News & Commentary
Latest Content
Page 1 / 2   >   >>
Home Routers Being Targeted in DNS Hijacking Attack, Trend Micro Says
News  |  5/29/2015  | 
Attackers attempting to steal sensitive data by diverting home router traffic to malicious domains, security firm says.
How I Would Secure The Internet With $4 Billion
Commentary  |  5/29/2015  | 
In an open letter to President Obama, a member of the Open Web Application Security Project tells why pending legislation on threat-intel sharing doesnít go far enough.
UN Report Warns Encryption Backdoors Violate Human Rights
News  |  5/28/2015  | 
Report says States should be promoting strong encryption and anonymity tools, not restricting them.
IRS Attack Demonstrates How Breaches Beget More Breaches
News  |  5/28/2015  | 
Weak authentication validation assumed only taxpayers would know their Social Security Numbers and other information that criminals have been stealing for years.
Small-to Mid-sized Organizations Targeted By 'Grabit' Cyberspies
News  |  5/28/2015  | 
Rare SMB-focused cyber espionage campaign hitting small firms worldwide.
'Tox' Offers Ransomware As A Service
News  |  5/28/2015  | 
The ransomware is free to use but site retains 20 percent of any ransom that is collected, McAfee researcher says.
What Are You Doing During The Golden Hour After An Attack?
Partner Perspectives  |  5/28/2015  | 
Take the time to detect the attack, isolate the infected machines, and restore them to a known state.
FUD Watch: The Marketing Of Security Vulnerabilities
Commentary  |  5/28/2015  | 
Iím all for raising awareness, but making designer vulnerabilities, catchy logos and content part of the disclosure process is a step in the wrong direction.
Data Theft The Goal Of BlackEnergy Attacks On Industrial Control Systems, Researchers Say
News  |  5/28/2015  | 
CyberX analysis of BlackEnergy module reveals most likely motive behind sophisticated multi-year attack campaign.
Oracle PeopleSoft In The Crosshairs
News  |  5/27/2015  | 
Presenter at Hack In The Box says PeopleSoft is in worse security shape than SAP was five years ago.
Moose Malware Uses Linux Routers For Social Network Fraud
News  |  5/27/2015  | 
Linux/Moose is sophisticated enough to do DNS hijacks, DDoSes, and deep network penetration...so why is it wasting its time on Instagram?
Escalating Cyberattacks Threaten US Healthcare Systems
Commentary  |  5/27/2015  | 
Electronic health records are prime targets because healthcare organizations lack the resources, processes, and technologies to protect them. And itís only going to get worse.
What Data Breaches Now Cost And Why
News  |  5/27/2015  | 
New Ponemon report says the cost of a data breach has increased by 23% and healthcare and education breaches are the most pricey.
IRS Breach Exposes 100,000 Taxpayers' Tax Returns, Other Data
Quick Hits  |  5/26/2015  | 
Online 'Get Transcript' service accessed from February to mid-May.
Profile Of A Cybercrime Petty Thief
News  |  5/26/2015  | 
Trend Micro provides peek at methods of amateur, lone-wolf carder.
A Threat Intelligence-Sharing Reality-Check
News  |  5/26/2015  | 
Many organizations employ sharing one-way (gathering) and mainly for 'CYA,' experts say.
State-Sponsored Cybercrime: A Growing Business Threat
Commentary  |  5/26/2015  | 
You donít have to be the size of Sony -- or even mock North Korea -- to be a target.
DR Radio: Incident Response War-Gaming
Commentary  |  5/25/2015  | 
Learn how to practice the post-breach panicking.
Google: Account Recovery Security Questions Not Very Secure
News  |  5/22/2015  | 
An analysis of millions of answers to security questions show many are predictable and easily guessable, says Google.
Cyber Threat Analysis: A Call for Clarity
Commentary  |  5/22/2015  | 
The general public deserves less hyperbole and more straight talk
Hacking Virginia State Trooper Cruisers
News  |  5/22/2015  | 
Working group of federal agencies and private industry launched by the state of Virginia is studying car vulnerabilities and building tools to detect and protect against vehicle hacking and tampering.
Data Encryption In The Cloud: Square Pegs In Round Holes
Commentary  |  5/21/2015  | 
Conventional encryption is a surefire solution for protecting sensitive data -- except when it breaks cloud applications. ďFormat-preservingĒ encryption could change all that.
Half Of Retail, Healthcare Sites 'Always Vulnerable'
News  |  5/21/2015  | 
Finding vulnerabilities in custom web applications isn't the major problem; fixing them in a timely fashion is, a new report from WhiteHat Security finds.
1.1 Million Hit In Another BlueCross BlueShield Breach
Quick Hits  |  5/20/2015  | 
CareFirst BCBS announces breach, two months after Premera Blue Cross disclosed a breach of 11 million records.
Logjam Encryption Flaw Threatens Secure Communications On Web
News  |  5/20/2015  | 
Most major browsers, websites that support export ciphers impacted
The Cloud Revolution Requires High-Performance Attack Prevention
Partner Perspectives  |  5/20/2015  | 
Where there is traffic, there are bandits.
Planes, Tweets & Possible Hacks From Seats
News  |  5/20/2015  | 
There are conflicting reports over whether security researcher Chris Roberts hacked into flight controls and manipulated a plane.
5 Signs Credentials In Your Network Are Being Compromised
Commentary  |  5/20/2015  | 
Where should you start to keep ahead of attackers using insiders to steal corporate secrets or personal identifiable information? Check out these common scenarios.
Retailers Take 197 Days To Detect Advanced Threat, Study Says
News  |  5/19/2015  | 
Most common method of identifying them as advanced threats is a "gut feeling."
3 'Old' Attack Trends That Dominated Q1
News  |  5/19/2015  | 
What's old is new as attackers recycle their attack patterns.
Hacking Airplanes: No One Benefits When Lives Are Risked To Prove A Point
Commentary  |  5/19/2015  | 
In the brave new world of self-driving cars and Wifi-enabled pacemakers, everything we do as information security professionals, everything we hack, every joke we make on Twitter, has real, quantifiable consequences.
Every 4 Seconds New Malware Is Born
News  |  5/18/2015  | 
New report shows rate of new malware strains discovered increased by 77 percent in 2014.
Experts Urge InfoSec Info Sharing At Columbia-GCIG Conference
News  |  5/18/2015  | 
'It all starts at the bar with a beer.'
Why We Can't Afford To Give Up On Cybersecurity Defense
Commentary  |  5/18/2015  | 
There is no quick fix, but organizations can massively reduce the complexity of building secure applications by empowering developers with four basic practices.
Polish Security Firm Discloses Unpatched Security Flaws in Google App Engine
News  |  5/15/2015  | 
Google was given enough time to respond researcher says.
Drinking from the Malware Fire Hose
Partner Perspectives  |  5/15/2015  | 
Take a staged approach to processing malware in bulk so that scarce and time-limited resources can be prioritized for only those threats that truly require them.
The Cybercrime Carnival in Brazil: Loose Cyberlaws Make for Loose Cybercriminals
Commentary  |  5/15/2015  | 
Brazil loses over $8 billion a year to Internet crime, making it the second-largest cybercrime generator in the world.
Experts' Opinions Mixed On VENOM Vulnerability
News  |  5/14/2015  | 
Some say the virtualization vuln could be worse than Heartbleed, while others advise to patch, but don't panic.
When Encrypted Communication Is Not Good Enough
Commentary  |  5/14/2015  | 
For the vast majority of conversations -- on paper, by phone or computer -- encryption is a perfectly adequate form of protection. Unless, of course, a life or livelihood is at stake.
Cloud Security Alliance, Waverley Labs Collaborate On Open-Source Software-Defined Perimeter Spec
News  |  5/13/2015  | 
SDPs offer enterprises an alternative to traditional perimeter tools for protecting network assets, says CSA, Waverley
Teaming Up to Educate and Enable Better Defense Against Phishing
Partner Perspectives  |  5/13/2015  | 
Companies need to both educate their employees and implement prevention technology.
Oil & Gas Firms Hit By Cyberattacks That Forgo Malware
News  |  5/13/2015  | 
New spin on the 'Nigerian scam' scams crude oil buyers out of money with bait-and-switch.
Taking A Security Program From Zero To Hero
Commentary  |  5/13/2015  | 
Breaking the enigma of InfoSec into smaller bites is a proven method for building up an organizationís security capabilities. Here are six steps to get you started.
VENOM Zero-Day May Affect Thousands Of Cloud, Virtualization Products
News  |  5/13/2015  | 
Critical vulnerability in the open-source QEMU hypervisor lets attackers break out of a virtual machine, execute code on a host machine and access all the other VMs on the host.
Verizon 2015 Data Breach Cover Puzzler Solved: Defending Champs Win
News  |  5/12/2015  | 
The 2015 DBIR Cover Challenge is as highly anticipated by some as the DBIR report itself.
Vulnerability Disclosure Deja Vu: Prosecute Crime Not Research
Commentary  |  5/12/2015  | 
There is a lesson to be learned from a locksmith living 150 years ago: Attackers and criminals are the only parties who benefit when security researchers fear the consequences for reporting issues.
First Example Of SAP Breach Surfaces
News  |  5/12/2015  | 
USIS attack in 2013 stealing background check information about government personnel with classified clearance came by way of an SAP exploit.
Protecting The Data Lifecycle From Network To Cloud
Commentary  |  5/12/2015  | 
Enterprises are pushing more sensitive and regulated data into the public cloud than ever before. But the journey carries many new risks.
10 Security Questions To Ask A Cloud Service Provider
Slideshows  |  5/12/2015  | 
Help the business assess the risks of cloud services with these handy questions.
What Does China-Russia 'No Hack' Pact Mean For US?
News  |  5/11/2015  | 
It could be an Internet governance issue or a response to the U.S. DoD's new cyber strategy, but one thing is certain: it doesn't really mean China and Russia aren't spying on one another anymore.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0733
Published: 2015-05-30
CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in Cisco Headend System Release allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks, via a crafted request, aka Bug ID ...

CVE-2015-0743
Published: 2015-05-30
Cisco Headend System Release allows remote attackers to cause a denial of service (DHCP and TFTP outage) via a flood of crafted UDP traffic, aka Bug ID CSCus04097.

CVE-2015-0744
Published: 2015-05-30
Cisco DTA Control System (DTACS) 4.0.0.9 and Cisco Headend System Release allow remote attackers to cause a denial of service (CPU and memory consumption, and TCP service outage) via (1) a SYN flood or (2) other TCP traffic flood, aka Bug IDs CSCus50642, CSCus50662, CSCus50625, CSCus50657, and CSCus...

CVE-2015-0745
Published: 2015-05-30
Cisco Headend System Release allows remote attackers to read temporary script files or archive files, and consequently obtain sensitive information, via a crafted header in an HTTP request, aka Bug ID CSCus44909.

CVE-2015-0747
Published: 2015-05-30
Cisco Conductor for Videoscape 3.0 and Cisco Headend System Release allow remote attackers to inject arbitrary cookies via a crafted HTTP request, aka Bug ID CSCuh25408.

Dark Reading Radio
Archived Dark Reading Radio
After a serious cybersecurity incident, everyone will be looking to you for answers -- but youíll never have complete information and youíll never have enough time. So in those heated moments, when a business is on the brink of collapse, how will you and the rest of the board room executives respond?