Dark Reading | Security | Protect The Business

Advertise With Us

About Us

Digital Subscription

What Government Can (And Can't) Do About Cybersecurity

Could The Sony Attacks Happen Again? Join The Conversation

2015: The Year Of The Security Startup – Or Letdown

Top Stories

What Government Can (And Can't) Do About ...

Could The Sony Attacks Happen Again? Join ...

Why Russia Hacks

2015: The Year Of The Security Startup ...

Cartoon: End-User Ed

News & Commentary

Growing Open Source Use Heightens Enterprise Security Risks

News

Companies often have little clue about the extent of third-party code in the enterprise or the risks it poses, security experts say

By Jai Vijayan Freelance writer, 1/23/2015

2 comments | Read | Post a Comment

Latest Comment: Joe Stanganelli, Hah! I <3 the Frankenstein analogy! This is the folly of Linus's...

Why Russia Hacks

Mike Walls, Managing Director Security Operations & Analysis, EdgeWave

Commentary

Conventional wisdom holds that Russia hacks primarily for financial gain. But equally credible is the belief that the Russians engage in cyberwarfare to further their geopolitical ambitions.

By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 1/23/2015

15 comments | Read | Post a Comment

Latest Comment: Joe Stanganelli, I recently saw former DHS chief Michael Chertoff speak at a cybersecurity conference,...

Diverse White Hat Community Leads To Diverse Vuln Disclosures

Sara Peters, Senior Editor at Dark Reading

News

Researchers at Penn State find that courting new bug hunters is just as important as rewarding seasoned ones.

By Sara Peters Senior Editor at Dark Reading, 1/22/2015

5 comments | Read | Post a Comment

Latest Comment: Joe Stanganelli, Unfortunately, it would seem that if the current administration gets its way...

The Internet of Abused Things

We need to find ways to better secure the Internet of Things, or be prepared to face the consequences.

By Liviu Arsene Senior E-threat Analyst, Bitdefender, 1/22/2015

0 comments | Read | Post a Comment

NSA Report: How To Defend Against Destructive Malware

Kelly Jackson Higgins, Executive Editor at Dark Reading

Quick Hits

In the wake of the Sony breach, spy agency's Information Assurance Directorate (IAD) arm provides best practices to mitigate damage of data annihilation attacks.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/22/2015

3 comments | Read | Post a Comment

Latest Comment: macker490, 1. use a secure O/S. 2. look into using Named Spaces remember that in implementing...

What Government Can (And Can’t) Do About Cybersecurity

Jeff Williams, CTO, Aspect Security & Contrast Security

Commentary

In his 2015 State of the Union address, President Obama introduced a number of interesting, if not terribly novel, proposals. Here are six that will have minimal impact.

By Jeff Williams CTO, Aspect Security & Contrast Security, 1/22/2015

16 comments | Read | Post a Comment

Latest Comment: Joe Stanganelli, *sigh* Unfortunately, the CFAA needs revamping before it needs strengthening/broadening,...

Protect Yourself by Protecting Others

How the consumerization of IT is affecting endpoint security.

By Candace Worley SVP & GM, Endpoint Security Business, Intel Security, 1/22/2015

0 comments | Read | Post a Comment

President's Plan To Crack Down On Hacking Could Hurt Good Hackers

Ericka Chickowski, Contributing Writer, Dark Reading

News

Security experts critical of President Obama's new proposed cybersecurity legislation.

By Ericka Chickowski Contributing Writer, Dark Reading, 1/21/2015

9 comments | Read | Post a Comment

Latest Comment: Wolf6305, Thanks for the voice of agreement. I think that a small group of people...

Security Budgets Going Up, Thanks To Mega-Breaches

News

Sixty percent of organizations have increased their security spending by one-third -- but many security managers still don't think that's enough, Ponemon study finds.

By Sara Peters Senior Editor at Dark Reading, 1/21/2015

5 comments | Read | Post a Comment

Latest Comment: GonzSTL, Case in point could be Target, the breach that keeps on giving. Incident Response...

Adobe Investigating New Flash Zero-Day Spotted In Crimeware Kit

Quick Hits

Researcher Kafeine's 0day discovery confirmed by Malwarebytes.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/21/2015

2 comments | Read | Post a Comment

Latest Comment: Kelly Jackson Higgins, Thanks, @Jon. I was about to post an update here about the patch. http://blogs.adobe.com/psirt/?p=1157 And...

Facebook Messenger: Classically Bad AppSec

Commentary

Facebook offers a textbook example of what the software industry needs to do to put application security in the forefront of software development.

By Daniel Riedel CEO, New Context, 1/21/2015

2 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, I find it particulary disturbing that Facebook exhibits such flagrant disregard...

Could The Sony Attacks Happen Again? Join The Conversation

Tim Wilson, Editor in Chief, Dark Reading

Commentary

Check out Dark Reading Radio's interview and live chat with CrowdStrike founder and CEO George Kurtz and Shape Security executive Neal Mueller.

By Tim Wilson Editor in Chief, Dark Reading, 1/21/2015

12 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, So noted, Gonz. We may not be hitting this exact topic immediately. But we've...

Ransomware Leads Surge In 2014 Mobile Malware Onslaught

News

Mobile malware increases 75 percent in U.S.

By Ericka Chickowski Contributing Writer, Dark Reading, 1/20/2015

3 comments | Read | Post a Comment

Latest Comment: impactnow, Do you think the current software is adequate to protect our phones or do you...

'123456' & 'Password' Are The 2 Most Common Passwords, Again

Quick Hits

New entrants to the top 25 show that bad password creators are fans of sports, superheroes, dragons, and NSFW numeral combos.

By Sara Peters Senior Editor at Dark Reading, 1/20/2015

3 comments | Read | Post a Comment

Latest Comment: RyanSepe, I think options are the worst part of creating a password. UserID's and passwords...

New Technology Detects Cyberattacks By Their Power Consumption

News

Startup's "power fingerprinting" approach catches stealthy malware within milliseconds in DOE test.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/20/2015

2 comments | Read | Post a Comment

Latest Comment: MichaelE546, Ingenious but I agree with Whoopty on this technique having the "Car Alarm"...

Recruit, Reward & Retain Cybersecurity Experts

How to create a better working environment for security professionals.

By Carric Dooley WW VP of Foundstone Services, Intel Security, 1/20/2015

5 comments | Read | Post a Comment

latest comment CarricDooley I would argue that the CISO often DOES pay - with his job. (A friend of mine...

A Lot of Security Purchases Remain Shelfware

News

Companies may be investing more in security, but many are either underutilizing their new purchases or not using them at all, an Osterman Research survey shows.

By Jai Vijayan Freelance writer, 1/16/2015

9 comments | Read | Post a Comment

Latest Comment: dplyons, I have known many standard IT Admins. I would trust very very few of...

Security MIA In Car Insurance Dongle

News

A researcher finds security holes in Flo the Progressive Girl's Snapshot insurance policy product.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/16/2015

11 comments | Read | Post a Comment

Latest Comment: Broadway0474, @ODA155, I'm going to be up late again tonight! That's a good point about Progressive....

The Truth About Malvertising

Commentary

Malvertising accounts for huge amounts of cyberfraud and identity theft. Yet there is still no consensus on who is responsible for addressing these threats.

By Peter Zavlaris Analyst, RiskIQ, 1/16/2015

7 comments | Read | Post a Comment

Latest Comment: RiskIQBlogger, The reason ISPs won't get involved is because its a slippery slope for them....

In Wake Of Violence, France Reports Spike In Cyberattacks

News

19,000 French websites have been attacked since Jan. 7.

By Sara Peters Senior Editor at Dark Reading, 1/15/2015

8 comments | Read | Post a Comment

Latest Comment: Dr.T, I agree. The fact that cyberattacks have no physical boundaries are the main...

More Stories

Current Conversations

Posted by Joe Stanganelli

I recently saw former DHS chief Michael Chertoff speak at a cybersecurity conference, and he himself outright accused Russia of actively working with and supporting criminal organizations so as to perpetrate cyberwarfare...

In reply to: FWIW...
Post Your Own Reply

Posted by Joe Stanganelli

Hah! I <3 the Frankenstein analogy! This is the folly of Linus's Law -- i.e., "Given enough eyeballs, all bugs are shallow."Akamai's CSO, Andy Ellis, put it best at a cybersecurity conference I attended a...

In reply to: Frankenstein
Post Your Own Reply

Posted by Joe Stanganelli

Unfortunately, it would seem that if the current administration gets its way (as Jeff Williams wrote for Dark Reading recently), the CFAA will be expanded significantly -- which is harmful to and disincentivizes white-hat...

In reply to: Alas...
Post Your Own Reply

Posted by Joe Stanganelli

*sigh* Unfortunately, the CFAA needs revamping before it needs strengthening/broadening, because it in and of itself hurts cybersecurity efforts by penalizing independent security research.

In reply to: CFAA
Post Your Own Reply

Posted by macker490

1. use a secure O/S. 2. look into using Named Spaces remember that in implementing RACF on an MVS system access had to be granted on an item by item basis. this is fundamental to security. it gives...

In reply to: Start at the Beginning
Post Your Own Reply

Posted by Marilyn Cohodas

So noted, Gonz. We may not be hitting this exact topic immediately. But we've got some other great show in the pipeline, so stay tuned.

In reply to: Re: Awesome topic, great speakers
Post Your Own Reply

Posted by Marilyn Cohodas

Well said, @aws0513! Thanks.

In reply to: Re: Why ANY Nation Hacks
Post Your Own Reply

Posted by aws0513

Hello @Marilyn, I think what Mike is providing is a better understanding of the threat side of the risk assesment equation. The understanding of why state actors may want to target any organization can better help any...

In reply to: Re: Why ANY Nation Hacks
Post Your Own Reply

Posted by Kelly Jackson Higgins

As long as you don't pull it after an attack--then there's no forensics trail. =)

In reply to: Re: Quick!
Post Your Own Reply

Posted by GonzSTL

@Marilyn: One hour was not nearly enough for that topic. It would be nice if we can revisit it with different speakers, so see other viewpoints. I thoroughly enjoyed that DR Radio episode. We need more!

In reply to: Re: Awesome topic, great speakers
Post Your Own Reply

Posted by Marilyn Cohodas

The chat thread had some good comments about the significance of this event. From CrowdStrike's George Kurtz: I think this attack will set a blue print for others. Can you imagine an enterprise wide crypto locker....

In reply to: Re: Awesome topic, great speakers
Post Your Own Reply

Posted by Marilyn Cohodas

I find it particulary disturbing that Facebook exhibits such flagrant disregard for building security into its messaging app.....

In reply to: Re: Companies must dismantle silos
Post Your Own Reply

More Conversations

Products & Releases

Bitglass Breach Discovery Limits Damage From Data Breaches

Adroit Digital Study Reveals Consumer Data Privacy and Security Concerns as President Obama Talks Cybersecurity in State of the Union

Updated for 2015: Tools Designed to Manage Third Party Risk

Vormetric’s 2015 Insider Threat Report: 93% of U.S. Organizations Polled Vulnerable to Insider Threats

Online Trust Alliance Determines Over 90 Percent of Data Breaches in First Half of 2014 Could Have Been Easily Prevented

As State of the Union Tackles Cybersecurity, New ISACA Survey Shows 86% See a Cybersecurity Skills Shortage

ForgeRock and FireEye Join Forces to Detect Cyber Attacks with Identity-Aware Threat Intelligence Solution

RiskIQ Finds More Than 11 Percent of Android Banking and Finance- Related Apps are Suspicious

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

What Government Can (And Can't) Do About Cybersecurity

Jeff Williams, CTO, Aspect Security & Contrast Security, 1/22/2015

Why Russia Hacks

Mike Walls, Managing Director Security Operations & Analysis, EdgeWave, 1/23/2015

Could The Sony Attacks Happen Again? Join The Conversation

Tim Wilson, Editor in Chief, Dark Reading, 1/21/2015

Partner Perspectives

What's This?

Protect Yourself by Protecting Others

How the consumerization of IT is affecting endpoint security. Read >>

Recruit, Reward & Retain Cybersecurity Experts

5 comments

Threat Intelligence: Sink or Swim?

7 comments

Post a Comment

Cartoon Archive

Dark Reading Radio

Archived Dark Reading Radio

The Sony Hack: A Security Community Discussion

If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.

FULL SCHEDULE | ARCHIVED SHOWS

White Papers

Capitalizing On Big Data: Managed Services Help Financial Firms Accelerate Big Data Projects

Device Fingerprinting ? Low-Friction, BYOD Authentication

Threat Intelligence Defined

The Potential of Location Based Data and Geographic Information Systems in Insurance

How to Achieve IT Agility: A Survival Guide for IT Decision Makers

More White Papers

Current Issue

Dark Reading Tech Digest, Dec. 19, 2014

Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.

Download This Issue!

Subscribe Now!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2014-8802

Published: 2015-01-23
The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to (1) add a user by uploading a crafted CSV file or (2) activate a user account via a verifyit action.

CVE-2014-9623

Published: 2015-01-23
OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quote and cause a denial of service (disk consumption) by deleting an image in the saving state.

CVE-2014-9638

Published: 2015-01-23
oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero.

CVE-2014-9639

Published: 2015-01-23
Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.

CVE-2014-9640

Published: 2015-01-23
oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file.

Best of the Web

Unpatched Apple Vulnerabilities Latest Google Project Zero Disclosures

Barrett Brown Sentenced to 5 Years in Prison in Connection to Stratfor Hack

FBI: Ransomware is on the Rise

Nearly every U.S. arms program found vulnerable to cyber attacks

Israeli man arrested over Madonna hack

Reports

Infographics

10 Recommendations for Outsourcing Security

Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?

Download Now!

Title Partner’s Role in Perimeter Security

0 comments

Threat Intel Today

0 comments

DevOps’ Impact on Application Security

0 comments

More Reports