Dark Reading | Security | Protect The Business

Advertise With Us

About Us

Digital Subscription

NFL Mobile Sports App Contains Super Bowl-Sized Vulns

Small Changes Can Make A Big Difference In Tech Diversity

Gas Stations Urged To Secure Internet-Exposed Fuel Tank Devices

Top Stories

NFL Mobile Sports App Contains Super ...

Small Changes Can Make A Big Difference ...

Why Iran Hacks

Gas Stations Urged To Secure ...

Cartoon: End-User Ed

News & Commentary

Google Paid Over $1.5 Million In Bug Bounties In 2014

Kelly Jackson Higgins, Executive Editor at Dark Reading

Quick Hits

Mobile apps developed by Google now included in its Vulnerability Reward Program.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/30/2015

3 comments | Read | Post a Comment

Latest Comment: Joe Stanganelli, Oh, don't geet me wrong. I applaud Google's bug bounty program. ...

How The Skills Shortage Is Killing Defense in Depth

David Holmes, World-Wide Security Evangelist, F5

Commentary

It used to be easy to sell specialized security gizmos but these days when a point product gets pitched to a CSO, the response is likely “looks nifty, but I don’t have the staff to deploy it.”

By David Holmes World-Wide Security Evangelist, F5, 1/30/2015

7 comments | Read | Post a Comment

Latest Comment: Joe Stanganelli, Alas, in companies with bad culture, outside consultants are paid for one of...

Takeaways from International Data Privacy Day: The Internet of Things

Event looks at the future of data use and how we can – and should – protect personal privacy.

By Lorie Wigle Vice President, General Manager IOT Security Solutions, Intel Security Group, 1/30/2015

0 comments | Read | Post a Comment

ZeroAccess Click-Fraud Botnet Back In Action Again

Sara Peters, Senior Editor at Dark Reading

News

After a six-month hiatus, the much-diminished P2P botnet is up to its old tricks.

By Sara Peters Senior Editor at Dark Reading, 1/29/2015

1 Comment | Read | Post a Comment

Latest Comment: theb0x, ZeroAccess is a part of the Alureon (Microsoft) family of bootkit infections...

Why Iran Hacks

Mike Walls, Managing Director Security Operations & Analysis, EdgeWave

Commentary

Iran is using its increasingly sophisticated cyber capabilities to minimize Western influence and establish itself as the dominant power in the Middle East.

By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 1/29/2015

7 comments | Read | Post a Comment

Latest Comment: Joe Stanganelli, Remember that Sandra Bullock movie The Net? It was completely ludicrous...

'Ghost' Not So Scary After All

Quick Hits

The latest open-source Linux vulnerability is serious but some security experts say it's not that easy to abuse and use in an attack.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/28/2015

5 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, Good point, @Joe Stanganelli. But outside the issue of secure application software...

Small Changes Can Make A Big Difference In Tech Diversity

Commentary

There’s no doubt that many employers feel most comfortable hiring people like themselves. But in InfoSec, this approach can lead to stagnation.

By Lysa Myers Security Researcher, ESET, 1/28/2015

2 comments | Read | Post a Comment

Latest Comment: Pragmatic_Security, Good article topic. I think this points to a deeper, causative, deficiency...

Half Of Enterprises Worldwide Hit By DDoS Attacks, Report Says

News

New data illustrates how distributed denial-of-service (DDoS) attacks remain a popular attack weapon -- and continue to evolve.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/27/2015

2 comments | Read | Post a Comment

Latest Comment: Kelly Jackson Higgins, Hi @RyanSepe. Arbor's report shows DNS amplfication attacks dropping a bit...

WiIl Millennials Be The Death Of Data Security?

Commentary

Millennials, notoriously promiscuous with data and devices, this year will become the largest generation in the workforce. Is your security team prepared?

By Chris Rouland Founder & CEO, Bastille, 1/27/2015

32 comments | Read | Post a Comment

Latest Comment: Pragmatic_Security, Kelly, Although do agree (I noticed I've been typing a superflous 'do' in...

NFL Mobile Sports App Contains Super Bowl-Sized Vulns

Ericka Chickowski, Contributing Writer, Dark Reading

News

Lack of protections puts users at risk of exposed information by way of man-in-the-middle attacks.

By Ericka Chickowski Contributing Writer, Dark Reading, 1/27/2015

10 comments | Read | Post a Comment

Latest Comment: sonofsaf, Truth be told, I'm not terribly concerned about manipulation of the NFL mobile...

Gas Stations Urged To Secure Internet-Exposed Fuel Tank Devices

News

Researchers find more than 5,000 US gas stations' automated tank gauges unprotected on the public Internet and open to hackers.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/26/2015

10 comments | Read | Post a Comment

Latest Comment: Joe Stanganelli, How silly -- especially if the contracts aren't making considerations for those...

Power Consumption Technology Could Help Enterprises Identify Counterfeit Devices

Tim Wilson, Editor in Chief, Dark Reading

Commentary

Understanding a device's "power fingerprint" might make it possible to detect security anomalies in Internet of Things as well, startup says

By Tim Wilson Editor in Chief, Dark Reading, 1/26/2015

1 Comment | Read | Post a Comment

Latest Comment: Marilyn Cohodas, Fascinating blog, Tim. Very cool intrusion detection technology. Seems like...

Security Skills Shortage? Don’t Panic!

Focus your energies on building a comprehensive security strategy and turning to experts for guidance.

By Carric Dooley WW VP of Foundstone Services, Intel Security, 1/26/2015

5 comments | Read | Post a Comment

latest comment Marilyn Cohodas I like that idea of having a hacker actually demonstrate how easy it is for...

Adobe Fixes Second Flash Flaw Exploited By Angler

News

Second 0-day fix addresses UAF vulnerability.

By Ericka Chickowski Contributing Writer, Dark Reading, 1/26/2015

1 Comment | Read | Post a Comment

Latest Comment: Kelly Jackson Higgins, http://helpx.adobe.com/security/products/flash-player/apsb15-03.html

Building A Cybersecurity Program: 3 Tips

Jason Sachowski, Senior Forensic Investigator, Scotiabank

Commentary

Getting from “we need” to “we have” a cybersecurity program is an investment in time and resources that’s well worth the effort.

By Jason Sachowski Senior Forensic Investigator, Scotiabank, 1/26/2015

6 comments | Read | Post a Comment

Latest Comment: JGarner721, The most valuable asset to an organization is the informational assets. If...

Growing Open Source Use Heightens Enterprise Security Risks

News

Companies often have little clue about the extent of third-party code in the enterprise or the risks it poses, security experts say

By Jai Vijayan Freelance writer, 1/23/2015

10 comments | Read | Post a Comment

Latest Comment: Jon M. Kelley, I keep seeing discussions about commercial versus open source software, but...

Why Russia Hacks

Commentary

Conventional wisdom holds that Russia hacks primarily for financial gain. But equally credible is the belief that the Russians engage in cyberwarfare to further their geopolitical ambitions.

By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 1/23/2015

16 comments | Read | Post a Comment

Latest Comment: lynnbr2, Russia & China both have a long history of hacking for over fifty years....

Diverse White Hat Community Leads To Diverse Vuln Disclosures

News

Researchers at Penn State find that courting new bug hunters is just as important as rewarding seasoned ones.

By Sara Peters Senior Editor at Dark Reading, 1/22/2015

6 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, The key to the success of these bug-bounty programs relies on the credibility...

The Internet of Abused Things

We need to find ways to better secure the Internet of Things, or be prepared to face the consequences.

By Liviu Arsene Senior E-threat Analyst, Bitdefender, 1/22/2015

0 comments | Read | Post a Comment

NSA Report: How To Defend Against Destructive Malware

Quick Hits

In the wake of the Sony breach, spy agency's Information Assurance Directorate (IAD) arm provides best practices to mitigate damage of data annihilation attacks.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/22/2015

3 comments | Read | Post a Comment

Latest Comment: macker490, 1. use a secure O/S. 2. look into using Named Spaces remember that in implementing...

More Stories

Current Conversations

Posted by Joe Stanganelli

Alas, in companies with bad culture, outside consultants are paid for one of two purposes, generally -- to agree with and endorse everything the company is doing, and/or to be a scapegoat for everything that goes wrong.

In reply to: Re: shortage or cheapness?
Post Your Own Reply

Posted by Joe Stanganelli

Oh, don't geet me wrong. I applaud Google's bug bounty program. Collaboration is key in cybersecurity. Nonetheless, with the sheer amount of bugs being found and bug bounties being paid out here, it strongly...

In reply to: Re: Google so great?
Post Your Own Reply

Posted by Joe Stanganelli

How silly -- especially if the contracts aren't making considerations for those that require them to front some of the security costs. My two cents, anyway.

In reply to: Re: Thermostats
Post Your Own Reply

Posted by JonH457

"The IT skills shortage has become epidemic." This is not reflected in the wages paid. Wages have stagnated in the IT industry for over 10 years. Keep rasing wages and when they are sufficient, you will attract...

In reply to: Wages do not indicate a shortage of workers.
Post Your Own Reply

Posted by RyanSepe

I couldn't agree with you more on this. I have seen the poor description practices proliferate throughout organizations to the point where job function is ambiguous and the employee accepts a postion under false pretenses. Not...

In reply to: Re: shortage or cheapness?
Post Your Own Reply

Posted by RyanSepe

I would prefer that the incentive program be the case because not even the Google Engineers can anticipate everything. Having your product tested by a larger group will ensure that more vectors are tested. With technology...

In reply to: Re: Google so great?
Post Your Own Reply

Posted by sonofsaf

Truth be told, I'm not terribly concerned about manipulation of the NFL mobile app. I'm far more worried about Stingray technology, bulk emails/text messages, reverse 911 platforms, wireless hacks and particularly...

In reply to: Re: artificially generated stampedes
Post Your Own Reply

Posted by Joe Stanganelli

Remember that Sandra Bullock movie The Net? It was completely ludicrous when it came out. My best friend and I laughed at how terrible it was from a technological standpoint.But now? Today, in 2015? ...

In reply to: Re: More than fiction?
Post Your Own Reply

Posted by Joe Stanganelli

It's the HR department. Look at any company that's faced a zillion reorgs in the past couple of decades. Look at the survivors: All HR.Bad recruiting practices. Bad job description practices. Bad...

In reply to: Re: shortage or cheapness?
Post Your Own Reply

Posted by Joe Stanganelli

The problem is NOT a skills shortage.The problem is a glut of HR staff.www.networkcomputing.com/careers-and-certifications/the-tech-talent-shortage-myth/d/d-id/1317892

In reply to: Bah.
Post Your Own Reply

Posted by Joe Stanganelli

Maybe this is just the cynic in me, but at a certain point, with all of these bug bounties being paid out, one has to question the quality of the hiring and/or corporate culture at Google.

In reply to: Google so great?
Post Your Own Reply

Posted by theb0x

ZeroAccess is a part of the Alureon (Microsoft) family of bootkit infections and otherwise known as TDSS (Kaspersky), Tidserv (Symantec). It's very misleading for these "researchers" to make the statement:"ZeroAccess does...

In reply to: RootKits, Bootkits, and Trojans Oh My!
Post Your Own Reply

More Conversations

Products & Releases

IBM Research Announces Cloud Breakthrough For Protecting Personal Data

ZeroFOX Acquires Vulnr

Proofpoint Releases Enterprise Protection Suite 8.0, Advances Email Security Leadership

Virtru Announces General Availability of its Encrypted Email and Digital Privacy Service

Ed Survey Results: Insider Threats

Verizon Announces Security Enhancement for IoT Deployments

New Patent Eliminates Passwords

CYBERTECH SPONSORING “DATA PRIVACY DAY 2015: SECURING THE INTERNET OF THINGS” NATIONAL SEMINAR

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

WiIl Millennials Be The Death Of Data Security?

Chris Rouland, Founder & CEO, Bastille, 1/27/2015

Gas Stations Urged To Secure Internet-Exposed Fuel Tank Devices

Kelly Jackson Higgins, Executive Editor at Dark Reading, 1/26/2015

NFL Mobile Sports App Contains Super Bowl-Sized Vulns

Ericka Chickowski, Contributing Writer, Dark Reading, 1/27/2015

Partner Perspectives

What's This?

Takeaways from International Data Privacy Day: The Internet of Things

Event looks at the future of data use and how we can - and should - protect personal privacy. Read >>

Security Skills Shortage? Don’t Panic!

5 comments

Protect Yourself by Protecting Others

0 comments

More Stories

Live Events

Webinars

More UBM Tech
Live Events

Join Security Experts at Black Hat Asia 2015

WebRTC - Learn if it is ready for the enterprise this March in Orlando!

Interop Las Vegas Conference & Expo

Cartoon

Latest Comment: I want to know where to get a tablet with that large a screen!(Maybe they're the old "convertibles.")

Cartoon Archive

Dark Reading Radio

Archived Dark Reading Radio

The Sony Hack: A Security Community Discussion

If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.

FULL SCHEDULE | ARCHIVED SHOWS

White Papers

Capitalizing On Big Data: Managed Services Help Financial Firms Accelerate Big Data Projects

Analysis of Cybercrime Infrastructure

The Human Factor: How Attacks Exploit People as the Weakest Link in Security

Threat Monitoring: Fast Responses to Security Incidents

Stop Attackers from Getting What They Want with Context-Based Authentication

More White Papers

Current Issue

Dark Reading Tech Digest, Dec. 19, 2014

Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.

Download This Issue!

Subscribe Now!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2014-4632

Published: 2015-01-31
VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 before 5.8.1 does not properly verify X.509 certificates from vCenter Server SSL servers, which allows man-in-the-middle attackers to spoof servers, and bypass intended backup and restore access restrictions, via a crafted certifica...

CVE-2014-7287

Published: 2015-01-31
The key-management component in Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allows remote attackers to trigger unintended content in outbound e-mail messages via a crafted key UID value in an inbound e-mail message, as demonstrated by the outbound Subject header.

CVE-2014-7288

Published: 2015-01-31
Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action.

CVE-2014-8266

Published: 2015-01-31
Multiple cross-site scripting (XSS) vulnerabilities in the note-creation page in QPR Portal 2014.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body field.

CVE-2014-8267

Published: 2015-01-31
Cross-site scripting (XSS) vulnerability in QPR Portal 2014.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the RID parameter.

Best of the Web

This 125-Year-old Letter Sheds New Light On the Word ‘Hack’

Dutch judge allows alleged “sophisticated” Russian hacker to be sent to US

IBM punts cryptotastic cloudy ID verification services

iTunes Connect taken offline as bug causes users to log in to wrong accounts

US Firms Concerned About China's New Cyber Regulations

Reports

Infographics

10 Recommendations for Outsourcing Security

Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?

Download Now!

Title Partner’s Role in Perimeter Security

0 comments

Threat Intel Today

0 comments

DevOps’ Impact on Application Security

0 comments

More Reports