Why China Wants Your Sensitive Data
Social Engineering & Black Hat: Do As I Do Not As I Say
What Do You Mean My Security Tools Don't Work on APIs?!!
The Dark Web: An Untapped Source For Threat Intelligence
5 Things You Probably Missed In The Verizon DBIR
News & Commentary
Gas Stations In the Bullseye
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
White hats at Black Hat USA will release free honeypot tool for monitoring attacks against gas tank monitoring systems.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/29/2015
Comment0 comments  |  Read  |  Post a Comment
Clever CryptoWall Spreading Via New Attacks
Sara Peters, Senior Editor at Dark ReadingNews
Top ransomware doesn't waste time jumping on the latest Flash zero-day, and hops rides on click fraud campaigns, too.
By Sara Peters Senior Editor at Dark Reading, 6/29/2015
Comment0 comments  |  Read  |  Post a Comment
CSA Announces New Working Group For Cloud Security API Standards
Ericka Chickowski, Contributing Writer, Dark ReadingNews
CipherCloud, Deloitte, InfoSys, Intel Security and SAP all on board to start developing vendor-neutral guidelines that could further accelerate CASB growth
By Ericka Chickowski Contributing Writer, Dark Reading, 6/29/2015
Comment0 comments  |  Read  |  Post a Comment
Cyber Resilience And Spear Phishing
Mo Cashman, Director of the Enterprise Architecture team at Intel Security.
Balanced security capability, defense in depth, integrated countermeasures, and a threat-intelligence strategy are critical to defending your business from spear-phishing attacks.
By Mo Cashman Director of the Enterprise Architecture team at Intel Security. , 6/29/2015
Comment0 comments  |  Read  |  Post a Comment
Social Engineering & Black Hat: Do As I Do Not As I Say
Tal Klein, VP Strategy, Lakeside Software.Commentary
Yes, I will be at Black Hat, where people will yell at me about NOT giving my PII to anyone, especially if they ask me for it via email.
By Tal Klein VP Strategy, Lakeside Software., 6/29/2015
Comment2 comments  |  Read  |  Post a Comment
4 Ways Cloud Usage Is Putting Health Data At Risk
Jai Vijayan, Freelance writerNews
A huge shadow IT problem is just one of the risks of uncontrolled cloud usage in healthcare organizations, new study shows.
By Jai Vijayan Freelance writer, 6/26/2015
Comment1 Comment  |  Read  |  Post a Comment
3 Simple Steps For Minimizing Ransomware Exposure
Michelle Drolet, Founder, TowerwallCommentary
If your data is important enough to pay a ransom, why wasn't it important enough to properly backup and protect in the first place?
By Michelle Drolet Founder, Towerwall, 6/26/2015
Comment0 comments  |  Read  |  Post a Comment
Stealthy Fobber Malware Takes Anti-Analysis To New Heights
Sara Peters, Senior Editor at Dark ReadingNews
Built off the Tinba banking Trojan and distributed through the elusive HanJuan exploit kit, Fobber info-stealer defies researchers with layers upon layers of encryption.
By Sara Peters Senior Editor at Dark Reading, 6/25/2015
Comment0 comments  |  Read  |  Post a Comment
FireEye Report Prompts Reported SEC Probe Of FIN4 Hacking Gang
Jai Vijayan, Freelance writerNews
Security vendor's report from last year had warned about group targeting insider data from illegal trading.
By Jai Vijayan Freelance writer, 6/25/2015
Comment0 comments  |  Read  |  Post a Comment
5 Things You Probably Missed In The Verizon DBIR
Kelly Jackson Higgins, Executive Editor at Dark Reading
A look at a few of the lesser-noticed but meaty nuggets in the annual Verizon Data Breach Investigations Report (DBIR).
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/25/2015
Comment4 comments  |  Read  |  Post a Comment
Samsung Slammed For Disabling Windows Update
Eric Zeman, Commentary
Samsung admitted to altering the behavior of Microsoft's Windows Update tool, but claims to have good intentions.
By Eric Zeman , 6/25/2015
Comment9 comments  |  Read  |  Post a Comment
What Do You Mean My Security Tools Donít Work on APIs?!!
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
SAST and DAST scanners havenít advanced much in 15 years. But the bigger problem is that they were designed for web apps, not to test the security of an API.
By Jeff Williams CTO, Aspect Security & Contrast Security, 6/25/2015
Comment6 comments  |  Read  |  Post a Comment
Breach Defense Playbook: Cybersecurity Governance
Ryan Vela  , Regional Director, Fidelis Cybersecurity
Time to leave the island: Integrate cybersecurity into your risk management strategy.
By Ryan Vela Regional Director, Fidelis Cybersecurity, 6/25/2015
Comment0 comments  |  Read  |  Post a Comment
How To Avoid Collateral Damage In Cybercrime Takedowns
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Internet pioneer and DNS expert Paul Vixie says 'passive DNS' is way to shut down malicious servers and infrastructure without affecting innocent users.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/24/2015
Comment1 Comment  |  Read  |  Post a Comment
Breach Defense Playbook: Incident Response Readiness (Part 2)
Ryan Vela  , Regional Director, Fidelis Cybersecurity
Will your incident response plan work when a real-world situation occurs?
By Ryan Vela Regional Director, Fidelis Cybersecurity, 6/24/2015
Comment0 comments  |  Read  |  Post a Comment
User Monitoring Not Keeping Up With Risk Managers' Needs
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Biggest concern is negligence, but monitoring capabilities can't detect this type of activity within most applications.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/24/2015
Comment0 comments  |  Read  |  Post a Comment
FBI: CryptoWall Ransomware Cost US Users $18 Million
Sara Peters, Senior Editor at Dark ReadingNews
Increasing pace of ransomware innovation likely to keep that number going up.
By Sara Peters Senior Editor at Dark Reading, 6/24/2015
Comment0 comments  |  Read  |  Post a Comment
The Secret Of War Lies In The Communications --Napoleon
Torry Campbell, Chief Technical Officer of Endpoint and Management at Intel Security
DXL helps organizations keep an eye on external and internal threats using relevant information in real time.
By Torry Campbell Chief Technical Officer of Endpoint and Management at Intel Security, 6/24/2015
Comment0 comments  |  Read  |  Post a Comment
Why China Wants Your Sensitive Data
Adam Meyers, VP of Intelligence, CrowdStrikeCommentary
Since May 2014, the Chinese government has been amassing a 'Facebook for human intelligence.' Here's what it's doing with the info.
By Adam Meyers VP of Intelligence, CrowdStrike, 6/24/2015
Comment9 comments  |  Read  |  Post a Comment
iOS 9, Android M Place New Focus On Security, Privacy
Pablo Valerio, International Business & IT ConsultantCommentary
Google and Apple have publicly challenged calls from law enforcement agencies to weaken encryption on consumer devices. In turn, iOS 9 and Android M will sport a string of new security and privacy features for users.
By Pablo Valerio International Business & IT Consultant, 6/24/2015
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Child Exploitation & Assassins For Hire On The Deep Web
Sara Peters, Senior Editor at Dark Reading,  6/23/2015
Why China Wants Your Sensitive Data
Adam Meyers, VP of Intelligence, CrowdStrike,  6/24/2015
What Do You Mean My Security Tools Don't Work on APIs?!!
Jeff Williams, CTO, Aspect Security & Contrast Security,  6/25/2015
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Cyber Resilience And Spear Phishing
Balanced security capability, defense in depth, integrated countermeasures, and a threat-intelligence strategy are critical to defending your business from spear-phishing attacks. Read >>
Partner Perspectives
What's This?
Cartoon
Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0196
Published: 2015-06-29
CRLF injection vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 before 7.0.0.8 Cumulative iFix 2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.

CVE-2015-0545
Published: 2015-06-29
EMC Unisphere for VMAX 8.x before 8.0.3.4 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors.

CVE-2015-1900
Published: 2015-06-29
IBM InfoSphere DataStage 8.1, 8.5, 8.7, 9.1, and 11.3 through 11.3.1.2 on UNIX allows local users to write to executable files, and consequently obtain root privileges, via unspecified vectors.

CVE-2014-4768
Published: 2015-06-28
IBM Unified Extensible Firmware Interface (UEFI) on Flex System x880 X6, System x3850 X6, and System x3950 X6 devices allows remote authenticated users to cause an unspecified temporary denial of service by using privileged access to enable a legacy boot mode.

CVE-2014-6198
Published: 2015-06-28
Cross-site request forgery (CSRF) vulnerability in IBM Security Network Protection 5.3 before 5.3.1 allows remote attackers to hijack the authentication of arbitrary users.

10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed