Dark Reading | Security | Protect The Business

Advertise With Us

About Us

Digital Subscription

Dark Reading Offers Cyber Security Crash Course At Interop 2015

7 Things You Should Know About Secure Payment Technology

Top Stories

Mobile Security By The Numbers

Dark Reading Offers Cyber Security Crash ...

From Hacking Systems To Hacking People

How To Reduce Spam & Phishing With DMARC

7 Things You Should Know About Secure ...

News & Commentary

Compliance & Security: A Race To The Bottom?

Kevin E. Greene, Software Assurance Program Manager, Department of Homeland Security Science & Technology Directorate

Commentary

Compliance is meaningless if organizations don’t use it as a starting point to understand and mitigate risks within their environment.

By Kevin E. Greene Software Assurance Program Manager, Department of Homeland Security Science & Technology Directorate, 3/3/2015

0 comments | Read | Post a Comment

What You Need To Know About Nation-State Hacked Hard Drives

Kelly Jackson Higgins, Executive Editor at Dark Reading

News

The nation-state Equation Group compromise of most popular hard drives won't be a widespread threat, but future disk security -- and forensic integrity -- remain unclear.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/2/2015

3 comments | Read | Post a Comment

Latest Comment: aws0513, It is the classic "what is old is new again" scenario. Moreover, the ubiquity...

Uber Takes Over 5 Months To Issue Breach Notification

Quick Hits

50,000 Uber drives just being told now that their names and license numbers were exposed.

By Dark Reading Staff , 3/2/2015

0 comments | Read | Post a Comment

5 Signs That The Firewall's Not Dead Yet

Ericka Chickowski, Contributing Writer, Dark Reading

News

Demise of firewall is a long way off, according to recent survey results.

By Ericka Chickowski Contributing Writer, Dark Reading, 3/2/2015

0 comments | Read | Post a Comment

No Silver Bullets for Security

A quick-fix security solution for cyberphysical systems doesn’t exist.

By Lorie Wigle Vice President, General Manager IOT Security Solutions, Intel Security Group, 3/2/2015

1 Comment | Read | Post a Comment

latest comment macker490 the title of your essay would better be: "No Bullets for Security?" the reason...

Why Security Awareness Alone Won’t Stop Hackers

Commentary

End-user training is a noble pursuit but it’s no defense against “low and slow” attacks that take months and years to carry out.

By Saryu Nayyar CEO, Gurucul, 3/2/2015

3 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, I think a self audit could work for me, if the emails/reports were concise...

Dark Reading Offers Cyber Security Crash Course At Interop 2015

Tim Wilson, Editor in Chief, Dark Reading

Commentary

New, one-day event offers a way for IT pros to quickly catch up with the latest threats and defenses in information security.

By Tim Wilson Editor in Chief, Dark Reading, 3/2/2015

1 Comment | Read | Post a Comment

Latest Comment: Marilyn Cohodas, This sounds really fascinating. Will there be an online version for people...

Mobile Security By The Numbers

Rounding up the latest research on mobile malware and security practices.

By Ericka Chickowski , 3/2/2015

0 comments | Read | Post a Comment

Cyber Intelligence: Defining What You Know

Jason Polancich, Founder & Chief Architect, SurfWatchLabs

Commentary

Too often management settles for security data about things that are assumed rather than things you can prove or that you know are definitely wrong.

By Jason Polancich Founder & Chief Architect, SurfWatchLabs, 2/27/2015

1 Comment | Read | Post a Comment

Latest Comment: Mike Anders, There is a growing awareness that Cyber Intelligence is more than a sum of...

Hits Keep On Coming For Both SSL & Its Abusers

Quick Hits

Hacktivist group Lizard Squad punishes Lenovo with a DNS hijack. Will Comodo be next?

By Dark Reading Staff , 2/26/2015

4 comments | Read | Post a Comment

Latest Comment: RyanSepe, @Sara Peters. Thanks for clarifying. Although now I'm appalled that this is...

'Shadow' Cloud Services Rampant In Government Networks

News

Survey finds public sector employees use unmanaged cloud services just as much as private employees.

By Jai Vijayan Freelance writer, 2/26/2015

4 comments | Read | Post a Comment

Latest Comment: Grant C, I might coin it the Storm Cloud! Detecting and containing north/south...

How to Strengthen Enterprise Defenses against Ransomware

Eight essential ways that companies can enforce their borders.

By Alexandra Gheorghe Security Specialist, Bitdefender, 2/26/2015

3 comments | Read | Post a Comment

latest comment Joe Stanganelli One technique that some companies engage in (and consultants advise) is to...

How To Reduce Spam & Phishing With DMARC

Commentary

Providers of more than 3 billion email boxes have taken up a new Internet protocol to help put trust back into electronic messaging.

By Daniel Ingevaldson CTO, Easy Solutions, 2/26/2015

7 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, Attackers will adapt to any countermeasure, but they will have to absorb new...

5 New Vulnerabilities Uncovered In SAP

News

Onapsis researchers find bugs in SAP BusinessObjects and SAP HANA.

By Ericka Chickowski Contributing Writer, Dark Reading, 2/26/2015

1 Comment | Read | Post a Comment

Latest Comment: articlereader, The above mentioned vulnerabilities are resolved by the relevant SAP Security...

Millions Of Non-Anthem Customers Also Hit By Anthem Breach

Quick Hits

Blue Cross Blue Shield customers -- as many as 8.8 to 18.8 million of them -- might have also had their data compromised.

By Dark Reading Staff , 2/25/2015

4 comments | Read | Post a Comment

Latest Comment: Sara Peters, @Marilyn So true. And it seems like we never really understand how this...

Ramnit Botnet Disrupted By International Public-Private Collaboration

Sara Peters, Senior Editor at Dark Reading

News

Europol leads the effort to bring down the bank credential-stealing botnet that infected 3.2 million computers across the globe.

By Sara Peters Senior Editor at Dark Reading, 2/25/2015

0 comments | Read | Post a Comment

Gemalto: NSA, GCHQ May Have Been Behind Breaches It Suffered In 2010 And 2011

News

But the 'sophisticated' attacks hit only Gemalto office networks--not 'massive theft' of SIM crypto keys, vendor says, and such an attack, if waged, would only affect 2G networks, not 3G or 4G.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/25/2015

3 comments | Read | Post a Comment

Latest Comment: Pablo Valerio, @Kelly, if there is a strong believe that the keys are compromised they could...

Five Easiest Ways to Get Hacked – Part 2

Continuing a conversation with principal security consultant Amit Bagree

By Carric Dooley WW VP of Foundstone Services, Intel Security, 2/25/2015

2 comments | Read | Post a Comment

latest comment Joe Stanganelli An important yet oft overlooked aspect of a good patch management strategy:...

Customers Aren’t the Only Victims: 5 Stages Of Data Breach Grief

Ricky Link, Managing Director, Coalfire Systems, Southwest Region

Commentary

What can we learn from organizations that have experienced a data beach? For one thing, infosec teams on the front lines of cyber security are also victims.

By Ricky Link Managing Director, Coalfire Systems, Southwest Region, 2/25/2015

3 comments | Read | Post a Comment

Latest Comment: Lewa, I totally agree with you on this. Most companies that have suffered a breach...

5 Ways To Prepare For IoT Security Risks

News

As the Internet of Things begins to take shape, IT organizations must prepare for change.

By Jai Vijayan Freelance writer, 2/24/2015

0 comments | Read | Post a Comment

More Stories

Current Conversations

Posted by aws0513

It is the classic "what is old is new again" scenario. Moreover, the ubiquity of USB storage devices has made it very difficult to proactively mitigate USB storage device risks. Even though it is a policy at my current...

In reply to: Re: Infected conference materials
Post Your Own Reply

Posted by grimwiz

You have to start recording at the beginning of the presentation because if you find it was worth recording at the end it's too late. There is no cost for speculative recording. The next frame of the cartoon will show a...

In reply to: Re: Been there..
Post Your Own Reply

Posted by Marilyn Cohodas

Attackers will adapt to any countermeasure, but they will have to absorb new costs, take on new risks and settle for smaller returns. That sounds like an effective countermeasure for the defenders, to me. Anything that...

In reply to: Re: DMARC is not going to stop phishing
Post Your Own Reply

Posted by macker490

the title of your essay would better be: "No Bullets for Security?" the reason is simple: if we keep on doing things the way we have we will continue to get the same results: hackers will makes fools of us all. the first...

In reply to: No Bullets for Security?
Post Your Own Reply

Posted by Marilyn Cohodas

This sounds really fascinating. Will there be an online version for people who can't make it to InterOp? Radio show, rebroadcast or other virtual way to participate?

In reply to: Great idea!
Post Your Own Reply

Posted by Marilyn Cohodas

I think a self audit could work for me, if the emails/reports were concise and showed me my activity in a manner that was easy to scan and spot anomalies. I get a spam filter report every day. And while I don't religiously...

In reply to: Re: Security culture > self audit
Post Your Own Reply

Posted by Marilyn Cohodas

Good point,@grimwiz. Do you users would really be using their tablets to capture a security awareness training preso? It would have to be a pretty good presentation!

In reply to: Re: Been there..
Post Your Own Reply

Posted by grimwiz

The 12 inch samsung galaxy pro is as large as the tablets in the cartoon, fast with lots of storage so it's probably very handy to capture a presentation and share it on YouTube.

In reply to: Re: Been there..
Post Your Own Reply

Posted by SSERGIO123

The weak link is the hacker´s command and control server. If we analize all outbound IPs, we will detect those which are not kosher and will be able to block them. Hard work? Yes. So?

In reply to: Weak link
Post Your Own Reply

Posted by Kelly Jackson Higgins

Seriously! It's kind of the oldest trick in the book (of course, 6 years ago, it was a relatively new trick).

In reply to: Re: Infected conference materials
Post Your Own Reply

Posted by Joe Stanganelli

Stories like these make me paranoid to ever again accept a flash drive from a vendor at a conference!

In reply to: Infected conference materials
Post Your Own Reply

Posted by Joe Stanganelli

This is the difference between security awareness in certain offices (the C-suite, the compliance/audit department, the general counsel's office, etc.) and security culture. It comes down to convincing everyone,...

In reply to: Security culture
Post Your Own Reply

More Conversations

Products & Releases

Proofpoint Signs Definitive Agreement to Acquire Emerging Threats; Enhances Threat Intelligence, Detection and Response

VOIPSEC Launches ‘Voice Firewall’ Solution For Cost-Effective Voice-Over-Ip Security

Tempered Networks Raises $15 million in Series A Funding

Radware Introduces New Attack Mitigation Platform for High Volume Cyber-Attacks

Emailage Raises $3.8 Million

ForeScout Appoints Former Intel Security President Michael DeCesare as CEO

BMC and Qualys Join Forces to Improve Enterprise Security

Onapsis Uncovers Five New Vulnerabilities Affecting SAP BusinessObjects and SAP HANA

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

7 Things You Should Know About Secure Payment Technology

Sara Peters, Senior Editor at Dark Reading, 2/24/2015

Medical Identity Theft Costs Victims $13,450 Apiece

Sara Peters, Senior Editor at Dark Reading, 2/24/2015

How To Reduce Spam & Phishing With DMARC

Daniel Ingevaldson, CTO, Easy Solutions, 2/26/2015

Partner Perspectives

What's This?

No Silver Bullets for Security

A quick-fix security solution for cyberphysical systems doesn't exist. Read >>

Five Easiest Ways to Get Hacked – Part 2

2 comments

Five Easiest Ways to Get Hacked – Part 1

0 comments

More Stories

Live Events

Webinars

More UBM Tech
Live Events

Join Security Experts at Black Hat Asia 2015

Achieving Operational Excellence Through DevOps

Interop Las Vegas Full & Half-Day Workshops

Cartoon

Latest Comment: You have to start recording at the beginning of the presentation because if you find it was worth recording at the end it's too late. There is no ...

Cartoon Archive

Dark Reading Radio

Archived Dark Reading Radio

How To Get More Involved In the IT Security Community

How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.

UPCOMING!
Wednesday, March 18, 1pm EDT
New Cybercrime Crackdown Could Backfire And Criminalize Security Professionals

FULL SCHEDULE | ARCHIVED SHOWS

White Papers

Capitalizing On Big Data: Managed Services Help Financial Firms Accelerate Big Data Projects

Powering the Hybrid Enterprise

Adallom for AWS

Turning the Threat of Insurance Fraud into an Opportunity

[eGuide] Advanced Threat Hunting

More White Papers

Current Issue

Dark Reading - March 2, 2015

Download This Issue!

Subscribe Now!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2014-7896

Published: 2015-03-03
Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered Storage Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Replication Manager 6.x and 7.x before ...

CVE-2014-9283

Published: 2015-03-03
The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors.

CVE-2014-9683

Published: 2015-03-03
Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.

CVE-2015-0890

Published: 2015-03-03
The BestWebSoft Google Captcha (aka reCAPTCHA) plugin before 1.13 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors.

CVE-2015-2168

Published: 2015-03-03
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none.

Reports

Infographics

10 Recommendations for Outsourcing Security

Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?

Download Now!

Title Partner’s Role in Perimeter Security

0 comments

Threat Intel Today

0 comments

DevOps’ Impact on Application Security

0 comments

More Reports