News & Commentary
Latest Content
Page 1 / 2   >   >>
Controlling Privileged Access To Prevent Rogue Users In Active Directory
Commentary  |  2/20/2017  | 
Knowing which of your employees have which privileges is the first step to staying safe.
Voice Biometrics Prone To Error, Study Shows
News  |  2/20/2017  | 
New research shows the need for a holistic solution to authentication, not just voice biometrics alone.
Do Software-Defined Data Centers Pose Security Concerns?
Partner Perspectives  |  2/20/2017  | 
SDDC adoption is likely to trigger widespread data security governance programs, with 20 percent of organizations considering them necessary to prevent data breaches.
At Least 70 Organizations Targeted In Sophisticated Cyber Surveillance Operation
News  |  2/17/2017  | 
Most of the targets are in Ukraine, though a few have been spotted in Russia and elsewhere, CyberX says
Yahoo Explains Cookie Forgery Related To Two 2016 Breaches
Quick Hits  |  2/17/2017  | 
Yahoo's recent update on forged cookies is in relation to two, not three, security breaches announced last year.
Closing The Cybersecurity Skills Gap With STEM
Commentary  |  2/17/2017  | 
As a nation, we should be doing more to promote educational programs that prepare today's students for tomorrow's jobs.
After Election Interference, RSA Conference Speakers Ask What Comes Next
News  |  2/17/2017  | 
Election-tampering called 'a red line we should not allow anyone to cross.'
Man Jailed For Hacking Ex-Employer's Operations
Quick Hits  |  2/17/2017  | 
Louisiana resident Brian Johnson was sentenced to 34 months in prison and ordered to pay more than $1.1 million in damages.
Florida Man Gets 48 Months For $1.3M Spam Email Scheme
Quick Hits  |  2/17/2017  | 
Timothy Livingston committed identity theft and sent bulk spam emails on behalf of clients, generating $1.3 million in profit.
NSS Labs Talks Operationalizing Security
NSS Labs Talks Operationalizing Security
Dark Reading Videos  |  2/17/2017  | 
At RSA, NSS Labs CTO Jason Brvenik discusses how to find the gaps in your current web of security products and how to discover what you're not finding.
Iran Intensifies Its Cyberattack Activity
News  |  2/16/2017  | 
Middle East targets namely Saudi Arabia are feeling the brunt of the attacks, but experts anticipate Iran will double down on hacking US targets.
Ransomware Growth Fueled By Russian-Speaking Cybercriminals
News  |  2/16/2017  | 
Individuals and groups from Russian-speaking countries responsible for a lot of ransomware activity, Kaspersky Lab says.
Recorded Future Talks Threat Intel
Recorded Future Talks Threat Intel
Dark Reading Videos  |  2/16/2017  | 
At the RSA Conference, Recorded Future's vice president of intelligence and strategy Levi Gundert and director of advanced collection Andrei Barysevich discuss threat intelligence.
The Era Of Data-Jacking Is Here. Are You Ready?
Commentary  |  2/16/2017  | 
As data in the cloud becomes more valuable, the cost of weak security will soon be higher than many organizations can bear. Here's why.
Ukraine Blames Russia For New Virus Targeting Infrastructure
Quick Hits  |  2/16/2017  | 
The Russian security service, software firms, and criminal hackers are accused of orchestrating cyberattacks on Ukraine's infrastructure.
Yahoo Warns Users Of Forged Cookies In Third Breach
Quick Hits  |  2/16/2017  | 
The company sent a warning to users about forged cookies used in a third data breach originally reported in December 2016.
MEDJACK.3 Poses Advanced Threat To Hospital Devices
News  |  2/16/2017  | 
A newly discovered version of the "medical device hijack" attack targets older operating systems to bypass security measures and steal patient data.
New Attack Threatens Android For Work Security
News  |  2/16/2017  | 
The enterprise privacy app, designed to separate personal and business information, is open to attacks putting corporate data at risk.
Mimecast Tackles Email-Bound Risks
Mimecast Tackles Email-Bound Risks
Dark Reading Videos  |  2/16/2017  | 
At RSA, Mimecast cyber security strategy Bob Adams discusses graduating from basic filtering to true email security risk assessment.
Raytheon Foreground Security Talks Proactive Risk-Based Security
Raytheon Foreground Security Talks Proactive Risk-Based Security
Dark Reading Videos  |  2/16/2017  | 
At RSA, Raytheon Foreground Security's president, Paul Perkinson, and chief strategy officer, Joshua Douglas discuss how to get proactive with advanced threat hunting and managed detection response.
Cylance Talks Third-Party Testing
Cylance Talks Third-Party Testing
Dark Reading Videos  |  2/16/2017  | 
At the RSA Conference, Chad Skipper, vice president of industry relations and product testing for Cylance, discusses the customs and controversies of third-party testing and verification of security products.
CA Technologies Views On How Machine Learning Is Powering The Next Generation Of Security
CA Technologies Views On How Machine Learning Is Powering The Next Generation Of Security
Dark Reading Videos  |  2/16/2017  | 
At RSA, Mordecai Rosen, SVP and general manager of security business for CA Technologies talks machine learning, analytics, and identity management.
Juniper Discusses The New Network & How To Secure It
Juniper Discusses The New Network & How To Secure It
Dark Reading Videos  |  2/16/2017  | 
At RSA, Mihir Maniar, Juniper Networks' vice president of security products and strategy, and Laurence Pitt, Juniper Networks' EMEA security strategy director, discuss how the network has not disappeared, it's just become more elastic.
Clinton Campaign Tested Staffers With Fake Phishing Emails
News  |  2/15/2017  | 
Campaign stressed good IT hygiene, according to manager Robby Mook, who said the fake phishing emails were used to gauge effectiveness of security training for staffers,
Russian-Speaking Rasputin Breaches Dozens Of Organizations
News  |  2/15/2017  | 
Attacker behind Election Assistance Commission hack now using SQL injection as his weapon of choice against universities and government agencies.
What To Do When All Malware Is Zero-Day
Commentary  |  2/15/2017  | 
The industry needs new methods to fingerprint malware in order to determine who's behind breaches, and what can be done to stop them.
IoT Security: A Ways To Go, But Some Interim Steps For Safety
News  |  2/15/2017  | 
The Internet of Things remains vulnerable to botnets and malware, but Cisco's Anthony Grieco offers some tips to keep networks and users more secure
FBIs N-DEx System Helps Unearth Credit Card Fraud Ring
Quick Hits  |  2/15/2017  | 
An intelligence analyst used the N-DEx system to discover a 16-member gang cheating liquor and cigarette stores across eight states.
Microsoft Delays February Security Fixes
Quick Hits  |  2/15/2017  | 
The company delayed its monthly Patch Tuesday update, which was supposed to replace detailed security bulletins with the "Security Updates Guide."
The 10 Most Cyber-Exposed Cities In The US
News  |  2/15/2017  | 
At RSAC, Trend Micro researchers showcase municipalities with the highest percentage of discoverable devices and systems connected via the public Internet.
Veracode Tackles App Sec & The Pace Of DevOps
Veracode Tackles App Sec & The Pace Of DevOps
Dark Reading Videos  |  2/15/2017  | 
At the RSA Conference, Pete Chestna, Director of Developer Engagement at Veracode, discusses the persistent challenges of both continuous delivery and relentless attacks on the application layer.
Anomali Talks Threat Intelligence & Info Sharing
Anomali Talks Threat Intelligence & Info Sharing
Dark Reading Videos  |  2/15/2017  | 
At RSA Conference, Hugh Njemanze, CEO of Anomali talks about threat intelligence and the benefit of bi-directional information sharing with government agencies, as well as the benefit of free software.
Deloitte Tackles Identity Management
Deloitte Tackles Identity Management
Dark Reading Videos  |  2/15/2017  | 
At RSA Conference, Mike Wyatt, Managing Director of Deloitte Advisory Cyber Risk Service, discusses the identity management landscape and its growing importance, from "least privileges" to identity-as-a-service.
New BAE Systems Study Digs Into Defense
New BAE Systems Study Digs Into Defense
Dark Reading Videos  |  2/15/2017  | 
At RSA Conference, BAE Systems Vice President of Cyber Security Strategy Colin McKinty discusses businesses' wide challenges of understanding and responding to the threat landscape.
Microsoft President Says Tech Industry Should Be 'Neutral Digital Switzerland'
Quick Hits  |  2/14/2017  | 
RSA Conference: Brad Smith also says the world needs a "Digital Geneva Convention" to establish the international rules for nation-state cyber conflict.
CrowdStrike Fails In Bid To Stop NSS Labs From Publishing Test Results At RSA
News  |  2/14/2017  | 
NSS results are based on incomplete and materially incorrect data, CrowdStrike CEO George Kurtz says.
Darkness & Hope On Display At RSA Conference Keynotes
News  |  2/14/2017  | 
Attendees start morning with John Lithgow telling them 'Look at how your light shines together.'
Why Identity Has Become A Top Concern For CSOs
Commentary  |  2/14/2017  | 
Seven of the world's top security leaders share their fears and challenges around the critical new role of identity in the fight against cyber adversaries.
JPMorgan Breach: New Witness Delays Trial Of Bitcoin Exchange Suspects
Quick Hits  |  2/14/2017  | 
Trial proceedings of pastor Trevon Gross and Yuri Lebedev has been delayed; jury selection will take place Feb. 14.
Windows Can Help Mirai Botnet Spread
Quick Hits  |  2/14/2017  | 
Windows computers may allow cybercriminals to spread the Mirai infection by searching for other vulnerable devices.
National Security, Regulation, Identity Top Themes At Cloud Security Summit
News  |  2/13/2017  | 
Gen. Keith Alexander gives Trump a thumbs-up and Cloud Security Alliance releases a new application.
Obama's Former Cybersecurity Coordinator Named President Of CTA
News  |  2/13/2017  | 
Michael Daniel is now head of the newly incorporated nonprofit Cyber Threat Alliance, a security threat intel-sharing group of major security vendors.
IBM Brings Watson Cognitive Computing To The SOC
News  |  2/13/2017  | 
Technology known for a Jeopardy stunt six years ago is now powering question answering within IBM Security's QRadar system.
You Can't Hire Your Way Out of a Skills Shortage ... Yet
Commentary  |  2/13/2017  | 
It will take much effort to fix the IT and cybersecurity talent crisis, but it is possible.
New Bug Bounty Program Targets IoT Security
News  |  2/13/2017  | 
GeekPwn bug bounty program aims to collect Internet of Things security vulnerabilities, and highlight mistakes to vendors.
'Shock & Awe' Ransomware Attacks Multiply
News  |  2/13/2017  | 
Ransomware attackers are getting more aggressive, destructive, and unpredictable.
Russia Suspect In Italian Ministry Hack
Quick Hits  |  2/13/2017  | 
Italy's foreign ministry was victim of a cyberattack last year, but hackers did not gain access to classified information.
Verizon Data Breach Digest Triangulates Humanity Inside Security
News  |  2/13/2017  | 
The 99-page report breaks out 16 different attack scenarios and specifies the target, sophistication level, attributes, and attack patterns, along with their times to discovery and containment.
Turkish Hacker Gets 8 Years In US Jail For ATM Theft Scheme
Quick Hits  |  2/13/2017  | 
Ercan Findikoglu carried out three cyberattacks that enabled theft of $55 million through worldwide ATM withdrawals.
Alleged Russian Hacker With Ties To Notorious Cybercriminals Arrested In LA
News  |  2/10/2017  | 
Alexander Tverdokhlebov is being held on charges of conspiring with another hacker to steal money from online bank accounts.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.