Dark Reading | Security | Protect The Business

Advertise With Us

About Us

Digital Subscription

NFL Mobile Sports App Contains Super Bowl-Sized Vulns

Small Changes Can Make A Big Difference In Tech Diversity

Gas Stations Urged To Secure Internet-Exposed Fuel Tank Devices

Top Stories

NFL Mobile Sports App Contains Super ...

Small Changes Can Make A Big Difference ...

Why Iran Hacks

Gas Stations Urged To Secure ...

Cartoon: End-User Ed

News & Commentary

Takeaways from International Data Privacy Day: The Internet of Things

Event looks at the future of data use and how we can – and should – protect personal privacy.

By Lorie Wigle Vice President, General Manager IOT Security Solutions, Intel Security Group, 1/30/2015

0 comments | Read | Post a Comment

ZeroAccess Click-Fraud Botnet Back In Action Again

Sara Peters, Senior Editor at Dark Reading

News

After a six-month hiatus, the much-diminished P2P botnet is up to its old tricks.

By Sara Peters Senior Editor at Dark Reading, 1/29/2015

0 comments | Read | Post a Comment

Why Iran Hacks

Mike Walls, Managing Director Security Operations & Analysis, EdgeWave

Commentary

Iran is using its increasingly sophisticated cyber capabilities to minimize Western influence and establish itself as the dominant power in the Middle East.

By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 1/29/2015

5 comments | Read | Post a Comment

Latest Comment: BertrandW414, To understand US relations with Iran let's not stop at 1979 but go back to...

'Ghost' Not So Scary After All

Kelly Jackson Higgins, Executive Editor at Dark Reading

Quick Hits

The latest open-source Linux vulnerability is serious but some security experts say it's not that easy to abuse and use in an attack.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/28/2015

5 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, Good point, @Joe Stanganelli. But outside the issue of secure application software...

Small Changes Can Make A Big Difference In Tech Diversity

Commentary

There’s no doubt that many employers feel most comfortable hiring people like themselves. But in InfoSec, this approach can lead to stagnation.

By Lysa Myers Security Researcher, ESET, 1/28/2015

1 Comment | Read | Post a Comment

Latest Comment: Lital Asher-Dotan, I work at Cybereason (www.cybereason.com), a cyber-security startup which as...

Half Of Enterprises Worldwide Hit By DDoS Attacks, Report Says

News

New data illustrates how distributed denial-of-service (DDoS) attacks remain a popular attack weapon -- and continue to evolve.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/27/2015

2 comments | Read | Post a Comment

Latest Comment: Kelly Jackson Higgins, Hi @RyanSepe. Arbor's report shows DNS amplfication attacks dropping a bit...

WiIl Millennials Be The Death Of Data Security?

Commentary

Millennials, notoriously promiscuous with data and devices, this year will become the largest generation in the workforce. Is your security team prepared?

By Chris Rouland Founder & CEO, Bastille, 1/27/2015

28 comments | Read | Post a Comment

Latest Comment: Pragmatic_Security, In my typographical errors I've invented a new, awesome word.. "Proglems". 'Proglems...

NFL Mobile Sports App Contains Super Bowl-Sized Vulns

Ericka Chickowski, Contributing Writer, Dark Reading

News

Lack of protections puts users at risk of exposed information by way of man-in-the-middle attacks.

By Ericka Chickowski Contributing Writer, Dark Reading, 1/27/2015

9 comments | Read | Post a Comment

Latest Comment: Broadway0474, sonofsaf, a "stampede"? Did I miss something? How would that be generated?...

Gas Stations Urged To Secure Internet-Exposed Fuel Tank Devices

News

Researchers find more than 5,000 US gas stations' automated tank gauges unprotected on the public Internet and open to hackers.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/26/2015

9 comments | Read | Post a Comment

Latest Comment: Kelly Jackson Higgins, @Joe Stanganelli, their suppliers (oil companies) and partners (environmental...

Power Consumption Technology Could Help Enterprises Identify Counterfeit Devices

Tim Wilson, Editor in Chief, Dark Reading

Commentary

Understanding a device's "power fingerprint" might make it possible to detect security anomalies in Internet of Things as well, startup says

By Tim Wilson Editor in Chief, Dark Reading, 1/26/2015

1 Comment | Read | Post a Comment

Latest Comment: Marilyn Cohodas, Fascinating blog, Tim. Very cool intrusion detection technology. Seems like...

Security Skills Shortage? Don’t Panic!

Focus your energies on building a comprehensive security strategy and turning to experts for guidance.

By Carric Dooley WW VP of Foundstone Services, Intel Security, 1/26/2015

5 comments | Read | Post a Comment

latest comment Marilyn Cohodas I like that idea of having a hacker actually demonstrate how easy it is for...

Adobe Fixes Second Flash Flaw Exploited By Angler

News

Second 0-day fix addresses UAF vulnerability.

By Ericka Chickowski Contributing Writer, Dark Reading, 1/26/2015

1 Comment | Read | Post a Comment

Latest Comment: Kelly Jackson Higgins, http://helpx.adobe.com/security/products/flash-player/apsb15-03.html

Building A Cybersecurity Program: 3 Tips

Jason Sachowski, Senior Forensic Investigator, Scotiabank

Commentary

Getting from “we need” to “we have” a cybersecurity program is an investment in time and resources that’s well worth the effort.

By Jason Sachowski Senior Forensic Investigator, Scotiabank, 1/26/2015

6 comments | Read | Post a Comment

Latest Comment: JGarner721, The most valuable asset to an organization is the informational assets. If...

Growing Open Source Use Heightens Enterprise Security Risks

News

Companies often have little clue about the extent of third-party code in the enterprise or the risks it poses, security experts say

By Jai Vijayan Freelance writer, 1/23/2015

10 comments | Read | Post a Comment

Latest Comment: Jon M. Kelley, I keep seeing discussions about commercial versus open source software, but...

Why Russia Hacks

Commentary

Conventional wisdom holds that Russia hacks primarily for financial gain. But equally credible is the belief that the Russians engage in cyberwarfare to further their geopolitical ambitions.

By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 1/23/2015

16 comments | Read | Post a Comment

Latest Comment: lynnbr2, Russia & China both have a long history of hacking for over fifty years....

Diverse White Hat Community Leads To Diverse Vuln Disclosures

News

Researchers at Penn State find that courting new bug hunters is just as important as rewarding seasoned ones.

By Sara Peters Senior Editor at Dark Reading, 1/22/2015

6 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, The key to the success of these bug-bounty programs relies on the credibility...

The Internet of Abused Things

We need to find ways to better secure the Internet of Things, or be prepared to face the consequences.

By Liviu Arsene Senior E-threat Analyst, Bitdefender, 1/22/2015

0 comments | Read | Post a Comment

NSA Report: How To Defend Against Destructive Malware

Quick Hits

In the wake of the Sony breach, spy agency's Information Assurance Directorate (IAD) arm provides best practices to mitigate damage of data annihilation attacks.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/22/2015

3 comments | Read | Post a Comment

Latest Comment: macker490, 1. use a secure O/S. 2. look into using Named Spaces remember that in implementing...

What Government Can (And Can’t) Do About Cybersecurity

Jeff Williams, CTO, Aspect Security & Contrast Security

Commentary

In his 2015 State of the Union address, President Obama introduced a number of interesting, if not terribly novel, proposals. Here are six that will have minimal impact.

By Jeff Williams CTO, Aspect Security & Contrast Security, 1/22/2015

18 comments | Read | Post a Comment

Latest Comment: BrianY331, I think that the assumption that the government knows anything more about solving...

Protect Yourself by Protecting Others

How the consumerization of IT is affecting endpoint security.

By Candace Worley SVP & GM, Endpoint Security Business, Intel Security, 1/22/2015

0 comments | Read | Post a Comment

More Stories

Current Conversations

Posted by Pragmatic_Security

In my typographical errors I've invented a new, awesome word.. "Proglems". 'Proglems = Progressive Problems' Sometimes when you fail, something awesome happens.

In reply to: Re: More connected or less concerned?
Post Your Own Reply

Posted by Marilyn Cohodas

Get with it guys, who doesn't want new proglems to solve?.. Isn't this the whole reason we got into the field? Definitely represents a lot of job security, for sure!

In reply to: Re: More connected or less concerned?
Post Your Own Reply

Posted by Marilyn Cohodas

Good point, @Joe Stanganelli. But outside the issue of secure application software development is the issue of patching, especially in this particular instance where there a patch is available for all of the affected Linux...

In reply to: Re: open-source bug exposure
Post Your Own Reply

Posted by Broadway0474

sonofsaf, a "stampede"? Did I miss something? How would that be generated? I am not poking fun ... just curious how we went from an app vulnerability to people getting crushed to death like they're at an English soccer m...

In reply to: Re: artificially generated stampedes
Post Your Own Reply

Posted by Joe Stanganelli

I love the defense of flawed open source so many throw up that's basically, "Don't blame the developers! They're just six unpaid guys who live in a trailer park, and one of them doesn't even have thumbs."Would...

In reply to: Re: open-source bug exposure
Post Your Own Reply

Posted by Joe Stanganelli

Not to be pedantic, but the very nature of such generalization makes it ageist, just as one's prejudice would show if one made the same generalizations about race, ethnicity, religion, or whatnot.

In reply to: Re: OK, Joe
Post Your Own Reply

Posted by Joe Stanganelli

@ODA155: That's a really good point, and the story reminds me of security advice I read once (and, indeed, this is something that security auditors sometimes do): Send a phishing-like email to your staff, and whomever opens...

In reply to: Re: Ok Millennials, defend yourselves!
Post Your Own Reply

Posted by ScottJGoldman

FULL DISCLOSURE: I am the co-founder and CEOMof TextPower, the company mentioned in this article that developed the patented technology. To be clear, our system does use a cell phone to send text messages but there are...

In reply to: Re: What's so bad about passwords?
Post Your Own Reply

Posted by BertrandW414

To understand US relations with Iran let's not stop at 1979 but go back to 1953. That's when the CIA had Teddy Roosevelt's grandson, Kermit Roosevelt Jr., orchestrate the overthrow of Iran's President in Operation Ajax....

In reply to: Let's go back a little further in history...
Post Your Own Reply

Posted by Marilyn Cohodas

Just made that link live, @LucasZa. Thanks for sharing it!

In reply to: Re: "Axis of Evil" cooperation and cyber capabilities
Post Your Own Reply

Posted by mwallsedgewave

Thanks for the suggestion...Ill do that!

In reply to: Re: "Axis of Evil" cooperation and cyber capabilities
Post Your Own Reply

Posted by LucasZa

Speaking of that and N Korea's cyber capabilities, I suggest reading blog posts and whitepapers published by Bruce Bennett. N Korea's cyber capabilities are far greater than we thought. N Korea and Iran are good examples...

In reply to: "Axis of Evil" cooperation and cyber capabilities
Post Your Own Reply

More Conversations

Products & Releases

IBM Research Announces Cloud Breakthrough For Protecting Personal Data

ZeroFOX Acquires Vulnr

Proofpoint Releases Enterprise Protection Suite 8.0, Advances Email Security Leadership

Virtru Announces General Availability of its Encrypted Email and Digital Privacy Service

Ed Survey Results: Insider Threats

Verizon Announces Security Enhancement for IoT Deployments

New Patent Eliminates Passwords

CYBERTECH SPONSORING “DATA PRIVACY DAY 2015: SECURING THE INTERNET OF THINGS” NATIONAL SEMINAR

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

WiIl Millennials Be The Death Of Data Security?

Chris Rouland, Founder & CEO, Bastille, 1/27/2015

Growing Open Source Use Heightens Enterprise Security Risks

Jai Vijayan, Freelance writer, 1/23/2015

Gas Stations Urged To Secure Internet-Exposed Fuel Tank Devices

Kelly Jackson Higgins, Executive Editor at Dark Reading, 1/26/2015

Partner Perspectives

What's This?

Takeaways from International Data Privacy Day: The Internet of Things

Event looks at the future of data use and how we can - and should - protect personal privacy. Read >>

Security Skills Shortage? Don’t Panic!

5 comments

Protect Yourself by Protecting Others

0 comments

More Stories

Live Events

Webinars

More UBM Tech
Live Events

Join Security Experts at Black Hat Asia 2015

Cyber Security Crash Course - One Day Summit Led by Dark Reading Editors

Solving Business Problems with Neural Networks

Cartoon

Latest Comment: I want to know where to get a tablet with that large a screen!(Maybe they're the old "convertibles.")

Cartoon Archive

Dark Reading Radio

Archived Dark Reading Radio

The Sony Hack: A Security Community Discussion

If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.

FULL SCHEDULE | ARCHIVED SHOWS

White Papers

Capitalizing On Big Data: Managed Services Help Financial Firms Accelerate Big Data Projects

Advanced Cyber Attacks - Is Your Org Ready?

2015 Security Predictions Report

7 Stages of Advance Threats

Secure Application Delivery for a Mobile Workforce

More White Papers

Current Issue

Dark Reading Tech Digest, Dec. 19, 2014

Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.

Download This Issue!

Subscribe Now!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2014-4467

Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site.

CVE-2014-4476

Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulner...

CVE-2014-4477

CVE-2014-4479

CVE-2014-4480

Published: 2015-01-30
Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.

Best of the Web

This 125-Year-old Letter Sheds New Light On the Word ‘Hack’

Dutch judge allows alleged “sophisticated” Russian hacker to be sent to US

IBM punts cryptotastic cloudy ID verification services

iTunes Connect taken offline as bug causes users to log in to wrong accounts

US Firms Concerned About China's New Cyber Regulations

Reports

Infographics

10 Recommendations for Outsourcing Security

Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?

Download Now!

Title Partner’s Role in Perimeter Security

0 comments

Threat Intel Today

0 comments

DevOps’ Impact on Application Security

0 comments

More Reports