News & Commentary
Latest Content
Page 1 / 2   >   >>
Growing Open Source Use Heightens Enterprise Security Risks
News  |  1/23/2015  | 
Companies often have little clue about the extent of third-party code in the enterprise or the risks it poses, security experts say
Why Russia Hacks
Commentary  |  1/23/2015  | 
Conventional wisdom holds that Russia hacks primarily for financial gain. But equally credible is the belief that the Russians engage in cyberwarfare to further their geopolitical ambitions.
Diverse White Hat Community Leads To Diverse Vuln Disclosures
News  |  1/22/2015  | 
Researchers at Penn State find that courting new bug hunters is just as important as rewarding seasoned ones.
The Internet of Abused Things
Partner Perspectives  |  1/22/2015  | 
We need to find ways to better secure the Internet of Things, or be prepared to face the consequences.
NSA Report: How To Defend Against Destructive Malware
Quick Hits  |  1/22/2015  | 
In the wake of the Sony breach, spy agency's Information Assurance Directorate (IAD) arm provides best practices to mitigate damage of data annihilation attacks.
What Government Can (And Canít) Do About Cybersecurity
Commentary  |  1/22/2015  | 
In his 2015 State of the Union address, President Obama introduced a number of interesting, if not terribly novel, proposals. Here are six that will have minimal impact.
Protect Yourself by Protecting Others
Partner Perspectives  |  1/22/2015  | 
How the consumerization of IT is affecting endpoint security.
President's Plan To Crack Down On Hacking Could Hurt Good Hackers
News  |  1/21/2015  | 
Security experts critical of President Obama's new proposed cybersecurity legislation.
Security Budgets Going Up, Thanks To Mega-Breaches
News  |  1/21/2015  | 
Sixty percent of organizations have increased their security spending by one-third -- but many security managers still don't think that's enough, Ponemon study finds.
Adobe Investigating New Flash Zero-Day Spotted In Crimeware Kit
Quick Hits  |  1/21/2015  | 
Researcher Kafeine's 0day discovery confirmed by Malwarebytes.
Facebook Messenger: Classically Bad AppSec
Commentary  |  1/21/2015  | 
Facebook offers a textbook example of what the software industry needs to do to put application security in the forefront of software development.
Could The Sony Attacks Happen Again? Join The Conversation
Commentary  |  1/21/2015  | 
Check out Dark Reading Radio's interview and live chat with CrowdStrike founder and CEO George Kurtz and Shape Security executive Neal Mueller.
Ransomware Leads Surge In 2014 Mobile Malware Onslaught
News  |  1/20/2015  | 
Mobile malware increases 75 percent in U.S.
'123456' & 'Password' Are The 2 Most Common Passwords, Again
Quick Hits  |  1/20/2015  | 
New entrants to the top 25 show that bad password creators are fans of sports, superheroes, dragons, and NSFW numeral combos.
New Technology Detects Cyberattacks By Their Power Consumption
News  |  1/20/2015  | 
Startup's "power fingerprinting" approach catches stealthy malware within milliseconds in DOE test.
Recruit, Reward & Retain Cybersecurity Experts
Partner Perspectives  |  1/20/2015  | 
How to create a better working environment for security professionals.
A Lot of Security Purchases Remain Shelfware
News  |  1/16/2015  | 
Companies may be investing more in security, but many are either underutilizing their new purchases or not using them at all, an Osterman Research survey shows.
Security MIA In Car Insurance Dongle
News  |  1/16/2015  | 
A researcher finds security holes in Flo the Progressive Girl's Snapshot insurance policy product.
The Truth About Malvertising
Commentary  |  1/16/2015  | 
Malvertising accounts for huge amounts of cyberfraud and identity theft. Yet there is still no consensus on who is responsible for addressing these threats.
In Wake Of Violence, France Reports Spike In Cyberattacks
News  |  1/15/2015  | 
19,000 French websites have been attacked since Jan. 7.
Why North Korea Hacks
Commentary  |  1/15/2015  | 
The motivation behind Democratic Peopleís Republic of Korea hacking is rooted in a mix of retribution, paranoia, and the immature behavior of an erratic leader.
Anatomy Of A 'Cyber-Physical' Attack
News  |  1/14/2015  | 
Inflicting major or physical harm in ICS/SCADA environments takes more than malware.
Bank Fraud Toolkit Circumvents 2FA & Device Identification
News  |  1/14/2015  | 
KL-Remote is giving Brazilian fraudsters a user-friendly "virtual mugging" platform.
Majority Of Enterprises Finally Recognize Users As Endpoint's Weakest Vulnerability
News  |  1/14/2015  | 
The Ponemon State of the Endpoint report shows endpoint management continues to grow more difficult.
4 Mega-Vulnerabilities Hiding in Plain Sight
Commentary  |  1/14/2015  | 
How four recently discovered, high-impact vulnerabilities provided ďgod modeĒ access to 90% of the Internet for 15 years, and what that means for the future.
New Data Illustrates Reality Of Widespread Cyberattacks
Quick Hits  |  1/13/2015  | 
All retailers, healthcare & pharmaceutical firms in new study suffered cyber attacks in the first half of 2014, FireEye found.
US CENTCOM Twitter Hijack 'Purely' Vandalism
News  |  1/13/2015  | 
Though not a real data breach, nor attributable to ISIS, the incident serves as a reminder to security professionals about the risks of sharing account credentials.
Insider Threats in the Cloud: 6 Harrowing Tales
Commentary  |  1/13/2015  | 
The cloud has vastly expanded the scope of rogue insiders. Read on to discover the latest threat actors and scenarios.
2015: The Year Of The Security Startup – Or Letdown
Commentary  |  1/13/2015  | 
While stealth startup Ionic and other newcomers promise to change the cyber security game, ISC8 may be the first of many to head for the showers.
Obama Calls For 30-Day Breach Notification Policy For Hacked Companies
News  |  1/12/2015  | 
But chances of this becoming a mandatory national breach notification law are no sure thing, even in the wake of the past year's high-profile hacks, experts say.
'Skeleton Key' Malware Bypasses Active Directory
News  |  1/12/2015  | 
Malware lets an attacker log in as any user, without needing to know or change the user's password, and doesn't raise any IDS alarms.
Insider Threat, Shadow IT Concerns Spur Cloud Security
News  |  1/12/2015  | 
Surveys show cloud tops 2015 priorities.
Cloud Services Adoption: Rates, Reasons & Security Fears
Commentary  |  1/12/2015  | 
Concern over data breaches and privacy are two reasons enterprises in the European Union didnít increase their use of cloud services in 2014, according to the EUís recent Eurostat report.
Microsoft Software Flaws Increase Sharply But Majority Affect IE
News  |  1/9/2015  | 
The number of reported flaws in core Windows components in 2014 were lower compared to the year before.
Chick-fil-A Breach: Avoiding 5 Common Security Mistakes
Commentary  |  1/9/2015  | 
On the surface these suggestions may seem simplistic. But almost every major retail breach in the last 12 months failed to incorporate at least one of them.
How NOT To Be The Next Sony: Defending Against Destructive Attacks
News  |  1/8/2015  | 
When an attacker wants nothing more than to bring ruin upon your business, you can't treat them like just any other criminal.
Banking Trojans Disguised As ICS/SCADA Software Infecting Plants
News  |  1/8/2015  | 
Researcher spots spike in traditional financial malware hitting ICS/SCADA networks -- posing as popular GE, Siemens, and Advantech HMI products.
Nation-State Cyberthreats: Why They Hack
Commentary  |  1/8/2015  | 
All nations are not created equal and, like individual hackers, each has a different motivation and capability.
Using Free Tools To Detect Attacks On ICS/SCADA Networks
News  |  1/8/2015  | 
ICS/SCADA experts say open-source network security monitoring software is a simple and cheap way to catch hackers targeting plant operations.
FBI Director Says 'Sloppy' North Korean Hackers Gave Themselves Away
Quick Hits  |  1/7/2015  | 
Bureau chief says hackers occasionally forgot to use proxy servers, while the Director of National Intelligence says North Koreans have no sense of humor.
CES 2015: 8 Innovative Security Products
News  |  1/7/2015  | 
The explosion in smart technologies that connect everyday objects to the internet is transforming both home and personal security.
Itís Time to Treat Your Cyber Strategy Like a Business
Commentary  |  1/7/2015  | 
How do we win against cybercrime? Take a cue from renowned former GE chief exec Jack Welch and start with a clearly-defined mission.
Morgan Stanley Insider Case Offers New Year Insider Reminders
News  |  1/6/2015  | 
Employee accesses 10% of customer files in investment database, exposes hundreds on Pastebin.
CryptoWall 2.0 Has Some New Tricks
Quick Hits  |  1/6/2015  | 
New ransomware variant uses TOR on command-and-control traffic and can execute 64-bit code from its 32-bit dropper.
Deconstructing The Sony Hack: What I Know From Inside The Military
Commentary  |  1/6/2015  | 
Don't get caught up in the guessing game on attribution. The critical task is to understand the threat data and threat actor tactics to ensure you are not vulnerable to the same attack.
Threat Intelligence: Sink or Swim?
Partner Perspectives  |  1/6/2015  | 
The coming flood of threat-intelligence data from the Internet of Things and new classes of endpoints has organizations seriously evaluating their strategies.
Cybercrime Dipped During Holiday Shopping Season
News  |  1/5/2015  | 
The number of businesses breached dropped by half from years past, but attackers got more bang for their buck in terms of stolen records, a new IBM report reveals.
Major Bitcoin Exchange Suspends Service, Suspecting Attack
News  |  1/5/2015  | 
Bitstamp suspends service, citing a wallet compromise, one day after a significant drop in the value of Bitcoins.
Long-Running Cyberattacks Become The Norm
News  |  1/2/2015  | 
Many companies are so focused on the perimeter that they have little idea what's going on inside the network.
Chick-fil-A Investigating Possible Data Breach
Quick Hits  |  12/31/2014  | 
Suspicious activity seen with payment cards used at "a few" of its restaurants.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8802
Published: 2015-01-23
The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to (1) add a user by uploading a crafted CSV file or (2) activate a user account via a verifyit action.

CVE-2014-9623
Published: 2015-01-23
OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quote and cause a denial of service (disk consumption) by deleting an image in the saving state.

CVE-2014-9638
Published: 2015-01-23
oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero.

CVE-2014-9639
Published: 2015-01-23
Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.

CVE-2014-9640
Published: 2015-01-23
oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If youíre a security professional, youíve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.