Market Heats Up
News  |  8/15/2014  | 
The past few weeks have seen a number of acquisitions and investments surrounding cloud and on-premises IAM vendors.
SuperValu Food Stores Reports Network Intrusion
Quick Hits  |  8/15/2014  | 
The company is investigating whether data was breached, but it is already offering customers identity theft protection.
Infographic: 70 Percent of World's Critical Utilities Breached
Commentary  |  8/15/2014  | 
New research from Unisys and Ponemon Institute finds alarming security gaps in worldwide ICS and SCADA systems within the last 12 months.
Test Drive: GFI LanGuard 2014
Commentary  |  8/15/2014  | 
LanGuard worked well in the lab and may prove more beneficial to IT operations than security teams.
Traffic To Hosting Companies Hijacked In Crypto Currency Heist
News  |  8/14/2014  | 
Attacker likely a current or former ISP employee, researchers say.
Stuxnet Exploits Still Alive & Well
Quick Hits  |  8/14/2014  | 
Exploits continue abusing a four-year-old bug used in the Stuxnet attack, Kaspersky Lab says.
Why Patching Makes My Heart Bleed
Commentary  |  8/14/2014  | 
Heartbleed was a simple mistake that was allowed to propagate through "business as usual" patching cycles and change management. It could easily happen again.
Tech Insight: Hacking The Nest Thermostat
News  |  8/14/2014  | 
Researchers at Black Hat USA demonstrated how they were able to compromise a popular smart thermostat.
Cyberspies Target Chinese Ethnic Group
Quick Hits  |  8/13/2014  | 
Academic researchers study phishing emails targeting the World Uyghur Congress (WUC), which represents the Uyghur ethnic group residing in China and in exile.
Internet Of Things Security Reaches Tipping Point
News  |  8/13/2014  | 
Public safety issues bubble to the top in security flaw revelations.
NSA Collected More Records Than Court Allowed
News  |  8/13/2014  | 
New documents show the Foreign Intelligence Surveillance Court is stumped by the NSA's "systemic overcollection."
Time To Broaden CompSci Curriculum Beyond STEM
Commentary  |  8/13/2014  | 
Having a visual arts background may not be the traditional path for a career in infosec, but it’s a skill that makes me no less effective in analyzing malware patterns -- and often faster.
Get Smart About Threat Intelligence
Infographics  |  8/13/2014  | 
Is threat intel the best way to improve defenses and stay ahead of new and complex attacks? Nearly 400 respondents to Dark Reading’s new Threat Intelligence Survey seem to think so.
Security Holes Exposed In Trend Micro, Websense, Open Source DLP
News  |  8/12/2014  | 
Researchers Zach Lanier and Kelly Lum at Black Hat USA took the wraps off results of their security testing of popular data loss prevention software.
UK Reconsidering Biometrics
Quick Hits  |  8/12/2014  | 
Parliament is looking for answers about biometrics' privacy, security, future uses, and whether or not legislation is ready for what comes next.
6 Biometric Factors That Are Working Today
Slideshows  |  8/12/2014  | 
From fingerprints to wearable ECG monitors, there are real options in the market that may relegate the despised password to the dustbin of history.
CloudBot: A Free, Malwareless Alternative To Traditional Botnets
News  |  8/11/2014  | 
Researchers take advantage of cloud service providers' free trials and lousy anti-automation controls to use cloud instances like bots.
Closing The Skills Gap Between Hackers & Defenders: 4 Steps
Commentary  |  8/11/2014  | 
Improvements in security education, budgets, tools, and methods will help our industry avoid more costly and dangerous attacks and data breaches in the future.
Small IoT Firms Get A Security Assist
Quick Hits  |  8/10/2014  | 
BuildItSecure.ly, an initiative where researchers vet code for small Internet of Things vendors, in the spotlight at DEF CON 22.
Researcher Finds Potholes In Vehicle Traffic Control Systems
News  |  8/9/2014  | 
Hundreds of thousands of road traffic sensors and repeater equipment are at risk of attack, researcher says.
Automakers Openly Challenged To Bake In Security
News  |  8/8/2014  | 
An open letter sent to automobile manufacturer CEOs asks carmakers to adopt a proposed five-star cyber safety program.
The Hyperconnected World Has Arrived
Commentary  |  8/8/2014  | 
Yes, the ever-expanding attack surface of the Internet of Things is overwhelming. But next-gen security leaders gathered at Black Hat are up to the challenge.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3345
Published: 2014-08-28
The web framework in Cisco Transport Gateway for Smart Call Home (aka TG-SCH or Transport Gateway Installation Software) 4.0 does not properly check authorization for administrative web pages, which allows remote attackers to modify the product via a crafted URL, aka Bug ID CSCuq31503.

CVE-2014-3347
Published: 2014-08-28
Cisco IOS 15.1(4)M2 on Cisco 1800 ISR devices, when the ISDN Basic Rate Interface is enabled, allows remote attackers to cause a denial of service (device hang) by leveraging knowledge of the ISDN phone number to trigger an interrupt timer collision during entropy collection, leading to an invalid s...

CVE-2014-4199
Published: 2014-08-28
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp.

CVE-2014-4200
Published: 2014-08-28
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive.

CVE-2014-0761
Published: 2014-08-27
The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.