Dark Reading | Security | Protect The Business

Advertise With Us

About Us

Digital Subscription

Dark Reading Offers Cyber Security Crash Course At Interop 2015

7 Things You Should Know About Secure Payment Technology

Top Stories

Mobile Security By The Numbers

Dark Reading Offers Cyber Security Crash ...

From Hacking Systems To Hacking People

How To Reduce Spam & Phishing With DMARC

7 Things You Should Know About Secure ...

News & Commentary

What You Need To Know About Nation-State Hacked Hard Drives

Kelly Jackson Higgins, Executive Editor at Dark Reading

News

The nation-state Equation Group compromise of most popular hard drives won't be a widespread threat, but future disk security -- and forensic integrity -- remain unclear.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/2/2015

2 comments | Read | Post a Comment

Latest Comment: Kelly Jackson Higgins, Seriously! It's kind of the oldest trick in the book (of course, 6 years ago,...

Uber Takes Over 5 Months To Issue Breach Notification

Quick Hits

50,000 Uber drives just being told now that their names and license numbers were exposed.

By Dark Reading Staff , 3/2/2015

0 comments | Read | Post a Comment

5 Signs That The Firewall's Not Dead Yet

Ericka Chickowski, Contributing Writer, Dark Reading

News

Demise of firewall is a long way off, according to recent survey results.

By Ericka Chickowski Contributing Writer, Dark Reading, 3/2/2015

0 comments | Read | Post a Comment

No Silver Bullets for Security

A quick-fix security solution for cyberphysical systems doesn’t exist.

By Lorie Wigle Vice President, General Manager IOT Security Solutions, Intel Security Group, 3/2/2015

0 comments | Read | Post a Comment

Why Security Awareness Alone Won’t Stop Hackers

Commentary

End-user training is a noble pursuit but it’s no defense against “low and slow” attacks that take months and years to carry out.

By Saryu Nayyar CEO, Gurucul, 3/2/2015

2 comments | Read | Post a Comment

Latest Comment: SSERGIO123, The weak link is the hacker´s command and control server. If we analize...

Dark Reading Offers Cyber Security Crash Course At Interop 2015

Tim Wilson, Editor in Chief, Dark Reading

Commentary

New, one-day event offers a way for IT pros to quickly catch up with the latest threats and defenses in information security.

By Tim Wilson Editor in Chief, Dark Reading, 3/2/2015

0 comments | Read | Post a Comment

Mobile Security By The Numbers

Rounding up the latest research on mobile malware and security practices.

By Ericka Chickowski , 3/2/2015

0 comments | Read | Post a Comment

Cyber Intelligence: Defining What You Know

Jason Polancich, Founder & Chief Architect, SurfWatchLabs

Commentary

Too often management settles for security data about things that are assumed rather than things you can prove or that you know are definitely wrong.

By Jason Polancich Founder & Chief Architect, SurfWatchLabs, 2/27/2015

1 Comment | Read | Post a Comment

Latest Comment: Mike Anders, There is a growing awareness that Cyber Intelligence is more than a sum of...

Hits Keep On Coming For Both SSL & Its Abusers

Quick Hits

Hacktivist group Lizard Squad punishes Lenovo with a DNS hijack. Will Comodo be next?

By Dark Reading Staff , 2/26/2015

4 comments | Read | Post a Comment

Latest Comment: RyanSepe, @Sara Peters. Thanks for clarifying. Although now I'm appalled that this is...

'Shadow' Cloud Services Rampant In Government Networks

News

Survey finds public sector employees use unmanaged cloud services just as much as private employees.

By Jai Vijayan Freelance writer, 2/26/2015

4 comments | Read | Post a Comment

Latest Comment: Grant C, I might coin it the Storm Cloud! Detecting and containing north/south...

How to Strengthen Enterprise Defenses against Ransomware

Eight essential ways that companies can enforce their borders.

By Alexandra Gheorghe Security Specialist, Bitdefender, 2/26/2015

3 comments | Read | Post a Comment

latest comment Joe Stanganelli One technique that some companies engage in (and consultants advise) is to...

How To Reduce Spam & Phishing With DMARC

Commentary

Providers of more than 3 billion email boxes have taken up a new Internet protocol to help put trust back into electronic messaging.

By Daniel Ingevaldson CTO, Easy Solutions, 2/26/2015

6 comments | Read | Post a Comment

Latest Comment: dingevaldson, @MrSmith01--that may be the case because Target has published a DMARC policy....

5 New Vulnerabilities Uncovered In SAP

News

Onapsis researchers find bugs in SAP BusinessObjects and SAP HANA.

By Ericka Chickowski Contributing Writer, Dark Reading, 2/26/2015

1 Comment | Read | Post a Comment

Latest Comment: articlereader, The above mentioned vulnerabilities are resolved by the relevant SAP Security...

Millions Of Non-Anthem Customers Also Hit By Anthem Breach

Quick Hits

Blue Cross Blue Shield customers -- as many as 8.8 to 18.8 million of them -- might have also had their data compromised.

By Dark Reading Staff , 2/25/2015

4 comments | Read | Post a Comment

Latest Comment: Sara Peters, @Marilyn So true. And it seems like we never really understand how this...

Ramnit Botnet Disrupted By International Public-Private Collaboration

Sara Peters, Senior Editor at Dark Reading

News

Europol leads the effort to bring down the bank credential-stealing botnet that infected 3.2 million computers across the globe.

By Sara Peters Senior Editor at Dark Reading, 2/25/2015

0 comments | Read | Post a Comment

Gemalto: NSA, GCHQ May Have Been Behind Breaches It Suffered In 2010 And 2011

News

But the 'sophisticated' attacks hit only Gemalto office networks--not 'massive theft' of SIM crypto keys, vendor says, and such an attack, if waged, would only affect 2G networks, not 3G or 4G.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/25/2015

3 comments | Read | Post a Comment

Latest Comment: Pablo Valerio, @Kelly, if there is a strong believe that the keys are compromised they could...

Five Easiest Ways to Get Hacked – Part 2

Continuing a conversation with principal security consultant Amit Bagree

By Carric Dooley WW VP of Foundstone Services, Intel Security, 2/25/2015

2 comments | Read | Post a Comment

latest comment Joe Stanganelli An important yet oft overlooked aspect of a good patch management strategy:...

Customers Aren’t the Only Victims: 5 Stages Of Data Breach Grief

Ricky Link, Managing Director, Coalfire Systems, Southwest Region

Commentary

What can we learn from organizations that have experienced a data beach? For one thing, infosec teams on the front lines of cyber security are also victims.

By Ricky Link Managing Director, Coalfire Systems, Southwest Region, 2/25/2015

3 comments | Read | Post a Comment

Latest Comment: Lewa, I totally agree with you on this. Most companies that have suffered a breach...

5 Ways To Prepare For IoT Security Risks

News

As the Internet of Things begins to take shape, IT organizations must prepare for change.

By Jai Vijayan Freelance writer, 2/24/2015

0 comments | Read | Post a Comment

Medical Identity Theft Costs Victims $13,450 Apiece

News

New study shows not only is medical identity fraud costly for individuals, it's happening a lot more often.

By Sara Peters Senior Editor at Dark Reading, 2/24/2015

8 comments | Read | Post a Comment

Latest Comment: Joe Stanganelli, That's funny, Marilyn; it seems I *always* have to present my medical ID whenever...

More Stories

Current Conversations

Posted by grimwiz

The 12 inch samsung galaxy pro is as large as the tablets in the cartoon, fast with lots of storage so it's probably very handy to capture a presentation and share it on YouTube.

In reply to: Re: Been there..
Post Your Own Reply

Posted by SSERGIO123

The weak link is the hacker´s command and control server. If we analize all outbound IPs, we will detect those which are not kosher and will be able to block them. Hard work? Yes. So?

In reply to: Weak link
Post Your Own Reply

Posted by Kelly Jackson Higgins

Seriously! It's kind of the oldest trick in the book (of course, 6 years ago, it was a relatively new trick).

In reply to: Re: Infected conference materials
Post Your Own Reply

Posted by Joe Stanganelli

Stories like these make me paranoid to ever again accept a flash drive from a vendor at a conference!

In reply to: Infected conference materials
Post Your Own Reply

Posted by Joe Stanganelli

This is the difference between security awareness in certain offices (the C-suite, the compliance/audit department, the general counsel's office, etc.) and security culture. It comes down to convincing everyone,...

In reply to: Security culture
Post Your Own Reply

Posted by articlereader

The above mentioned vulnerabilities are resolved by the relevant SAP Security Notes SAP Business Objects Unauthorized File Repository Server Write via CORBA - 2018681 SAP Business Objects Unauthorized File Repository...

In reply to: SAP Security notes for the above mentioned vulnerabilities
Post Your Own Reply

Posted by Mike Anders

There is a growing awareness that Cyber Intelligence is more than a sum of all threat feeds! Unfortunately, for many, adopting an "intelligence-based" Cyber security mindset seems difficult. In practice, however, it is far...

In reply to: Cyber Intelligence and knowing what you know!
Post Your Own Reply

Posted by Joe Stanganelli

Reminds me of a story a friend recently told me. Sitting at an airport gate not too long ago, she watched as a mortgage executive sitting next to her with a bag full of sensitive PII documents (FNMA 1003s and the like)...

In reply to: Watch your back low-tech-wise.
Post Your Own Reply

Posted by Joe Stanganelli

An important yet oft overlooked aspect of a good patch management strategy: implement everything in a testbed first. Test everything with everything. Otherwise, you could really screw things up -- especially...

In reply to: Testing patches
Post Your Own Reply

Posted by dingevaldson

@MrSmith01--that may be the case because Target has published a DMARC policy. As more and more brands do so, and move that policy from monitor mode to reject, more and more attackers will be forced to use sister/cousin...

In reply to: Re: DMARC is not going to stop phishing
Post Your Own Reply

Posted by Grant C

I might coin it the Storm Cloud! Detecting and containing north/south and east/west bound data in the cloud - especially the one off SaaS sloutions - is tricky at best is seems. Not to mention auditing identities,...

In reply to: Storm Cloud!
Post Your Own Reply

Posted by Joe Stanganelli

That's funny, Marilyn; it seems I *always* have to present my medical ID whenever I go in for a doctor's appointment. I guess it depends where you go.

In reply to: Re: An example > borrow insurance?
Post Your Own Reply

More Conversations

Products & Releases

Proofpoint Signs Definitive Agreement to Acquire Emerging Threats; Enhances Threat Intelligence, Detection and Response

Emailage Raises $3.8 Million

ForeScout Appoints Former Intel Security President Michael DeCesare as CEO

BMC and Qualys Join Forces to Improve Enterprise Security

Onapsis Uncovers Five New Vulnerabilities Affecting SAP BusinessObjects and SAP HANA

SEWORKS Launches AppSecu.re, SaaS-Based Security Service to Provide App Protection for Android Developers Worldwide

Lumeta Announces Strategic Partnership with Nordisk Systems, Inc.

Digital Guardian Launches Digital Guardian 7.0 for Data Protection Against All Threats

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

7 Things You Should Know About Secure Payment Technology

Sara Peters, Senior Editor at Dark Reading, 2/24/2015

From Hacking Systems To Hacking People

Larry Ponemon, Chairman & Founder, Ponemon Institute, 2/24/2015

Medical Identity Theft Costs Victims $13,450 Apiece

Sara Peters, Senior Editor at Dark Reading, 2/24/2015

Partner Perspectives

What's This?

No Silver Bullets for Security

A quick-fix security solution for cyberphysical systems doesn't exist. Read >>

Five Easiest Ways to Get Hacked – Part 2

2 comments

Five Easiest Ways to Get Hacked – Part 1

0 comments

More Stories

Live Events

Webinars

More UBM Tech
Live Events

Join Security Experts at Black Hat Asia 2015

Making Cloud Storage Work For Your Organization

Interop Las Vegas Full & Half-Day Workshops

Cartoon

Latest Comment: The 12 inch samsung galaxy pro is as large as the tablets in the cartoon, fast with lots of storage so it's probably very handy to capture a ...

Cartoon Archive

Dark Reading Radio

Archived Dark Reading Radio

How To Get More Involved In the IT Security Community

How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.

UPCOMING!
Wednesday, March 18, 1pm EDT
New Cybercrime Crackdown Could Backfire And Criminalize Security Professionals

FULL SCHEDULE | ARCHIVED SHOWS

White Papers

Capitalizing On Big Data: Managed Services Help Financial Firms Accelerate Big Data Projects

[Mobility Report] Assess, Model, Strategize and Innovate

Adallom for AWS

SATA vs. PCIe Solid-State Storage Solutions for MySQL Environments

Breach Detection: What you need to know

More White Papers

Current Issue

Dark Reading - March 2, 2015

Download This Issue!

Subscribe Now!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2014-7896

Published: 2015-03-03
Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered Storage Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Replication Manager 6.x and 7.x before ...

CVE-2014-9283

Published: 2015-03-03
The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors.

CVE-2014-9683

Published: 2015-03-03
Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.

CVE-2015-0890

Published: 2015-03-03
The BestWebSoft Google Captcha (aka reCAPTCHA) plugin before 1.13 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors.

CVE-2015-2168

Published: 2015-03-03
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none.

Reports

Infographics

10 Recommendations for Outsourcing Security

Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?

Download Now!

Title Partner’s Role in Perimeter Security

0 comments

Threat Intel Today

0 comments

DevOps’ Impact on Application Security

0 comments

More Reports