News & Commentary
In Wake Of Resurgence, US-CERT Issues Alert About Dridex
Sara Peters, Senior Editor at Dark ReadingQuick Hits
U.S. issues alert about banking Trojan, but recent attacks focus on U.K.
By Sara Peters Senior Editor at Dark Reading, 10/13/2015
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Insurance: 4 Practical Considerations
Ilia Kolochenko, CEO, High-Tech BridgeCommentary
There can't be reliable cybersecurity insurance until companies can identify who is responsible for the continuous exploitation of stolen data, long-lasting attacks, and hardly-detectable APTs.
By Ilia Kolochenko CEO, High-Tech Bridge, 10/12/2015
Comment1 Comment  |  Read  |  Post a Comment
Chipping Away At Credit Card Fraud With EMV
Deborah Baxley, Principal, Cards & Payments, Capgemini Financial ServicesCommentary
As of October 1, so-called chip-and-pin technology is now the law of the land for electronic payments in the US. But it’s not the silver bullet that will instantly stop all cybercrime.
By Deborah Baxley Principal, Cards & Payments, Capgemini Financial Services, 10/8/2015
Comment1 Comment  |  Read  |  Post a Comment
'Evil' Kemoge Serves Androids Ads And Rootkits
Sara Peters, Senior Editor at Dark ReadingNews
Malware is wrapped into a wide variety of legitimate apps on third-party stores and one on Google Play.
By Sara Peters Senior Editor at Dark Reading, 10/7/2015
Comment2 comments  |  Read  |  Post a Comment
Intro To Machine Learning & Cybersecurity: 5 Key Steps
Stephen Newman, CTO, DamballaCommentary
Software-based machine learning attempts to emulate the same process that the brain uses. Here’s how.
By Stephen Newman CTO, Damballa, 10/7/2015
Comment0 comments  |  Read  |  Post a Comment
Segmentation: A Fire Code For Network Security
TK Keanini, CTO, LancopeCommentary
New technologies like software-defined segmentation are making it easier to prevent a compromise from spreading by separating users and network resources into zones.
By TK Keanini CTO, Lancope, 10/5/2015
Comment0 comments  |  Read  |  Post a Comment
Scottrade Breach Hit 4.6 Million Customers, Began 2 Years Ago
Dark Reading Staff, Quick Hits
Social Security numbers might have been exposed, but the main target appears to have been contact information.
By Dark Reading Staff , 10/2/2015
Comment2 comments  |  Read  |  Post a Comment
The Evolution Of Malware
Fred Touchette, Manager of Security ResearchCommentary
Like the poor in the famous Biblical verse, malware will always be with us. Here’s a 33-year history from Elk Cloner to Cryptolocker. What will be next?
By Fred Touchette Manager of Security Research, 10/2/2015
Comment0 comments  |  Read  |  Post a Comment
Deceit As A Defense Against Cyberattacks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
A new generation of 'threat deception' technology takes the honeypot to a new, enterprise level.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/1/2015
Comment1 Comment  |  Read  |  Post a Comment
Automating Breach Detection For The Way Security Professionals Think
Giora Engel, VP Product & Strategy, LightCyberCommentary
The missing ingredient in making a real difference in the cumbersome process of evaluating a flood of alerts versus a small, actionable number is context.
By Giora Engel VP Product & Strategy, LightCyber, 10/1/2015
Comment2 comments  |  Read  |  Post a Comment
DHS Funds Project For Open Source 'Invisible Clouds'
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Cloud Security Alliance and Waverley Labs to build software-defined perimeter (SDP) to protect cloud and critical infrastructure from DDoS attacks.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/30/2015
Comment2 comments  |  Read  |  Post a Comment
State Trooper Vehicles Hacked
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Car-hacking research initiative in Virginia shows how even older vehicles could be targeted in cyberattacks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/30/2015
Comment22 comments  |  Read  |  Post a Comment
The 'Remediation Gap:' A 4-Month Invitation To Attack
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Organizations set out the welcome mat for cyberattackers by taking an average of 120 days to patch flaws.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/29/2015
Comment2 comments  |  Read  |  Post a Comment
The Unintended Attack Surface Of The Internet Of Things
Oliver Tavakoli, CTO, Vectra Networks, Inc.Commentary
How a vulnerability in a common consumer WiFi device is challenging today’s enterprise security.
By Oliver Tavakoli CTO, Vectra Networks, Inc., 9/29/2015
Comment9 comments  |  Read  |  Post a Comment
Getting The Most From Your Security Investments
Kelley Damore, CommentaryVideo
In an interview at Black Hat, Shehzad Merchant, CTO of Gigamon, shares his thoughts with the Dark Reading News Desk on how CISOs can get the most out of their technology investments when it comes to fighting breaches.
By Kelley Damore , 9/28/2015
Comment0 comments  |  Read  |  Post a Comment
Keep Your Digital Assets Safe
Brian Gillooly, CommentaryVideo
Arian Evans, VP of product strategy at RiskIQ, talks to the Dark Reading News Desk at Black Hat about RiskIQ’s new online digital asset inventory discovery and security platform, Enterprise Digital Footprint.
By Brian Gillooly , 9/28/2015
Comment0 comments  |  Read  |  Post a Comment
China, US Agree To Not Conduct Cyberespionage For Economic Gain
Dark Reading Staff, Quick Hits
Pledge applies to stealing trade secrets but stops short of banning traditional espionage via hacking.
By Dark Reading Staff , 9/27/2015
Comment11 comments  |  Read  |  Post a Comment
Google, Others Seek to Make Cybercrime Costlier For Criminals
Jai Vijayan, Freelance writerNews
Most effective long-term strategy is to target the support infrastructure and financial services used by criminals, Google says
By Jai Vijayan Freelance writer, 9/25/2015
Comment11 comments  |  Read  |  Post a Comment
FTC v. Wyndham: ‘Naughty 9’ Security Fails to Avoid
Jason Straight, Senior VP & Chief Privacy Officer, UnitedLexCommentary
The Federal Trade Commission’s fair trade suit against Wyndham hotels offers insight into the brave new world of cybersecurity regulation of consumer data.
By Jason Straight Senior VP & Chief Privacy Officer, UnitedLex, 9/25/2015
Comment3 comments  |  Read  |  Post a Comment
4 IoT Cybersecurity Issues You Never Thought About
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Government, industry and security professionals problem-solve the daunting challenges of the Internet of Things.
By Marilyn Cohodas Community Editor, Dark Reading, 9/24/2015
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Tech Digest September 7, 2015
Some security flaws go beyond simple app vulnerabilities. Have you checked for these?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-12
vpxd in VMware vCenter Server 5.0 before u3e, 5.1 before u3, and 5.5 before u2 allows remote attackers to cause a denial of service via a long heartbeat message.

Published: 2015-10-12
The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.

Published: 2015-10-12
Cisco Unified Computing System (UCS) B Blade Server Software 2.2.x before 2.2.6 allows local users to cause a denial of service (host OS or BMC hang) by sending crafted packets over the Inter-IC (I2C) bus, aka Bug ID CSCuq77241.

Published: 2015-10-12
The process-management implementation in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges by terminating a supervised process and then triggering the restart of a process by the root account, aka Bug ID CSCuv12272.

Published: 2015-10-12
HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
What can the information security industry do to solve the IoT security problem? Learn more and join the conversation on the next episode of Dark Reading Radio.