News & Commentary
Latest Content
Page 1 / 2   >   >>
Myth-Busting Machine Learning In Security
News  |  7/28/2014  | 
Black Hat USA presentation to help quell misconceptions and confusion over machine learning methods in today's security tools.
Researchers Develop 'BlackForest' to Collect, Correlate Threat Intelligence
News  |  7/25/2014  | 
Researchers at the Georgia Tech Research Institute develop the BlackForest system to help organizations uncover and anticipate cyberthreats.
Internet of Things: 4 Security Tips From The Military
Commentary  |  7/25/2014  | 
The military has been connecting mobile command posts, unmanned vehicles, and wearable computers for decades. It’s time to take a page from their battle plan.
Travel Agency Fined £150,000 for Violating Data Protection Act
News  |  7/24/2014  | 
That'll teach them not to retain credit card data in perpetuity.
Passwords Be Gone! Removing 4 Barriers To Strong Authentication
Commentary  |  7/24/2014  | 
As biometric factors become more prevalent on mobile devices, FIDO Alliance standards will gain traction as an industry-wide authentication solution.
7 Arrested, 3 More Indicted For Roles in Cyber Fraud Ring That Stung StubHub
News  |  7/23/2014  | 
Arrests made in New York state, London, Toronto, and Spain for money laundering, grand larceny, and using StubHub customers' credit cards to buy and sell 3,500 e-tickets to prime events.
RAM Scraper Malware: Why PCI DSS Can't Fix Retail
Commentary  |  7/23/2014  | 
There is a gaping hole in the pre-eminent industry security standard aimed at protecting customers, credit card and personal data
Dark Reading Radio: The Winners & Losers of Botnet Takedowns
Commentary  |  7/23/2014  | 
Our guests are Cheri McGuire, VP of global government affairs and cyber security policy for Symantec, and Craig D. Spiezle, executive director and founder of the Online Trust Alliance.
7 Black Hat Sessions Sure To Cause A Stir
Slideshows  |  7/22/2014  | 
At Black Hat, researchers will point out the weaknesses in everything from the satellites in outer space to the thermostat in your home.
Nigerian 419 Scammers Evolving Into Malware Pushers (But Not Very Good Ones)
Quick Hits  |  7/22/2014  | 
"Silver Spaniel" attacks use commodity malware to damage others' security, but they aren't very good at protecting their own.
Infographic: With BYOD, Mobile Is The New Desktop
Commentary  |  7/22/2014  | 
Security teams have no choice but to embrace the rapid proliferation of BYO devices, apps, and cloud services. To ignore it is to put your head in the sand.
Don't Overestimate EMV Protections, Underestimate Card Thief Sophistication
News  |  7/21/2014  | 
At Black Hat, an AccessData researcher will offer up a crash course in card payment tech and protections to root out security community misconceptions
Internet of Things: Security For A World Of Ubiquitous Computing
Commentary  |  7/21/2014  | 
Endpoint security is hardly dead, and claiming that it is oversimplifies the challenges corporations face now and in the not-very-distant future.
Hacking Your Hotel Room
News  |  7/18/2014  | 
At Black Hat USA next month, a researcher will show how to hack your way into controlling everything in a hotel room -- from lighting to television sets.
CEO Report Card: Low Grades for Risk Management
Commentary  |  7/18/2014  | 
Dark Reading's latest community poll shows a stunning lack of confidence in chief execs' commitment to cyber security.
Government-Grade Stealth Malware In Hands Of Criminals
News  |  7/17/2014  | 
"Gyges" can be bolted onto other malware to hide it from anti-virus, intrusion detection systems, and other security tools.
Website Hacks Dropped During World Cup Final
Quick Hits  |  7/17/2014  | 
Hackers apparently took time off to watch the Germany-Argentina title match of the 2014 FIFA World Cup.
A New Age in Cyber Security: Public Cyberhealth
Commentary  |  7/17/2014  | 
The cleanup aimed at disrupting GameOver Zeus and CryptoLocker offers an instructive template for managing mass cyber infections.
Ransomware: 5 Threats To Watch
Slideshows  |  7/17/2014  | 
Cyber criminals have kicked it up a notch with nasty malware that locks you out of your machine and holds it for ransom.
Senate Hearing Calls for Changes to Cybercrime Law
News  |  7/16/2014  | 
In the wake of Microsoft's seizure of No-IP servers and domains, private and public sector representatives met to discuss what can be done to address the problem of botnets.
Passwords & The Future Of Identity: Payment Networks?
Commentary  |  7/16/2014  | 
The solution to the omnipresent and enduring password problem may be closer than you think.
Automobile Industry Accelerates Into Security
News  |  7/15/2014  | 
Industry looking at intelligence-sharing platform or an Auto-ISAC in anticipation of more automated, connected -- and vulnerable -- vehicles.
Payment Card Data Theft: Tips For Small Business
Commentary  |  7/15/2014  | 
For small businesses looking to reduce their exposure to data theft the good news is the advantage of being small.
Tapping Into A Homemade Android Army
News  |  7/15/2014  | 
Black Hat speaker will detail how security researchers can expedite their work across numerous Android devices at once.
Active Directory Flaw Lets Attackers Change Passwords
Quick Hits  |  7/15/2014  | 
Aorato finds way to compromise Active Directory and change passwords without being noticed by SIEM.
Google Forms Zero-Day Hacking Team
Quick Hits  |  7/15/2014  | 
'Project Zero' to hunt bugs in all software that touches the Net.
Dark Reading Radio: Where Do Security Startups Come From?
Commentary  |  7/15/2014  | 
This week's radio broadcast will discuss how hot new security companies are born and how they are funded. Showtime is 1:00 p.m. ET.
DropCam Vulnerable To Hijacking
News  |  7/14/2014  | 
Researchers at DEF CON to demonstrate flaws in a popular WiFi video monitoring system.
New GameoverZeuS Variant Found In The Wild
News  |  7/14/2014  | 
A new botnet abandons peer-to-peer communication and may or may not be operated by the one disrupted by Operation Tovar last month.
How Next-Generation Security Is Redefining The Cloud
Commentary  |  7/14/2014  | 
Your cloud, datacenter, and infrastructure all contain flexible and agile components. Your security model should be the same.
Hacking Password Managers
News  |  7/14/2014  | 
Researchers find four classes of common vulnerabilities in popular password managers and recommend greater industry scrutiny and more automated ways to find vulnerabilities.
Attack Campaign Targets Facebook, Dropbox User Credentials
News  |  7/11/2014  | 
The goal of the attackers is not fully clear but the credential theft could set up sophisticated targeted attackers.
While Brazilians Watch World Cup, Bank Fraudsters Are At Work
News  |  7/11/2014  | 
Passive biometrics allow BioCatch to tell the difference between busy fraudsters and distraught soccer fans.
Strategic Security: Begin With The End In Mind
Commentary  |  7/11/2014  | 
The trouble with traditional infosec methodology is that it doesn’t show us how to implement a strategic security plan in the real world.
Study: Most Critical Infrastructure Firms Have Been Breached
Quick Hits  |  7/10/2014  | 
A new Ponemon Institute study finds 70% of critical infrastructure companies have been hit by security breaches in the last year, but cyber security programs are still a low priority.
Global Law Enforcement, Security Firms Team Up, Take Down Shylock
News  |  7/10/2014  | 
À la GOZeuS, an international, public-private collaboration seizes a banking Trojan's command and control servers.
Cloud & The Fuzzy Math of Shadow IT
Commentary  |  7/10/2014  | 
Do you know how many cloud apps, on average, are running in your organization? The number is probably greater than you think.
Chinese Hackers Target Logistics & Shipping Firms With Poisoned Inventory Scanners
News  |  7/10/2014  | 
'ZombieZero' still actively pushing rigged handheld scanning devices, reviving concerns of doing business with Chinese tech companies.
Fake Google Digital Certificates Found & Confiscated
News  |  7/9/2014  | 
A certificate authority in India had issued rogue certificates for some Google domains, the search engine giant discovers.
BrutPOS Botnet Targets Retail's Low-Hanging Fruit
News  |  7/9/2014  | 
FireEye discovers a botnet that's going after point-of-sale systems showing bad passwords and other basic security no-nos.
In Fog Of Cyberwar, US Tech Is Caught In Crossfire
Commentary  |  7/9/2014  | 
Distrust of the US intelligence community is eroding consumer confidence and hampering US technology firms on the global stage at a time when the sector should be showing unprecedented growth.
6 Things That Stink About SSL
Slideshows  |  7/9/2014  | 
Users might not care to trust the very mechanism that's supposed to provide online trust.
Facebook Helps Cripple Greek Botnet
News  |  7/8/2014  | 
Arrests made in Lecpetex malware campaign that was spreading via Facebook, emails.
Electronic Frontier Foundation Sues NSA, Director of National Intelligence
Quick Hits  |  7/8/2014  | 
EFF says that the agencies have failed to provide documents requested under the Freedom of Information Act.
6 Tips for Using Big Data to Hunt Cyberthreats
Commentary  |  7/8/2014  | 
You need to be smart about harnessing big data to defend against today’s security threats, data breaches, and attacks.
Online Scammers Take Advantage Of iPhone 6, iWatch Hype
News  |  7/8/2014  | 
Phishing message claims to provide links to leaked iPhone 6 information and pictures.
Dark Reading Radio: The Changing Role Of The CSO
Commentary  |  7/8/2014  | 
Why does the CSO report to the CIO? Join us for a panel discussion. Showtime is today, Wednesday, 1:00 p.m., New York, 10 a.m., San Francisco.
Chinese Attackers Targeting U.S. Think Tanks, Researchers Say
Quick Hits  |  7/7/2014  | 
Government-backed group "Deep Panda" compromised "several" nonprofit national security policy research organizations, CrowdStrike says
Q&A: Panda Security Staging A Comeback
News  |  7/7/2014  | 
New Panda CEO and former IBM security executive Diego Navarrete shares his strategy and insight into turning around the security company that has fallen off the radar screen over the last couple of years.
Black Hat USA 2014: Third-Party Vulns Spread Like Diseases
News  |  7/7/2014  | 
Understanding the impact of vulnerabilities in libraries and other components
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
DevOps’ Impact on Application Security
DevOps’ Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5104
Published: 2014-07-28
Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_banner.php, (3) country parameter in a process action ...

CVE-2014-5105
Published: 2014-07-28
Multiple cross-site scripting (XSS) vulnerabilities in ol-commerce 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) a_country parameter in a process action to affiliate_signup.php or (2) entry_country_id parameter in an edit action to admin/create_account.php.

CVE-2014-5106
Published: 2014-07-28
Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.4.x through 3.4.6 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to admin/install/index.php.

CVE-2014-5107
Published: 2014-07-28
concrete5 before 5.6.3 allows remote attackers to obtain the installation path via a direct request to (1) system/basics/editor.php, (2) system/view.php, (3) system/environment/file_storage_locations.php, (4) system/mail/importers.php, (5) system/mail/method.php, (6) system/permissions/file_types.ph...

CVE-2014-5108
Published: 2014-07-28
Cross-site scripting (XSS) vulnerability in single_pages\download_file.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to index.php/download_file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.