Dark Reading | Security | Protect The Business

Advertise With Us

About Us

Digital Subscription

Dark Reading Offers Cyber Security Crash Course At Interop 2015

7 Things You Should Know About Secure Payment Technology

Top Stories

Mobile Security By The Numbers

Dark Reading Offers Cyber Security Crash ...

From Hacking Systems To Hacking People

How To Reduce Spam & Phishing With DMARC

7 Things You Should Know About Secure ...

News & Commentary

Securing Our Electric Power Grid Is Critical

Highly complex infrastructure systems require protection against cyberattacks.

By Lorie Wigle Vice President, General Manager IOT Security Solutions, Intel Security Group, 3/4/2015

0 comments | Read | Post a Comment

A ‘Building Code’ For Internet of Things Security, Privacy

Greg Shannon, Ph.D., chair, IEEE Cybersecurity Initiative & Chief Scientist, CERT Division, Carnegie Mellon University Software Engineering Institute

Commentary

In the fast-emerging IoT, medical device safety is reaching a critical juncture. Here are three challenges InfoSec professionals should begin to think about now.

By Greg Shannon Ph.D., chair, IEEE Cybersecurity Initiative & Chief Scientist, CERT Division, Carnegie Mellon University Software Engineering Institute, 3/4/2015

0 comments | Read | Post a Comment

Enterprises Thirsting For Third-Party Threat Data

Ericka Chickowski, Contributing Writer, Dark Reading

News

New report shows enterprises more heavily weighing risks of data loss and cyber attacks in evaluation process.

By Ericka Chickowski Contributing Writer, Dark Reading, 3/3/2015

0 comments | Read | Post a Comment

Breach Victims Three Times Likelier To Be Identity Theft Victims

Sara Peters, Senior Editor at Dark Reading

News

Twenty-eight percent of them say they later avoided the merchants that failed to protect their personal information.

By Sara Peters Senior Editor at Dark Reading, 3/3/2015

0 comments | Read | Post a Comment

FREAK Out: Yet Another New SSL/TLS Bug Found

Kelly Jackson Higgins, Executive Editor at Dark Reading

News

Old-school, export-grade crypto standard used until the 1990s can be triggered to downgrade security of client, servers, researchers find.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/3/2015

2 comments | Read | Post a Comment

Latest Comment: Kelly Jackson Higgins, SSL Labs also has a free scan service: https://www.ssllabs.com/ssltest/

Compliance & Security: A Race To The Bottom?

Kevin E. Greene, Software Assurance Program Manager, Department of Homeland Security Science & Technology Directorate

Commentary

Compliance is meaningless if organizations don’t use it as a starting point to understand and mitigate risks within their environment.

By Kevin E. Greene Software Assurance Program Manager, Department of Homeland Security Science & Technology Directorate, 3/3/2015

0 comments | Read | Post a Comment

What You Need To Know About Nation-State Hacked Hard Drives

News

The nation-state Equation Group compromise of most popular hard drives won't be a widespread threat, but future disk security -- and forensic integrity -- remain unclear.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/2/2015

9 comments | Read | Post a Comment

Latest Comment: Whoopty, Although the security concerns people have may not be that valid, the worrying...

Uber Takes Over 5 Months To Issue Breach Notification

Quick Hits

50,000 Uber drives just being told now that their names and license numbers were exposed.

By Dark Reading Staff , 3/2/2015

0 comments | Read | Post a Comment

5 Signs That The Firewall's Not Dead Yet

News

Demise of firewall is a long way off, according to recent survey results.

By Ericka Chickowski Contributing Writer, Dark Reading, 3/2/2015

0 comments | Read | Post a Comment

No Silver Bullets for Security

A quick-fix security solution for cyberphysical systems doesn’t exist.

By Lorie Wigle Vice President, General Manager IOT Security Solutions, Intel Security Group, 3/2/2015

1 Comment | Read | Post a Comment

latest comment macker490 the title of your essay would better be: "No Bullets for Security?" the reason...

Why Security Awareness Alone Won’t Stop Hackers

Commentary

End-user training is a noble pursuit but it’s no defense against “low and slow” attacks that take months and years to carry out.

By Saryu Nayyar CEO, Gurucul, 3/2/2015

5 comments | Read | Post a Comment

Latest Comment: jefawcet, Even with the best end user training you are doing well to get 50% effectiveness....

Dark Reading Offers Cyber Security Crash Course At Interop 2015

Tim Wilson, Editor in Chief, Dark Reading

Commentary

New, one-day event offers a way for IT pros to quickly catch up with the latest threats and defenses in information security.

By Tim Wilson Editor in Chief, Dark Reading, 3/2/2015

1 Comment | Read | Post a Comment

Latest Comment: Marilyn Cohodas, This sounds really fascinating. Will there be an online version for people...

Mobile Security By The Numbers

Rounding up the latest research on mobile malware and security practices.

By Ericka Chickowski , 3/2/2015

0 comments | Read | Post a Comment

Cyber Intelligence: Defining What You Know

Jason Polancich, Founder & Chief Architect, SurfWatchLabs

Commentary

Too often management settles for security data about things that are assumed rather than things you can prove or that you know are definitely wrong.

By Jason Polancich Founder & Chief Architect, SurfWatchLabs, 2/27/2015

1 Comment | Read | Post a Comment

Latest Comment: Mike Anders, There is a growing awareness that Cyber Intelligence is more than a sum of...

Hits Keep On Coming For Both SSL & Its Abusers

Quick Hits

Hacktivist group Lizard Squad punishes Lenovo with a DNS hijack. Will Comodo be next?

By Dark Reading Staff , 2/26/2015

4 comments | Read | Post a Comment

Latest Comment: RyanSepe, @Sara Peters. Thanks for clarifying. Although now I'm appalled that this is...

'Shadow' Cloud Services Rampant In Government Networks

News

Survey finds public sector employees use unmanaged cloud services just as much as private employees.

By Jai Vijayan Freelance writer, 2/26/2015

4 comments | Read | Post a Comment

Latest Comment: Grant C, I might coin it the Storm Cloud! Detecting and containing north/south...

How to Strengthen Enterprise Defenses against Ransomware

Eight essential ways that companies can enforce their borders.

By Alexandra Gheorghe Security Specialist, Bitdefender, 2/26/2015

3 comments | Read | Post a Comment

latest comment Joe Stanganelli One technique that some companies engage in (and consultants advise) is to...

How To Reduce Spam & Phishing With DMARC

Commentary

Providers of more than 3 billion email boxes have taken up a new Internet protocol to help put trust back into electronic messaging.

By Daniel Ingevaldson CTO, Easy Solutions, 2/26/2015

7 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, Attackers will adapt to any countermeasure, but they will have to absorb new...

5 New Vulnerabilities Uncovered In SAP

News

Onapsis researchers find bugs in SAP BusinessObjects and SAP HANA.

By Ericka Chickowski Contributing Writer, Dark Reading, 2/26/2015

1 Comment | Read | Post a Comment

Latest Comment: articlereader, The above mentioned vulnerabilities are resolved by the relevant SAP Security...

Millions Of Non-Anthem Customers Also Hit By Anthem Breach

Quick Hits

Blue Cross Blue Shield customers -- as many as 8.8 to 18.8 million of them -- might have also had their data compromised.

By Dark Reading Staff , 2/25/2015

4 comments | Read | Post a Comment

Latest Comment: Sara Peters, @Marilyn So true. And it seems like we never really understand how this...

More Stories

Current Conversations

Posted by Kelly Jackson Higgins

SSL Labs also has a free scan service: https://www.ssllabs.com/ssltest/

In reply to: Re: SSL FREAK Checker
Post Your Own Reply

Posted by TomS92801

Here's a useful SSL FREAK Checker: https://tools.keycdn.com/freak It lets you know if your site is vulnerable.

In reply to: SSL FREAK Checker
Post Your Own Reply

Posted by jefawcet

Even with the best end user training you are doing well to get 50% effectiveness. Supplement the end user training with removing the chance that they user will click on the spam link with a secure email gateway. ...

In reply to: Reduce the attack surface by taking out the user (somewhat)
Post Your Own Reply

Posted by Whoopty

Although the security concerns people have may not be that valid, the worrying part for me is what his sort of news does to the confidence people have in US businesses. Despite already big impacts on services and sales within...

In reply to: Knock on effects
Post Your Own Reply

Posted by Dr.T

Agree . Not only Hard Disk or USB devices, printer hacked in their firmware may give away path to the cover network, same things on CD, and other devices we have in the network such as switches, if you hacked hard disk you...

In reply to: Re: Infected conference materials
Post Your Own Reply

Posted by Dr.T

I agree, let's not accept anything from anybody. :--)). Remember nothing is free. I do not think vendors have any incentive for having, unless somebody else forces them to do so.

In reply to: Re: Infected conference materials
Post Your Own Reply

Posted by Dr.T

I hear you. It is not only USB device problem. Any device connected any other decide is a risk to each other one way or another. They both need to be secure. If you have device at the firmware level no need to talk about...

In reply to: Re: Infected conference materials
Post Your Own Reply

Posted by Dr.T

If malware is in the firmware then it is most likely embedded into those ROM devices where it is read only unless you touch the firmware and reprogram it. Malware in firmware is a good way of hacking a system :--))

In reply to: Malware in the firmware
Post Your Own Reply

Posted by Kelly Jackson Higgins

@aws0513, you hit on a key problem of the inherent challenge of taking technology away from users once the horse has left the barn. And even if you do airgap a system, there are still risks to it, such as an infected CD-ROM...

In reply to: Re: Infected conference materials
Post Your Own Reply

Posted by PreetiS347

I believe the concept of security should start right from the elementary school. The kids in school use computers. They should be given security classes as well. This process in the long run will inculcate the security...

In reply to: Re: Security culture
Post Your Own Reply

Posted by aws0513

It is the classic "what is old is new again" scenario. Moreover, the ubiquity of USB storage devices has made it very difficult to proactively mitigate USB storage device risks. Even though it is a policy at my current...

In reply to: Re: Infected conference materials
Post Your Own Reply

Posted by grimwiz

You have to start recording at the beginning of the presentation because if you find it was worth recording at the end it's too late. There is no cost for speculative recording. The next frame of the cartoon will show a...

In reply to: Re: Been there..
Post Your Own Reply

More Conversations

Products & Releases

Healthcare Organizations Lack Tools for Cyber Situational Awareness and Threat Assessment

News: RADAR goes international/manages breaches in EU

Dtex Systems Closes $15M Series A Funding to Expand to U.S. Market and Relocate Headquarters to Silicon Valley

PandaLabs neutralized 75 million new malware samples in 2014, twice as many as in 2013

Hypori Unveils Virtual Mobile Infrastructure at Mobile World Congress

Survey Report: Majority of Service Providers Experienced DDoS Attacks, 85 Percent Experienced Customer Churn As a Result

Proofpoint Signs Definitive Agreement to Acquire Emerging Threats; Enhances Threat Intelligence, Detection and Response

VOIPSEC Launches ‘Voice Firewall’ Solution For Cost-Effective Voice-Over-Ip Security

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

What You Need To Know About Nation-State Hacked Hard Drives

Kelly Jackson Higgins, Executive Editor at Dark Reading, 3/2/2015

How To Reduce Spam & Phishing With DMARC

Daniel Ingevaldson, CTO, Easy Solutions, 2/26/2015

Why Security Awareness Alone Won't Stop Hackers

Saryu Nayyar, CEO, Gurucul, 3/2/2015

Partner Perspectives

What's This?

Securing Our Electric Power Grid Is Critical

Highly complex infrastructure systems require protection against cyberattacks. Read >>

No Silver Bullets for Security

1 Comment

Five Easiest Ways to Get Hacked – Part 2

2 comments

More Stories

Live Events

Webinars

More UBM Tech
Live Events

Join Security Experts at Black Hat Asia 2015

ConocoPhillips: Analytics For All

Embracing the Bring-Your-Own-App Phenomenon

Cartoon

Latest Comment: You have to start recording at the beginning of the presentation because if you find it was worth recording at the end it's too late. There is no ...

Cartoon Archive

Dark Reading Radio

Archived Dark Reading Radio

How To Get More Involved In the IT Security Community

How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.

UPCOMING!
Wednesday, March 18, 1pm EDT
New Cybercrime Crackdown Could Backfire And Criminalize Security Professionals

FULL SCHEDULE | ARCHIVED SHOWS

White Papers

Capitalizing On Big Data: Managed Services Help Financial Firms Accelerate Big Data Projects

Powering the Hybrid Enterprise

Securing Edge Data at the Center

Putting Customers 1st: Managing the End User Experience

The Rise of Freelancer Management Systems

More White Papers

Current Issue

Dark Reading - March 2, 2015

Download This Issue!

Subscribe Now!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2014-7896

Published: 2015-03-03
Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered Storage Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Replication Manager 6.x and 7.x before ...

CVE-2014-9283

Published: 2015-03-03
The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors.

CVE-2014-9683

Published: 2015-03-03
Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.

CVE-2015-0656

Published: 2015-03-03
Cross-site scripting (XSS) vulnerability in the login page in Cisco Network Analysis Module (NAM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCum81269.

CVE-2015-0890

Published: 2015-03-03
The BestWebSoft Google Captcha (aka reCAPTCHA) plugin before 1.13 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors.

Reports

Infographics

10 Recommendations for Outsourcing Security

Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?

Download Now!

Title Partner’s Role in Perimeter Security

0 comments

Threat Intel Today

0 comments

DevOps’ Impact on Application Security

0 comments

More Reports