News & Commentary
Latest Content
Page 1 / 2   >   >>
Gas Stations In the Bullseye
News  |  6/29/2015  | 
White hats at Black Hat USA will release free honeypot tool for monitoring attacks against gas tank monitoring systems.
Clever CryptoWall Spreading Via New Attacks
News  |  6/29/2015  | 
Top ransomware doesn't waste time jumping on the latest Flash zero-day, and hops rides on click fraud campaigns, too.
CSA Announces New Working Group For Cloud Security API Standards
News  |  6/29/2015  | 
CipherCloud, Deloitte, InfoSys, Intel Security and SAP all on board to start developing vendor-neutral guidelines that could further accelerate CASB growth
Cyber Resilience And Spear Phishing
Partner Perspectives  |  6/29/2015  | 
Balanced security capability, defense in depth, integrated countermeasures, and a threat-intelligence strategy are critical to defending your business from spear-phishing attacks.
Social Engineering & Black Hat: Do As I Do Not As I Say
Commentary  |  6/29/2015  | 
Yes, I will be at Black Hat, where people will yell at me about NOT giving my PII to anyone, especially if they ask me for it via email.
4 Ways Cloud Usage Is Putting Health Data At Risk
News  |  6/26/2015  | 
A huge shadow IT problem is just one of the risks of uncontrolled cloud usage in healthcare organizations, new study shows.
3 Simple Steps For Minimizing Ransomware Exposure
Commentary  |  6/26/2015  | 
If your data is important enough to pay a ransom, why wasn't it important enough to properly backup and protect in the first place?
Stealthy Fobber Malware Takes Anti-Analysis To New Heights
News  |  6/25/2015  | 
Built off the Tinba banking Trojan and distributed through the elusive HanJuan exploit kit, Fobber info-stealer defies researchers with layers upon layers of encryption.
FireEye Report Prompts Reported SEC Probe Of FIN4 Hacking Gang
News  |  6/25/2015  | 
Security vendor's report from last year had warned about group targeting insider data from illegal trading.
5 Things You Probably Missed In The Verizon DBIR
Slideshows  |  6/25/2015  | 
A look at a few of the lesser-noticed but meaty nuggets in the annual Verizon Data Breach Investigations Report (DBIR).
What Do You Mean My Security Tools Donít Work on APIs?!!
Commentary  |  6/25/2015  | 
SAST and DAST scanners havenít advanced much in 15 years. But the bigger problem is that they were designed for web apps, not to test the security of an API.
Breach Defense Playbook: Cybersecurity Governance
Partner Perspectives  |  6/25/2015  | 
Time to leave the island: Integrate cybersecurity into your risk management strategy.
How To Avoid Collateral Damage In Cybercrime Takedowns
News  |  6/24/2015  | 
Internet pioneer and DNS expert Paul Vixie says 'passive DNS' is way to shut down malicious servers and infrastructure without affecting innocent users.
Breach Defense Playbook: Incident Response Readiness (Part 2)
Partner Perspectives  |  6/24/2015  | 
Will your incident response plan work when a real-world situation occurs?
User Monitoring Not Keeping Up With Risk Managers' Needs
News  |  6/24/2015  | 
Biggest concern is negligence, but monitoring capabilities can't detect this type of activity within most applications.
FBI: CryptoWall Ransomware Cost US Users $18 Million
News  |  6/24/2015  | 
Increasing pace of ransomware innovation likely to keep that number going up.
Why China Wants Your Sensitive Data
Commentary  |  6/24/2015  | 
Since May 2014, the Chinese government has been amassing a 'Facebook for human intelligence.' Here's what it's doing with the info.
The Secret Of War Lies In The Communications --Napoleon
Partner Perspectives  |  6/24/2015  | 
DXL helps organizations keep an eye on external and internal threats using relevant information in real time.
Child Exploitation & Assassins For Hire On The Deep Web
News  |  6/23/2015  | 
'Census report' of the unindexed parts of the Internet unearths everything from Bitcoin-laundering services to assassins for hire.
Banks Targeted By Hackers Three Times More Than Other Sectors
News  |  6/23/2015  | 
Active targeted attacks on financial services firms in quest for lucrative data -- and of course, money.
Breach Defense Playbook: Incident Response Readiness (Part 1)
Partner Perspectives  |  6/23/2015  | 
Will your incident response plan work when a real-world situation occurs?
Government, Healthcare Particularly Lackluster In Application Security
News  |  6/23/2015  | 
Veracode's State of Software Security Report lays out industry-specific software security metrics.
The Dark Web: An Untapped Source For Threat Intelligence
Commentary  |  6/23/2015  | 
Most organizations already have the tools for starting a low-cost, high-return Dark Web cyber intelligence program within their existing IT and cybersecurity teams. Hereís how.
3 Clues That Collaboration And File Sharing Tools Are Cloud Security's Weak Link
News  |  6/23/2015  | 
Cloud collaboration and file sharing applications continue to raise CISOs' blood pressure.
Report: NSA, GCHQ Actively Targeted Kaspersky Lab, Other Security Vendors
Quick Hits  |  6/22/2015  | 
Snowden documents reveal government intelligence agencies were working to subvert security software. Kaspersky Lab calls nation-states' targeting of security companies 'extremely worrying.'
FitBit, Acer Liquid Leap Fail In Security Fitness
News  |  6/22/2015  | 
Transmissions to the cloud are secured with these Internet of Things devices, but wristband-to-phone comms are open to eavesdropping.
What You Probably Missed In Verizon's Latest DBIR
Commentary  |  6/22/2015  | 
Tune in to Dark Reading Radio at 1pm ET/11am Pacific on Wednesday, June 24, when Verizon Data Breach Investigations Report co-author Marc Spitler discusses some of the possibly lesser-noticed nuggets in the industry's popular report on real-world attacks.
Breach Defense Playbook: Open Source Intelligence
Partner Perspectives  |  6/22/2015  | 
Do you know what information out there is putting you at risk?
Security Surveys: Read With Caution
Commentary  |  6/22/2015  | 
Iím skeptical of industry surveys that tell security practitioners what they already know. Donít state the obvious. Tell us the way forward.
US Hosts The Most Botnet Servers
News  |  6/19/2015  | 
More malicious command and control servers are based in the US than anywhere else, and China is home to the most bots.
7 Top Security Quotes From London Technology Week
Slideshows  |  6/19/2015  | 
Tech events across the city hit on IoT, smart cities, mobility and Legos.
9 Questions For A Healthy Application Security Program
Commentary  |  6/19/2015  | 
Teams often struggle with building secure software because fundamental supporting practices aren't in place. But those practices don't require magic, just commitment.
An Effective Community Is More Than Just An Online Forum
Partner Perspectives  |  6/19/2015  | 
It is important to develop a strong base of contributors who can communicate effectively, answer questions, and summarize issues.
Houston Astros' Breach A 'Wake-Up Call' On Industrial Cyber Espionage
News  |  6/18/2015  | 
The St. Louis Cardinals' alleged breach of the Astros' proprietary database raises concern over the possibility of US companies hacking their rivals for intel.
New Apple iOS, OS X Flaws Pose Serious Risk
News  |  6/18/2015  | 
Security vulnerabilities could expose passwords for Apple iCloud, email, and bank accounts, and other sensitive information, researchers say.
Breach Defense Playbook: Reviewing Your Cybersecurity Program (Part 2)
Partner Perspectives  |  6/18/2015  | 
Cybersecurity requires a combination of people, process, and technology in a coordinated implementation leveraging a defense-in-depth methodology.
Cybersecurity Advice From A Former White House CIO
Commentary  |  6/18/2015  | 
Today's playbook demands 'human-centered' user education that assumes people will share passwords, forget them, and do unsafe things to get their jobs done.
No End In Sight For Exposed Internet Of Things, Other Devices
News  |  6/17/2015  | 
New data from an Internet-scanning project shows vulnerable consumer and enterprise systems remain a big problem on the public Net.
Breach Defense Playbook: Reviewing Your Cybersecurity Program (Part 1)
Partner Perspectives  |  6/17/2015  | 
How does your cybersecurity program compare to your industry peers?
Smart Cities', IoT's Key Challenges: Security, Lack of Standards
News  |  6/17/2015  | 
London Technology Week: At IFSEC, futurologist Simon Moores asks who's responsible when a smart city crashes.
Time to Focus on Data Integrity
Commentary  |  6/17/2015  | 
Information security efforts have historically centered on data theft. But cybercriminals who alter corporate records and personal information can also cause serious harm.
New Malware Found Hiding Inside Image Files
News  |  6/16/2015  | 
Dell SecureWorks CTU researchers say Stegoloader is third example in a year of malware using digital steganography as a detection countermeasure.
Is Your Security Operation Hooked On Malware?
Commentary  |  6/16/2015  | 
It may seem counterintuitive, but an overzealous focus on malware may be preventing you from detecting even bigger threats.
FBI Investigating St. Louis Cardinals For Allegedly Hacking Houston Astros
Quick Hits  |  6/16/2015  | 
Cyber criminals, nation-states, and now professional baseball teams are apparently getting into the hacking game.
Password Manager LastPass Hacked
Quick Hits  |  6/16/2015  | 
LastPass says user account email addresses, password reminders, server per user salts, and authentication hashes compromised.
3 Keys For More Effective Security Spend
News  |  6/15/2015  | 
New study models security costs to show how variables can affect the risk to ROI equation over time.
London Tech Week Kicks Off
Quick Hits  |  6/15/2015  | 
Before IFSEC and Interop get underway, tech events are scattered about town in the unlikeliest places.
Cyberspies Stole Legit Digital Certificates To Mask Their Malware
News  |  6/15/2015  | 
Duqu 2.0 nation-state attackers used pilfered Foxconn hardware driver certs to sign spying malware that hit negotiators in Iranian nuclear pact discussions, Kaspersky Lab -- and now, an ICS/SCADA hardware vendor.
Lessons Learned From The Ramnit Botnet Takedown
Commentary  |  6/15/2015  | 
While most organizations wonít find themselves in similar circumstances, there are important takeaways they can apply to any security program.
OPM Breach Scope Widens, Employee Group Blasts Agency For Not Encrypting Data
News  |  6/12/2015  | 
Lack of encryption 'indefensible' and 'outrageous,' American Federation of Government Employees says.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-1913
Published: 2015-06-30
Rational Test Control Panel in IBM Rational Test Workbench and Rational Test Virtualization Server 8.0.0.x before 8.0.0.5, 8.0.1.x before 8.0.1.6, 8.5.0.x before 8.5.0.4, 8.5.1.x before 8.5.1.5, 8.6.0.x before 8.6.0.4, and 8.7.0.x before 8.7.0.2 uses the MD5 algorithm for password hashing, which mak...

CVE-2015-4227
Published: 2015-06-30
Memory leak in Cisco Headend System Release allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, aka Bug ID CSCus91838.

CVE-2015-4229
Published: 2015-06-30
The web framework in Cisco Unified Communications Domain Manager 8.1(4)ER1 allows remote attackers to obtain sensitive information by visiting a bvsmweb URL, aka Bug ID CSCuq22589.

CVE-2015-0196
Published: 2015-06-29
CRLF injection vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 before 7.0.0.8 Cumulative iFix 2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

CVE-2015-0545
Published: 2015-06-29
EMC Unisphere for VMAX 8.x before 8.0.3.4 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report