News & Commentary
Latest Content
Page 1 / 2   >   >>
Online 'Batman' Takes On Dridex Banking Trojan Operators
News  |  2/5/2016  | 
Several Dridex malware download sites have begun mysteriously serving up antivirus software instead.
A Case Of Mistaken Identity?
Partner Perspectives  |  2/5/2016  | 
The role of BlackEnergy in Ukrainian power grid disruption.
Newly Fired CEO Of Norse Fires Back At Critics
News  |  2/4/2016  | 
Critics maintain that Norse Corp. is peddling threat data as threat intelligence.
Here’s How To Protect Against A Ransomware Attack
News  |  2/4/2016  | 
Recovering data encrypted by a ransomware attack is next to impossible, so prevention offers the better approach.
Cybersecurity Smackdown: What Side Are You On?
Commentary  |  2/4/2016  | 
Analytics vs. Encryption. Prevention vs. Detection. Machine Learning: Promise or Hype? The Firewall: Dead or Still Breathing? The sharpest minds in the security industry debate some of the industry's most contentious issues.
New Kid On The Block: Cyber Threat Analyst
Commentary  |  2/4/2016  | 
Drawing from the financial service industry, this new role uses the “art of the intelligence cycle” to drive efficiency in the security operations center.
The #1 Riskiest Mobile Users Wear Suits
News  |  2/4/2016  | 
Business users top the rankings of those most likely to engage with risky apps and URLs on their smartphones and tablets.
Agriculture, Alternative Energy Could Be Chinese Hackers' Next Targets
News  |  2/3/2016  | 
Perhaps Anthem and Premera breaches were not just about stealing PII, but about researching the ins and outs of Western healthcare systems, CrowdStrike's annual global threat report says.
Lights Out: Not So Fast
News  |  2/3/2016  | 
Author and famed broadcast journalist Ted Koppel's new bestseller warns of a 'likely' nationwide and devastating blackout of the US grid at the hands of hackers, but some government and utility industry officials disagree.
Passwords, Email Addresses, Were Most Stolen Data In 2015
Quick Hits  |  2/3/2016  | 
Analysis of public data breaches finds US and UK represented more than 45% of all reported breaches last year, and major energy firms make the list of most multiple breaches.
Zero Trust: Now A Critical Foundation For Securing Mobile
Commentary  |  2/3/2016  | 
No longer willing to rely on an OS that doesn't provide the security features they need, developers are taking steps to secure apps, defend data, and protect users.
7 Signs of Infosec's Groundhog Day Syndrome
Slideshows  |  2/2/2016  | 
Irritations that plague security pros day in and day out.
EU, US Agree On New Data Transfer Pact, But Will It Hold?
News  |  2/2/2016  | 
So long Safe Harbor, hello 'Privacy Shield.'
As Good As They're Getting, Analytics Don't Inherently Protect Data
Commentary  |  2/2/2016  | 
It is only a matter of time before your system is breached, and when your data is lost, analytics won't help you.
Encryption Has Its Place But It Isn’t Foolproof
Commentary  |  2/2/2016  | 
Most encrypted data is unencrypted at some point in its lifecycle -- and the bad guys are pretty good at finding the one window left open.
Macro Malware Resurgence Highlighted By Kasidet Outbreak
News  |  2/2/2016  | 
Also known as Neutrino, this piece of malware is another case of Office macro malaise.
Cybercrime Doesn't Pay As Much As You'd Think
News  |  2/1/2016  | 
Legit cybersecurity professionals typically make more than the average cybercriminal, a new survey says.
First Hacker Arrested for CyberTerror Charges Arrives In American Court
Quick Hits  |  2/1/2016  | 
Kosovo citizen faces a maximum sentence of 35 years in prison for hacking and providing material support to ISIS.
The Cybersecurity Talent You Seek May Be In-House
News  |  2/1/2016  | 
IT staff in many cases are already performing security-related work -- with proper training, they could be converted to the security team.
IEEE Anti-Malware Support Service Goes Live
Commentary  |  2/1/2016  | 
Through the collaborative effort of major players in the computer security industry, organizations now have two new tools for better malware detection.
Wendy's Could Become Test Case For New EMV Liability Rules
News  |  1/29/2016  | 
The fast food giant confirms it is investigating fraudulent activity involving payment cards used at some of its 6,500 locations.
Clever LG Droid Bug Can Attack You Through Birthday Notifications
Quick Hits  |  1/29/2016  | 
'SNAP' vulnerability affects Smart Notice application pre-installed on every new LG device.
Cloud Security: It’s Become A People Problem
Commentary  |  1/29/2016  | 
Now that the cloud is becoming secure enough for sensitive data, are cloud customers ready to hold up their end of a shared liability model?
How Incident Response Fails In Industrial Control System Networks
News  |  1/28/2016  | 
Experts say a solid incident response plan is the best way to minimize the damage of a cyberattack--but IR isn't so simple for the ICS/SCADA world.
New Version Of CenterPOS Malware Taps Rush To Attack Retail Systems
News  |  1/28/2016  | 
EMV will make it much harder for criminals to steal payment card data, so there’s a rush to do it while they can
Big Week For Ransomware
News  |  1/28/2016  | 
Inventive new variants and damaging attacks swept through the headlines this week.
Oracle Retires Java Browser Plug-In
Quick Hits  |  1/28/2016  | 
Move in response to the 'plug-in free Web' trend.
Why InfoSec Pros Should Keep A Close Eye On Cyber Efficiency
Partner Perspectives  |  1/28/2016  | 
No organization will ever be impervious to breaches, but efficient organizations can lower their overall spend.
Data Privacy: Key Elements Of An Information Governance Plan
Commentary  |  1/28/2016  | 
For Data Privacy Day! Do you have the policies in place to safeguard your company’s most strategic information? Here are nine best practices.
Hot-Patching Tools Another Crack In Apple's Walled Garden
News  |  1/27/2016  | 
Researchers at FireEye investigate how the tools some iOS developers use to push out patches more quickly are themselves a threat to Apple security.
Macros, Network Sniffers, But Still No 'Smoking Gun' In Ukraine Blackout
News  |  1/27/2016  | 
Further analysis of the Black Energy 3 malware studies payloads used for reconnaissance in the attacks.
Careers in InfoSec: Don’t Be Fooled By The Credential Alphabet
Commentary  |  1/27/2016  | 
Analytical skills, work ethic, an ability to overcome obstacles, and a natural drive to solve problems are the critical hiring factors in today’s tight job market.
When It Comes To Facebook Apps, Be Like Mike -- Not Bill
Partner Perspectives  |  1/27/2016  | 
New apps such as Be Like Bill raise a red flag when it comes to privacy.
Post-Breach Costs And Impact Can Last Years
News  |  1/26/2016  | 
SANS study examines long-term effects of breach events.
NetFlow Or sFlow For Fastest DDoS Detection?
Commentary  |  1/26/2016  | 
It's still not an easy choice, but combined with the faster NetFlow exporters that have recently come to market, the speed advantage of sFlow is starting to fade.
Why Cybersecurity Certifications Matter -- Or Not
News  |  1/26/2016  | 
Job candidates with a certification make more money, but there's more to the equation for cybersecurity professionals.
Insurers Getting Smarter About Assessing Cyber Insurance Policy Risks
News  |  1/26/2016  | 
2016 shaping up to be a year of greater maturity in how insurance companies underwrite their cyber insurance policies.
'Scarlet Mimic' Hackers Snoop On Minority Activists In China
News  |  1/25/2016  | 
Weapon of choice is the FakeM Windows backdoor, but it's making moves to more platforms.
How (And Why) Hackers Target Your Business
Commentary  |  1/25/2016  | 
Don’t miss this inside look by a trio of experts from industry and law enforcement during Dark Reading's virtual event, Cybersecurity: The Business View. Now available On-Demand.
AMX Harman Disputes Deliberately Hiding Backdoor In Its Products
News  |  1/22/2016  | 
Control systems for AV, lighting, and other equipment used widely by the White House, Fortune 100, government, and defense agencies likely affected.
Measuring Real Risk: The Business View
Commentary  |  1/22/2016  | 
Dark Reading's Jan. 26 virtual event on the business perspective of cybersecurity will feature a panel discussion on how to measure risk and the cost of a security program.
The Apple App Store Incident: Trouble in Paradise?
Commentary  |  1/22/2016  | 
The fact that Apple’s security model has worked so well in the past doesn’t mean it will work well forever. Here’s why.
No Safe Harbor Is Coming -- CISA Made Sure Of It
News  |  1/22/2016  | 
It's time to take your data classification procedures more seriously. If not, that helpful information-sharing you did in the US could cost you hefty fines for privacy violations in the European Union.
'Asacub' Trojan Converted To Mobile Banking Weapon
News  |  1/21/2016  | 
In a sign of the times, what was once a routine data-stealing tool has evolved into a dangerous mobile banking threat.
When The Boss Is Your Biggest Security Risk
Commentary  |  1/21/2016  | 
No one possesses more sensitive information in an organization than upper management. So why do companies screen executives on the way in but not on the way out?
Preparing Your Business For A Major Data Breach: The Business View
Commentary  |  1/20/2016  | 
Today's Dark Reading's Virtual Conference on the business perspectives of cybersecurity will include a panel to prep your leaders for responding to the inevitable breach.
IT Confidence Ticks Down
News  |  1/20/2016  | 
Cisco security report shows aging infrastructure no match for constantly advancing attack techniques.
Medical Device Security Gets Intensive Care
News  |  1/20/2016  | 
FDA draft cybersecurity guidance for medical device-makers and a new 'Hippocratic Oath' for the industry debut amid growing concerns of patient safety.
HD Moore To Depart Rapid7 For New Venture Capital Gig
Quick Hits  |  1/20/2016  | 
Moore plans to continue work on Metasploit Framework.
Behavioral Analytics: The Future of Just-in-Time Awareness Training?
Commentary  |  1/20/2016  | 
It’s high time we leveraged modern threat detection tools to keep users on the straight and narrow road of information security.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: nice one good
Current Issue
E-Commerce Security: What Every Enterprise Needs to Know
The mainstream use of EMV smartcards in the US has experts predicting an increase in online fraud. Organizations will need to look at new tools and processes for building better breach detection and response capabilities.
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join Dark Reading community editor Marilyn Cohodas in a thought-provoking discussion about the evolving role of the CISO.