Dark Reading | Security | Protect The Business

Advertise With Us

About Us

Digital Subscription

Dark Reading Offers Cyber Security Crash Course At Interop 2015

7 Things You Should Know About Secure Payment Technology

Top Stories

Mobile Security By The Numbers

Dark Reading Offers Cyber Security Crash ...

From Hacking Systems To Hacking People

How To Reduce Spam & Phishing With DMARC

7 Things You Should Know About Secure ...

News & Commentary

North Korean Government Not Likely Behind Malware On Nation's Official News Site

News

Contrary to initial assumptions of North Korean government involvement, watering hole attack appears to be the work of external hackers -- and contains similarities to Darkhotel campaign, security researchers say.

By Jai Vijayan Freelance writer, 3/5/2015

0 comments | Read | Post a Comment

Apple Pay Fraud Gives Us A New Reason To Hate Data Breaches And SSNs

Sara Peters, Senior Editor at Dark Reading

News

There may already be millions of dollars in losses, but you can't blame Apple for this one.

By Sara Peters Senior Editor at Dark Reading, 3/4/2015

2 comments | Read | Post a Comment

Latest Comment: Pablo Valerio, @Sara, are US banks really stupid, or their systems so archaic? In Europe,...

Securing Our Electric Power Grid Is Critical

Highly complex infrastructure systems require protection against cyberattacks.

By Lorie Wigle Vice President, General Manager IOT Security Solutions, Intel Security Group, 3/4/2015

0 comments | Read | Post a Comment

A ‘Building Code’ For Internet of Things Security, Privacy

Greg Shannon, Ph.D., chair, IEEE Cybersecurity Initiative & Chief Scientist, CERT Division, Carnegie Mellon University Software Engineering Institute

Commentary

In the fast-emerging IoT, medical device safety is reaching a critical juncture. Here are three challenges InfoSec professionals should begin to think about now.

By Greg Shannon Ph.D., chair, IEEE Cybersecurity Initiative & Chief Scientist, CERT Division, Carnegie Mellon University Software Engineering Institute, 3/4/2015

1 Comment | Read | Post a Comment

Latest Comment: n0md3plum, I hate that term "Internet of things".

Enterprises Thirsting For Third-Party Threat Data

Ericka Chickowski, Contributing Writer, Dark Reading

News

New report shows enterprises more heavily weighing risks of data loss and cyber attacks in evaluation process.

By Ericka Chickowski Contributing Writer, Dark Reading, 3/3/2015

0 comments | Read | Post a Comment

Breach Victims Three Times Likelier To Be Identity Theft Victims

News

Twenty-eight percent of them say they later avoided the merchants that failed to protect their personal information.

By Sara Peters Senior Editor at Dark Reading, 3/3/2015

0 comments | Read | Post a Comment

FREAK Out: Yet Another New SSL/TLS Bug Found

Kelly Jackson Higgins, Executive Editor at Dark Reading

News

Old-school, export-grade crypto standard used until the 1990s can be triggered to downgrade security of client, servers, researchers find.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/3/2015

2 comments | Read | Post a Comment

Latest Comment: Kelly Jackson Higgins, SSL Labs also has a free scan service: https://www.ssllabs.com/ssltest/

Compliance & Security: A Race To The Bottom?

Kevin E. Greene, Software Assurance Program Manager, Department of Homeland Security Science & Technology Directorate

Commentary

Compliance is meaningless if organizations don’t use it as a starting point to understand and mitigate risks within their environment.

By Kevin E. Greene Software Assurance Program Manager, Department of Homeland Security Science & Technology Directorate, 3/3/2015

0 comments | Read | Post a Comment

What You Need To Know About Nation-State Hacked Hard Drives

News

The nation-state Equation Group compromise of most popular hard drives won't be a widespread threat, but future disk security -- and forensic integrity -- remain unclear.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/2/2015

11 comments | Read | Post a Comment

Latest Comment: Joe Stanganelli, You know air gaps aren't failsafe when the International Space Station gets...

Uber Takes Over 5 Months To Issue Breach Notification

Quick Hits

50,000 Uber drives just being told now that their names and license numbers were exposed.

By Dark Reading Staff , 3/2/2015

0 comments | Read | Post a Comment

5 Signs That The Firewall's Not Dead Yet

News

Demise of firewall is a long way off, according to recent survey results.

By Ericka Chickowski Contributing Writer, Dark Reading, 3/2/2015

0 comments | Read | Post a Comment

No Silver Bullets for Security

A quick-fix security solution for cyberphysical systems doesn’t exist.

By Lorie Wigle Vice President, General Manager IOT Security Solutions, Intel Security Group, 3/2/2015

1 Comment | Read | Post a Comment

latest comment macker490 the title of your essay would better be: "No Bullets for Security?" the reason...

Why Security Awareness Alone Won’t Stop Hackers

Commentary

End-user training is a noble pursuit but it’s no defense against “low and slow” attacks that take months and years to carry out.

By Saryu Nayyar CEO, Gurucul, 3/2/2015

5 comments | Read | Post a Comment

Latest Comment: jefawcet, Even with the best end user training you are doing well to get 50% effectiveness....

Dark Reading Offers Cyber Security Crash Course At Interop 2015

Tim Wilson, Editor in Chief, Dark Reading

Commentary

New, one-day event offers a way for IT pros to quickly catch up with the latest threats and defenses in information security.

By Tim Wilson Editor in Chief, Dark Reading, 3/2/2015

1 Comment | Read | Post a Comment

Latest Comment: Marilyn Cohodas, This sounds really fascinating. Will there be an online version for people...

Mobile Security By The Numbers

Rounding up the latest research on mobile malware and security practices.

By Ericka Chickowski , 3/2/2015

0 comments | Read | Post a Comment

Cyber Intelligence: Defining What You Know

Jason Polancich, Founder & Chief Architect, SurfWatchLabs

Commentary

Too often management settles for security data about things that are assumed rather than things you can prove or that you know are definitely wrong.

By Jason Polancich Founder & Chief Architect, SurfWatchLabs, 2/27/2015

1 Comment | Read | Post a Comment

Latest Comment: Mike Anders, There is a growing awareness that Cyber Intelligence is more than a sum of...

Hits Keep On Coming For Both SSL & Its Abusers

Quick Hits

Hacktivist group Lizard Squad punishes Lenovo with a DNS hijack. Will Comodo be next?

By Dark Reading Staff , 2/26/2015

4 comments | Read | Post a Comment

Latest Comment: RyanSepe, @Sara Peters. Thanks for clarifying. Although now I'm appalled that this is...

'Shadow' Cloud Services Rampant In Government Networks

News

Survey finds public sector employees use unmanaged cloud services just as much as private employees.

By Jai Vijayan Freelance writer, 2/26/2015

4 comments | Read | Post a Comment

Latest Comment: Grant C, I might coin it the Storm Cloud! Detecting and containing north/south...

How to Strengthen Enterprise Defenses against Ransomware

Eight essential ways that companies can enforce their borders.

By Alexandra Gheorghe Security Specialist, Bitdefender, 2/26/2015

3 comments | Read | Post a Comment

latest comment Joe Stanganelli One technique that some companies engage in (and consultants advise) is to...

How To Reduce Spam & Phishing With DMARC

Commentary

Providers of more than 3 billion email boxes have taken up a new Internet protocol to help put trust back into electronic messaging.

By Daniel Ingevaldson CTO, Easy Solutions, 2/26/2015

7 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, Attackers will adapt to any countermeasure, but they will have to absorb new...

More Stories

Current Conversations

Posted by Pablo Valerio

@Sara, are US banks really stupid, or their systems so archaic? In Europe, for many years, we need several special second authentication systems such as one-time security codes, coordinate cards, Chip+PIN. Just the fact...

In reply to: I don't get the US Banks' mentality
Post Your Own Reply

Posted by HAnatomi

Apple is also expected do something about the vulnerability that their Touch ID brings: Biometrics operated with a password in the OR/disjunction way (as in the case of iPhone) offers a lower security than when only...

In reply to: Convenience improved by bringing down security
Post Your Own Reply

Posted by Joe Stanganelli

You know air gaps aren't failsafe when the International Space Station gets infected by an astronaut's USB stick. ;) (As Kaspersky reported in late 2013.)

In reply to: Re: Infected conference materials
Post Your Own Reply

Posted by Joe Stanganelli

I remember, during a meeting with a manager at a client's bank, being stuck for a hard copy of a document that we needed. I asked if we could print it off of my personal USB stick. The banker was like, "Sure,...

In reply to: Re: Infected conference materials
Post Your Own Reply

Posted by n0md3plum

I hate that term "Internet of things".

In reply to: lame
Post Your Own Reply

Posted by Kaytana22

I agree, if you can get hackers to infiltrate suspects of child abuse (not just sexually but any other form as well), then I believe that the world would be a better place in the internet world. Thats the bad thing about...

In reply to: Re: Hackers Can and Do Help
Post Your Own Reply

Posted by Kelly Jackson Higgins

SSL Labs also has a free scan service: https://www.ssllabs.com/ssltest/

In reply to: Re: SSL FREAK Checker
Post Your Own Reply

Posted by TomS92801

Here's a useful SSL FREAK Checker: https://tools.keycdn.com/freak It lets you know if your site is vulnerable.

In reply to: SSL FREAK Checker
Post Your Own Reply

Posted by jefawcet

Even with the best end user training you are doing well to get 50% effectiveness. Supplement the end user training with removing the chance that they user will click on the spam link with a secure email gateway. ...

In reply to: Reduce the attack surface by taking out the user (somewhat)
Post Your Own Reply

Posted by Whoopty

Although the security concerns people have may not be that valid, the worrying part for me is what his sort of news does to the confidence people have in US businesses. Despite already big impacts on services and sales within...

In reply to: Knock on effects
Post Your Own Reply

Posted by Dr.T

Agree . Not only Hard Disk or USB devices, printer hacked in their firmware may give away path to the cover network, same things on CD, and other devices we have in the network such as switches, if you hacked hard disk you...

In reply to: Re: Infected conference materials
Post Your Own Reply

Posted by Dr.T

I agree, let's not accept anything from anybody. :--)). Remember nothing is free. I do not think vendors have any incentive for having, unless somebody else forces them to do so.

In reply to: Re: Infected conference materials
Post Your Own Reply

More Conversations

Products & Releases

Healthcare Organizations Lack Tools for Cyber Situational Awareness and Threat Assessment

Cloud Security Alliance Announces Release of Security Framework for Governmental Clouds

News: RADAR goes international/manages breaches in EU

Dtex Systems Closes $15M Series A Funding to Expand to U.S. Market and Relocate Headquarters to Silicon Valley

PandaLabs neutralized 75 million new malware samples in 2014, twice as many as in 2013

Hypori Unveils Virtual Mobile Infrastructure at Mobile World Congress

Survey Report: Majority of Service Providers Experienced DDoS Attacks, 85 Percent Experienced Customer Churn As a Result

Proofpoint Signs Definitive Agreement to Acquire Emerging Threats; Enhances Threat Intelligence, Detection and Response

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

What You Need To Know About Nation-State Hacked Hard Drives

Kelly Jackson Higgins, Executive Editor at Dark Reading, 3/2/2015

How To Reduce Spam & Phishing With DMARC

Daniel Ingevaldson, CTO, Easy Solutions, 2/26/2015

Why Security Awareness Alone Won't Stop Hackers

Saryu Nayyar, CEO, Gurucul, 3/2/2015

Partner Perspectives

What's This?

Securing Our Electric Power Grid Is Critical

Highly complex infrastructure systems require protection against cyberattacks. Read >>

No Silver Bullets for Security

1 Comment

Five Easiest Ways to Get Hacked – Part 2

2 comments

More Stories

Live Events

Webinars

More UBM Tech
Live Events

Join Security Experts at Black Hat Asia 2015

Security Lessons From The Front Lines: Heartland Payment Systems CEO Speaks Out

Women in IT Leadership Networking Breakfast

Cartoon

Latest Comment: You have to start recording at the beginning of the presentation because if you find it was worth recording at the end it's too late. There is no ...

Cartoon Archive

Dark Reading Radio

Archived Dark Reading Radio

How To Get More Involved In the IT Security Community

How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.

UPCOMING!
Wednesday, March 18, 1pm EDT
New Cybercrime Crackdown Could Backfire And Criminalize Security Professionals

FULL SCHEDULE | ARCHIVED SHOWS

White Papers

Capitalizing On Big Data: Managed Services Help Financial Firms Accelerate Big Data Projects

Edge Consolidation Delivers Peace of Mind for IT

Accelerate Microsoft Office 365 with SaaS

Mobility: How Are You Pacing Against Your Peers?

[eGuide] Advanced Threat Hunting

More White Papers

Current Issue

Dark Reading - March 2, 2015

Download This Issue!

Subscribe Now!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2014-8617

Published: 2015-03-04
Cross-site scripting (XSS) vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via the release parameter to module/re...

CVE-2015-0891

Published: 2015-03-04
Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Simple Board allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2015-0892

Published: 2015-03-04
Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Image Album allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2015-0893

Published: 2015-03-04
Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Relay Novel allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2015-2209

Published: 2015-03-04
DLGuard 4.5 allows remote attackers to obtain the installation path via the c parameter to index.php.

Reports

Infographics

10 Recommendations for Outsourcing Security

Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?

Download Now!

Title Partner’s Role in Perimeter Security

0 comments

Threat Intel Today

0 comments

DevOps’ Impact on Application Security

0 comments

More Reports