News & Commentary
Latest Content
Page 1 / 2   >   >>
A Proactive Approach To Vulnerability Management: 3 Steps
Commentary  |  10/22/2016  | 
Having the tools to detect a breach is important, but what if you could prevent the attack from happening in the first place?
NSA Contractor Over 20 Years Stole More Than 50 Terabytes Of Gov't Data
News  |  10/21/2016  | 
Harold Martin, now in custody, is a risk to himself and others if freed from custody, a US prosecutor warns in a detailed filing in the case.
Cyber Training For First Responders To Crime Scene
Quick Hits  |  10/21/2016  | 
FBI ties up with police association and Carnegie Mellon University to improve working knowledge of cyber investigations.
DDoS Attack On DNS Provider Disrupts Okta, Twitter, Pinterest, Reddit, CNN, Others
News  |  10/21/2016  | 
Brief but widespread attack illuminated vulnerability of the Internet's Domain Name System (DNS) infrastructure.
Indian Banks Hit By Debit Card Security Breach
Quick Hits  |  10/21/2016  | 
Around 3.25 million debit cards affected by breach of 90 ATMs, prompting card replacement and PIN change.
Flipping Security Awareness Training
Commentary  |  10/21/2016  | 
Threats can be minimized when teams understand business goals and objectives. These four tips can help turn things around.
7 Imminent IoT Threats
Slideshows  |  10/21/2016  | 
Attacks against smart home products, medical devices, SCADA systems, and other newly network-enabled systems signal the beginning of a new wave of attacks against the IoT.
How To Crash A Drone By Hacking Its 3D Propeller Design
News  |  10/20/2016  | 
Researchers from Israel's Ben-Gurion University of the Negev and two other universities show how attackers can exploit 3D manufacturing processes.
New Free Tool Stops Petya Ransomware & Rootkits
News  |  10/20/2016  | 
Meanwhile, Locky puts ransomware on the Check Point Top Three Global Malware List for the first time ever.
Why Arent We Talking More Proactively About Securing Smart Infrastructure?
Partner Perspectives  |  10/20/2016  | 
Lets not perpetuate the vicious cycle of security complexity and failure by trying to bolt on security after the fact.
Why Poor Cyber Hygiene Invites Risk
Commentary  |  10/20/2016  | 
Modern cybersecurity today is all about risk management. That means eliminating and mitigating risks where possible, and knowingly accepting those that remain.
Yahoo Demands Government Be More Transparent About Data Requests
Quick Hits  |  10/20/2016  | 
In a letter to the Director of National Intelligence, the tech company says this transparency would also help clear Yahoo's name in customer email scan case.
US Bank Regulators Draft Rules For Financial Services Cybersecurity
Quick Hits  |  10/20/2016  | 
Proposed standards will require financial firms to recover from any cyberattack within two hours.
9 Sources For Tracking New Vulnerabilities
Slideshows  |  10/20/2016  | 
Keeping up with the latest vulnerabilities -- especially in the context of the latest threats -- can be a real challenge.
Alleged Hacker Behind 2012 LinkedIn Breach Nabbed In Prague
News  |  10/19/2016  | 
Czech judge to decide on US extradition request.
CIO-CISO Relationship Continues To Evolve
News  |  10/19/2016  | 
The CISO has traditionally reported to the CIO, but this is changing as security becomes more important. How will this change their relationship, and how can they better work together?
Muddy Waters Releases New Info About St. Jude Medical Device Flaws
Quick Hits  |  10/19/2016  | 
Muddy Waters Capital, the short seller that teamed with security researchers at MedSec, posted the videos on a new site it launched:
Malvertising Trends: Dont Talk Ad Standards Without Ad Security
Commentary  |  10/19/2016  | 
How malvertising marries the strengths and weaknesses of the complex digital advertising ecosystem perfectly and what online publishers and security leaders need to do about it.
Smart Cities Have No Cybersecurity, Say 98% Of Government IT Pros
Quick Hits  |  10/19/2016  | 
Tripwire research indicates smart grids and transportation among the services most exposed to cyberattack risks.
St. Jude Medical Plans Cybersecurity Advisory Panel
Quick Hits  |  10/19/2016  | 
The medical device maker says committee will work with tech experts and external researchers on issues affecting patient care and safety.
'Kevin Durant Effect': What Skilled Cybersecurity Pros Want
News  |  10/19/2016  | 
For seasoned cybersecurity professionals, motivation for sticking with their current jobs doesn't mean big management promotions or higher salaries, a new Center for Strategic and International Studies (CSIS) report finds.
Identity Theft Hits Low- To Moderate-Income Victims Hardest
News  |  10/18/2016  | 
In addition to government assistance, ID theft victims frequently seek financial support from friends, family, and faith-based organizations, according to a study by the Identity Theft Resource Center.
Open Source, Third-Party Software Flaws Still Dog Developers
News  |  10/18/2016  | 
The new 2016 State of Software Security Report from Veracode shows the hazards of buggy libraries and applications.
7 Regional Hotbeds For Cybersecurity Innovation
Slideshows  |  10/18/2016  | 
These regions are driving cybersecurity innovation across the US with an abundance of tech talent, educational institutions, accelerators, incubators, and startup activity.
Trump-Themed Malware Dominating Threat Campaigns This Election Season
News  |  10/18/2016  | 
Users need to be vigilant about the sites they visit and actions they take online, Zscaler warns
A Job In Security Leads To Job Security
Commentary  |  10/18/2016  | 
Developers who focus on secure development skills find themselves in high demand.
US GOP Senate Committee Allegedly Target Of Russian Hackers
Quick Hits  |  10/18/2016  | 
Dutch researcher finds NRSC web store among 5,900 e-commerce sites infected with malware designed to steal payment card details.
Public Wi-Fi Use Grows, Despite Security Risks
Quick Hits  |  10/18/2016  | 
Survey says although 91% of the respondents admit that public Wi-Fi is insecure, 89% still use it.
4 Ways To Sniff Out A Tech Support Scam
News  |  10/18/2016  | 
Malwarebytes gives a peek at the anatomy of a tech support scam; scammers at one time were selling $25 versions of Malwarebytes software for as much as $1,000.
California Victims Of Yahoo Breach Pursue Claims In State, Not Federal Court
News  |  10/17/2016  | 
Plaintiffs hope to benefit from California's history of stricter cybersecurity and data privacy law.
Millennials A Growing Target Of IT Support Scams
News  |  10/17/2016  | 
New Microsoft-NCSA study finds that two out of three customers have been exposed to tech support scams in the last 12 months.
Clearing A Path To The Cybersecurity Field
Commentary  |  10/17/2016  | 
Tune in to Dark Reading Radio on Wednesday, Oct. 19 at 1pmET, when we'll discuss what specific efforts in industry, academia, and government, are under way to fill the cybersecurity skills gap.
5 Tips For Keeping Small Businesses Secure
Slideshows  |  10/17/2016  | 
In honor of National Cyber Security Awareness Month, a look at that five-step process developed by the BBB and NCSA.
How To Become A Cybersecurity Entrepreneur In A Crowded Market
Commentary  |  10/17/2016  | 
If you want to build the next great cybersecurity startup, use your expertise, then follow these three simple suggestions.
Cloud Security Replacing Cybersecurity Industry, Says Analyst
Quick Hits  |  10/17/2016  | 
UBS predicts flat corporate spending on IT as cloud computing service providers look set to take over cybersecurity customers.
Guccifer Sent Back To Romanian Prison
Quick Hits  |  10/17/2016  | 
Hacker, who exposed private email server of Hillary Clinton, will return to US in 2018 to serve 52-month jail term.
Hacking Voting Systems: A Reality Check
Commentary  |  10/17/2016  | 
Can democracy be hacked? Yes, but not in the way you might think.
Thousands Of Secure Websites Dubbed Insecure Due To Cert Error
News  |  10/14/2016  | 
A certificate revocation exercise gone awry At GlobalSign is browsers to mistakenly treat many sites as insecure. For some users, the problem could take up to four days to resolve.
Happy 30th Birthday CFAA!
Slideshows  |  10/14/2016  | 
Six things we still dont know about the Computer Fraud and Abuse Act after all this time.
Yahoo Breach May Trigger 'Material Adverse Change' Clause
Quick Hits  |  10/14/2016  | 
The Yahoo data breach, which compromised 500 million user accounts, may cause Verizon to renegotiate its $4.8 billion acquisition deal.
Encryption: A Backdoor For One Is A Backdoor For All
Commentary  |  10/14/2016  | 
We need legislation that allows law enforcement to find criminals and terrorists without eroding our security and privacy.
80% Of IT Pros Say Users Set Up Unapproved Cloud Services
News  |  10/13/2016  | 
Shadow IT is a growing risk concern among IT pros, with most reporting users have gone behind their backs to set up unapproved cloud services.
Most Small Businesses Lack Response Plan For Hacks
News  |  10/13/2016  | 
Half of small business owners have experienced malware, phishing, Trojans, hacking, and unauthorized access to customer data, according to Nationwide survey.
Information Security Spending Will Top $101 Billion By 2020
News  |  10/13/2016  | 
Spending on security services will drive much of the growth, IDC says in new forecast
Internet Routing Security Effort Gains Momentum
News  |  10/13/2016  | 
More than 40 network operators agree to filter routing information, prevent IP address-spoofing, and to work together to thwart Internet traffic abuse and problems.
7 Ways Electronic Voting Systems Can Be Attacked
Slideshows  |  10/13/2016  | 
Pre-election integrity tests and post-election audits and checks should help spot discrepancies and errors, but risks remain.
Access, Trust, And The Rise Of Electronic Personal Assistants
Partner Perspectives  |  10/13/2016  | 
App and device makers are working hard to deliver user control over privacy.
IoT Default Passwords: Just Don't Do It
Commentary  |  10/13/2016  | 
The rise of the Internet of Things makes the use of default passwords especially perilous. There are better options.
Survey Shows Lack Of Preparation For EUs Data Privacy Law
Quick Hits  |  10/13/2016  | 
More than 80% of companies know little about the 2018 General Data Protection Regulation (GDPR) -- and 97% have no plans to prepare for it.
Vera Bradley Stores Report Payment Card Breach
Quick Hits  |  10/13/2016  | 
The retailer discloses security incident targeting customer payment card data at its stores between July 25 and September 23.
Page 1 / 2   >   >>

Register for Dark Reading Newsletters
White Papers
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
According to industry estimates, about a million new IT security jobs will be created in the next two years but there aren't enough skilled professionals to fill them. On top of that, there isn't necessarily a clear path to a career in security. Dark Reading Executive Editor Kelly Jackson Higgins hosts guests Carson Sweet, co-founder and CTO of CloudPassage, which published a shocking study of the security gap in top US undergrad computer science programs, and Rodney Petersen, head of NIST's new National Initiative for Cybersecurity Education.