Dark Reading | Security | Protect The Business

Advertise With Us

About Us

Digital Subscription

7 Things You Should Know About Secure Payment Technology

How To Get More Involved In The IT Security Community

Top Stories

7 Things You Should Know About Secure ...

From Hacking Systems To Hacking People

How To Get More Involved In The IT ...

Hackin' At The Car Wash, Yeah

Why The USA Hacks

News & Commentary

What You Need To Know About Nation-State Hacked Hard Drives

Kelly Jackson Higgins, Executive Editor at Dark Reading

News

The nation-state Equation Group compromise of most popular hard drives won't be a widespread threat, but future disk security -- and forensic integrity -- remain unclear.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/2/2015

0 comments | Read | Post a Comment

Uber Takes Over 5 Months To Issue Breach Notification

Quick Hits

50,000 Uber drives just being told now that their names and license numbers were exposed.

By Dark Reading Staff , 3/2/2015

0 comments | Read | Post a Comment

5 Signs That The Firewall's Not Dead Yet

Ericka Chickowski, Contributing Writer, Dark Reading

News

Demise of firewall is a long way off, according to recent survey results.

By Ericka Chickowski Contributing Writer, Dark Reading, 3/2/2015

0 comments | Read | Post a Comment

No Silver Bullets for Security

A quick-fix security solution for cyberphysical systems doesn’t exist.

By Lorie Wigle Vice President, General Manager IOT Security Solutions, Intel Security Group, 3/2/2015

0 comments | Read | Post a Comment

Why Security Awareness Alone Won’t Stop Hackers

Commentary

End-user training is a noble pursuit but it’s no defense against “low and slow” attacks that take months and years to carry out.

By Saryu Nayyar CEO, Gurucul, 3/2/2015

0 comments | Read | Post a Comment

Dark Reading Offers Cyber Security Crash Course At Interop 2015

Tim Wilson, Editor in Chief, Dark Reading

Commentary

New, one-day event offers a way for IT pros to quickly catch up with the latest threats and defenses in information security.

By Tim Wilson Editor in Chief, Dark Reading, 3/2/2015

0 comments | Read | Post a Comment

Mobile Security By The Numbers

Rounding up the latest research on mobile malware and security practices.

By Ericka Chickowski , 3/2/2015

0 comments | Read | Post a Comment

Cyber Intelligence: Defining What You Know

Jason Polancich, Founder & Chief Architect, SurfWatchLabs

Commentary

Too often management settles for security data about things that are assumed rather than things you can prove or that you know are definitely wrong.

By Jason Polancich Founder & Chief Architect, SurfWatchLabs, 2/27/2015

1 Comment | Read | Post a Comment

Latest Comment: Mike Anders, There is a growing awareness that Cyber Intelligence is more than a sum of...

Hits Keep On Coming For Both SSL & Its Abusers

Quick Hits

Hacktivist group Lizard Squad punishes Lenovo with a DNS hijack. Will Comodo be next?

By Dark Reading Staff , 2/26/2015

4 comments | Read | Post a Comment

Latest Comment: RyanSepe, @Sara Peters. Thanks for clarifying. Although now I'm appalled that this is...

'Shadow' Cloud Services Rampant In Government Networks

News

Survey finds public sector employees use unmanaged cloud services just as much as private employees.

By Jai Vijayan Freelance writer, 2/26/2015

4 comments | Read | Post a Comment

Latest Comment: Grant C, I might coin it the Storm Cloud! Detecting and containing north/south...

How to Strengthen Enterprise Defenses against Ransomware

Eight essential ways that companies can enforce their borders.

By Alexandra Gheorghe Security Specialist, Bitdefender, 2/26/2015

3 comments | Read | Post a Comment

latest comment Joe Stanganelli One technique that some companies engage in (and consultants advise) is to...

How To Reduce Spam & Phishing With DMARC

Commentary

Providers of more than 3 billion email boxes have taken up a new Internet protocol to help put trust back into electronic messaging.

By Daniel Ingevaldson CTO, Easy Solutions, 2/26/2015

6 comments | Read | Post a Comment

Latest Comment: dingevaldson, @MrSmith01--that may be the case because Target has published a DMARC policy....

5 New Vulnerabilities Uncovered In SAP

News

Onapsis researchers find bugs in SAP BusinessObjects and SAP HANA.

By Ericka Chickowski Contributing Writer, Dark Reading, 2/26/2015

0 comments | Read | Post a Comment

Millions Of Non-Anthem Customers Also Hit By Anthem Breach

Quick Hits

Blue Cross Blue Shield customers -- as many as 8.8 to 18.8 million of them -- might have also had their data compromised.

By Dark Reading Staff , 2/25/2015

4 comments | Read | Post a Comment

Latest Comment: Sara Peters, @Marilyn So true. And it seems like we never really understand how this...

Ramnit Botnet Disrupted By International Public-Private Collaboration

Sara Peters, Senior Editor at Dark Reading

News

Europol leads the effort to bring down the bank credential-stealing botnet that infected 3.2 million computers across the globe.

By Sara Peters Senior Editor at Dark Reading, 2/25/2015

0 comments | Read | Post a Comment

Gemalto: NSA, GCHQ May Have Been Behind Breaches It Suffered In 2010 And 2011

News

But the 'sophisticated' attacks hit only Gemalto office networks--not 'massive theft' of SIM crypto keys, vendor says, and such an attack, if waged, would only affect 2G networks, not 3G or 4G.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/25/2015

3 comments | Read | Post a Comment

Latest Comment: Pablo Valerio, @Kelly, if there is a strong believe that the keys are compromised they could...

Five Easiest Ways to Get Hacked – Part 2

Continuing a conversation with principal security consultant Amit Bagree

By Carric Dooley WW VP of Foundstone Services, Intel Security, 2/25/2015

2 comments | Read | Post a Comment

latest comment Joe Stanganelli An important yet oft overlooked aspect of a good patch management strategy:...

Customers Aren’t the Only Victims: 5 Stages Of Data Breach Grief

Ricky Link, Managing Director, Coalfire Systems, Southwest Region

Commentary

What can we learn from organizations that have experienced a data beach? For one thing, infosec teams on the front lines of cyber security are also victims.

By Ricky Link Managing Director, Coalfire Systems, Southwest Region, 2/25/2015

3 comments | Read | Post a Comment

Latest Comment: Lewa, I totally agree with you on this. Most companies that have suffered a breach...

5 Ways To Prepare For IoT Security Risks

News

As the Internet of Things begins to take shape, IT organizations must prepare for change.

By Jai Vijayan Freelance writer, 2/24/2015

0 comments | Read | Post a Comment

Medical Identity Theft Costs Victims $13,450 Apiece

News

New study shows not only is medical identity fraud costly for individuals, it's happening a lot more often.

By Sara Peters Senior Editor at Dark Reading, 2/24/2015

8 comments | Read | Post a Comment

Latest Comment: Joe Stanganelli, That's funny, Marilyn; it seems I *always* have to present my medical ID whenever...

More Stories

Current Conversations

Posted by Mike Anders

There is a growing awareness that Cyber Intelligence is more than a sum of all threat feeds! Unfortunately, for many, adopting an "intelligence-based" Cyber security mindset seems difficult. In practice, however, it is far...

In reply to: Cyber Intelligence and knowing what you know!
Post Your Own Reply

Posted by Joe Stanganelli

Reminds me of a story a friend recently told me. Sitting at an airport gate not too long ago, she watched as a mortgage executive sitting next to her with a bag full of sensitive PII documents (FNMA 1003s and the like)...

In reply to: Watch your back low-tech-wise.
Post Your Own Reply

Posted by Joe Stanganelli

An important yet oft overlooked aspect of a good patch management strategy: implement everything in a testbed first. Test everything with everything. Otherwise, you could really screw things up -- especially...

In reply to: Testing patches
Post Your Own Reply

Posted by dingevaldson

@MrSmith01--that may be the case because Target has published a DMARC policy. As more and more brands do so, and move that policy from monitor mode to reject, more and more attackers will be forced to use sister/cousin...

In reply to: Re: DMARC is not going to stop phishing
Post Your Own Reply

Posted by Grant C

I might coin it the Storm Cloud! Detecting and containing north/south and east/west bound data in the cloud - especially the one off SaaS sloutions - is tricky at best is seems. Not to mention auditing identities,...

In reply to: Storm Cloud!
Post Your Own Reply

Posted by Joe Stanganelli

That's funny, Marilyn; it seems I *always* have to present my medical ID whenever I go in for a doctor's appointment. I guess it depends where you go.

In reply to: Re: An example > borrow insurance?
Post Your Own Reply

Posted by Joe Stanganelli

One technique that some companies engage in (and consultants advise) is to purposely send "phishing" emails to a random selection of employees each month. If the employee clicks, he is advised that it was a phishing...

In reply to: Honeypot the employees
Post Your Own Reply

Posted by starace

This was an interesting article and I can see how easy it easy for a company to get hacked. It makes you wonder about all the temps that are hired in a company. Are they really in need of a job or are they on a recon mission. As...

In reply to: Hacking and Loyalty
Post Your Own Reply

Posted by RwG524

> People are people. They want to do things more efficiently." In my shop, it takes four weeks and many meetings to arrange for something simple such as a DB server. In the cloud, I can have a DB server...

In reply to: A problem is IT is behind the times
Post Your Own Reply

Posted by Joe Stanganelli

I'm reading Brian Krebs's Spam Nation right now (fascinating read), and yes, it seems like the successful mid-level criminals who would have that kind of information might also be jeopardizing their very lucrative...

In reply to: Re: Is $3 million enough?
Post Your Own Reply

Posted by Joe Stanganelli

Another issue (which I recently wrote about) is the matter of what happens after there is a breach of the data in the shadow IT service? How do you even know that your data were there? The employee would have...

In reply to: And how do you find out?
Post Your Own Reply

Posted by MrSmith01

Except what if the email is from myemail@myc0mpany.com or one of a hundred other variations an attacker could set up? Heck, I just saw a legitimate email for Target that used the domain mail-target.com. You see,...

In reply to: Re: DMARC is not going to stop phishing
Post Your Own Reply

More Conversations

Products & Releases

Proofpoint Signs Definitive Agreement to Acquire Emerging Threats; Enhances Threat Intelligence, Detection and Response

Emailage Raises $3.8 Million

ForeScout Appoints Former Intel Security President Michael DeCesare as CEO

BMC and Qualys Join Forces to Improve Enterprise Security

Onapsis Uncovers Five New Vulnerabilities Affecting SAP BusinessObjects and SAP HANA

SEWORKS Launches AppSecu.re, SaaS-Based Security Service to Provide App Protection for Android Developers Worldwide

Lumeta Announces Strategic Partnership with Nordisk Systems, Inc.

Digital Guardian Launches Digital Guardian 7.0 for Data Protection Against All Threats

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

7 Things You Should Know About Secure Payment Technology

Sara Peters, Senior Editor at Dark Reading, 2/24/2015

From Hacking Systems To Hacking People

Larry Ponemon, Chairman & Founder, Ponemon Institute, 2/24/2015

Medical Identity Theft Costs Victims $13,450 Apiece

Sara Peters, Senior Editor at Dark Reading, 2/24/2015

Partner Perspectives

What's This?

No Silver Bullets for Security

A quick-fix security solution for cyberphysical systems doesn't exist. Read >>

Five Easiest Ways to Get Hacked – Part 2

2 comments

Five Easiest Ways to Get Hacked – Part 1

0 comments

More Stories

Live Events

Webinars

More UBM Tech
Live Events

Join Security Experts at Black Hat Asia 2015

ConocoPhillips: Analytics For All

WebRTC - Learn if it is ready for the enterprise this March in Orlando!

Cartoon

Latest Comment: I want to know where to get a tablet with that large a screen!(Maybe they're the old "convertibles.")

Cartoon Archive

Dark Reading Radio

Archived Dark Reading Radio

How To Get More Involved In the IT Security Community

How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.

UPCOMING!
Wednesday, March 18, 1pm EDT
New Cybercrime Crackdown Could Backfire And Criminalize Security Professionals

FULL SCHEDULE | ARCHIVED SHOWS

White Papers

Capitalizing On Big Data: Managed Services Help Financial Firms Accelerate Big Data Projects

Mobility: How Are You Pacing Against Your Peers?

Turning the Threat of Insurance Fraud into an Opportunity

[eGuide] Designing a Continuous Response Architecture

[eGuide] Advanced Threat Hunting

More White Papers

Current Issue

Dark Reading - March 2, 2015

Download This Issue!

Subscribe Now!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2013-7421

Published: 2015-03-02
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.

CVE-2014-8160

Published: 2015-03-02
net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disall...

CVE-2014-9644

Published: 2015-03-02
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-201...

CVE-2015-0239

Published: 2015-03-02
The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYS...

CVE-2014-8921

Published: 2015-03-01
The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the automatic configuration option, which makes it easier for remote attackers to capture credentials by c...

Reports

Infographics

10 Recommendations for Outsourcing Security

Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?

Download Now!

Title Partner’s Role in Perimeter Security

0 comments

Threat Intel Today

0 comments

DevOps’ Impact on Application Security

0 comments

More Reports