News & Commentary
Latest Content
Page 1 / 2   >   >>
Hits Keep On Coming For Both SSL & Its Abusers
Quick Hits  |  2/26/2015  | 
Hacktivist group Lizard Squad punishes Lenovo with a DNS hijack. Will Comodo be next?
'Shadow' Cloud Services Rampant In Government Networks
News  |  2/26/2015  | 
Survey finds public sector employees use unmanaged cloud services just as much as private employees.
How to Strengthen Enterprise Defenses against Ransomware
Partner Perspectives  |  2/26/2015  | 
Eight essential ways that companies can enforce their borders.
How To Reduce Spam & Phishing With DMARC
Commentary  |  2/26/2015  | 
Providers of more than 3 billion email boxes have taken up a new Internet protocol to help put trust back into electronic messaging.
5 New Vulnerabilities Uncovered In SAP
News  |  2/26/2015  | 
Onapsis researchers find bugs in SAP BusinessObjects and SAP HANA.
Millions Of Non-Anthem Customers Also Hit By Anthem Breach
Quick Hits  |  2/25/2015  | 
Blue Cross Blue Shield customers -- as many as 8.8 to 18.8 million of them -- might have also had their data compromised.
Ramnit Botnet Disrupted By International Public-Private Collaboration
News  |  2/25/2015  | 
Europol leads the effort to bring down the bank credential-stealing botnet that infected 3.2 million computers across the globe.
Gemalto: NSA, GCHQ May Have Been Behind Breaches It Suffered In 2010 And 2011
News  |  2/25/2015  | 
But the 'sophisticated' attacks hit only Gemalto office networks--not 'massive theft' of SIM crypto keys, vendor says, and such an attack, if waged, would only affect 2G networks, not 3G or 4G.
Five Easiest Ways to Get Hacked – Part 2
Partner Perspectives  |  2/25/2015  | 
Continuing a conversation with principal security consultant Amit Bagree
Customers Aren’t the Only Victims: 5 Stages Of Data Breach Grief
Commentary  |  2/25/2015  | 
What can we learn from organizations that have experienced a data beach? For one thing, infosec teams on the front lines of cyber security are also victims.
5 Ways To Prepare For IoT Security Risks
News  |  2/24/2015  | 
As the Internet of Things begins to take shape, IT organizations must prepare for change.
Medical Identity Theft Costs Victims $13,450 Apiece
News  |  2/24/2015  | 
New study shows not only is medical identity fraud costly for individuals, it's happening a lot more often.
FBI Offers $3 Million Reward For Info On Whereabouts Of GameoverZeus Botnet Operator
Quick Hits  |  2/24/2015  | 
Evgeniy Mikhailovich Bogachev, who faces charges for his alleged role as an administrator of the GameOver Zeus botnet, is at large in Russia.
7 Things You Should Know About Secure Payment Technology
Slideshows  |  2/24/2015  | 
Despite the existence of EMV and Apple Pay, we're a long way from true payment security, especially in the US.
Cybercrime, Cyber Espionage Tactics Converge
News  |  2/24/2015  | 
Real-world cyberattack investigations by incident response firm Mandiant highlight how hackers are adapting to better achieve their goals.
From Hacking Systems To Hacking People
Commentary  |  2/24/2015  | 
New low-tech attack methods like ‘visual hacking’ demand an information security environment that values data privacy and a self-policing culture.
DOJ R&D Agency Awards Grants For Speedier Digital Forensics
News  |  2/23/2015  | 
The US Department of Justice's National Institute of Justice is funding new incident response technology to assist law enforcement.
Blackhat, The Movie: Good, Bad & Ridiculous
Commentary  |  2/23/2015  | 
It didn’t take home an Oscar, but in some instances Blackhat was right on point. Still, a white-hat hacker with the skills to take out armed opponents?
NSA, GCHQ Theft Of SIM Crypto Keys Raises Fresh Security Concerns
News  |  2/20/2015  | 
Pilfered SIM card encryption keys also could allow the spy agencies to deploy malicious Java applets or to send rogue SMS messages from fake cell towers, experts say.
Who Cares Who’s Behind A Data Breach?
Commentary  |  2/20/2015  | 
Attribution takes a long time, a lot of work, and a healthy dose of luck. But is it worth the effort?
Hackin' At The Car Wash, Yeah
News  |  2/19/2015  | 
Drive-through car washes can be hacked via the Internet, to wreak physical damage or to get a free wash for your ride.
Superfish Compromises All SSL Connections On Lenovo Gear
News  |  2/19/2015  | 
More than just pre-installed adware on some Lenovo laptops, Superfish acts as a man-in-the-middle certificate authority, hijacking every SSL session the laptop makes.
Our Governments Are Making Us More Vulnerable
Commentary  |  2/19/2015  | 
Stuxnet opened Pandora’s box and today state-sponsored cyber security policies continue to put us at risk. Here are three reasons why.
End Users Causing Bulk Of Infosec Headaches
News  |  2/18/2015  | 
Report shows 80 percent of IT pros blame users for their security woes.
Five Easiest Ways to Get Hacked – Part 1
Partner Perspectives  |  2/18/2015  | 
A conversation with principal security consultant Amit Bagree.
Russian Hacker Who Hit Heartland, NASDAQ, Extradited To US
News  |  2/18/2015  | 
Vladimir Drinkman, cohort of Albert Gonzalez, appears before US federal court after arrest and extradition by Dutch authorities.
How To Get More Involved In The IT Security Community
Commentary  |  2/18/2015  | 
Dark Reading Radio offers tips on how to network with your IT security peers, learn more about the industry and the profession, and participate in community outreach
How We Can Prevent Another Anthem Breach
Commentary  |  2/18/2015  | 
Two things could have mitigated the damage and maybe even prevented any loss at all: behavioral analysis and context-aware access control.
A Look At Sony Wiper In Action
News  |  2/17/2015  | 
Crowdstrike demonstrates how attackers could have destroyed Sony assets and how behavior analysis could combat it.
Researchers Report Details On Arabic-Speaking Cyberespionage Gang
News  |  2/17/2015  | 
Trend Micro and Kaspersky researchers warn of Middle Eastern attack campaigns focused on "perceived enemies of Islam."
Cyberespionage: You’re Not Paranoid, Someone Is Spying on Your Company
Partner Perspectives  |  2/17/2015  | 
It’s time for all of your counter-espionage tools to work together.
Why The USA Hacks
Commentary  |  2/17/2015  | 
The U.S. government views cyberspace as just another theater of war akin to air, land and sea, and it operates in the domain for one basic reason: national defense.
Cyberciminals Target Bank Employees, Steal $1 Billion From Financial Institutions Worldwide
News  |  2/16/2015  | 
'Carbanak' includes operatives from Russia, Ukraine, China, and other parts of Europe.
Newly Discovered 'Master' Cyber Espionage Group Trumps Stuxnet
News  |  2/16/2015  | 
The so-called Equation Group epitomizes the goal of persistence in cyber spying--reprogramming hard drives and hacking other targets such as air-gapped computers--and points to possible US connection.
Antivirus Tools Slow To Respond To New Threats, Another Study Confirms
News  |  2/13/2015  | 
A 10-month study of four scanning tools by Damballa highlights some familiar weaknesses.
Obama Signs New Executive Order For Sharing Cyberthreat Information
Quick Hits  |  2/13/2015  | 
EO comes on the heels of massive breaches at Sony, Anthem.
Sony Hack: Poster Child For A New Era Of Cyber Attacks
Commentary  |  2/13/2015  | 
What made the Sony breach unique is the combination of four common tactics into a single orchestrated campaign designed to bend a victim to the will of the attackers.
How Anthem Shared Key Markers Of Its Cyberattack
News  |  2/12/2015  | 
Insurer shared the MD5 malware hashes, IP addresses, and email addresses used by its attackers.
Five Techniques to Keep Employees’ Computing Secure
Partner Perspectives  |  2/12/2015  | 
With BYOD on the rise, these tips can help IT staff mitigate security risks, from mobile devices to data centers.
Malvertising Gets Boost From Malicious Browser Plug-ins
Quick Hits  |  2/12/2015  | 
Cisco discovers malicious browser add-ons that serve up unwanted and sometimes infected ads.
Microsoft Fix For Critical Active Directory Bug A Year In The Making
News  |  2/11/2015  | 
This critical Active Directory vuln along with two other particularly 'nasty' critical flaws have experts pushing organizations to pick up patching pace.
A Winning Strategy: Must Patch, Should Patch, Can't Patch
Commentary  |  2/11/2015  | 
The best way to have a significant impact on your company's security posture is to develop an organized effort for patching vulnerabilities.
Obama Launches Cyberthreat Intel-Sharing Center
Quick Hits  |  2/11/2015  | 
Long-awaited central repository for cyber threat information and intelligence created by The White House.
Chinese Hacking Group Codoso Team Uses Forbes.com As Watering Hole
News  |  2/10/2015  | 
ASLR vulnerability patched today used in tandem with previously patched Flash vuln to carry out drive-by-downloads against political and economic targets
Box Giving Customers Control Over Encryption Keys
News  |  2/10/2015  | 
Box says they've eliminated the last major barrier to cloud adoption, even in highly regulated organizations.
How Malware Bypasses Our Most Advanced Security Measures
Commentary  |  2/10/2015  | 
We unpack three common attack vectors and five evasion detection techniques.
Nation-State Cyber Espionage, Targeted Attacks Becoming Global Norm
News  |  2/10/2015  | 
New report shows 2014 as the year of China's renewed resiliency in cyber espionage--with Hurricane Panda storming its targets--while Russia, Iran, and North Korea, emerging as major players in hacking for political, nationalistic, and competitive gain.
Anthem Breach Prompts New York To Conduct Cybersecurity Reviews Of All Insurers
News  |  2/9/2015  | 
Meanwhile, Anthem victims are now being harassed by scammers trying to collect even more personal information.
Bridging the Cybersecurity Skills Gap: 3 Big Steps
Commentary  |  2/9/2015  | 
The stakes are high. Establishing clear pathways into the industry, standardizing jobs, and assessing skills will require industry-wide consensus and earnest collaboration.
Anthem Breach Should Convince Healthcare To Double Down On Security
News  |  2/6/2015  | 
Mega breach brings focus back on inadequacies of healthcare security.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-2086
Published: 2015-02-26
Cross-site scripting (XSS) vulnerability in the live preview in the Panopoly Magic module before 7.x-1.17 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a pane title.

CVE-2015-2087
Published: 2015-02-26
Unrestricted file upload vulnerability in the Avatar Uploader module before 6.x-1.3 for Drupal allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via unspecified vectors.

CVE-2015-2088
Published: 2015-02-26
Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Term Queue module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CVE-2015-2089
Published: 2015-02-26
Multiple cross-site request forgery (CSRF) vulnerabilities in the CrossSlide jQuery (crossslide-jquery-plugin-for-wordpress) plugin 2.0.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (...

CVE-2015-2090
Published: 2015-02-26
SQL injection vulnerability in the ajax_survey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for Wordpress allows remote attackers to execute arbitrary SQL commands via the survey_id parameter in an ajax_survey action to wp-admin/admin-ajax.php.

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.