News & Commentary
Latest Content
Page 1 / 2   >   >>
Hilton Data Breach Focuses Attention On Growing POS Malware Threat
News  |  11/25/2015  | 
Analysts expect an increase in POS attacks against retailers and others during this holiday shopping season.
The Youthful Side Of Hacking
Commentary  |  11/25/2015  | 
If the iconic 1955 movie Rebel Without a Cause was remade today, would James Dean be a computer hacker?
Cyber Monday: What Retailers & Shoppers Should Watch For
News  |  11/24/2015  | 
Attackers have a variety of ways to commit fraud and may take advantage of busy time to sneak in a data breach.
RSA Warns Of Zero Detection Trojan
News  |  11/24/2015  | 
GlassRAT has remained undetected for more than three years while stealthily targeting victims, security firm says.
Cisco Cert Tracker Offline After Pearson VUE Breach
News  |  11/24/2015  | 
Third-party certification credential manager used by Cisco and others is taken down after malware infection.
Stealthy ModPOS Is 'Most Sophisticated PoS Malware' Ever
News  |  11/24/2015  | 
More than just a point-of-sale card scraper, it's modular malware, and every module is a rootkit.
Dell Hands Hackers Keys To Customer Systems
News  |  11/24/2015  | 
Dell installs root certificate with associated private keys to create its very own Superfish scenario.
Parsing What Is ‘Reasonable’ In Security, Post FTC v Wyndham
Commentary  |  11/24/2015  | 
In today's regulatory climate, companies can no longer depend on technology solutions alone – for example, SIEM -- to protect corporate data and customer privacy. Here's why.
Black Friday Security: Brick-and-Mortar Retailers Have Cyber Threats, Too
News  |  11/23/2015  | 
PoS malware, ways to trick new payment technology, and zero tolerance for down-time or slow-time make for a stressful combination.
SAFECode Releases Framework For Assessing Security Of Software
News  |  11/23/2015  | 
Guide for evaluating how software companies are adopting secure coding and security support practices.
A Comprehensive Look At China's Cybercrime Culture
News  |  11/23/2015  | 
Trend Micro report offers a full view of espionage and theft perpetrated by Chinese hackers.
Where Is Ransomware Going?
Partner Perspectives  |  11/23/2015  | 
As PCs and servers get better protected and employees more knowledgeable about the ransomware threat, criminals will go after less secure systems such as smart TVs, conferencing equipment, or other unsecured devices.
We Need A New Word For Cyber
Commentary  |  11/23/2015  | 
It’s time to find an alternative for 'cyber' (an adjective or noun) before the term – like 'google' -- becomes a verb.
Russian Cybergangs Stole Some $790 Million Over 3 Years
News  |  11/20/2015  | 
More than $500 million of that is from victims located outside the borders of the former USSR, Kaspersky Lab reveals.
Starwood Hotels Hit With PoS Malware, Payment Card Info Exposed
Quick Hits  |  11/20/2015  | 
More than 50 Sheraton, Westin, other hotel chains in North America affected.
Introducing ‘RITA’ for Real Intelligence Threat Analysis
Commentary  |  11/20/2015  | 
SANS' free, new framework can help teams hunt for attackers by extending traditional signature analysis to blacklisted IP addresses and accounts that have multiple concurrent logons to multiple systems.
Why The Java Deserialization Bug Is A Big Deal
News  |  11/19/2015  | 
Millions of app servers are potentially open to compromise due to how they handle serialized Java apps, researchers say.
4 Tricks For Getting The Most Out Of User Behavior Analytics
News  |  11/19/2015  | 
First thing's first: establish what 'normal' metrics look like.
US-China Security Review Commission Discusses 'Hack-Back' Laws
Quick Hits  |  11/19/2015  | 
Commission's annual report to Congress recommends a closer look at whether companies should be allowed to launch counterattacks on hackers.
And Now, A Cyber Arms Race Towards Critical Infrastructure Attacks
Commentary  |  11/19/2015  | 
As traditional explosives give way to 'logic bombs,' the need to protect our industrial networks and systems has never been more important.
'Xindi' Online Ad Fraud Botnet Exposed
News  |  11/18/2015  | 
Billions of dollars in ad revenue overall could be lost to botnet that exploits 'Amnesia' bug.
Siri’s Lockscreen Bypass A Growing Privacy Issue For iOS Users
News  |  11/18/2015  | 
In less than 30 seconds, anyone with access to an Apple iPhone or iPad can extract a lot of personal data using Siri, Trend Micro says.
Exploit Kit Explosion Will Keep Victims Off Kilter
News  |  11/18/2015  | 
Exploit kit C&C infrastructure expanded by 75% in Q3.
DDoS And The Internet's Liability Problem
Commentary  |  11/18/2015  | 
It's past time for an improved liability model to disrupt DDoS.
Attack Attempt Numbers Down, But PoS Malware & Angler Up in Q3
News  |  11/17/2015  | 
Politically motivated cyberespionage groups also hard at work between July and September, according to Trend Micro.
Must Automation Remain A Four-Letter Word?
Partner Perspectives  |  11/17/2015  | 
It doesn’t have to. We just need to apply the compensating safeguards and automated controls selectively so CISOs and their security teams can comfortably embrace it.
Microsoft Invests $1 Billion In 'Holistic' Security Strategy
News  |  11/17/2015  | 
Executives detail strategic and cultural shift at Microsoft to an integrated security approach across its software and services, and announce new managed services group and cyber defense operation center.
5 Reasons Enterprises Don't Get Enough Value From Threat Intelligence
News  |  11/17/2015  | 
Maturity levels still keeping threat intelligence efficacy stunted.
IBM Report: Ransomware, Malicious Insiders On The Rise
News  |  11/16/2015  | 
X-Force's top four cyber threat trends also names upper management's increasing interest in infosec.
Don’t Toy With The Dark Web, Harness It
Commentary  |  11/16/2015  | 
The Dark Web’s sinister allure draws outsized attention, but time-strapped security teams would benefit from knowing what's already circulating in places they don't need Tor or I2P to find.
Dark Reading Radio: A Cybersecurity Generation Gap
Commentary  |  11/16/2015  | 
Millennials--especially young women--not pursuing careers in cybersecurity due to lack of both awareness and interest.
Google Study Finds Email Security A Mixed Bag
News  |  11/13/2015  | 
The use of encryption and authentication mechanisms by Google, Yahoo, and Microsoft has improved security -- but problems remain.
More Ransomware Being Spread Via Malvertising
Quick Hits  |  11/13/2015  | 
Magnitude exploit kit has popped up in new malvertising campaign and dropping CryptoWall.
Healthcare Apps, WordPress Most Popular Web Attack Targets
News  |  11/12/2015  | 
No application escaped without a Shellshock attack in 2015, either, report finds.
Cherry Picker POS Malware Has Remained Hidden For Four Years
News  |  11/12/2015  | 
Sophisticated obfuscation techniques have allowed malware to evade AV systems and security vendors for a long time, says Trustwave.
Solving Security: If You Want Something New, Stop Doing Something Old
News  |  11/12/2015  | 
Black Hat Europe keynoter Haroon Meer tells security pros to work smarter, think out of the box, and speak out to the C-suite.
Incidence-Response Imperative: Take Immediate Action
Partner Perspectives  |  11/12/2015  | 
Something malicious this way comes. A fast reaction can reduce your risk.
Point of Entry: The Missing Link in the Security Hiring Gap
Commentary  |  11/12/2015  | 
How misguided notions of capability and lack of access to enterprise tools discourage diversity in Infosec.
Federal Government Most Prone To Repeat Breaches
News  |  11/11/2015  | 
It isn't just the White House that gets compromised more than once. Also, in a shifting trend, malicious insider attacks don't cut quite as deep as outsiders' do, report finds.
Tool Controls Botnet With Twitter Direct Messages
News  |  11/11/2015  | 
'Twittor' exploits the expanded capacity of Twitter DMs to replace traditional botnet command-and-control server infrastructure.
Machine Learning: Perception Problem? Maybe. Pipe Dream? No Way!
Commentary  |  11/11/2015  | 
Guided by an organization's internal security experts,'algorithmic assistants' provide a powerful new way to find anomalies and patterns for detecting cyberthreat activity.
Privileged Account Control Still Weak In Most Organizations
News  |  11/11/2015  | 
Two studies this week show there's a long way to go in securing credentials for risky accounts.
JP Morgan Breach Only One Piece Of Vast Criminal Enterprise, Indictments Reveal
News  |  11/10/2015  | 
Three men at the head of 'diversified criminal conglomerate' used hacking to commit and enhance their securities fraud, illegal online gambling, illegal Bitcoin exchange, and illegal payment processing businesses, 23-count indictment alleges.
Adobe Flash Bug Discovery Leads To New Attack Mitigation Method
News  |  11/10/2015  | 
Prototype aims to prevent exploits that employ 'use after free' bugs in Windows, Linux, OS X software.
Why Threat Intelligence Feels Like A Game Of Connect Four
Commentary  |  11/10/2015  | 
In real life, solving the cybersecurity puzzle has many challenges. But shared wisdom and community defense models are making it easier to connect the dots.
New 4G LTE Hacks Punch Holes In Privacy
News  |  11/9/2015  | 
Black Hat Europe researchers to demonstrate newly found flaws in 4G mobile that expose privacy and disrupt phone service.
NSA Discloses 91 Percent Of Vulns It Finds, But How Quickly?
News  |  11/9/2015  | 
NSA says 'vast majority' of flaws it finds are reported to vendors, but keeps mum on how long it takes--offering enterprises another reason for remaining vigilant with their own internal security.
Cybersecurity Skills Gap: Too Good To Be True For Job Seekers?
Commentary  |  11/9/2015  | 
New track at Black Hat Europe explores the special challenges of managing an information security career for both job hunters and job hirers.
6 Critical SAP HANA Vulns Can't Be Fixed With Patches
News  |  11/9/2015  | 
Onapsis releases 21 SAP HANA security advisories, including some Trexnet vulnerabilities that require upgrades and reconfigurations.
What Flu Season Can Teach Us About Fighting Cyberattacks
Commentary  |  11/6/2015  | 
Cybersecurity doesn't have to be an arms race towards complexity if we put people front and center of the solution.
Page 1 / 2   >   >>

Register for Dark Reading Newsletters
White Papers
Current Issue
E-Commerce Security: What Every Enterprise Needs to Know
The mainstream use of EMV smartcards in the US has experts predicting an increase in online fraud. Organizations will need to look at new tools and processes for building better breach detection and response capabilities.
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio