Dark Reading | Security | Protect The Business

Advertise With Us

About Us

Digital Subscription

7 Things You Should Know About Secure Payment Technology

How To Get More Involved In The IT Security Community

Top Stories

7 Things You Should Know About Secure ...

From Hacking Systems To Hacking People

How To Get More Involved In The IT ...

Hackin' At The Car Wash, Yeah

Why The USA Hacks

News & Commentary

Cyber Intelligence: Defining What You Know

Jason Polancich, Founder & Chief Architect, SurfWatchLabs

Commentary

Too often management settles for security data about things that are assumed rather than things you can prove or that you know are definitely wrong.

By Jason Polancich Founder & Chief Architect, SurfWatchLabs, 2/27/2015

0 comments | Read | Post a Comment

Hits Keep On Coming For Both SSL & Its Abusers

Quick Hits

Hacktivist group Lizard Squad punishes Lenovo with a DNS hijack. Will Comodo be next?

By Dark Reading Staff , 2/26/2015

4 comments | Read | Post a Comment

Latest Comment: RyanSepe, @Sara Peters. Thanks for clarifying. Although now I'm appalled that this is...

'Shadow' Cloud Services Rampant In Government Networks

News

Survey finds public sector employees use unmanaged cloud services just as much as private employees.

By Jai Vijayan Freelance writer, 2/26/2015

3 comments | Read | Post a Comment

Latest Comment: RwG524, > People are people. They want to do things more efficiently." In...

How to Strengthen Enterprise Defenses against Ransomware

Eight essential ways that companies can enforce their borders.

By Alexandra Gheorghe Security Specialist, Bitdefender, 2/26/2015

2 comments | Read | Post a Comment

latest comment aws0513 A good article that would be presentable to organization managers. Of...

How To Reduce Spam & Phishing With DMARC

Commentary

Providers of more than 3 billion email boxes have taken up a new Internet protocol to help put trust back into electronic messaging.

By Daniel Ingevaldson CTO, Easy Solutions, 2/26/2015

5 comments | Read | Post a Comment

Latest Comment: MrSmith01, Except what if the email is from myemail@myc0mpany.com or one of a hundred...

5 New Vulnerabilities Uncovered In SAP

Ericka Chickowski, Contributing Writer, Dark Reading

News

Onapsis researchers find bugs in SAP BusinessObjects and SAP HANA.

By Ericka Chickowski Contributing Writer, Dark Reading, 2/26/2015

0 comments | Read | Post a Comment

Millions Of Non-Anthem Customers Also Hit By Anthem Breach

Quick Hits

Blue Cross Blue Shield customers -- as many as 8.8 to 18.8 million of them -- might have also had their data compromised.

By Dark Reading Staff , 2/25/2015

4 comments | Read | Post a Comment

Latest Comment: Sara Peters, @Marilyn So true. And it seems like we never really understand how this...

Ramnit Botnet Disrupted By International Public-Private Collaboration

Sara Peters, Senior Editor at Dark Reading

News

Europol leads the effort to bring down the bank credential-stealing botnet that infected 3.2 million computers across the globe.

By Sara Peters Senior Editor at Dark Reading, 2/25/2015

0 comments | Read | Post a Comment

Gemalto: NSA, GCHQ May Have Been Behind Breaches It Suffered In 2010 And 2011

Kelly Jackson Higgins, Executive Editor at Dark Reading

News

But the 'sophisticated' attacks hit only Gemalto office networks--not 'massive theft' of SIM crypto keys, vendor says, and such an attack, if waged, would only affect 2G networks, not 3G or 4G.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/25/2015

3 comments | Read | Post a Comment

Latest Comment: Pablo Valerio, @Kelly, if there is a strong believe that the keys are compromised they could...

Five Easiest Ways to Get Hacked – Part 2

Continuing a conversation with principal security consultant Amit Bagree

By Carric Dooley WW VP of Foundstone Services, Intel Security, 2/25/2015

1 Comment | Read | Post a Comment

latest comment RyanSepe From a vulnerability standpoint, it may be difficult to dedicate the bandwidth...

Customers Aren’t the Only Victims: 5 Stages Of Data Breach Grief

Ricky Link, Managing Director, Coalfire Systems, Southwest Region

Commentary

What can we learn from organizations that have experienced a data beach? For one thing, infosec teams on the front lines of cyber security are also victims.

By Ricky Link Managing Director, Coalfire Systems, Southwest Region, 2/25/2015

3 comments | Read | Post a Comment

Latest Comment: Lewa, I totally agree with you on this. Most companies that have suffered a breach...

5 Ways To Prepare For IoT Security Risks

News

As the Internet of Things begins to take shape, IT organizations must prepare for change.

By Jai Vijayan Freelance writer, 2/24/2015

0 comments | Read | Post a Comment

Medical Identity Theft Costs Victims $13,450 Apiece

News

New study shows not only is medical identity fraud costly for individuals, it's happening a lot more often.

By Sara Peters Senior Editor at Dark Reading, 2/24/2015

7 comments | Read | Post a Comment

Latest Comment: Sara Peters, @Marilyn Wow! What did you do about it? And what sort of creature was...

FBI Offers $3 Million Reward For Info On Whereabouts Of GameoverZeus Botnet Operator

Quick Hits

Evgeniy Mikhailovich Bogachev, who faces charges for his alleged role as an administrator of the GameOver Zeus botnet, is at large in Russia.

By Dark Reading Staff , 2/24/2015

4 comments | Read | Post a Comment

Latest Comment: Joe Stanganelli, I'm reading Brian Krebs's Spam Nation right now (fascinating read), and yes,...

Mobile Apps Remain Vulnerable For Months

News

Developers are failing to respond quickly to reports of security flaws, Trojans are infecting corporate devices at an alarming rate, and even mundane data about your device's power consumption could threaten your privacy.

By Thomas Claburn Editor-at-Large, 2/24/2015

13 comments | Read | Post a Comment

7 Things You Should Know About Secure Payment Technology

Despite the existence of EMV and Apple Pay, we're a long way from true payment security, especially in the US.

By Sara Peters Senior Editor at Dark Reading, 2/24/2015

14 comments | Read | Post a Comment

Latest Comment: macker490, Fixing the Point of Sale Terminal (POST)THINK: when you use your card: you...

Cybercrime, Cyber Espionage Tactics Converge

News

Real-world cyberattack investigations by incident response firm Mandiant highlight how hackers are adapting to better achieve their goals.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/24/2015

3 comments | Read | Post a Comment

Latest Comment: Kelly Jackson Higgins, Hi there, Stephen. Thanks so much for sharing your thoughts. I thought Ryan...

From Hacking Systems To Hacking People

Larry Ponemon, Chairman & Founder, Ponemon Institute

Commentary

New low-tech attack methods like ‘visual hacking’ demand an information security environment that values data privacy and a self-policing culture.

By Larry Ponemon Chairman & Founder, Ponemon Institute, 2/24/2015

6 comments | Read | Post a Comment

Latest Comment: Joe Stanganelli, @EmilyAmber: Thanks for this info/link. Very helpful.I know a number...

DOJ R&D Agency Awards Grants For Speedier Digital Forensics

News

The US Department of Justice's National Institute of Justice is funding new incident response technology to assist law enforcement.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/23/2015

0 comments | Read | Post a Comment

Blackhat, The Movie: Good, Bad & Ridiculous

Jeff Schmidt, Founder & CEO of JAS Global Advisors LLC

Commentary

It didn’t take home an Oscar, but in some instances Blackhat was right on point. Still, a white-hat hacker with the skills to take out armed opponents?

By Jeff Schmidt Founder & CEO of JAS Global Advisors LLC, 2/23/2015

2 comments | Read | Post a Comment

Latest Comment: GonzSTL, I'm in the hacker martial artist camp. I'm not sure that was too fantastic...

More Stories

Current Conversations

Posted by RwG524

> People are people. They want to do things more efficiently." In my shop, it takes four weeks and many meetings to arrange for something simple such as a DB server. In the cloud, I can have a DB server...

In reply to: A problem is IT is behind the times
Post Your Own Reply

Posted by Joe Stanganelli

I'm reading Brian Krebs's Spam Nation right now (fascinating read), and yes, it seems like the successful mid-level criminals who would have that kind of information might also be jeopardizing their very lucrative...

In reply to: Re: Is $3 million enough?
Post Your Own Reply

Posted by Joe Stanganelli

Another issue (which I recently wrote about) is the matter of what happens after there is a breach of the data in the shadow IT service? How do you even know that your data were there? The employee would have...

In reply to: And how do you find out?
Post Your Own Reply

Posted by MrSmith01

Except what if the email is from myemail@myc0mpany.com or one of a hundred other variations an attacker could set up? Heck, I just saw a legitimate email for Target that used the domain mail-target.com. You see,...

In reply to: Re: DMARC is not going to stop phishing
Post Your Own Reply

Posted by TerryB

Not sure I get what you mean. If someone using myemail@mycompany.com and asking person to give me their logon credentials so I can troubleshoot something, seems like this would work fine. If your point is someone will just...

In reply to: Re: DMARC is not going to stop phishing
Post Your Own Reply

Posted by RyanSepe

@Sara Peters. Thanks for clarifying. Although now I'm appalled that this is a common practice within lenovo machines. The typical end user is most likely unaware and if I were them I would be thoroughly annoyed when I found...

In reply to: Re: Overall Benefit to Superfish and PrivDog
Post Your Own Reply

Posted by aws0513

A good article that would be presentable to organization managers. Of course, this is the 50,000 ft level. There are so many security controls to consider that it is easy to get lost in the forest of things that...

In reply to: The Basics
Post Your Own Reply

Posted by Whoopty

Sounds interesting and will be something I bring up with my bosses next time we have a chat about email security. However I wonder if it's not quite the holy grail it's being made out to be? I'm sure that a few changes of...

In reply to: Interesting but...
Post Your Own Reply

Posted by dingevaldson

@MrSmith01--you bring up two points that I will address separately: 1. That DMARC is not going to stop phishing. This is absolutely true and something that I say frequently. As an anti-fraud company, it is dangerous to...

In reply to: Re: DMARC is not going to stop phishing
Post Your Own Reply

Posted by Sara Peters

@Marilyn Wow! What did you do about it? And what sort of creature was Bridget?

In reply to: Re: An example > borrow insurance?
Post Your Own Reply

Posted by Sara Peters

@Marilyn So true. And it seems like we never really understand how this stuff works until there's a big data breach. Remember Community Health Systems? I didn't even know that there WERE healthcare providers that were...

In reply to: Re: Two Way Street
Post Your Own Reply

Posted by Sara Peters

@RyanSepe Well Superfish's claim is that it helps users by serving them ads/offers for things they already seem to want -- so if they're looking at blenders, they'll serve an ad for a houseware company or something....

In reply to: Re: Overall Benefit to Superfish and PrivDog
Post Your Own Reply

More Conversations

Products & Releases

Emailage Raises $3.8 Million

ForeScout Appoints Former Intel Security President Michael DeCesare as CEO

BMC and Qualys Join Forces to Improve Enterprise Security

Onapsis Uncovers Five New Vulnerabilities Affecting SAP BusinessObjects and SAP HANA

SEWORKS Launches AppSecu.re, SaaS-Based Security Service to Provide App Protection for Android Developers Worldwide

Lumeta Announces Strategic Partnership with Nordisk Systems, Inc.

Digital Guardian Launches Digital Guardian 7.0 for Data Protection Against All Threats

Onapsis Appoints CTO of Veracode, Chris Wysopal, to Board of Advisors

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

7 Things You Should Know About Secure Payment Technology

Sara Peters, Senior Editor at Dark Reading, 2/24/2015

Medical Identity Theft Costs Victims $13,450 Apiece

Sara Peters, Senior Editor at Dark Reading, 2/24/2015

From Hacking Systems To Hacking People

Larry Ponemon, Chairman & Founder, Ponemon Institute, 2/24/2015

Partner Perspectives

What's This?

Five Easiest Ways to Get Hacked - Part 2

Continuing a conversation with principal security consultant Amit Bagree Read >>

Five Easiest Ways to Get Hacked – Part 1

0 comments

Cyberespionage: You’re Not Paranoid, Someone Is Spying on Your Company

0 comments

More Stories

Live Events

Webinars

More UBM Tech
Live Events

Join Security Experts at Black Hat Asia 2015

The Modern Data Center: How We'll Get There

Get To The Point

Cartoon

Latest Comment: I want to know where to get a tablet with that large a screen!(Maybe they're the old "convertibles.")

Cartoon Archive

Dark Reading Radio

Archived Dark Reading Radio

How To Get More Involved In the IT Security Community

How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.

UPCOMING!
Wednesday, March 18, 1pm EDT
New Cybercrime Crackdown Could Backfire And Criminalize Security Professionals

FULL SCHEDULE | ARCHIVED SHOWS

White Papers

Capitalizing On Big Data: Managed Services Help Financial Firms Accelerate Big Data Projects

Q&A: Your Top 10 Questions About Managing Freelancers & Independent Contractors

Wix Secures & Governs Data in Cloud

Turning the Threat of Insurance Fraud into an Opportunity

[2-Minute Video] How Northern Trust is Transforming with Mobile

More White Papers

Current Issue

Dark Reading Tech Digest, Dec. 19, 2014

Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.

Download This Issue!

Subscribe Now!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2014-9676

Published: 2015-02-27
The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service ("invalid memory handler") and possibly execute arbitrary code via a crafted video that triggers a use after free.

CVE-2014-9682

Published: 2015-02-27
The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function.

CVE-2015-0655

Published: 2015-02-27
Cross-site scripting (XSS) vulnerability in Unified Web Interaction Manager in Cisco Unified Web and E-Mail Interaction Manager allows remote attackers to inject arbitrary web script or HTML via vectors related to a POST request, aka Bug ID CSCus74184.

CVE-2015-0884

Published: 2015-02-27
Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.

CVE-2015-0885

Published: 2015-02-27
checkpw 1.02 and earlier allows remote attackers to cause a denial of service (infinite loop) via a -- (dash dash) in a username.

Reports

Infographics

10 Recommendations for Outsourcing Security

Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?

Download Now!

Title Partner’s Role in Perimeter Security

0 comments

Threat Intel Today

0 comments

DevOps’ Impact on Application Security

0 comments

More Reports