News & Commentary
Latest Content
Page 1 / 2   >   >>
Infographic: With BYOD, Mobile Is The New Desktop
Commentary  |  7/22/2014  | 
Security teams have no choice but to embrace the rapid proliferation of BYO devices, apps, and cloud services. To ignore it is to put your head in the sand.
Internet of Things: Security For A World Of Ubiquitous Computing
Commentary  |  7/21/2014  | 
Endpoint security is hardly dead, and claiming that it is oversimplifies the challenges corporations face now and in the not-very-distant future.
Hacking Your Hotel Room
News  |  7/18/2014  | 
At Black Hat USA next month, a researcher will show how to hack your way into controlling everything in a hotel room -- from lighting to television sets.
CEO Report Card: Low Grades for Risk Management
Commentary  |  7/18/2014  | 
Dark Reading's latest community poll shows a stunning lack of confidence in chief execs' commitment to cyber security.
Government-Grade Stealth Malware In Hands Of Criminals
News  |  7/17/2014  | 
"Gyges" can be bolted onto other malware to hide it from anti-virus, intrusion detection systems, and other security tools.
Website Hacks Dropped During World Cup Final
Quick Hits  |  7/17/2014  | 
Hackers apparently took time off to watch the Germany-Argentina title match of the 2014 FIFA World Cup.
A New Age in Cyber Security: Public Cyberhealth
Commentary  |  7/17/2014  | 
The cleanup aimed at disrupting GameOver Zeus and CryptoLocker offers an instructive template for managing mass cyber infections.
Ransomware: 5 Threats To Watch
Slideshows  |  7/17/2014  | 
Cyber criminals have kicked it up a notch with nasty malware that locks you out of your machine and holds it for ransom.
Senate Hearing Calls for Changes to Cybercrime Law
News  |  7/16/2014  | 
In the wake of Microsoft's seizure of No-IP servers and domains, private and public sector representatives met to discuss what can be done to address the problem of botnets.
Passwords & The Future Of Identity: Payment Networks?
Commentary  |  7/16/2014  | 
The solution to the omnipresent and enduring password problem may be closer than you think.
Automobile Industry Accelerates Into Security
News  |  7/15/2014  | 
Industry looking at intelligence-sharing platform or an Auto-ISAC in anticipation of more automated, connected -- and vulnerable -- vehicles.
Payment Card Data Theft: Tips For Small Business
Commentary  |  7/15/2014  | 
For small businesses looking to reduce their exposure to data theft the good news is the advantage of being small.
Tapping Into A Homemade Android Army
News  |  7/15/2014  | 
Black Hat speaker will detail how security researchers can expedite their work across numerous Android devices at once.
Active Directory Flaw Lets Attackers Change Passwords
Quick Hits  |  7/15/2014  | 
Aorato finds way to compromise Active Directory and change passwords without being noticed by SIEM.
Google Forms Zero-Day Hacking Team
Quick Hits  |  7/15/2014  | 
'Project Zero' to hunt bugs in all software that touches the Net.
Dark Reading Radio: Where Do Security Startups Come From?
Commentary  |  7/15/2014  | 
This week's radio broadcast will discuss how hot new security companies are born and how they are funded. Showtime is 1:00 p.m. ET.
DropCam Vulnerable To Hijacking
News  |  7/14/2014  | 
Researchers at DEF CON to demonstrate flaws in a popular WiFi video monitoring system.
New GameoverZeuS Variant Found In The Wild
News  |  7/14/2014  | 
A new botnet abandons peer-to-peer communication and may or may not be operated by the one disrupted by Operation Tovar last month.
How Next-Generation Security Is Redefining The Cloud
Commentary  |  7/14/2014  | 
Your cloud, datacenter, and infrastructure all contain flexible and agile components. Your security model should be the same.
Hacking Password Managers
News  |  7/14/2014  | 
Researchers find four classes of common vulnerabilities in popular password managers and recommend greater industry scrutiny and more automated ways to find vulnerabilities.
Attack Campaign Targets Facebook, Dropbox User Credentials
News  |  7/11/2014  | 
The goal of the attackers is not fully clear but the credential theft could set up sophisticated targeted attackers.
While Brazilians Watch World Cup, Bank Fraudsters Are At Work
News  |  7/11/2014  | 
Passive biometrics allow BioCatch to tell the difference between busy fraudsters and distraught soccer fans.
Strategic Security: Begin With The End In Mind
Commentary  |  7/11/2014  | 
The trouble with traditional infosec methodology is that it doesn’t show us how to implement a strategic security plan in the real world.
Study: Most Critical Infrastructure Firms Have Been Breached
Quick Hits  |  7/10/2014  | 
A new Ponemon Institute study finds 70% of critical infrastructure companies have been hit by security breaches in the last year, but cyber security programs are still a low priority.
Global Law Enforcement, Security Firms Team Up, Take Down Shylock
News  |  7/10/2014  | 
À la GOZeuS, an international, public-private collaboration seizes a banking Trojan's command and control servers.
Cloud & The Fuzzy Math of Shadow IT
Commentary  |  7/10/2014  | 
Do you know how many cloud apps, on average, are running in your organization? The number is probably greater than you think.
Chinese Hackers Target Logistics & Shipping Firms With Poisoned Inventory Scanners
News  |  7/10/2014  | 
'ZombieZero' still actively pushing rigged handheld scanning devices, reviving concerns of doing business with Chinese tech companies.
Fake Google Digital Certificates Found & Confiscated
News  |  7/9/2014  | 
A certificate authority in India had issued rogue certificates for some Google domains, the search engine giant discovers.
BrutPOS Botnet Targets Retail's Low-Hanging Fruit
News  |  7/9/2014  | 
FireEye discovers a botnet that's going after point-of-sale systems showing bad passwords and other basic security no-nos.
In Fog Of Cyberwar, US Tech Is Caught In Crossfire
Commentary  |  7/9/2014  | 
Distrust of the US intelligence community is eroding consumer confidence and hampering US technology firms on the global stage at a time when the sector should be showing unprecedented growth.
6 Things That Stink About SSL
Slideshows  |  7/9/2014  | 
Users might not care to trust the very mechanism that's supposed to provide online trust.
Facebook Helps Cripple Greek Botnet
News  |  7/8/2014  | 
Arrests made in Lecpetex malware campaign that was spreading via Facebook, emails.
Electronic Frontier Foundation Sues NSA, Director of National Intelligence
Quick Hits  |  7/8/2014  | 
EFF says that the agencies have failed to provide documents requested under the Freedom of Information Act.
6 Tips for Using Big Data to Hunt Cyberthreats
Commentary  |  7/8/2014  | 
You need to be smart about harnessing big data to defend against today’s security threats, data breaches, and attacks.
Online Scammers Take Advantage Of iPhone 6, iWatch Hype
News  |  7/8/2014  | 
Phishing message claims to provide links to leaked iPhone 6 information and pictures.
Dark Reading Radio: The Changing Role Of The CSO
Commentary  |  7/8/2014  | 
Why does the CSO report to the CIO? Join us for a panel discussion. Showtime is today, Wednesday, 1:00 p.m., New York, 10 a.m., San Francisco.
Chinese Attackers Targeting U.S. Think Tanks, Researchers Say
Quick Hits  |  7/7/2014  | 
Government-backed group "Deep Panda" compromised "several" nonprofit national security policy research organizations, CrowdStrike says
Q&A: Panda Security Staging A Comeback
News  |  7/7/2014  | 
New Panda CEO and former IBM security executive Diego Navarrete shares his strategy and insight into turning around the security company that has fallen off the radar screen over the last couple of years.
Black Hat USA 2014: Third-Party Vulns Spread Like Diseases
News  |  7/7/2014  | 
Understanding the impact of vulnerabilities in libraries and other components
Microsoft's Seizure Of No-IP Domains Disrupted Criminals & Innocents Alike
News  |  7/3/2014  | 
Microsoft successfully disrupted roughly one-quarter of the APT actors Kaspersky monitors, but took down millions of innocent hostnames too.
Retail Breaches Change Customer Behavior, Attitudes, Studies Say
Quick Hits  |  7/3/2014  | 
Recent breaches of retail and credit card data are making customers think twice about where they shop and how they pay, researchers say
CosmicDuke: Cosmu & MiniDuke Mash-Up
News  |  7/2/2014  | 
F-Secure believes that the combo malware might have connections to the perpetrators of the miniDuke attacks.
Why Your Application Security Program May Backfire
Commentary  |  7/2/2014  | 
You have to consider the human factor when you’re designing security interventions, because the best intentions can have completely opposite consequences.
Researcher Finds Flaws In Key Oracle Security Feature
News  |  7/2/2014  | 
Famed security researcher and Oracle database expert David Litchfield next month at Black Hat USA will present details of weaknesses he discovered in a widely touted new security feature in Oracle databases.
Infamous Banking Malware Adds Email-Sending Feature
News  |  7/1/2014  | 
Cridex -- a.k.a. Feodo and Bugat -- now has a more streamlined and automated way of infecting victims and stealing their information.
Dark Reading Radio: Oracle Database Security Hacked
Commentary  |  7/1/2014  | 
Learn about newly found vulnerabilities in a key database security feature tomorrow in the next episode of Dark Reading Radio.
Microsoft Expands Encryption, Opens First Transparency Center
Quick Hits  |  7/1/2014  | 
As part of Microsoft's new privacy initiative, Outlook and OneDrive have also gotten encryption enhancements.
Microsoft Sues To Seize Domains Responsible For Millions Of Infections
News  |  7/1/2014  | 
Free Dynamic DNS provider No-IP fingered as major culprit in spread of Jenxcus and Bladabindi.
Hacker Movies We Love & Hate
Slideshows  |  7/1/2014  | 
Check out Dark Reading community members' favorite hacker movie hits and misses. Then add your picks in the comments section.
Cyberspying Campaign Comes With Sabotage Option
News  |  6/30/2014  | 
New research from Symantec spots US and Western European energy interests in the bull's eye, but the campaign could encompass more than just utilities.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
DevOps’ Impact on Application Security
DevOps’ Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7392
Published: 2014-07-22
Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/.

CVE-2014-2385
Published: 2014-07-22
Multiple cross-site scripting (XSS) vulnerabilities in the web UI in Sophos Anti-Virus for Linux before 9.6.1 allow local users to inject arbitrary web script or HTML via the (1) newListList:ExcludeFileOnExpression, (2) newListList:ExcludeFilesystems, or (3) newListList:ExcludeMountPaths parameter t...

CVE-2014-4326
Published: 2014-07-22
Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/.

CVE-2014-4511
Published: 2014-07-22
Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/.

CVE-2014-4911
Published: 2014-07-22
The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Where do information security startups come from? More important, how can I tell a good one from a flash in the pan? Learn how to separate ITSec wheat from chaff in this episode.