Dark Reading | Security | Protect The Business

Advertise With Us

About Us

7 Ways Cloud Alters The Security Equation

Snowden: Hollywood Highlights 2 Persistent Privacy Threats

Hacking 'Forward' With Weaponized Intelligence

How You Can Support InfoSec Diversity, Starting With The Colleagues You Already Have

Top Stories

7 Ways Cloud Alters The Security Equation

Snowden: Hollywood Highlights 2 ...

Hacking 'Forward' With Weaponized ...

10 Ways To Lock Down Third-Party Risk

How You Can Support InfoSec Diversity, ...

News & Commentary

Yahoo Breach Could Delay $4.8 Billion Verizon Takeover

Quick Hits

Verizon may revisit contract with Yahoo on doubts of vulnerabilities in the system after 500 accounts were found hacked.

By Dark Reading Staff , 9/26/2016

0 comments | Read | Post a Comment

Microsoft Launches Windows Defender App Guard For Its Edge Browser

Kelly Sheridan, Associate Editor, InformationWeek

News

Microsoft debuts a new tool to strengthen security in its Edge browser for Windows Enterprise customers.

By Kelly Sheridan Associate Editor, InformationWeek, 9/26/2016

0 comments | Read | Post a Comment

What The WADA Hack Proves About Today's Threat Landscape

Gary Newe, Director of Systems Engineering, F5 Networks

Commentary

Fancy Bear's initial release of data on four top American athletes reminds us all to reassess our risks.

By Gary Newe , 9/26/2016

0 comments | Read | Post a Comment

Adware Campaign Using Advanced Nation-State Obfuscation Techniques

Ericka Chickowski, Contributing Writer, Dark Reading

News

New report from Carbon Black shows adware may be spreading ransomware, using similar tactics as Operation Aurora.

By Ericka Chickowski Contributing Writer, Dark Reading, 9/26/2016

0 comments | Read | Post a Comment

State Of The Exploit Kit

Exploit kit traffic is down considerably following the demise of Nuclear and Angler, but many researchers see it only as a temporary disruption.

By Ericka Chickowski Contributing Writer, Dark Reading, 9/26/2016

0 comments | Read | Post a Comment

7 New Rules For IoT Safety & Vuln Disclosure

Commentary

In the Internet of Things, even the lowliest smart device can be used for a malicious purpose. Manufacturers take heed!

By Lysa Myers Security Researcher, ESET, 9/24/2016

0 comments | Read | Post a Comment

Advisory Body Calls For Stronger Cybersecurity Measures Across Airline Industry

News

Measures are designed to bolster operational security across all stakeholders in the aviation sector, Wall Street Journal says.

By Jai Vijayan Freelance writer, 9/23/2016

0 comments | Read | Post a Comment

Spam Levels Spike, Thanks In Part To Ransomware

Sara Peters, Senior Editor at Dark Reading

News

By shipping banking Trojans and ransomware that turn big profits fast, spammers can now afford the high overhead of high-volume spam campaigns.

By Sara Peters Senior Editor at Dark Reading, 9/23/2016

0 comments | Read | Post a Comment

7 Ways Cloud Alters The Security Equation

Would-be and existing customers must understand that security isn't set-and-forget just because it resides in the cloud.

By Terry Sweeney Contributing Editor, 9/23/2016

1 Comment | Read | Post a Comment

Latest Comment: Freesoft5, nice blog

An Open-Source Security Maturity Model

Commentary Video

Oh you don't run open-source code? Really? Christine Gadsby and Jake Kouns explain how to identify and secure all those open-source libraries and other third-party components lurking inside your applications, proprietary and otherwise.

By Sara Peters Senior Editor at Dark Reading, 9/23/2016

0 comments | Read | Post a Comment

D-FENSE! Using Research To Craft Effective Cyber Defenses

Commentary Video

A pair of experts from Imperva stops by the Dark Reading News Desk to chat.

By Dark Reading Staff , 9/23/2016

1 Comment | Read | Post a Comment

Latest Comment: Joshua11, Very interesting point of view, this is a very important subject

On-Premises & In The Cloud: Making Sense Of Your Cybersecurity Ecosystem

Yishai Beeri, Director of Cybersecurity Research, CloudLock

Commentary

As enterprises continue to invest in hybrid cloud strategies, they need their fragmented security solutions to work together.

By Yishai Beeri Director of Cybersecurity Research, CloudLock, 9/23/2016

0 comments | Read | Post a Comment

FTC Releases Video With Data Breach Recovery Advice

Quick Hits

The US Federal Trade Commission video has detailed instructions on what to do if personal data of a user is stolen and exposed.

By Dark Reading Staff , 9/23/2016

0 comments | Read | Post a Comment

Top Democrats Tell Putin To Halt Hacking Of US Political Parties

Quick Hits

Russia trying to influence November presidential elections, say Senator Dianne Feinstein and Rep. Adam Schiff.

By Dark Reading Staff , 9/23/2016

7 comments | Read | Post a Comment

Latest Comment: Dr.T, "... government how they must act ..." Also completely agree. They care less...

Biometric Skimmers Pose Emerging Threat To ATMs

News

Even as financial institutions move to shore up ATM security with biometric mechanisms, cybercrooks are busy figuring out ways to beat them.

By Jai Vijayan Freelance writer, 9/22/2016

1 Comment | Read | Post a Comment

Latest Comment: sillieabbe, It's really worrying that so many people are so tragically misinformed. ...

Yahoo Reveals Nation State-Borne Data Breach Affecting A Half-Billion Users

Kelly Jackson Higgins, Executive Editor at Dark Reading

News

But still unconfirmed is whether the newly revealed attack is related to recently dumped Yahoo user credentials in an online cybercrime forum.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/22/2016

9 comments | Read | Post a Comment

Latest Comment: Kelly Jackson Higgins, It will be interesting to see what if anything Verizon does security-wise for...

7 Factors That Make Security Organizations More Effective

News

(ISC)2 members have plenty of technical chops, but IANS research found they need to focus more on how infosec aligns with the business.

By Steve Zurier Freelance Writer, 9/22/2016

1 Comment | Read | Post a Comment

Latest Comment: ChandanaP946, Your approach to information security isn't just about preventing data breaches....

Snowden: Hollywood Highlights 2 Persistent Privacy Threats

Commentary

Oliver Stone’s movie shows us that while most of us have nothing to hide, we all have information worth protecting – both technically and constitutionally.

By Will Ackerly Co-Founder & CTO, Virtru, 9/22/2016

11 comments | Read | Post a Comment

Latest Comment: Whoopty, While I am concerned with the way that the world is moving in terms of personal...

10 Ways To Lock Down Third-Party Risk

Experts share ideas for closing potential security holes that leave organizations open to attack.

By Steve Zurier Freelance Writer, 9/22/2016

0 comments | Read | Post a Comment

Even A False Positive Can Be Valuable

Commentary

Sharing information about cyberthreats is important for the financial services industry, even when threats turn out to be not-so-threatening.

By Mark Clancy CEO, Soltra, 9/22/2016

0 comments | Read | Post a Comment

More Stories

Current Conversations

Posted by lorraine89

Cyber hackers are out there threatening us about their hacking attempts. I have using purevpn to secure my online connection and also to avoid any kind of gliches so as to avoid any kind of vulnerability in my connection....

In reply to: Cyber security
Post Your Own Reply

Posted by lorraine89

Nice informative article. Though no matter if it is Analytics vs. Encryption. or Prevention vs. Detection at the end of the day, the side which incorporates taking preventive measures before hand is the winning one....

In reply to: Cyber security
Post Your Own Reply

Posted by koconnor100

"You're demanding privacy and secrecy for yourself but that the same time denying the government of it even though they might be trying to defend your life with the same technology you only want to use to hide your...

In reply to: Re: DoJ, NSA , it's all USGov
Post Your Own Reply

Posted by koconnor100

My "exaggerated self importance" is that I am a human being and they (NSA) want a profile of EVERY HUMAN BEING on the planet. I don't claim to have any special importance over my next door neighbours, I merely claim...

In reply to: Re: DoJ, NSA , it's all USGov
Post Your Own Reply

Posted by Kelly Jackson Higgins

It will be interesting to see what if anything Verizon does security-wise for Yahoo customer accounts.

In reply to: Re: Most passwords hashed?
Post Your Own Reply

Posted by Dr.T

"... government how they must act ..." Also completely agree. They care less as US would not care what Russia think of US.

In reply to: Re: Proof?
Post Your Own Reply

Posted by Dr.T

It does not have to be Russian government doing it, anybody in Russia would love to have influence on US elections.

In reply to: Russian government?
Post Your Own Reply

Posted by Dr.T

"... ust what proof do they have? ..." Good question. if Russian hackers had a chance to hack any system in UC hey would do it I would say.

In reply to: Re: Proof?
Post Your Own Reply

Posted by Dr.T

"... dems told putin to stop ..." I agree. We just need to secure our systems, they will use any options available to them.

In reply to: Re: Thank goodness
Post Your Own Reply

Posted by Dr.T

It is not clear to me why we continue to discuss this and not having these systems secured in the first place. Political parties most likely hold information about public that should have been secured.

In reply to: Why not secure?
Post Your Own Reply

Posted by SteveMorris

Best solution - password managers with an encryption feature like Lastpass and Passwork (https://passwork.me).Both are designed for a for companies and collaboration, and you can also track passwords access as administrator...

In reply to: password managers and acces
Post Your Own Reply

Posted by SteveMorris

My password can be hacked in 327 centuries (according to the https://password.kaspersky.com/). And i am also using a password manager Passwork ((https://passwork.me) also using it at my job to store passwords...

In reply to: Re: ask the FBI
Post Your Own Reply

More Conversations

Products & Releases

Lenovo, Intel, Paypal And Synaptics Announce Collaboration To Bring Fido Authentication To Laptops

White Ops Increases Market Momentum with $20 Million Series B

Symantec Endpoint Protection Cloud Secures SMBs Against Growing Threats

Trusona Releases Cloud Identity Suite and Launches the #NoPasswords Revolution

Sophos Launches Next Generation of Anti-Exploit and Anti-Ransomware Technology With Sophos Intercept X

Introducing A New Secure Memory Stick

Optiv Security Launches Technology-Enabled Third-Party Risk Managed Service

Centrify’s Survey Finds Consumers More Concerned with Financial Data Getting Hacked than Private Information about Their Families Being Exposed

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

Snowden: Hollywood Highlights 2 Persistent Privacy Threats

Will Ackerly, Co-Founder & CTO, Virtru, 9/22/2016

Yahoo Reveals Nation State-Borne Data Breach Affecting A Half-Billion Users

Kelly Jackson Higgins, Executive Editor at Dark Reading, 9/22/2016

Top Democrats Tell Putin To Halt Hacking Of US Political Parties

Dark Reading Staff 9/23/2016

Partner Perspectives

What's This?

The Time Is Now To Address The Cybersecurity Talent Shortage In Unique Ways

Cultivating talent from unaccustomed outlets will benefit all of us. Read >>

Password Reuse: Don’t Mix Business With Personal

1 Comment

Government Accelerates Cyber Hiring

0 comments

More Stories

Partner Perspectives

What's This?

Breach Defense Playbook: Cybersecurity Governance

Time to leave the island: Integrate cybersecurity into your risk management strategy. Read >>

Breach Defense Playbook: Incident Response Readiness (Part 2)

0 comments

Breach Defense Playbook: Incident Response Readiness (Part 1)

0 comments

More Stories

Partner Perspectives

What's This?

Let's Get Smarter About Security By Working Together

We all need help, and only by working together can we move the needle on security. Read >>

Cybersecurity Self-Esteem: 4 Things Confident Teams Are Doing

0 comments

How the Adoption of EDR Transforms a SOC’s Effectiveness

0 comments

More Stories

Partner Perspectives

What's This?

Endpoint Security: Putting The Focus On What Matters

Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>

Are You Making This Endpoint Security Mistake?

0 comments

Asset Segmentation: The Key To Control

0 comments

More Stories

Live Events

Webinars

More UBM Tech
Live Events

Attend the Contact Center/Customer Experience at EC17

Making Skype for Business Work For Your Enterprise

Get Prepared for Big Data Breaches at GTEC

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: I still think we should have built our own nest, instead of buying a nest from Nest.

Cartoon Archive

Dark Reading Radio

Archived Dark Reading Radio

Understanding Cybercrime

Cybercrime has become a well-organized business, complete with job specialization, funding, and online customer service. Dark Reading editors speak to cybercrime experts on the evolution of the cybercrime economy and the nature of today's attackers.

UPCOMING!
Wednesday, October 19, 1pm EDT
The Cyber Skills Shortage

UPCOMING!
Wednesday, November 16, 1pm EST
Bug Bounties and the Zero-Day Trade

UPCOMING!
Wednesday, December 14, 1pm EST
The Coolest Hacks of 2016

FULL SCHEDULE | ARCHIVED SHOWS

White Papers

How to Choose an Aggregation Platform: The Security Picture

Data Analytics with Hadoop: O'Reilly Ebook

Securing Business Information in the Cloud

Business Process Apps for Finance & Purchasing for Dummies

Unified Communications & Collaboration: Clean-Up Guide

More White Papers

Current Issue

Five Emerging Security Threats - And What You Can Learn From Them

At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?

Download This Issue!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2013-7445

Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Reports

Infographics

10 Recommendations for Outsourcing Security

Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?

Download Now!

Title Partner’s Role in Perimeter Security

0 comments

Threat Intel Today

0 comments

DevOps’ Impact on Application Security

0 comments

More Reports