News & Commentary
Latest Content
Page 1 / 2   >   >>
Startup 'Stealth Worker' Matches Businesses With Security Talent
News  |  7/30/2015  | 
New online service helps businesses looking for part-time security professionals fill specific job needs.
There's Another Android Media Vulnerability, But Google Isn't Worried
News  |  7/30/2015  | 
Vulnerability could become a favorite of ransomware operators, but Google has left it unpatched for more than two months.
Study Reveals the Most Common Attack Methods of Data Thieves
Partner Perspectives  |  7/30/2015  | 
Learning more about your attackers helps to improve your security profile and reduce the possibility of a breach.
Closing The Gap Between Security & Networking Ops: 5 Best Practices
Commentary  |  7/30/2015  | 
If your factions are warring, there’s a lot you can do about it. Here’s how -- and why you can’t afford to wait.
From Russia With Love: A Slew of New Hacker Capabilities and Services
News  |  7/30/2015  | 
A review of the Russian underground by Trend Micro reveals it to be the world’s most sophisticated.
Anthem Breach Linked To Black Vine Group & Beijing InfoSec Firm
News  |  7/29/2015  | 
Health insurer's breach of 80 million records attributed to 'well-resourced cyberespionage group' Black Vine. Could they also be behind breaches at OPM and United Airlines?
Can't Touch This: 'Hammertoss' Russian Cyberspies Hide In Plain Sight
News  |  7/29/2015  | 
APT29 cyber espionage attackers operate under the cover of legitimate services including Twitter, Github, and cloud storage services.
Code Theft: Protecting IP At The Source
Commentary  |  7/29/2015  | 
Your corporate assets are at risk and every day that you avoid taking action shortens the time until your IP will be leaked. Here are six steps toward better data security.
Lockheed Martin-Led Consortium Builds Secure 'System Of Systems'
News  |  7/28/2015  | 
Multilevel Security (MLS) group says this policy-based architecture could apply to sensitive commercial networks as well as government agencies.
Researchers Steal Door Badge Credentials Using Smartphone Bluetooth
News  |  7/28/2015  | 
Weakness in facility access control protocol leaves most badge-in systems open to attack.
How To Put Data At The Heart Of Your Security Practice
Commentary  |  7/28/2015  | 
First step: A good set of questions that seek out objective, measurable answers.
What 30 Classic Games Can Teach Us about Security
Partner Perspectives  |  7/28/2015  | 
Information security experts share their thoughts on how participating in games and sports helped hone their professional skills.
New Phishing Campaign Leverages Google Drive
News  |  7/28/2015  | 
Researchers believe technique is geared to take over Google SSO accounts.
Stagefright Android Bug: 'Heartbleed for Mobile' But Harder To Patch
News  |  7/27/2015  | 
Critical vulnerability in Android's multimedia playback engine is easy to exploit, requires no user interaction, and affects 95 percent of Android devices.
Phishing Attacks Drive Spike In DNS Threat
News  |  7/27/2015  | 
Nearly 75% jump in phishing helped propel DNS abuse in the second quarter of this year.
The First 24 Hours In The Wake Of A Data Breach
Commentary  |  7/27/2015  | 
There is a direct correlation between how quickly an organization can identify and contain a data breach and the financial consequences that may result.
Chrysler Recalls 1.4 Million Vehicles After Jeep Hacking Demo
Quick Hits  |  7/24/2015  | 
National Highway Traffic Safety Administration will be watching to see if it works.
Smartwatches Could Become New Frontier for Cyber Attackers
News  |  7/24/2015  | 
Every single smartwatch tested in a recent study by HP had serious security weaknesses.
Car Hacking Shifts Into High Gear
News  |  7/23/2015  | 
Researchers now have proven you can hack a car remotely, and at Black Hat USA will share most -- but not all -- of the details on how they did it.
Emerging Web Infrastructure Threats
Slideshows  |  7/23/2015  | 
A secure cloud relies on some weak Internet infrastructure with some new BGP vulnerabilities that will be disclosed at Black Hat USA.
Internet of Things: Anything You Track Could Be Used Against You
Commentary  |  7/23/2015  | 
Lawyers – not security advocates – have fired the first salvos over wearable tech privacy. The results may surprise you.
Out of Aspen: State of Critical Infrastructure Cybersecurity, 2015
Partner Perspectives  |  7/22/2015  | 
The good, bad, and potentially worse of critical infrastructure protection.
Researchers Enlist Machine Learning In Malware Detection
News  |  7/22/2015  | 
No sandbox required for schooling software to speedily spot malware, researchers will demonstrate at Black Hat USA.
Finding The ROI Of Threat Intelligence: 5 Steps
Commentary  |  7/22/2015  | 
Advice from a former SOC manager on how to leverage threat intel without increasing the bottom line.
Angler Climbing To Top Of Exploit Heap
News  |  7/22/2015  | 
Exploit kit dominates the field, making up 82 percent of all exploit kits currently used.
Hacking Team Detection Tools Released By Rook, Facebook
News  |  7/21/2015  | 
Organizations get help keeping up with Hacking Team threats, and Microsoft releases an out-of-band patch for a new Hacking Team 0-day.
Arrests Made In JPMorgan Hack, Securities Fraud Scheme
Quick Hits  |  7/21/2015  | 
Four individuals arrested in Israel and Florida, one more at large, according to report.
Detection: A Balanced Approach For Mitigating Risk
Commentary  |  7/21/2015  | 
Only detection and response can complete the security picture that begins with prevention.
Time’s Running Out For The $76 Billion Detection Industry
Commentary  |  7/21/2015  | 
The one strategy that can deliver the needle to the security team without the haystack is prevention.
CISOs Caught In A Catch-22
News  |  7/21/2015  | 
Chief information security officers are considered 'accountable' for breaches while not always in charge of all infosec strategy and purchases, new report shows.
Photo Processing Vendor Exposes CVS, Wal-Mart, Costco
News  |  7/20/2015  | 
Retail breaches highlight third-party risk -- again.
6 Ex-Employees Questioned About Hacking Team Breach, Prior Leak
News  |  7/20/2015  | 
Japanese targets also getting hit with leaked Flash zero-day exploits, and Hacking Team reportedly worked on drone-based WiFi surveillance tools.
Ashley Madison Exposed: Affair Hookup Site Hacked, Member Data Posted Online
Quick Hits  |  7/20/2015  | 
Member data pilfered, posted in apparent hacktivist-style doxing attack.
How I Learned To Love Active Defense
Commentary  |  7/20/2015  | 
Yes, traditional cyber defenses can be effective. They just need to be a little more active.
Darkode Shuttered But Cybercrime Still Alive And Well
News  |  7/17/2015  | 
Major international law enforcement takedown of exclusive criminal hacker forum highlights victory -- and challenges -- of global law enforcement of cybercrime.
Mobile App Security: 4 Critical Issues
Commentary  |  7/17/2015  | 
Securing the mobile workforce in the age of BYOD is no easy task. You can begin with these four measures.
U.S. Vuln Research, Pen Test Firms Protest Impending Export Controls
News  |  7/16/2015  | 
American security companies have the most to lose from new rules that would restrict the export of tools and information about network surveillance and 'intrusion software.'
10 Trends In Infosec Careers And Staffing
Slideshows  |  7/16/2015  | 
Employment stable for job-seekers, but staffing gaps persist for employers who need better security teams to counter threats
Java Back In The Bullseye
News  |  7/16/2015  | 
Adobe Flash may be all the attack rage lately, but Oracle's new pile of patches -- including one for an 0day spotted in the wild -- highlight how Java remains an attractive target.
The Insiders: A Rogues Gallery
Commentary  |  7/16/2015  | 
You can defend against an insider threat if you know where to look.
4 Lasting Impacts Of The Hacking Team Leaks
News  |  7/15/2015  | 
Doxing attack against Italian surveillance company put some nasty tools in the hands of attackers and might be the final nail in the coffin for Adobe Flash.
Researchers To Offer Free BGP Security Alert Tool Via Twitter
News  |  7/15/2015  | 
New tool to be unveiled at Black Hat USA next month will tweet out route hijacking attacks on the Net.
Notorious Cybercrime Underground Forum Infiltrated By FBI And Shut Down
Quick Hits  |  7/15/2015  | 
International law enforcement operation shutters Darkode underground cybercrime forum, leads to charges, arrests, searches of 70 members worldwide.
The End Of Whac-A-Mole: From Incident Response To Strategic Intelligence
Commentary  |  7/15/2015  | 
In the face of mounting cybercrime, hacktivism, and espionage, network defenders need to transform their tactical IR groups into full-scale cyber intelligence teams.
Poor Priorities, Lack Of Resources Put Enterprises At Risk, Security Pros Say
News  |  7/15/2015  | 
In Black Hat survey, security professionals say misplaced enterprise priorities often leave them without the time and budget they need to address the most critical threats.
Shared Passwords And No Accountability Plague Privileged Account Use
News  |  7/14/2015  | 
Even IT decision-makers guilty of poor account hygiene.
Automobile Industry Gears Up For Cyber-Threat Intel-Sharing
News  |  7/14/2015  | 
New auto industry ISAC is now official, with major automakers as the charter members.
Most Ransomware's Not So Bad
News  |  7/14/2015  | 
Although some ransomware is getting smarter and scarier, most of it is pretty dumb, as one researcher will show at Black Hat.
Are Criminals Quicker Than The Flash?
Partner Perspectives  |  7/14/2015  | 
Using the right technology, we can defeat the malicious exploitation of Flash and return it to its full superhero status.
Inside A Vicious DDoS Attack
Commentary  |  7/14/2015  | 
What it's really like to fend off a relentless distributed denial-of-service attack.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4293
Published: 2015-07-30
The packet-reassembly implementation in Cisco IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (CPU consumption or packet loss) via fragmented (1) IPv4 or (2) IPv6 packets that trigger ATTN-3-SYNC_TIMEOUT errors after reassembly failures, aka Bug ID CSCuo37957.

CVE-2014-7912
Published: 2015-07-29
The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and other products, does not validate the relationship between length fields and the amount of data, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory c...

CVE-2014-7913
Published: 2015-07-29
The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corru...

CVE-2015-2977
Published: 2015-07-29
Webservice-DIC yoyaku_v41 allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via unspecified vectors.

CVE-2015-2978
Published: 2015-07-29
Webservice-DIC yoyaku_v41 allows remote attackers to bypass authentication and complete a conference-room reservation via unspecified vectors, as demonstrated by an "unintentional reservation."

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!