Dark Reading | Security | Protect The Business

Advertise With Us

About Us

Digital Subscription

CEO Report Card: Low Grades for Risk Management

Dark Reading Radio: Where Do Security Startups Come From?

Payment Card Data Theft: Tips For Small Business

A New Age in Cyber Security: Public Cyberhealth

Top Stories

CEO Report Card: Low Grades for Risk ...

Dark Reading Radio: Where Do Security ...

6 Things That Stink About SSL

Payment Card Data Theft: Tips For Small ...

A New Age in Cyber Security: Public ...

News & Commentary

Internet of Things: Security For A World Of Ubiquitous Computing

Candace Worley, SVP & GM, Endpoint Security, McAfee

Commentary

Endpoint security is hardly dead, and claiming that it is oversimplifies the challenges corporations face now and in the not-very-distant future.

By Candace Worley SVP & GM, Endpoint Security, McAfee, 7/21/2014

1 Comment | Read | Post a Comment

Latest Comment: Marilyn Cohodas, Thanks for a very interesting blog, Candace. Curious to know if when you mention...

Hacking Your Hotel Room

Brian Prince, Contributing Writer, Dark Reading

News

At Black Hat USA next month, a researcher will show how to hack your way into controlling everything in a hotel room -- from lighting to television sets.

By Brian Prince Contributing Writer, Dark Reading, 7/18/2014

10 comments | Read | Post a Comment

Latest Comment: miketcook, Use your own hot-spot from your phone. Better yet, use it with a USB...

CEO Report Card: Low Grades for Risk Management

Marilyn Cohodas, Community Editor, Dark Reading

Commentary

Dark Reading's latest community poll shows a stunning lack of confidence in chief execs' commitment to cyber security.

By Marilyn Cohodas Community Editor, Dark Reading, 7/18/2014

7 comments | Read | Post a Comment

Latest Comment: Robert McDougal, In my opinion the ideal organization setup for a companies information security...

Government-Grade Stealth Malware In Hands Of Criminals

News

"Gyges" can be bolted onto other malware to hide it from anti-virus, intrusion detection systems, and other security tools.

By Sara Peters , 7/17/2014

12 comments | Read | Post a Comment

Latest Comment: Robert McDougal, I wonder how long until a real war is started as a result of a cyber attack....

Website Hacks Dropped During World Cup Final

Kelly Jackson Higgins, Senior Editor, Dark Reading

Quick Hits

Hackers apparently took time off to watch the Germany-Argentina title match of the 2014 FIFA World Cup.

By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/17/2014

11 comments | Read | Post a Comment

Latest Comment: Robert McDougal, I was wondering the same thing. <sarcasm>I guess the hacker job...

A New Age in Cyber Security: Public Cyberhealth

Commentary

The cleanup aimed at disrupting GameOver Zeus and CryptoLocker offers an instructive template for managing mass cyber infections.

By Brian Foster CTO, Damballa, 7/17/2014

5 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, I totally agree, @Robert. I found the comparison to epidemiology very original...

Ransomware: 5 Threats To Watch

Cyber criminals have kicked it up a notch with nasty malware that locks you out of your machine and holds it for ransom.

By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/17/2014

5 comments | Read | Post a Comment

Latest Comment: Robert McDougal, I volunteer with a few non-profits in my area and unfortunately one of them...

Senate Hearing Calls for Changes to Cybercrime Law

News

In the wake of Microsoft's seizure of No-IP servers and domains, private and public sector representatives met to discuss what can be done to address the problem of botnets.

By Sara Peters , 7/16/2014

10 comments | Read | Post a Comment

Latest Comment: Robert McDougal, I tend to agree with this sentiment. I am seeing many foreign companies...

Passwords & The Future Of Identity: Payment Networks?

Andre Boysen, EVP, Digital Identity Evangelist, SecureKey

Commentary

The solution to the omnipresent and enduring password problem may be closer than you think.

By Andre Boysen EVP, Digital Identity Evangelist, SecureKey, 7/16/2014

17 comments | Read | Post a Comment

Latest Comment: andre.boysen, The issue of concentration risk comes up a lot. I agree that a simple...

Automobile Industry Accelerates Into Security

News

Industry looking at intelligence-sharing platform or an Auto-ISAC in anticipation of more automated, connected -- and vulnerable -- vehicles.

By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/15/2014

13 comments | Read | Post a Comment

Latest Comment: Robert McDougal, I look forward to hearing their insights!

Payment Card Data Theft: Tips For Small Business

Chris Nutt, Director, Incident Response & Malware, Mandiant

Commentary

For small businesses looking to reduce their exposure to data theft the good news is the advantage of being small.

By Chris Nutt Director, Incident Response & Malware, Mandiant, 7/15/2014

7 comments | Read | Post a Comment

Latest Comment: KateN232, The Cloud And Big Data as an important part of small business Using of big...

Tapping Into A Homemade Android Army

Ericka Chickowski, Contributing Writer, Dark Reading

News

Black Hat speaker will detail how security researchers can expedite their work across numerous Android devices at once.

By Ericka Chickowski Contributing Writer, Dark Reading, 7/15/2014

2 comments | Read | Post a Comment

Latest Comment: William L. Lind, Tapping into a homemade android army, as it helps to perform most of the works...

Active Directory Flaw Lets Attackers Change Passwords

Quick Hits

Aorato finds way to compromise Active Directory and change passwords without being noticed by SIEM.

By Sara Peters , 7/15/2014

10 comments | Read | Post a Comment

Latest Comment: Robert McDougal, I believe they view this as a non-issue because it requires physical access...

Google Forms Zero-Day Hacking Team

Quick Hits

'Project Zero' to hunt bugs in all software that touches the Net.

By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/15/2014

3 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, Kelly -- Who has access to the project zero vulnerabiity db? Is it just the...

Dark Reading Radio: Where Do Security Startups Come From?

Tim Wilson, Editor in Chief, Dark Reading

Commentary

This week's radio broadcast will discuss how hot new security companies are born and how they are funded. Showtime is 1:00 p.m. ET.

By Tim Wilson Editor in Chief, Dark Reading, 7/15/2014

2 comments | Read | Post a Comment

Latest Comment: Kelly Jackson Higgins, This is a really intriguing topic. I'm looking forward to getting some insight...

DropCam Vulnerable To Hijacking

News

Researchers at DEF CON to demonstrate flaws in a popular WiFi video monitoring system.

By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/14/2014

8 comments | Read | Post a Comment

Latest Comment: Kelly Jackson Higgins, Physical access is definitely the bottom line with this research, as the Synack...

New GameoverZeuS Variant Found In The Wild

News

A new botnet abandons peer-to-peer communication and may or may not be operated by the one disrupted by Operation Tovar last month.

By Sara Peters , 7/14/2014

0 comments | Read | Post a Comment

How Next-Generation Security Is Redefining The Cloud

Bill Kleyman, National Director of Strategy & Innovation, MTM Technologies

Commentary

Your cloud, datacenter, and infrastructure all contain flexible and agile components. Your security model should be the same.

By Bill Kleyman National Director of Strategy & Innovation, MTM Technologies, 7/14/2014

10 comments | Read | Post a Comment

Latest Comment: QuadStack, @Rick - You're right IoT is going to become a pretty big topic moving forward....

Hacking Password Managers

News

Researchers find four classes of common vulnerabilities in popular password managers and recommend greater industry scrutiny and more automated ways to find vulnerabilities.

By Ericka Chickowski Contributing Writer, Dark Reading, 7/14/2014

12 comments | Read | Post a Comment

Latest Comment: andre.boysen, Password managers are a stop gap measure that makes the best of a bad design....

Attack Campaign Targets Facebook, Dropbox User Credentials

News

The goal of the attackers is not fully clear but the credential theft could set up sophisticated targeted attackers.

By Brian Prince Contributing Writer, Dark Reading, 7/11/2014

4 comments | Read | Post a Comment

Latest Comment: securityaffairs, I agree Robert

More Stories

Current Conversations

Posted by Robert McDougal

In my opinion the ideal organization setup for a companies information security department would be setup this way. The CSO would report directly to the CEO and keep him well informed of the high level threats to the...

In reply to: Re: Compliance != Security
Post Your Own Reply

Posted by Marilyn Cohodas

Thanks for a very interesting blog, Candace. Curious to know if when you mention "it's fashionable nowadays to claim that endpoint security is ineffective" are you referring to quotes from Symantec's execs that antivirus...

In reply to: The endpoint is not dead
Post Your Own Reply

Posted by Marilyn Cohodas

Good point, @Robert McDougal. So in our survey responses, I'm guessing the Org Chart 'checkbox' in this case might lead to Chief of risk / compliance.

In reply to: Re: Compliance != Security
Post Your Own Reply

Posted by Marilyn Cohodas

I totally agree, @Robert. I found the comparison to epidemiology very original and apt with respect to cybersecurity. There has always been a lot of talk about proper security hygiene but using the public health model as...

In reply to: Re: Blueprint for fighting cyber infections
Post Your Own Reply

Posted by Robert McDougal

Not trying to put words in @chriscinfosec's mouth but in my experience sometimes regulations put executives into a check box mentallity. This means that they believe that if they do what the regulation says then they...

In reply to: Re: Compliance != Security
Post Your Own Reply

Posted by Robert McDougal

I wonder how long until a real war is started as a result of a cyber attack. Unfortunately, I think it is only a matter of time. Once that happens, then there will be a cyber warfare treaty.

In reply to: Re: Government-grade? Is that a new explanation on criminal intent by governments?
Post Your Own Reply

Posted by Marilyn Cohodas

Not sure I get your point @chriscinfosec about the relevance (or irrelevance) of PCI-DSS and the reporting structure of the CSO. Can you elaborate?

In reply to: Re: Compliance != Security
Post Your Own Reply

Posted by Robert McDougal

I was wondering the same thing. <sarcasm>I guess the hacker job application form looks something like this: reverse enginering, shell coding, Soccer fan....</sarcasm>

In reply to: Re: What about the Olympics?
Post Your Own Reply

Posted by Robert McDougal

Great Article! Our biggest problem in this fight is the uneducated user. To use a crude analogy, the user's we have today are by and large akin to the populace prior to germ theory. People don't understand proper digital...

In reply to: Re: Blueprint for fighting cyber infections
Post Your Own Reply

Posted by chriscinfosec

How has outdated compliance regimes like PCI DSS negatively impacted the security posture and readiness of organizations? The industry is starting to say "A LOT" -- witness the work that SANS has done for their 20...

In reply to: Compliance != Security
Post Your Own Reply

Posted by Robert McDougal

I volunteer with a few non-profits in my area and unfortunately one of them was completely crippled by the Cryptowall ransomware. We were able to restore most of the data from backup but not all.

In reply to: Re: good overview
Post Your Own Reply

Posted by chriscinfosec

That makes sense.. the evasion/rootkit technique is very sophisticated (nation-state) but the payloads weren't (organized crime trying to make money). We see similar things at Invincea as part of our "malware genome"...

In reply to: Re: from which nation-state?
Post Your Own Reply

More Conversations

Security Insights

Microsoft, No-IP, And The Need For Clarity

The Microsoft vs. No-IP case highlights the need for clear standards of abuse handling and transparency on which service providers measure up.

0 comments
Read | Post a Comment

More Sophos Security Insights

Products & Releases

Global Study: Nearly 30 Percent of Security Professionals Would Completely Overhaul Their Current Enterprise Security System Given Resources & Opportunity

Half of Security Professionals Think Java Applications are Vulnerable to Attacks

ZeroFOX to Spotlight Social Risk Management at Black Hat 2014

Solutionary SERT 2014 Q2 Threat Intelligence Report: Amazon-Hosted Malware Nearly Triples in First Half 2014

39 Percent of IT Organizations Experienced More Than Two Significant Security Incidents

General Dynamics Fidelis Cybersecurity Solutions Joins Forces with Microsoft to Further Protect Customers

NIST Advisory Group Releases Report on Cryptography Expertise and Standards Process

Avira Opens R&D Digital Security Lab in Northern California

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

Passwords & The Future Of Identity: Payment Networks?

Andre Boysen, EVP, Digital Identity Evangelist, SecureKey, 7/16/2014

Automobile Industry Accelerates Into Security

Kelly Jackson Higgins, Senior Editor, Dark Reading, 7/15/2014

Government-Grade Stealth Malware In Hands Of Criminals

Sara Peters 7/17/2014

Live Events

Webinars

More UBM Tech
Live Events

Join the Conference for 4G/LTE Professionals at CTIA

Come to Interop New York, Sept 29 - Oct 3, 2014

Learn to Maximize Your Next-Gen Network Investments

Dark Reading Radio

Archived Dark Reading Radio

Cyber Security’s Hottest Startups – And How They Get That Way

Where do information security startups come from? More important, how can I tell a good one from a flash in the pan? Learn how to separate ITSec wheat from chaff in this episode.

FULL SCHEDULE | ARCHIVED SHOWS

Flash Poll

All Polls

White Papers

Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk

Creating the Best-of-Breed DDI Solution in a Microsoft Environment

Designing a Secure DNS Architecture

Preventing Data Center Downtime

Visibility for Converged Infrastructure Solutions

More White Papers

Current Issue

Dark Reading Must Reads July 15, 2014

Download This Issue!

Subscribe Now!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2014-4734

Published: 2014-07-21
Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107 2.0 alpha2 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter.

CVE-2014-4960

Published: 2014-07-21
Multiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x through 4.1.7, and possibly 3.x, for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) listid or (2) themeid parameter to index.php.

CVE-2014-5016

Published: 2014-07-21
Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 140618 allow remote attackers to inject arbitrary web script or HTML via (1) the pid attribute to the getAttribute_json function to application/controllers/admin/participantsaction.php in CPDB, (2) the sa parameter to appl...

CVE-2014-5017

Published: 2014-07-21
SQL injection vulnerability in CPDB in application/controllers/admin/participantsaction.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to execute arbitrary SQL commands via the sidx parameter in a JSON request to admin/participants/sa/getParticipants_json, related to a search parameter...

CVE-2014-5018

Published: 2014-07-21
Incomplete blacklist vulnerability in the autoEscape function in common_helper.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to conduct cross-site scripting (XSS) attacks via the GBK charset in the loadname parameter to index.php, related to the survey resume.

Best of the Web

Secondhand Point-o-Sale Terminal Was Horrific Security Midden

US Government Conducts Largest Cyber-Defense Exercise To Protect Critical Infrastructure

A Tough Corporate Job Asks One Question: Can You Hack It?

A Conversation With Edward Snowden

WSJ's Facebook Page Hacked With Fake Air Force One News

Reports

Infographics

DevOps’ Impact on Application Security

Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.

Download Now!

More Reports

Slideshows

Ransomware: 5 Threats To Watch

5 comments | Read | Post a Comment

6 Things That Stink About SSL

Hacker Movies We Love & Hate