Dark Reading | Security | Protect The Business

IW Home

Advertise With Us

About Us

Digital Subscription

Venture Capital: The Lifeblood Behind Security Innovation

Intelligence-Sharing Suffers Growing Pains

Android Heartbleed Alert: 150 Million Apps Still Vulnerable

Workplace Data Privacy Vs. Security: The New Balance

Top Stories

Venture Capital: The Lifeblood Behind ...

Intelligence-Sharing Suffers Growing Pains

Android Heartbleed Alert: 150 Million ...

Workplace Data Privacy Vs. Security: The ...

Michaels Data Breach Response: 7 Facts

News & Commentary

Employees Slacking on Security of Their Mobile Devices

Kelly Jackson Higgins, Senior Editor, Dark Reading

Quick Hits

A survey says that 15% say they had a password compromised.

By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/24/2014

0 comments | Read | Post a Comment

FBI Informant Sabu Tied To Foreign Attacks

News

Report triggers questions about FBI's apparent use of a zero-day vulnerability, and whether campaign was designed to amass intelligence on foreign targets.

By Mathew J. Schwartz , 4/24/2014

1 Comment | Read | Post a Comment

Latest Comment: Lorna Garey, This does seem like the million dollar question: "He has long questioned why...

Venture Capital: The Lifeblood Behind Security Innovation

Tim Wilson, Editor in Chief, Dark Reading

News

Want to know where the next generation of IT security innovation and technology is coming from? Follow the money.

By Tim Wilson Editor in Chief, Dark Reading, 4/24/2014

7 comments | Read | Post a Comment

Latest Comment: DarkReadingTim, I agree that intelligence sharing is a huge problem, Lorna, but I don't think...

Report: Some Retail Firms Still Don't Recognize Cyber Security Risks

Quick Hits

Nearly 10 percent of retail firms have not reported any cyber security exposure to the SEC since 2011, Willis Group says.

By Tim Wilson Editor in Chief, Dark Reading, 4/24/2014

1 Comment | Read | Post a Comment

Latest Comment: RyanSepe, For the companies that can't use third party security vendors or many detection/prevention...

How To Detect Heartbleed Mutations

Chris Chapman, Senior Methodologist, Spirent Communications

Commentary

The nightmare of Heartbleed is not the chaos of fixing the bug. It's identifying hundreds, possibly thousands, of small mutations still hiding in the network.

By Chris Chapman Senior Methodologist, Spirent Communications, 4/24/2014

1 Comment | Read | Post a Comment

Latest Comment: Marilyn Cohodas, Curious to know if anyone in the Dark Reading Community has moved beyond Heartbleed...

Intelligence-Sharing Suffers Growing Pains

News

For most organizations, intelligence-sharing remains mainly ad-hoc and informal -- and thus fraught with frustration and pitfalls, new report from Ponemon finds.

By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/23/2014

3 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, On fire, probably, I would imagine. It will be interesting to see what they...

Android Heartbleed Alert: 150 Million Apps Still Vulnerable

News

Android developers are starting to patch OpenSSL flaws. Meanwhile, Apple ships an SSL fix for iOS and OS X.

By Mathew J. Schwartz , 4/23/2014

3 comments | Read | Post a Comment

Latest Comment: micjustin33, There are SSL/Crypto implementations in languages other than C.OpenSSL was...

Workplace Data Privacy Vs. Security: The New Balance

David Melnick, Founder & CEO, WebLife Balance

Commentary

Is it time to rethink the traditional lock-down approach to employee use of corporate networks at work?

By David Melnick Founder & CEO, WebLife Balance, 4/23/2014

10 comments | Read | Post a Comment

Latest Comment: Medicalquack, If you have not seen it...worth a read as the world is looking at the US and...

Michaels Data Breach Response: 7 Facts

News

Could the retailer have done more to spot the eight-month intrusion in the first place?

By Mathew J. Schwartz , 4/22/2014

4 comments | Read | Post a Comment

Latest Comment: Duane T, While the point made about sharing is valid, the article also states that the...

Bots Attack US Mainly During Dinnertime

Quick Hits

Most bot-infected machines hail from the US and wage attacks there between 6 and 9 p.m. Eastern Time, new report finds.

By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/22/2014

8 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, They are both evil. That's for sure.

7 Tips To Improve 'Signal-to-Noise' In The SOC

Joshua Goldfarb, CSO, nPulse Technologies

Commentary

When security analysts are desensitized to alerts because of sheer volume, they miss the true positives that can prevent a large-scale data breach. Here's how to up your game.

By Joshua Goldfarb CSO, nPulse Technologies, 4/22/2014

4 comments | Read | Post a Comment

Latest Comment: jg@npulsetech.com, Another excellent question Marilyn, thank you. Gut feelings, or put another...

Free Scanning Tool Promises To Find Heartbleed On Any Device

Quick Hits

CrowdStrike says tool identifies the flaw on web servers, VPNs, servers, routers, printers, and phones.

By Tim Wilson Editor in Chief, Dark Reading, 4/22/2014

5 comments | Read | Post a Comment

Latest Comment: DarkReadingTim, While there has been some criticism of the free Heartbleed scanners' ability...

Stolen Passwords Used In Most Data Breaches

News

New Verizon 2014 Data Breach Investigations Report identifies nine types of attack patterns that accounted for 93 percent of security incidents in the past decade.

By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/22/2014

11 comments | Read | Post a Comment

Latest Comment: ChrisB093, Despite the widespread occurance and high profile too many corporations are...

FAQ: Understanding The True Price of Encryption

Commentary

In the wake of recent events like Heartbleed, the search for cost-effective, easy, and scalable encryption solutions has never been more important.

By Sol Cates CSO, Vormetric, 4/21/2014

5 comments | Read | Post a Comment

Latest Comment: theb0x, I'm surpsied there are still software companies that actively utilize encryption...

Heartbleed Attack Targeted Enterprise VPN

News

Attack spotted using the OpenSSL Heartbleed bug to steal session tokens and bypass two-factor authentication.

By Mathew J. Schwartz , 4/21/2014

2 comments | Read | Post a Comment

Latest Comment: AmmarNaeem, The Heartbleed bug is making headlines people! CNN Money reported yesterday...

Michaels Retail Chain Reveals Details Of Breach: Nearly 3M Affected

Quick Hits

Attack on point-of-sale systems went on for more than six months, officials say.

By Tim Wilson Editor in Chief, Dark Reading, 4/18/2014

4 comments | Read | Post a Comment

Latest Comment: DarkReadingTim, Agreed, Robert. Michaels did not give details on the malware itself,...

Poll: Dark Reading Community Acts On Heartbleed

Marilyn Cohodas, Community Editor, Dark Reading

Commentary

Roughly 60 percent of respondents to our flash poll have installed the Heartbeat fix or are in the process of doing so.

By Marilyn Cohodas Community Editor, Dark Reading, 4/18/2014

2 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, Paul, In terms of our poll, do you think the fact that only 30 percent...

Heartbleed: A Password Manager Reality Check

News

Is a password manager an effective defense against vulnerabilities like Heartbleed, or just another way to lose data to hackers?

By Mathew J. Schwartz , 4/18/2014

13 comments | Read | Post a Comment

Latest Comment: Markus5, I use Sticky Password. These guys are great, secure and cheap. However nice...

Phishers Recruit Home PCs

Brian Prince, Contributing Writer, Dark Reading

News

Residential broadband machines spotted hosting phishing attacks.

By Brian Prince Contributing Writer, Dark Reading, 4/18/2014

5 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, It's hard for me to imagine that users who already have difficulty managing...

SQL Injection Cleanup Takes Two Months or More

Quick Hits

A new report highlights the prevalence and persistence of SQL injection attacks.

By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/17/2014

1 Comment | Read | Post a Comment

Latest Comment: Marilyn Cohodas, Interesting data, Kelly. Wondering if the Ponemon study quantified any of the...

More Stories

Current Conversations

Posted by DarkReadingTim

I agree that intelligence sharing is a huge problem, Lorna, but I don't think the startups are going to solve that problem -- most of them are having a tough time just staying above water. However, I am interested in the...

In reply to: Re: Lighthouse Clients Are Pure Gold
Post Your Own Reply

Posted by Lorna Garey

Tim, do you think these VCs could encourage the data sharing that's so pitifully lacking among big security vendors today? I get that intel on a new threat is seen by marketing as competitive advantage, but a lack of shared...

In reply to: Re: Lighthouse Clients Are Pure Gold
Post Your Own Reply

Posted by Lorna Garey

This does seem like the million dollar question: "He has long questioned why the government was using hackers that it was trying to entrap to also hack into foreign websites." The suggestion being that the FBI figured it...

In reply to: Stranger things ...
Post Your Own Reply

Posted by RyanSepe

Great point Marilyn. I didn't even think of this from the enterprise perspective. The risk that an enterprise leverages a startup for their services and then they go out of business is tremendous. I would imagine this is...

In reply to: Re: Risk Evaluation
Post Your Own Reply

Posted by Marilyn Cohodas

On fire, probably, I would imagine. It will be interesting to see what they come up with up. Looking forward to your reporting about it, Kelly.

In reply to: Re: Intel-sharing -- seems like a no brainer for retail
Post Your Own Reply

Posted by Kelly Jackson Higgins

It's not clear why they were laggards in this, but they will have something in place soon. The heat is on.

In reply to: Re: Intel-sharing -- seems like a no brainer for retail
Post Your Own Reply

Posted by Marilyn Cohodas

Curious to know if anyone in the Dark Reading Community has moved beyond Heartbleed security patches on to servers to advanced testing for mutations....

In reply to: Testing for Heartbleed mutations, anyone?
Post Your Own Reply

Posted by Marilyn Cohodas

It's hard for me to understand why -- after the recent spate of data breaches at Target, Michaels etc.. -- the retail industry isn't rushing forward to create industry-wide intelligence-sharing mechanisms. I suppose...

In reply to: Intel-sharing -- seems like a no brainer for retail
Post Your Own Reply

Posted by Marilyn Cohodas

Fascinating articke and interesting point about risk, Ryan. It makes me wonder how many of these security startups will survive. If this is indeed a paradigm shift for the security industry, will a security startup have...

In reply to: Re: Risk Evaluation
Post Your Own Reply

Posted by DarkReadingTim

Thanks Craig, agreed -- In part 2 next week, I'll discuss some of the ways that enterprises, startups and venture capital firms can work together in ways that are helpful to all three. Thanks for your feedback!

In reply to: Re: Lighthouse Clients Are Pure Gold
Post Your Own Reply

Posted by Craig Carpenter, AccessData

Nice article Tim, I think you nailed it. The market is definitely a fun and exciting place to be right now, mostly because customer pain points are real and new and exciting technology is emerging to address them. Of...

In reply to: Lighthouse Clients Are Pure Gold
Post Your Own Reply

Posted by RyanSepe

For the companies that can't use third party security vendors or many detection/prevention tools it should be noted that policy, access management and infrastructure are advocates towards one can be added safeguards. Granted...

In reply to: Limited Resources
Post Your Own Reply

More Conversations

Security Insights

Preying On A Predator

Mac OS X Snow Leopard is perfectly positioned to be the next target for cybercriminals.

0 comments
Read | Post a Comment

More Sophos Security Insights

Products & Releases

Authentic8 Enhances Silo for Heartbleed

SecureAuth IdP Qualifies For Microsoft Office 365 Qualification

NIST Removes Cryptography Algorithm from Random Number Generator Recommendations

Black Lotus Threat Report Predicts New DrDoS Attacks in Excess of 800 Gbps in 2015

Cloud Control: Launch of Entrust IdentityGuard Cloud Services Simplifies Certificate Management, Credentialing

Verizon Expands Cloud Solutions, With Secure Cloud Interconnect

Mocana Calls Heartbleed a “Wake-Up Call” for Makers of Smart Connected Devices

HID Global Security Survey and Infographic Reveal Attitudes about Best Practices for Physical Access Control

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

Heartbleed: A Password Manager Reality Check

Mathew J. Schwartz 4/18/2014

Stolen Passwords Used In Most Data Breaches

Kelly Jackson Higgins, Senior Editor, Dark Reading, 4/22/2014

Workplace Data Privacy Vs. Security: The New Balance

David Melnick, Founder & CEO, WebLife Balance, 4/23/2014

Live Events

Webinars

More UBM Tech
Live Events

Enterprise Connect Lync Tour

Tower & Small Cell Summit

Cartoon

Latest Comment: #Win: "I don't move my lips while typing"

Cartoon Archive

White Papers

Improving Shared Service and SLA Accountability through APM

Key Methods for Managing Complex Database Environments

Consolidation: The Foundation for IT Business Transformation

Build a Business Case: Developing Custom Apps

The New IT

More White Papers

Current Issue

Dark Reading April 2014

Download This Issue!

Subscribe Now!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2012-3946

Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723

Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738

Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188

Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391

Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web

Apache Warns of Faulty Zero Day Patch for Struts

CloudFlare Launches Bug Bounty Program

AIG cyber insurance covers bodily harm

Servers provided by Amazon’s Cloud IaaS have vulnerabilities

Mozilla Creates $10K Bug Bounty Program for New Certificate Verification Library

Reports

Infographics

Containing Corporate Data on Mobile Devices

If you’re still focused on securing endpoints, you’ve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.

Download Now!

More Reports