Dark Reading | Security | Protect The Business

Advertise With Us

About Us

Digital Subscription

Dark Reading Radio: The Winners & Losers of Botnet Takedowns

7 Black Hat Sessions Sure To Cause A Stir

Internet of Things: Security For A World Of Ubiquitous Computing

Infographic: With BYOD, Mobile Is The New Desktop

CEO Report Card: Low Grades for Risk Management

Top Stories

Dark Reading Radio: The Winners & Losers ...

7 Black Hat Sessions Sure To Cause A Stir

Internet of Things: Security For A World ...

Infographic: With BYOD, Mobile Is The New ...

CEO Report Card: Low Grades for Risk ...

News & Commentary

Travel Agency Fined £150,000 for Violating Data Protection Act

News

That'll teach them not to retain credit card data in perpetuity.

By Sara Peters , 7/24/2014

0 comments | Read | Post a Comment

Passwords Be Gone! Removing 4 Barriers To Strong Authentication

Phillip M. Dunkelberger, President & CEO, Nok Nok Labs

Commentary

As biometric factors become more prevalent on mobile devices, FIDO Alliance standards will gain traction as an industry-wide authentication solution.

By Phillip M. Dunkelberger President & CEO, Nok Nok Labs, 7/24/2014

0 comments | Read | Post a Comment

7 Arrested, 3 More Indicted For Roles in Cyber Fraud Ring That Stung StubHub

News

Arrests made in New York state, London, Toronto, and Spain for money laundering, grand larceny, and using StubHub customers' credit cards to buy and sell 3,500 e-tickets to prime events.

By Sara Peters , 7/23/2014

1 Comment | Read | Post a Comment

Latest Comment: RyanSepe, It is never a good idea to keep the same passwords but then there is an issue...

Ram Scraper Malware: Why PCI DSS Can't Fix Retail

Brian Riley, Technical Director, Government Programs, Green Hills Software

Commentary

There is a gaping hole in the pre-eminent industry security standard aimed at protecting customers, credit card and personal data

By Brian Riley Technical Director, Government Programs, Green Hills Software, 7/23/2014

3 comments | Read | Post a Comment

Latest Comment: macker490, Fixing the Point of Sale Terminal (POST)THINK: when you use your card: you...

Dark Reading Radio: The Winners & Losers of Botnet Takedowns

Commentary

Our guests are Cheri McGuire, VP of global government affairs and cyber security policy for Symantec, and Craig D. Spiezle, executive director and founder of the Online Trust Alliance.

By Sara Peters , 7/23/2014

0 comments | Read | Post a Comment

7 Black Hat Sessions Sure To Cause A Stir

At Black Hat, researchers will point out the weaknesses in everything from the satellites in outer space to the thermostat in your home.

By Ericka Chickowski Contributing Writer, Dark Reading, 7/22/2014

7 comments | Read | Post a Comment

Latest Comment: Robert McDougal, Agreed, this is only the material that people are willing to share. Imagine...

Nigerian 419 Scammers Evolving Into Malware Pushers (But Not Very Good Ones)

Quick Hits

"Silver Spaniel" attacks use commodity malware to damage others' security, but they aren't very good at protecting their own.

By Sara Peters , 7/22/2014

4 comments | Read | Post a Comment

Latest Comment: Manos Chatzikyriakos, You might find this paper interesting. It's about a study on the subject you...

Infographic: With BYOD, Mobile Is The New Desktop

Commentary

Security teams have no choice but to embrace the rapid proliferation of BYO devices, apps, and cloud services. To ignore it is to put your head in the sand.

By Adam Ely COO, Bluebox, 7/22/2014

7 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, Sounds interesting. Keep us posted on your progress. BTW how many users do...

Don't Overestimate EMV Protections, Underestimate Card Thief Sophistication

News

At Black Hat, an AccessData researcher will offer up a crash course in card payment tech and protections to root out security community misconceptions

By Ericka Chickowski Contributing Writer, Dark Reading, 7/21/2014

1 Comment | Read | Post a Comment

Latest Comment: macker490, Fixing the Point of Sale Terminal (POST)THINK: when you use your card: you...

Internet of Things: Security For A World Of Ubiquitous Computing

Candace Worley, SVP & GM, Endpoint Security, McAfee

Commentary

Endpoint security is hardly dead, and claiming that it is oversimplifies the challenges corporations face now and in the not-very-distant future.

By Candace Worley SVP & GM, Endpoint Security, McAfee, 7/21/2014

4 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, Thanks, Candace. To your point about endpoint security being comprised of...

Hacking Your Hotel Room

Brian Prince, Contributing Writer, Dark Reading

News

At Black Hat USA next month, a researcher will show how to hack your way into controlling everything in a hotel room -- from lighting to television sets.

By Brian Prince Contributing Writer, Dark Reading, 7/18/2014

11 comments | Read | Post a Comment

Latest Comment: Robert McDougal, I never use wi-fi in public places if I can help it. The reason is simple,...

CEO Report Card: Low Grades for Risk Management

Marilyn Cohodas, Community Editor, Dark Reading

Commentary

Dark Reading's latest community poll shows a stunning lack of confidence in chief execs' commitment to cyber security.

By Marilyn Cohodas Community Editor, Dark Reading, 7/18/2014

12 comments | Read | Post a Comment

Latest Comment: Robert McDougal, While I agree having everyone accountable is an ideal situation I would still...

Government-Grade Stealth Malware In Hands Of Criminals

News

"Gyges" can be bolted onto other malware to hide it from anti-virus, intrusion detection systems, and other security tools.

By Sara Peters , 7/17/2014

12 comments | Read | Post a Comment

Latest Comment: Robert McDougal, I wonder how long until a real war is started as a result of a cyber attack....

Website Hacks Dropped During World Cup Final

Kelly Jackson Higgins, Senior Editor, Dark Reading

Quick Hits

Hackers apparently took time off to watch the Germany-Argentina title match of the 2014 FIFA World Cup.

By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/17/2014

15 comments | Read | Post a Comment

Latest Comment: RyanSepe, I definitely think your statement regarding the non-world cup average being...

A New Age in Cyber Security: Public Cyberhealth

Commentary

The cleanup aimed at disrupting GameOver Zeus and CryptoLocker offers an instructive template for managing mass cyber infections.

By Brian Foster CTO, Damballa, 7/17/2014

5 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, I totally agree, @Robert. I found the comparison to epidemiology very original...

Ransomware: 5 Threats To Watch

Cyber criminals have kicked it up a notch with nasty malware that locks you out of your machine and holds it for ransom.

By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/17/2014

13 comments | Read | Post a Comment

Latest Comment: Robert McDougal, I think you are exactly correct. Sometimes I lose track that I see this...

Senate Hearing Calls for Changes to Cybercrime Law

News

In the wake of Microsoft's seizure of No-IP servers and domains, private and public sector representatives met to discuss what can be done to address the problem of botnets.

By Sara Peters , 7/16/2014

10 comments | Read | Post a Comment

Latest Comment: Robert McDougal, I tend to agree with this sentiment. I am seeing many foreign companies...

Passwords & The Future Of Identity: Payment Networks?

Andre Boysen, EVP, Digital Identity Evangelist, SecureKey

Commentary

The solution to the omnipresent and enduring password problem may be closer than you think.

By Andre Boysen EVP, Digital Identity Evangelist, SecureKey, 7/16/2014

17 comments | Read | Post a Comment

Latest Comment: andre.boysen, The issue of concentration risk comes up a lot. I agree that a simple...

Automobile Industry Accelerates Into Security

News

Industry looking at intelligence-sharing platform or an Auto-ISAC in anticipation of more automated, connected -- and vulnerable -- vehicles.

By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/15/2014

13 comments | Read | Post a Comment

Latest Comment: Robert McDougal, I look forward to hearing their insights!

Payment Card Data Theft: Tips For Small Business

Chris Nutt, Director, Incident Response & Malware, Mandiant

Commentary

For small businesses looking to reduce their exposure to data theft the good news is the advantage of being small.

By Chris Nutt Director, Incident Response & Malware, Mandiant, 7/15/2014

7 comments | Read | Post a Comment

Latest Comment: KateN232, The Cloud And Big Data as an important part of small business Using of big...

More Stories

Current Conversations

Posted by Robert McDougal

I think you are exactly correct. Sometimes I lose track that I see this stuff on a daily basis and I take being able to spot it for granted. The normal user isn't naturally cautious and as such prone to falling...

In reply to: Re: good overview
Post Your Own Reply

Posted by Marilyn Cohodas

I have heard a similar version of that story from enterprise security pro many, many times! I guess the takeaway is that you need to give that presentation every couple of months...

In reply to: Re: good overview
Post Your Own Reply

Posted by Marilyn Cohodas

Thanks, Candace. To your point about endpoint security being comprised of a broad spectrum of technologies, Rick Gordon, Managing Partner at Mach37 an early-stage tech venture development company, backed your...

In reply to: Re: The endpoint is not dead
Post Your Own Reply

Posted by Robert McDougal

I was asked to give a presentation on how to spot malicious and phishing emails shortly afterwards. I gave a 30 minute presentation that included several hard examples including the email that caught the President. Things...

In reply to: Re: good overview
Post Your Own Reply

Posted by RyanSepe

It is never a good idea to keep the same passwords but then there is an issue with people remembering mutliple complex passwords. The same ideology for creating DNS (people can't remember all those numeric addresses) is...

In reply to: Alternate Method
Post Your Own Reply

Posted by Marilyn Cohodas

But did it change the security culture at the non-profit ? Any impact on practices, user ed, etc?

In reply to: Re: good overview
Post Your Own Reply

Posted by Candace Worley

The security industry has been dancing around the idea that anti-virus is dead for many years, so it is not really shocking when someone says it out loud. My take on this topic is that it is not so much that AV is dead as...

In reply to: Re: The endpoint is not dead
Post Your Own Reply

Posted by Robert McDougal

Very much so a nightmare... However, other than costing a little over $500 it served as a valuable lesson for the President.

In reply to: Re: good overview
Post Your Own Reply

Posted by Robert McDougal

Agreed, this is only the material that people are willing to share. Imagine what people are not willing to share...

In reply to: Re: Tip of the iceberg
Post Your Own Reply

Posted by Kelly Jackson Higgins

Wow--that's a nightmare scenario with a relatively good ending.

In reply to: Re: good overview
Post Your Own Reply

Posted by Robert McDougal

Not sure when the material will be released but when it is you can find it here: https://www.blackhat.com/html/archives.html

In reply to: Re: Dates and Times
Post Your Own Reply

Posted by Robert McDougal

The attack vector was an email pretending to contain a receipt for a large purchase. This time the ransom was not paid. However, when cryptolocker was brand new the President of one of these non-profits fell victim....

In reply to: Re: good overview
Post Your Own Reply

More Conversations

Security Insights

Microsoft, No-IP, And The Need For Clarity

The Microsoft vs. No-IP case highlights the need for clear standards of abuse handling and transparency on which service providers measure up.

0 comments
Read | Post a Comment

More Sophos Security Insights

Products & Releases

IT Security Pros Surveyed: Poor password management leaves accounts open to attack

New Windows App to Detect WiFi Security

Global Study: Nearly 30 Percent of Security Professionals Would Completely Overhaul Their Current Enterprise Security System Given Resources & Opportunity

Half of Security Professionals Think Java Applications are Vulnerable to Attacks

ZeroFOX to Spotlight Social Risk Management at Black Hat 2014

Solutionary SERT 2014 Q2 Threat Intelligence Report: Amazon-Hosted Malware Nearly Triples in First Half 2014

39 Percent of IT Organizations Experienced More Than Two Significant Security Incidents

General Dynamics Fidelis Cybersecurity Solutions Joins Forces with Microsoft to Further Protect Customers

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

CEO Report Card: Low Grades for Risk Management

Marilyn Cohodas, Community Editor, Dark Reading, 7/18/2014

Government-Grade Stealth Malware In Hands Of Criminals

Sara Peters 7/17/2014

Hacking Your Hotel Room

Brian Prince, Contributing Writer, Dark Reading, 7/18/2014

Live Events

Webinars

More UBM Tech
Live Events

Plan and Deploy a Most Cost-Effective 4G Infrastructure

Join the Conference for 4G/LTE Professionals at CTIA

Tower & Small Cell Summit

Dark Reading Radio

Archived Dark Reading Radio

Botnet Takedowns: Who's Winning, Who's Losing

Sara Peters hosts a conversation on Botnets and those who fight them.

UPCOMING!
Wednesday, July 30, 1pm EDT
Hack My Ride: The State of Car (In)Security

FULL SCHEDULE | ARCHIVED SHOWS

Flash Poll

All Polls

White Papers

Network Transformation: A Guide to Planning Your Journey to All-IP

The Public Sector Cloud Perspective

Preventing Data Center Downtime

Visibility for Converged Infrastructure Solutions

White Book: Cloud Adoption - The Definitive Guide to a Business Technology Revolution

More White Papers

Current Issue

Dark Reading Must Reads July 15, 2014

Download This Issue!

Subscribe Now!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2014-0607

Published: 2014-07-24
Unrestricted file upload vulnerability in Attachmate Verastream Process Designer (VPD) before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an executable file.

CVE-2014-1419

Published: 2014-07-24
Race condition in the power policy functions in policy-funcs in acpi-support before 0.142 allows local users to gain privileges via unspecified vectors.

CVE-2014-2360

Published: 2014-07-24
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage.

CVE-2014-2361

Published: 2014-07-24
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode.

CVE-2014-2362

Published: 2014-07-24
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation.

Best of the Web

One Congressman’s Crusade To Save the World From Killer Robots

Hackers Find Way To Outwit Tough Security At Banking Sites

"Crypto Ransomware" CTB-Locker (Critroni.A) on the rise

Black Hat Anti-Tor Talk Smashed By Lawyers' Wrecking Ball

Google Must Face U.S. Privacy Lawsuit Over Commingled User Data

Reports

Infographics

DevOps’ Impact on Application Security

Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.

Download Now!

More Reports

Slideshows

7 Black Hat Sessions Sure To Cause A Stir

7 comments | Read | Post a Comment

Ransomware: 5 Threats To Watch

6 Things That Stink About SSL