News & Commentary
Latest Content
Page 1 / 2   >   >>
ICANN Hit By Cyberattack
News  |  12/18/2014  | 
Spear phishing campaign led to attackers gaining administrative access to one system.
Bad Bots On The Rise
News  |  12/18/2014  | 
Humans remain outnumbered by bots online, new data shows.
Vawtrak: Crimeware Made-To-Order
Quick Hits  |  12/18/2014  | 
A compartmentalized botnet with a wide selection of specialized web injects makes it easier to attack bank accounts across the globe.
5 Pitfalls to Avoid When Running Your SOC
Commentary  |  12/18/2014  | 
The former head of the US Army Cyber Command SOC shares his wisdom and battle scars about playing offense not defense against attackers.
Sony Cancels Movie, US Confirms North Korea Involvement, But Were Bomb Threats Empty?
News  |  12/17/2014  | 
After the Sony hackers issue threats of physical violence and 9/11-style attacks, The Interview is being killed before it even premieres. But would the attackers have really blown up theaters?
'Grinch' Bug May Affect Most Linux Systems
Quick Hits  |  12/17/2014  | 
But newly discovered vulnerability not as urgent as previous open-source bug disclosures.
Millions Of Android Phones In China Have Backdoor
News  |  12/17/2014  | 
An Android backdoor is the topic of one of two advisories this week on mobile threats.
The New Target for State-Sponsored Cyber Attacks: Applications
Commentary  |  12/17/2014  | 
Skilled hackers are now using simple web application vulnerabilities like SQL Injection to take over database servers. Are you prepared to defend against this new type of threat actor?
2014's Top Malware: Less Money, Mo' Problems
News  |  12/16/2014  | 
Here are the five most active malware packages to give attackers a huge ROI on a small investment.
Sony Warns Media About Disclosure, Staff About Fraud, 'Bond' Fans About Spoilers
Quick Hits  |  12/16/2014  | 
A wrapup of the latest Sony attack fallout.
2014: The Year of Privilege Vulnerabilities
Commentary  |  12/16/2014  | 
Of the 30 critical-rated Microsoft Security Bulletins this year, 24 involved vulnerabilities where the age-old best practice of "least privilege" could limit the impact of malware and raise the bar of difficulty for attackers.
Balancing Accounting Policy & Security Strategy
Partner Perspectives  |  12/16/2014  | 
A long-term approach involves focusing on security as a platform, instead of a selection of individual products and point defenses.
Stocking Stuffers For Happy Hacking
Slideshows  |  12/15/2014  | 
Find that perfect gift for your co-workers and much-loved white hats without breaking the bank.
Price Tag Rises For Stolen Identities Sold In The Underground
News  |  12/15/2014  | 
What cybercriminals now charge for stolen identities, counterfeit identities, hacking tutorials, DDoS, and other services.
Dark Reading Radio: How To Become A CISO
Commentary  |  12/15/2014  | 
Find out what employers are really looking for in a chief information security officer.
Ekoparty Isn’t The Next Defcon (& It Doesn’t Want To Be)
Commentary  |  12/15/2014  | 
Unlike American security conferences that offer a buffet of merchandise, meals, and drinks, Ekoparty, in Buenos Aires, is every bit as functional -- with a little less fluff.
Targeted Attacks: A Defender's Playbook
News  |  12/15/2014  | 
Cyberthreat actors are increasingly going after a single victim. Here are some tips to help your organization get ready.
Attackers Turn Focus To PoS Vendors
News  |  12/12/2014  | 
The recently reported attack on Charge Anywhere puts the payment solutions provider on a list of PoS vendors attacked this year.
Shadow IT: Not The Risk You Think
Commentary  |  12/12/2014  | 
Enterprise cloud services such as Box, Office 365, Salesforce, and Google Apps can make a better case for being called sanctioned than many legacy, on-premises, IT-provisioned applications.
Cyberattacks Longer, More Continuous Than Before
News  |  12/12/2014  | 
A surprisingly large number of organizations experienced cyberattacks lasting more than one month, a new survey found.
Hiring Hackers To Secure The Internet Of Things
News  |  12/11/2014  | 
How some white hat hackers are changing career paths to help fix security weaknesses in consumer devices and business systems.
FBI Calls For Law Facilitating Security Information Sharing
News  |  12/11/2014  | 
Uniform breach notification laws and amendments to the Computer Fraud and Abuse Act are also on the list.
Cyber Security Practices Insurance Underwriters Demand
Commentary  |  12/11/2014  | 
Insurance underwriters aren’t looking for companies impervious to risk. They want clients that understand the threat landscape and have demonstrated abilities to mitigate attacks.
Securing the Internet of Things
Partner Perspectives  |  12/11/2014  | 
Factors specific to IoT devices make them a unique security risk.
Ex-NSA Agents' Security Startup Lands $8 Million In Funding
Quick Hits  |  12/10/2014  | 
Area 1 Security, launched in May, uses behavioral data to stop early-stage attacks from going further.
Crypto In The Crosshairs Again
News  |  12/10/2014  | 
"POODLE" attack extends to newer versions of SSL/TLS encryption as well.
'Inception' Cyber Espionage Campaign Targets PCs, Smartphones
News  |  12/10/2014  | 
Blue Coat report details sophisticated attacks mainly against Russian targets, and Kaspersky Lab calls new campaign next-generation of Red October cyber spying operation.
Smartphones Get Headlines, But Lax USB Security Is Just As Risky
Commentary  |  12/10/2014  | 
Most companies use no software to detect or secure sensitive data when it is moved to a USB flash drive, or even check USB drives for viruses or malware.
Universal Multi-Factor Authentication Steps Closer To The Mainstream
News  |  12/9/2014  | 
The FIDO Alliance today finalized two universal authentication standards and one of its founding members, Nok Nok Labs, closed on $8.5 million of financing.
Employees Still Get More Access Than They Need
News  |  12/9/2014  | 
Two surveys show how little enterprises enforce and track least-privilege policies.
Bitdefender Research Exposes Security Risks of Android Wearable Devices
Partner Perspectives  |  12/9/2014  | 
In the rush to supply early adopters with trendy technology, security has been compromised.
Internet Of Things: 3 Holiday Gifts That Will Keep CISOs Up At Night
Commentary  |  12/9/2014  | 
If you think BYOD policies will protect your infrastructure from the January influx of mobile hotspots, fitness trackers, and Bluetooth, think again.
2014: The Year of Shaken Trust
Partner Perspectives  |  12/9/2014  | 
We can rebuild that trust.
Online Ad Fraud Exposed: Advertisers Losing $6.3 Billion To $10 Billion Per Year
News  |  12/9/2014  | 
A new study conducted by the Association of National Advertisers (ANA) and the security firm White Ops tracked online ad traffic patterns for 36 major companies and discovered epic levels of abuse.
3 Steps To Solidifying Air-Gap Security
News  |  12/8/2014  | 
Your isolated systems may not be as secure from exfiltration or external control as you think.
How To Become a CISO: Top Tips
Slideshows  |  12/8/2014  | 
A look at the best career advice for aspiring CISOs from people who've reached the top.
The Four Horsemen of Cyber Security in 2014
Partner Perspectives  |  12/8/2014  | 
What too many of the year’s high-profile data breaches had in common.
Open Source Encryption Must Get Smarter
Commentary  |  12/8/2014  | 
When it comes to cryptography, there are quite a few myths in the age-old debate about proprietary versus open source application security.
Poll: The Perimeter Has Shattered!
Commentary  |  12/8/2014  | 
The traditional corporate network perimeter is not dead, but its amorphous shape is something new and indescribable.
IBM Reveals 'SpoofedMe' Attack Leveraging Social Login Vulnerability
News  |  12/5/2014  | 
IBM researchers uncovered an attack that takes advantage of the social login feature.
Moving Beyond 2-Factor Authentication With ‘Context’
Commentary  |  12/5/2014  | 
2FA isn’t cheap or infallible -- in more ways than two.
Sony Hackers Knew Details Of Sony's Entire IT Infrastructure
News  |  12/4/2014  | 
While trying to simultaneously recover from a data breach and a wiper attack, Sony watches attackers publish maps and credentials for everything from production servers to iTunes accounts.
'DeathRing' Malware Found Pre-Installed On Smartphones
News  |  12/4/2014  | 
Phones from low-cost, third-tier vendors in Asia and Africa have been affected, but that doesn't mean it can't happen here.
Ultra-Private Messaging Spreads To Apple Mac, Windows, Linux Desktops
Quick Hits  |  12/4/2014  | 
Wickr's secure mobile messaging app expands to the desktop amid explosion in encryption activity.
Why ‘Regin’ Malware Changes Threatscape Economics
Commentary  |  12/4/2014  | 
Never before have attackers been able to deploy a common malware platform and configure it as necessary with low-cost, quick-turnaround business logic apps.
New TLS/SSL Version Ready In 2015
Quick Hits  |  12/4/2014  | 
One of the first steps in making encryption the norm across the Net is an update to the protocol itself and a set of best-practices for using encryption in applications.
The Real Cost of Cyber Incidents, According To Insurers
News  |  12/3/2014  | 
Healthcare is hit by the most malicious insiders and the highest legal costs, according to a NetDiligence report.
With Operation Cleaver, Iran Emerges As A Cyberthreat
News  |  12/3/2014  | 
A hacker group's actions suggest that it is laying the groundwork for a future attack on critical infrastructure targets.
How Startups Can Jumpstart Security Innovation
Commentary  |  12/3/2014  | 
One of the best places for CISOs to turn for a cutting-edge cyber security strategy is the burgeoning world of startups. Here’s how to find them.
FBI Warning Shows Targeted Attacks Don't Just Steal Anymore
News  |  12/2/2014  | 
An FBI advisory points to an increasing trend of destructive malware for activist, anti-forensics purposes.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3580
Published: 2014-12-18
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.

CVE-2014-6076
Published: 2014-12-18
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to conduct clickjacking attacks via a crafted web site.

CVE-2014-6077
Published: 2014-12-18
Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

CVE-2014-6078
Published: 2014-12-18
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which makes it easier for remote attackers to obtain admin access via a brute-force attack.

CVE-2014-6080
Published: 2014-12-18
SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.