News & Commentary
Latest Content
Page 1 / 2   >   >>
Ram Scraper Malware: Why PCI DSS Can't Fix Retail
Commentary  |  7/23/2014  | 
There is a gaping hole in the pre-eminent industry security standard aimed at protecting customers, credit card and personal data
Today on Dark Reading Radio: The Winners & Losers of Botnet Takedowns
Commentary  |  7/23/2014  | 
Cheri McGuire, VP of global government affairs and cyber security policy for Symantec, and Craig D. Spiezle, executive director and founder of the Online Trust Alliance, join us.
7 Black Hat Sessions Sure To Cause A Stir
Slideshows  |  7/22/2014  | 
At Black Hat, researchers will point out the weaknesses in everything from the satellites in outer space to the thermostat in your home.
Nigerian 419 Scammers Evolving Into Malware Pushers (But Not Very Good Ones)
Quick Hits  |  7/22/2014  | 
"Silver Spaniel" attacks use commodity malware to damage others' security, but they aren't very good at protecting their own.
Infographic: With BYOD, Mobile Is The New Desktop
Commentary  |  7/22/2014  | 
Security teams have no choice but to embrace the rapid proliferation of BYO devices, apps, and cloud services. To ignore it is to put your head in the sand.
Black Hat Speaker: Don't Overestimate EMV Protections, Underestimate Card Thief Sophistication
News  |  7/21/2014  | 
AccessData researcher will offer up crash course in card payment tech and protections to root out security community misconceptions
Internet of Things: Security For A World Of Ubiquitous Computing
Commentary  |  7/21/2014  | 
Endpoint security is hardly dead, and claiming that it is oversimplifies the challenges corporations face now and in the not-very-distant future.
Hacking Your Hotel Room
News  |  7/18/2014  | 
At Black Hat USA next month, a researcher will show how to hack your way into controlling everything in a hotel room -- from lighting to television sets.
CEO Report Card: Low Grades for Risk Management
Commentary  |  7/18/2014  | 
Dark Reading's latest community poll shows a stunning lack of confidence in chief execs' commitment to cyber security.
Government-Grade Stealth Malware In Hands Of Criminals
News  |  7/17/2014  | 
"Gyges" can be bolted onto other malware to hide it from anti-virus, intrusion detection systems, and other security tools.
Website Hacks Dropped During World Cup Final
Quick Hits  |  7/17/2014  | 
Hackers apparently took time off to watch the Germany-Argentina title match of the 2014 FIFA World Cup.
A New Age in Cyber Security: Public Cyberhealth
Commentary  |  7/17/2014  | 
The cleanup aimed at disrupting GameOver Zeus and CryptoLocker offers an instructive template for managing mass cyber infections.
Ransomware: 5 Threats To Watch
Slideshows  |  7/17/2014  | 
Cyber criminals have kicked it up a notch with nasty malware that locks you out of your machine and holds it for ransom.
Senate Hearing Calls for Changes to Cybercrime Law
News  |  7/16/2014  | 
In the wake of Microsoft's seizure of No-IP servers and domains, private and public sector representatives met to discuss what can be done to address the problem of botnets.
Passwords & The Future Of Identity: Payment Networks?
Commentary  |  7/16/2014  | 
The solution to the omnipresent and enduring password problem may be closer than you think.
Automobile Industry Accelerates Into Security
News  |  7/15/2014  | 
Industry looking at intelligence-sharing platform or an Auto-ISAC in anticipation of more automated, connected -- and vulnerable -- vehicles.
Payment Card Data Theft: Tips For Small Business
Commentary  |  7/15/2014  | 
For small businesses looking to reduce their exposure to data theft the good news is the advantage of being small.
Tapping Into A Homemade Android Army
News  |  7/15/2014  | 
Black Hat speaker will detail how security researchers can expedite their work across numerous Android devices at once.
Active Directory Flaw Lets Attackers Change Passwords
Quick Hits  |  7/15/2014  | 
Aorato finds way to compromise Active Directory and change passwords without being noticed by SIEM.
Google Forms Zero-Day Hacking Team
Quick Hits  |  7/15/2014  | 
'Project Zero' to hunt bugs in all software that touches the Net.
Dark Reading Radio: Where Do Security Startups Come From?
Commentary  |  7/15/2014  | 
This week's radio broadcast will discuss how hot new security companies are born and how they are funded. Showtime is 1:00 p.m. ET.
DropCam Vulnerable To Hijacking
News  |  7/14/2014  | 
Researchers at DEF CON to demonstrate flaws in a popular WiFi video monitoring system.
New GameoverZeuS Variant Found In The Wild
News  |  7/14/2014  | 
A new botnet abandons peer-to-peer communication and may or may not be operated by the one disrupted by Operation Tovar last month.
How Next-Generation Security Is Redefining The Cloud
Commentary  |  7/14/2014  | 
Your cloud, datacenter, and infrastructure all contain flexible and agile components. Your security model should be the same.
Hacking Password Managers
News  |  7/14/2014  | 
Researchers find four classes of common vulnerabilities in popular password managers and recommend greater industry scrutiny and more automated ways to find vulnerabilities.
Attack Campaign Targets Facebook, Dropbox User Credentials
News  |  7/11/2014  | 
The goal of the attackers is not fully clear but the credential theft could set up sophisticated targeted attackers.
While Brazilians Watch World Cup, Bank Fraudsters Are At Work
News  |  7/11/2014  | 
Passive biometrics allow BioCatch to tell the difference between busy fraudsters and distraught soccer fans.
Strategic Security: Begin With The End In Mind
Commentary  |  7/11/2014  | 
The trouble with traditional infosec methodology is that it doesn’t show us how to implement a strategic security plan in the real world.
Study: Most Critical Infrastructure Firms Have Been Breached
Quick Hits  |  7/10/2014  | 
A new Ponemon Institute study finds 70% of critical infrastructure companies have been hit by security breaches in the last year, but cyber security programs are still a low priority.
Global Law Enforcement, Security Firms Team Up, Take Down Shylock
News  |  7/10/2014  | 
À la GOZeuS, an international, public-private collaboration seizes a banking Trojan's command and control servers.
Cloud & The Fuzzy Math of Shadow IT
Commentary  |  7/10/2014  | 
Do you know how many cloud apps, on average, are running in your organization? The number is probably greater than you think.
Chinese Hackers Target Logistics & Shipping Firms With Poisoned Inventory Scanners
News  |  7/10/2014  | 
'ZombieZero' still actively pushing rigged handheld scanning devices, reviving concerns of doing business with Chinese tech companies.
Fake Google Digital Certificates Found & Confiscated
News  |  7/9/2014  | 
A certificate authority in India had issued rogue certificates for some Google domains, the search engine giant discovers.
BrutPOS Botnet Targets Retail's Low-Hanging Fruit
News  |  7/9/2014  | 
FireEye discovers a botnet that's going after point-of-sale systems showing bad passwords and other basic security no-nos.
In Fog Of Cyberwar, US Tech Is Caught In Crossfire
Commentary  |  7/9/2014  | 
Distrust of the US intelligence community is eroding consumer confidence and hampering US technology firms on the global stage at a time when the sector should be showing unprecedented growth.
6 Things That Stink About SSL
Slideshows  |  7/9/2014  | 
Users might not care to trust the very mechanism that's supposed to provide online trust.
Facebook Helps Cripple Greek Botnet
News  |  7/8/2014  | 
Arrests made in Lecpetex malware campaign that was spreading via Facebook, emails.
Electronic Frontier Foundation Sues NSA, Director of National Intelligence
Quick Hits  |  7/8/2014  | 
EFF says that the agencies have failed to provide documents requested under the Freedom of Information Act.
6 Tips for Using Big Data to Hunt Cyberthreats
Commentary  |  7/8/2014  | 
You need to be smart about harnessing big data to defend against today’s security threats, data breaches, and attacks.
Online Scammers Take Advantage Of iPhone 6, iWatch Hype
News  |  7/8/2014  | 
Phishing message claims to provide links to leaked iPhone 6 information and pictures.
Dark Reading Radio: The Changing Role Of The CSO
Commentary  |  7/8/2014  | 
Why does the CSO report to the CIO? Join us for a panel discussion. Showtime is today, Wednesday, 1:00 p.m., New York, 10 a.m., San Francisco.
Chinese Attackers Targeting U.S. Think Tanks, Researchers Say
Quick Hits  |  7/7/2014  | 
Government-backed group "Deep Panda" compromised "several" nonprofit national security policy research organizations, CrowdStrike says
Q&A: Panda Security Staging A Comeback
News  |  7/7/2014  | 
New Panda CEO and former IBM security executive Diego Navarrete shares his strategy and insight into turning around the security company that has fallen off the radar screen over the last couple of years.
Black Hat USA 2014: Third-Party Vulns Spread Like Diseases
News  |  7/7/2014  | 
Understanding the impact of vulnerabilities in libraries and other components
Microsoft's Seizure Of No-IP Domains Disrupted Criminals & Innocents Alike
News  |  7/3/2014  | 
Microsoft successfully disrupted roughly one-quarter of the APT actors Kaspersky monitors, but took down millions of innocent hostnames too.
Retail Breaches Change Customer Behavior, Attitudes, Studies Say
Quick Hits  |  7/3/2014  | 
Recent breaches of retail and credit card data are making customers think twice about where they shop and how they pay, researchers say
CosmicDuke: Cosmu & MiniDuke Mash-Up
News  |  7/2/2014  | 
F-Secure believes that the combo malware might have connections to the perpetrators of the miniDuke attacks.
Why Your Application Security Program May Backfire
Commentary  |  7/2/2014  | 
You have to consider the human factor when you’re designing security interventions, because the best intentions can have completely opposite consequences.
Researcher Finds Flaws In Key Oracle Security Feature
News  |  7/2/2014  | 
Famed security researcher and Oracle database expert David Litchfield next month at Black Hat USA will present details of weaknesses he discovered in a widely touted new security feature in Oracle databases.
Infamous Banking Malware Adds Email-Sending Feature
News  |  7/1/2014  | 
Cridex -- a.k.a. Feodo and Bugat -- now has a more streamlined and automated way of infecting victims and stealing their information.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
DevOps’ Impact on Application Security
DevOps’ Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1544
Published: 2014-07-23
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger cer...

CVE-2014-1547
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1548
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1549
Published: 2014-07-23
The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and applica...

CVE-2014-1550
Published: 2014-07-23
Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Where do information security startups come from? More important, how can I tell a good one from a flash in the pan? Learn how to separate ITSec wheat from chaff in this episode.