News & Commentary
Latest Content
Page 1 / 2   >   >>
'Ghost' Not So Scary After All
Quick Hits  |  1/28/2015  | 
The latest open-source Linux vulnerability is serious but some security experts say it's not that easy to abuse and use in an attack.
Small Changes Can Make A Big Difference In Tech Diversity
Commentary  |  1/28/2015  | 
There’s no doubt that many employers feel most comfortable hiring people like themselves. But in InfoSec, this approach can lead to stagnation.
Half Of Enterprises Worldwide Hit By DDoS Attacks, Report Says
News  |  1/27/2015  | 
New data illustrates how distributed denial-of-service (DDoS) attacks remain a popular attack weapon -- and continue to evolve.
WiIl Millennials Be The Death Of Data Security?
Commentary  |  1/27/2015  | 
Millennials, notoriously promiscuous with data and devices, this year will become the largest generation in the workforce. Is your security team prepared?
NFL Mobile Sports App Contains Super Bowl-Sized Vulns
News  |  1/27/2015  | 
Lack of protections puts users at risk of exposed information by way of man-in-the-middle attacks.
Gas Stations Urged To Secure Internet-Exposed Fuel Tank Devices
News  |  1/26/2015  | 
Researchers find more than 5,000 US gas stations' automated tank gauges unprotected on the public Internet and open to hackers.
Power Consumption Technology Could Help Enterprises Identify Counterfeit Devices
Commentary  |  1/26/2015  | 
Understanding a device's "power fingerprint" might make it possible to detect security anomalies in Internet of Things as well, startup says
Security Skills Shortage? Don’t Panic!
Partner Perspectives  |  1/26/2015  | 
Focus your energies on building a comprehensive security strategy and turning to experts for guidance.
Adobe Fixes Second Flash Flaw Exploited By Angler
News  |  1/26/2015  | 
Second 0-day fix addresses UAF vulnerability.
Building A Cybersecurity Program: 3 Tips
Commentary  |  1/26/2015  | 
Getting from “we need” to “we have” a cybersecurity program is an investment in time and resources that’s well worth the effort.
Growing Open Source Use Heightens Enterprise Security Risks
News  |  1/23/2015  | 
Companies often have little clue about the extent of third-party code in the enterprise or the risks it poses, security experts say
Why Russia Hacks
Commentary  |  1/23/2015  | 
Conventional wisdom holds that Russia hacks primarily for financial gain. But equally credible is the belief that the Russians engage in cyberwarfare to further their geopolitical ambitions.
Diverse White Hat Community Leads To Diverse Vuln Disclosures
News  |  1/22/2015  | 
Researchers at Penn State find that courting new bug hunters is just as important as rewarding seasoned ones.
The Internet of Abused Things
Partner Perspectives  |  1/22/2015  | 
We need to find ways to better secure the Internet of Things, or be prepared to face the consequences.
NSA Report: How To Defend Against Destructive Malware
Quick Hits  |  1/22/2015  | 
In the wake of the Sony breach, spy agency's Information Assurance Directorate (IAD) arm provides best practices to mitigate damage of data annihilation attacks.
What Government Can (And Can’t) Do About Cybersecurity
Commentary  |  1/22/2015  | 
In his 2015 State of the Union address, President Obama introduced a number of interesting, if not terribly novel, proposals. Here are six that will have minimal impact.
Protect Yourself by Protecting Others
Partner Perspectives  |  1/22/2015  | 
How the consumerization of IT is affecting endpoint security.
President's Plan To Crack Down On Hacking Could Hurt Good Hackers
News  |  1/21/2015  | 
Security experts critical of President Obama's new proposed cybersecurity legislation.
Security Budgets Going Up, Thanks To Mega-Breaches
News  |  1/21/2015  | 
Sixty percent of organizations have increased their security spending by one-third -- but many security managers still don't think that's enough, Ponemon study finds.
Adobe Investigating New Flash Zero-Day Spotted In Crimeware Kit
Quick Hits  |  1/21/2015  | 
Researcher Kafeine's 0day discovery confirmed by Malwarebytes.
Facebook Messenger: Classically Bad AppSec
Commentary  |  1/21/2015  | 
Facebook offers a textbook example of what the software industry needs to do to put application security in the forefront of software development.
Could The Sony Attacks Happen Again? Join The Conversation
Commentary  |  1/21/2015  | 
Check out Dark Reading Radio's interview and live chat with CrowdStrike founder and CEO George Kurtz and Shape Security executive Neal Mueller.
Ransomware Leads Surge In 2014 Mobile Malware Onslaught
News  |  1/20/2015  | 
Mobile malware increases 75 percent in U.S.
'123456' & 'Password' Are The 2 Most Common Passwords, Again
Quick Hits  |  1/20/2015  | 
New entrants to the top 25 show that bad password creators are fans of sports, superheroes, dragons, and NSFW numeral combos.
New Technology Detects Cyberattacks By Their Power Consumption
News  |  1/20/2015  | 
Startup's "power fingerprinting" approach catches stealthy malware within milliseconds in DOE test.
Recruit, Reward & Retain Cybersecurity Experts
Partner Perspectives  |  1/20/2015  | 
How to create a better working environment for security professionals.
A Lot of Security Purchases Remain Shelfware
News  |  1/16/2015  | 
Companies may be investing more in security, but many are either underutilizing their new purchases or not using them at all, an Osterman Research survey shows.
Security MIA In Car Insurance Dongle
News  |  1/16/2015  | 
A researcher finds security holes in Flo the Progressive Girl's Snapshot insurance policy product.
The Truth About Malvertising
Commentary  |  1/16/2015  | 
Malvertising accounts for huge amounts of cyberfraud and identity theft. Yet there is still no consensus on who is responsible for addressing these threats.
In Wake Of Violence, France Reports Spike In Cyberattacks
News  |  1/15/2015  | 
19,000 French websites have been attacked since Jan. 7.
Why North Korea Hacks
Commentary  |  1/15/2015  | 
The motivation behind Democratic People’s Republic of Korea hacking is rooted in a mix of retribution, paranoia, and the immature behavior of an erratic leader.
Anatomy Of A 'Cyber-Physical' Attack
News  |  1/14/2015  | 
Inflicting major or physical harm in ICS/SCADA environments takes more than malware.
Bank Fraud Toolkit Circumvents 2FA & Device Identification
News  |  1/14/2015  | 
KL-Remote is giving Brazilian fraudsters a user-friendly "virtual mugging" platform.
Majority Of Enterprises Finally Recognize Users As Endpoint's Weakest Vulnerability
News  |  1/14/2015  | 
The Ponemon State of the Endpoint report shows endpoint management continues to grow more difficult.
4 Mega-Vulnerabilities Hiding in Plain Sight
Commentary  |  1/14/2015  | 
How four recently discovered, high-impact vulnerabilities provided “god mode” access to 90% of the Internet for 15 years, and what that means for the future.
New Data Illustrates Reality Of Widespread Cyberattacks
Quick Hits  |  1/13/2015  | 
All retailers, healthcare & pharmaceutical firms in new study suffered cyber attacks in the first half of 2014, FireEye found.
US CENTCOM Twitter Hijack 'Purely' Vandalism
News  |  1/13/2015  | 
Though not a real data breach, nor attributable to ISIS, the incident serves as a reminder to security professionals about the risks of sharing account credentials.
Insider Threats in the Cloud: 6 Harrowing Tales
Commentary  |  1/13/2015  | 
The cloud has vastly expanded the scope of rogue insiders. Read on to discover the latest threat actors and scenarios.
2015: The Year Of The Security Startup – Or Letdown
Commentary  |  1/13/2015  | 
While stealth startup Ionic and other newcomers promise to change the cyber security game, ISC8 may be the first of many to head for the showers.
Obama Calls For 30-Day Breach Notification Policy For Hacked Companies
News  |  1/12/2015  | 
But chances of this becoming a mandatory national breach notification law are no sure thing, even in the wake of the past year's high-profile hacks, experts say.
'Skeleton Key' Malware Bypasses Active Directory
News  |  1/12/2015  | 
Malware lets an attacker log in as any user, without needing to know or change the user's password, and doesn't raise any IDS alarms.
Insider Threat, Shadow IT Concerns Spur Cloud Security
News  |  1/12/2015  | 
Surveys show cloud tops 2015 priorities.
Cloud Services Adoption: Rates, Reasons & Security Fears
Commentary  |  1/12/2015  | 
Concern over data breaches and privacy are two reasons enterprises in the European Union didn’t increase their use of cloud services in 2014, according to the EU’s recent Eurostat report.
Microsoft Software Flaws Increase Sharply But Majority Affect IE
News  |  1/9/2015  | 
The number of reported flaws in core Windows components in 2014 were lower compared to the year before.
Chick-fil-A Breach: Avoiding 5 Common Security Mistakes
Commentary  |  1/9/2015  | 
On the surface these suggestions may seem simplistic. But almost every major retail breach in the last 12 months failed to incorporate at least one of them.
How NOT To Be The Next Sony: Defending Against Destructive Attacks
News  |  1/8/2015  | 
When an attacker wants nothing more than to bring ruin upon your business, you can't treat them like just any other criminal.
Banking Trojans Disguised As ICS/SCADA Software Infecting Plants
News  |  1/8/2015  | 
Researcher spots spike in traditional financial malware hitting ICS/SCADA networks -- posing as popular GE, Siemens, and Advantech HMI products.
Nation-State Cyberthreats: Why They Hack
Commentary  |  1/8/2015  | 
All nations are not created equal and, like individual hackers, each has a different motivation and capability.
Using Free Tools To Detect Attacks On ICS/SCADA Networks
News  |  1/8/2015  | 
ICS/SCADA experts say open-source network security monitoring software is a simple and cheap way to catch hackers targeting plant operations.
FBI Director Says 'Sloppy' North Korean Hackers Gave Themselves Away
Quick Hits  |  1/7/2015  | 
Bureau chief says hackers occasionally forgot to use proxy servers, while the Director of National Intelligence says North Koreans have no sense of humor.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0235
Published: 2015-01-28
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST."

CVE-2015-1375
Published: 2015-01-28
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.

CVE-2015-1376
Published: 2015-01-28
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com.

CVE-2015-1419
Published: 2015-01-28
Unspecified vulnerability in vsftp 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.

CVE-2014-5211
Published: 2015-01-27
Stack-based buffer overflow in the Attachmate Reflection FTP Client before 14.1.433 allows remote FTP servers to execute arbitrary code via a large PWD response.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.