7 Bugs, Breaches, & Compromises To Rock 2015 (So Far)
Healthcare Is Ignoring Cyber Risk Intel, Academia Even Worse
Cartoon: Infosec Multitasking
Educating The Cyberwarriors Of The Future
New Secure Online Check-Out Tech Goes For Less Friction, More Biometrics
News & Commentary
Laziok Trojan Exploits Three Year-Old Windows Flaw
Jai Vijayan, Freelance writerNews
Data-stealing malware relies on old bug to break into systems at energy companies.
By Jai Vijayan Freelance writer, 4/1/2015
Comment0 comments  |  Read  |  Post a Comment
Obama Signs Executive Order For Sanctions Against Cybercriminals, Cyberspies
Dark Reading Staff, Quick Hits
President cites International Emergency Economic Powers Act to allow feds to blacklist foreign individuals or entities behind 'significant malicious cyber-enabled activities'
By Dark Reading Staff , 4/1/2015
Comment0 comments  |  Read  |  Post a Comment
Dance Of The 'Next-Gen' CISO
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Security Pro File: Classical ballerina-turned hacker-turned CISO Justine Bone talks old-school hacking, biometric authentication, coding in stilettos, Kristin Wiig -- and finishing her kids' leftover mac and cheese.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/1/2015
Comment0 comments  |  Read  |  Post a Comment
Spring Cleaning In The SOC: Focus On the Inside Threat
Jason Straight, Senior VP & Chief Privacy Officer, UnitedLexCommentary
Along with warmer weather and melting snow, spring brings the perfect opportunity for user engagement. Here’s how to transform insiders into your most sophisticated security device.
By Jason Straight Senior VP & Chief Privacy Officer, UnitedLex, 4/1/2015
Comment0 comments  |  Read  |  Post a Comment
Application of Threat Indicators: A Temporal View
Hardik Modi , Director of Threat Research at Fidelis Cybersecurity Solutions
Better outcomes will be achieved when we’re applying temporal considerations to threat indicators.
By Hardik Modi Director of Threat Research at Fidelis Cybersecurity Solutions, 4/1/2015
Comment0 comments  |  Read  |  Post a Comment
3 Big-Picture Themes CISOs Should Track At Interop
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Security programming is great, but Interop offers opportunity to learn about larger trends that will impact security in the coming year
By Ericka Chickowski Contributing Writer, Dark Reading, 3/31/2015
Comment0 comments  |  Read  |  Post a Comment
30% Of Companies Would Pay Ransoms To Cybercriminals
Sara Peters, Senior Editor at Dark ReadingNews
Factor in under-reporting and the growing sophistication of ransomware -- like PacMan's social engineering scheme -- and the number might be higher.
By Sara Peters Senior Editor at Dark Reading, 3/31/2015
Comment4 comments  |  Read  |  Post a Comment
Healthcare Is Ignoring Cyber Risk Intel, Academia Even Worse
Jason Polancich, Founder & Chief Architect, SurfWatchLabsCommentary
Healthcare and other sectors are indolently ignoring the process of gathering and using high-level intelligence to focus cyber defenses. Here’s proof.
By Jason Polancich Founder & Chief Architect, SurfWatchLabs, 3/31/2015
Comment0 comments  |  Read  |  Post a Comment
Lebanon Believed Behind Newly Uncovered Cyber Espionage Operation
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Middle East, US, and other targets hit in nearly three-year-old 'Volatile Cedar' cyber attack campaign.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/31/2015
Comment7 comments  |  Read  |  Post a Comment
British Airways The Latest Loyalty Program Breach Victim
Sara Peters, Senior Editor at Dark ReadingNews
Who needs to steal credit cards when you can get airfare and luxury items for free?
By Sara Peters Senior Editor at Dark Reading, 3/30/2015
Comment1 Comment  |  Read  |  Post a Comment
Study: Network Team's Security Role On The Rise
Dark Reading Staff, Quick Hits
New data shows how network engineers and other members of the network team are teaming up with their counterparts in security.
By Dark Reading Staff , 3/30/2015
Comment1 Comment  |  Read  |  Post a Comment
Hacking Back: Two Wrongs Don’t Make A Right
Anthony Di Bello, Director, Security Practice, Guidance SoftwareCommentary
Here’s the critical issue: Do you want to risk engaging your company in an ego-fueled war of revenge, or do you want to cut the bad guys off at the pass?
By Anthony Di Bello Director, Security Practice, Guidance Software, 3/30/2015
Comment0 comments  |  Read  |  Post a Comment
7 Bugs, Breaches, & Compromises To Rock 2015 (So Far)
Ericka Chickowski, Contributing Writer, Dark Reading
The year's started off with a bang; will we hear risk management pros whimper?
By Ericka Chickowski Contributing Writer, Dark Reading, 3/30/2015
Comment3 comments  |  Read  |  Post a Comment
Defending Cyber-Physical Systems from Attack Chains
Lorie Wigle, Vice President, General Manager IOT Security Solutions, Intel Security Group
A strong defense against compromise involves three layers: hardening devices, securing communications, and monitoring behavior.
By Lorie Wigle Vice President, General Manager IOT Security Solutions, Intel Security Group, 3/30/2015
Comment0 comments  |  Read  |  Post a Comment
Hotel Router Vulnerability A Reminder Of Untrusted WiFi Risks
Jai Vijayan, Freelance writerNews
A flaw in a popular router product may have exposed millions of hotel guests, researchers from Cylance say.
By Jai Vijayan Freelance writer, 3/27/2015
Comment2 comments  |  Read  |  Post a Comment
Cyber Hunting: 5 Tips To Bag Your Prey
David J. Bianco, Security Architect, SqrrlCommentary
Knowing the lay of the land and where attackers hide is a key element in hunting, both in nature and in the cyber realm.
By David J. Bianco Security Architect, Sqrrl, 3/26/2015
Comment7 comments  |  Read  |  Post a Comment
SSL/TLS Suffers 'Bar Mitzvah Attack'
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researcher at Black Hat Asia shows how attackers could abuse a known-weak crypto algorithm to steal credentials and other data from encrypted communications.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/26/2015
Comment3 comments  |  Read  |  Post a Comment
SDN Shows Promise For Security
Marcia Savage, Managing Editor, Network ComputingNews
Improved security is emerging as a major reason for adopting software-defined networking, but concerns about potential SDN risks persist.
By Marcia Savage Managing Editor, Network Computing, 3/26/2015
Comment0 comments  |  Read  |  Post a Comment
Researchers Use Heat To Breach Air-Gapped Systems
Jai Vijayan, Freelance writerNews
BitWhisper project is part of ongoing air gap security research at Israel's Ben-Gurion University.
By Jai Vijayan Freelance writer, 3/25/2015
Comment1 Comment  |  Read  |  Post a Comment
FBI Threat Intelligence Cyber-Analysts Still Marginalized In Agency
Sara Peters, Senior Editor at Dark ReadingNews
Despite good progress, 9/11 Review Commission says that analysts could have a greater impact on FBI counter-terrorism activities if they had more domain awareness, forensics capabilities, and were more empowered to question agents.
By Sara Peters Senior Editor at Dark Reading, 3/25/2015
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Jason.straight@unitedlex.com
Current Conversations So true!
In reply to: Re: Only the Beginning
Post Your Own Reply
More Conversations
PR Newswire
Cyber Hunting: 5 Tips To Bag Your Prey
David J. Bianco, Security Architect, Sqrrl,  3/26/2015
Lebanon Believed Behind Newly Uncovered Cyber Espionage Operation
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/31/2015
30% Of Companies Would Pay Ransoms To Cybercriminals
Sara Peters, Senior Editor at Dark Reading,  3/31/2015
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Application of Threat Indicators: A Temporal View
Better outcomes will be achieved when we're applying temporal considerations to threat indicators. Read >>
Cartoon
Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-2808
Published: 2015-04-01
The PRNG implementation in the DNS resolver in Bionic in Android before 4.1.1 incorrectly uses time and PID information during the generation of random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a rel...

CVE-2014-9713
Published: 2015-04-01
The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors.

CVE-2015-0259
Published: 2015-04-01
OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage.

CVE-2015-0800
Published: 2015-04-01
The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2...

CVE-2015-0801
Published: 2015-04-01
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.

10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed