Dark Reading | Security | Protect The Business

Advertise With Us

About Us

Digital Subscription

CEO Report Card: Low Grades for Risk Management

Dark Reading Radio: Where Do Security Startups Come From?

Payment Card Data Theft: Tips For Small Business

A New Age in Cyber Security: Public Cyberhealth

Top Stories

CEO Report Card: Low Grades for Risk ...

Dark Reading Radio: Where Do Security ...

6 Things That Stink About SSL

Payment Card Data Theft: Tips For Small ...

A New Age in Cyber Security: Public ...

News & Commentary

7 Black Hat Sessions Sure To Cause A Stir

At Black Hat, researchers will point out the weaknesses in everything from the satellites in outer space to the thermostat in your home.

By Ericka Chickowski Contributing Writer, Dark Reading, 7/22/2014

4 comments | Read | Post a Comment

Latest Comment: CraigB159, Hi Ryan - you can find more information on Ruben's SATCOM presentation here: http://blog.ioactive.com/2014/04/a-wake-up-call-for-satcom-security.html...

Nigerian 419 Scammers Evolving Into Malware Pushers (But Not Very Good Ones)

Quick Hits

"Silver Spaniel" attacks use commodity malware to damage others' security, but they aren't very good at protecting their own.

By Sara Peters , 7/22/2014

1 Comment | Read | Post a Comment

Latest Comment: RyanSepe, Some of this was actually quite comical. But on a serious note, to confirm...

Infographic: With BYOD, Mobile Is The New Desktop

Commentary

Security teams have no choice but to embrace the rapid proliferation of BYO devices, apps, and cloud services. To ignore it is to put your head in the sand.

By Adam Ely COO, Bluebox, 7/22/2014

3 comments | Read | Post a Comment

Latest Comment: RyanSepe, The bottom of the infographic is what I deal with most at my enterprise. The...

Black Hat Speaker: Don't Overestimate EMV Protections, Underestimate Card Thief Sophistication

News

AccessData researcher will offer up crash course in card payment tech and protections to root out security community misconceptions

By Ericka Chickowski Contributing Writer, Dark Reading, 7/21/2014

1 Comment | Read | Post a Comment

Latest Comment: macker490, Fixing the Point of Sale Terminal (POST)THINK: when you use your card: you...

Internet of Things: Security For A World Of Ubiquitous Computing

Candace Worley, SVP & GM, Endpoint Security, McAfee

Commentary

Endpoint security is hardly dead, and claiming that it is oversimplifies the challenges corporations face now and in the not-very-distant future.

By Candace Worley SVP & GM, Endpoint Security, McAfee, 7/21/2014

2 comments | Read | Post a Comment

Latest Comment: RyanSepe, I think as malware evolves so must endpoint. I have seen crowdstrike adapt...

Hacking Your Hotel Room

Brian Prince, Contributing Writer, Dark Reading

News

At Black Hat USA next month, a researcher will show how to hack your way into controlling everything in a hotel room -- from lighting to television sets.

By Brian Prince Contributing Writer, Dark Reading, 7/18/2014

11 comments | Read | Post a Comment

Latest Comment: Robert McDougal, I never use wi-fi in public places if I can help it. The reason is simple,...

CEO Report Card: Low Grades for Risk Management

Marilyn Cohodas, Community Editor, Dark Reading

Commentary

Dark Reading's latest community poll shows a stunning lack of confidence in chief execs' commitment to cyber security.

By Marilyn Cohodas Community Editor, Dark Reading, 7/18/2014

12 comments | Read | Post a Comment

Latest Comment: Robert McDougal, While I agree having everyone accountable is an ideal situation I would still...

Government-Grade Stealth Malware In Hands Of Criminals

News

"Gyges" can be bolted onto other malware to hide it from anti-virus, intrusion detection systems, and other security tools.

By Sara Peters , 7/17/2014

12 comments | Read | Post a Comment

Latest Comment: Robert McDougal, I wonder how long until a real war is started as a result of a cyber attack....

Website Hacks Dropped During World Cup Final

Kelly Jackson Higgins, Senior Editor, Dark Reading

Quick Hits

Hackers apparently took time off to watch the Germany-Argentina title match of the 2014 FIFA World Cup.

By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/17/2014

14 comments | Read | Post a Comment

Latest Comment: Dr.T, They may really be watching that, it may even be less attacks during that time...

A New Age in Cyber Security: Public Cyberhealth

Commentary

The cleanup aimed at disrupting GameOver Zeus and CryptoLocker offers an instructive template for managing mass cyber infections.

By Brian Foster CTO, Damballa, 7/17/2014

5 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, I totally agree, @Robert. I found the comparison to epidemiology very original...

Ransomware: 5 Threats To Watch

Cyber criminals have kicked it up a notch with nasty malware that locks you out of your machine and holds it for ransom.

By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/17/2014

5 comments | Read | Post a Comment

Latest Comment: Robert McDougal, I volunteer with a few non-profits in my area and unfortunately one of them...

Senate Hearing Calls for Changes to Cybercrime Law

News

In the wake of Microsoft's seizure of No-IP servers and domains, private and public sector representatives met to discuss what can be done to address the problem of botnets.

By Sara Peters , 7/16/2014

10 comments | Read | Post a Comment

Latest Comment: Robert McDougal, I tend to agree with this sentiment. I am seeing many foreign companies...

Passwords & The Future Of Identity: Payment Networks?

Andre Boysen, EVP, Digital Identity Evangelist, SecureKey

Commentary

The solution to the omnipresent and enduring password problem may be closer than you think.

By Andre Boysen EVP, Digital Identity Evangelist, SecureKey, 7/16/2014

17 comments | Read | Post a Comment

Latest Comment: andre.boysen, The issue of concentration risk comes up a lot. I agree that a simple...

Automobile Industry Accelerates Into Security

News

Industry looking at intelligence-sharing platform or an Auto-ISAC in anticipation of more automated, connected -- and vulnerable -- vehicles.

By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/15/2014

13 comments | Read | Post a Comment

Latest Comment: Robert McDougal, I look forward to hearing their insights!

Payment Card Data Theft: Tips For Small Business

Chris Nutt, Director, Incident Response & Malware, Mandiant

Commentary

For small businesses looking to reduce their exposure to data theft the good news is the advantage of being small.

By Chris Nutt Director, Incident Response & Malware, Mandiant, 7/15/2014

7 comments | Read | Post a Comment

Latest Comment: KateN232, The Cloud And Big Data as an important part of small business Using of big...

Tapping Into A Homemade Android Army

News

Black Hat speaker will detail how security researchers can expedite their work across numerous Android devices at once.

By Ericka Chickowski Contributing Writer, Dark Reading, 7/15/2014

2 comments | Read | Post a Comment

Latest Comment: William L. Lind, Tapping into a homemade android army, as it helps to perform most of the works...

Active Directory Flaw Lets Attackers Change Passwords

Quick Hits

Aorato finds way to compromise Active Directory and change passwords without being noticed by SIEM.

By Sara Peters , 7/15/2014

11 comments | Read | Post a Comment

Latest Comment: kobriencl, At some point, perhaps it makes sense to simply move on from Active Directory...

Google Forms Zero-Day Hacking Team

Quick Hits

'Project Zero' to hunt bugs in all software that touches the Net.

By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/15/2014

3 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, Kelly -- Who has access to the project zero vulnerabiity db? Is it just the...

Dark Reading Radio: Where Do Security Startups Come From?

Tim Wilson, Editor in Chief, Dark Reading

Commentary

This week's radio broadcast will discuss how hot new security companies are born and how they are funded. Showtime is 1:00 p.m. ET.

By Tim Wilson Editor in Chief, Dark Reading, 7/15/2014

2 comments | Read | Post a Comment

Latest Comment: Kelly Jackson Higgins, This is a really intriguing topic. I'm looking forward to getting some insight...

DropCam Vulnerable To Hijacking

News

Researchers at DEF CON to demonstrate flaws in a popular WiFi video monitoring system.

By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/14/2014

8 comments | Read | Post a Comment

Latest Comment: Kelly Jackson Higgins, Physical access is definitely the bottom line with this research, as the Synack...

More Stories

Current Conversations

Posted by CraigB159

Hi Ryan - you can find more information on Ruben's SATCOM presentation here: http://blog.ioactive.com/2014/04/a-wake-up-call-for-satcom-security.html It includes a link to his white paper on the topic.

In reply to: Re: Dates and Times
Post Your Own Reply

Posted by GonzSTL

I have one of those :)

In reply to: Re: Dates and Times
Post Your Own Reply

Posted by Marilyn Cohodas

The google glass demo will surely be an eye-opener. :-)

In reply to: Re: Dates and Times
Post Your Own Reply

Posted by RyanSepe

I think as malware evolves so must endpoint. I have seen crowdstrike adapt such as providing a real-time cloud endpoint solution. Other companies have simply incorporated it into a UTM strategy. But to say endpoint security...

In reply to: Re: The endpoint is not dead
Post Your Own Reply

Posted by RyanSepe

The bottom of the infographic is what I deal with most at my enterprise. The common thought process is functionality vs security when it should be functionality with security. The best way to accomplish this is to have security...

In reply to: Ingrained Security
Post Your Own Reply

Posted by RyanSepe

Some of this was actually quite comical. But on a serious note, to confirm with your article, they are sending .exe's in the email attachment? Just to be clear, I am unsure as to why anyone would use an executable from an...

In reply to: Executables in Emails?
Post Your Own Reply

Posted by Marilyn Cohodas

Mobille is definitely the next challenge when one-third of all employees don't even know what their company mobile BYOD policy is and that each of them are using devices at work with 21 apps a piece. These number are quite...

In reply to: Re: mobile ... the next challenge
Post Your Own Reply

Posted by RyanSepe

When is each research study going to be unveiled to the public, if it has not already and where can the material be found? Thanks,

In reply to: Dates and Times
Post Your Own Reply

Posted by macker490

Fixing the Point of Sale Terminal (POST)THINK: when you use your card: you are NOT authorizing ONE transaction: you are giving the merchant INDEFINITE UNRESTRICTED access to your account.if the merchant is hacked the card...

In reply to: correcting the point of sale terminal and system
Post Your Own Reply

Posted by kobriencl

At some point, perhaps it makes sense to simply move on from Active Directory itself? Even as more companies are moving to the cloud and starting to build out new environments in some combination of AWS/Azure/Rackspace/whatever,...

In reply to: Time to move on?
Post Your Own Reply

Posted by securityaffairs

You are right ... mobile devices are comparable to desktop PCs in term of computational capabilities, the biggest issue related these platforms is the lack of awareness of principal cyber threats. Users are unaware of the...

In reply to: mobile ... the next challenge
Post Your Own Reply

Posted by Robert McDougal

While I agree having everyone accountable is an ideal situation I would still argue the importance of having clear leadership. We must have clear direction and motivation from leadership to be successful. That...

In reply to: Re: Compliance != Security
Post Your Own Reply

More Conversations

Security Insights

Microsoft, No-IP, And The Need For Clarity

The Microsoft vs. No-IP case highlights the need for clear standards of abuse handling and transparency on which service providers measure up.

0 comments
Read | Post a Comment

More Sophos Security Insights

Products & Releases

Global Study: Nearly 30 Percent of Security Professionals Would Completely Overhaul Their Current Enterprise Security System Given Resources & Opportunity

Half of Security Professionals Think Java Applications are Vulnerable to Attacks

ZeroFOX to Spotlight Social Risk Management at Black Hat 2014

Solutionary SERT 2014 Q2 Threat Intelligence Report: Amazon-Hosted Malware Nearly Triples in First Half 2014

39 Percent of IT Organizations Experienced More Than Two Significant Security Incidents

General Dynamics Fidelis Cybersecurity Solutions Joins Forces with Microsoft to Further Protect Customers

NIST Advisory Group Releases Report on Cryptography Expertise and Standards Process

Avira Opens R&D Digital Security Lab in Northern California

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

Passwords & The Future Of Identity: Payment Networks?

Andre Boysen, EVP, Digital Identity Evangelist, SecureKey, 7/16/2014

Website Hacks Dropped During World Cup Final

Kelly Jackson Higgins, Senior Editor, Dark Reading, 7/17/2014

Government-Grade Stealth Malware In Hands Of Criminals

Sara Peters 7/17/2014

Live Events

Webinars

More UBM Tech
Live Events

Plan and Deploy a Most Cost-Effective 4G Infrastructure

Join the Conference for 4G/LTE Professionals at CTIA

Learn to Maximize Your Next-Gen Network Investments

Dark Reading Radio

Archived Dark Reading Radio

Cyber Security’s Hottest Startups – And How They Get That Way

Where do information security startups come from? More important, how can I tell a good one from a flash in the pan? Learn how to separate ITSec wheat from chaff in this episode.

UPCOMING!
Wednesday, July 23, 1pm EDT
Botnet Takedowns: Who's Winning, Who's Losing

FULL SCHEDULE | ARCHIVED SHOWS

Flash Poll

All Polls

White Papers

Designing a Secure DNS Architecture

The Public Sector Cloud Perspective

Preventing Data Center Downtime

Visibility for Converged Infrastructure Solutions

White Book: Cloud Adoption - The Definitive Guide to a Business Technology Revolution

More White Papers

Current Issue

Dark Reading Must Reads July 15, 2014

Download This Issue!

Subscribe Now!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2014-1544

Published: 2014-07-23
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger cer...

CVE-2014-1547

Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1548

Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1549

Published: 2014-07-23
The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and applica...

CVE-2014-1550

Published: 2014-07-23
Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering.

Best of the Web

One Congressman’s Crusade To Save the World From Killer Robots

Hackers Find Way To Outwit Tough Security At Banking Sites

"Crypto Ransomware" CTB-Locker (Critroni.A) on the rise

Black Hat Anti-Tor Talk Smashed By Lawyers' Wrecking Ball

Google Must Face U.S. Privacy Lawsuit Over Commingled User Data

Reports

Infographics

DevOps’ Impact on Application Security

Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.

Download Now!

More Reports

Slideshows

7 Black Hat Sessions Sure To Cause A Stir

4 comments | Read | Post a Comment

Ransomware: 5 Threats To Watch

6 Things That Stink About SSL