Dark Reading | Security | Protect The Business

Advertise With Us

About Us

Digital Subscription

What Government Can (And Can't) Do About Cybersecurity

Could The Sony Attacks Happen Again? Join The Conversation

2015: The Year Of The Security Startup – Or Letdown

Top Stories

What Government Can (And Can't) Do About ...

Could The Sony Attacks Happen Again? Join ...

Why Russia Hacks

2015: The Year Of The Security Startup ...

Cartoon: End-User Ed

News & Commentary

Building A Cybersecurity Program: 3 Tips

Jason Sachowski, Senior Forensic Investigator, Scotiabank

Commentary

Getting from “we need” to “we have” a cybersecurity program is an investment in time and resources that’s well worth the effort.

By Jason Sachowski Senior Forensic Investigator, Scotiabank, 1/26/2015

0 comments | Read | Post a Comment

Growing Open Source Use Heightens Enterprise Security Risks

News

Companies often have little clue about the extent of third-party code in the enterprise or the risks it poses, security experts say

By Jai Vijayan Freelance writer, 1/23/2015

3 comments | Read | Post a Comment

Latest Comment: Neta1, WhiteSource has been helping companies of all sizes to responsibly and effortlessly...

Why Russia Hacks

Mike Walls, Managing Director Security Operations & Analysis, EdgeWave

Commentary

Conventional wisdom holds that Russia hacks primarily for financial gain. But equally credible is the belief that the Russians engage in cyberwarfare to further their geopolitical ambitions.

By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 1/23/2015

16 comments | Read | Post a Comment

Latest Comment: lynnbr2, Russia & China both have a long history of hacking for over fifty years....

Diverse White Hat Community Leads To Diverse Vuln Disclosures

Sara Peters, Senior Editor at Dark Reading

News

Researchers at Penn State find that courting new bug hunters is just as important as rewarding seasoned ones.

By Sara Peters Senior Editor at Dark Reading, 1/22/2015

6 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, The key to the success of these bug-bounty programs relies on the credibility...

The Internet of Abused Things

We need to find ways to better secure the Internet of Things, or be prepared to face the consequences.

By Liviu Arsene Senior E-threat Analyst, Bitdefender, 1/22/2015

0 comments | Read | Post a Comment

NSA Report: How To Defend Against Destructive Malware

Kelly Jackson Higgins, Executive Editor at Dark Reading

Quick Hits

In the wake of the Sony breach, spy agency's Information Assurance Directorate (IAD) arm provides best practices to mitigate damage of data annihilation attacks.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/22/2015

3 comments | Read | Post a Comment

Latest Comment: macker490, 1. use a secure O/S. 2. look into using Named Spaces remember that in implementing...

What Government Can (And Can’t) Do About Cybersecurity

Jeff Williams, CTO, Aspect Security & Contrast Security

Commentary

In his 2015 State of the Union address, President Obama introduced a number of interesting, if not terribly novel, proposals. Here are six that will have minimal impact.

By Jeff Williams CTO, Aspect Security & Contrast Security, 1/22/2015

16 comments | Read | Post a Comment

Latest Comment: Joe Stanganelli, *sigh* Unfortunately, the CFAA needs revamping before it needs strengthening/broadening,...

Protect Yourself by Protecting Others

How the consumerization of IT is affecting endpoint security.

By Candace Worley SVP & GM, Endpoint Security Business, Intel Security, 1/22/2015

0 comments | Read | Post a Comment

President's Plan To Crack Down On Hacking Could Hurt Good Hackers

Ericka Chickowski, Contributing Writer, Dark Reading

News

Security experts critical of President Obama's new proposed cybersecurity legislation.

By Ericka Chickowski Contributing Writer, Dark Reading, 1/21/2015

9 comments | Read | Post a Comment

Latest Comment: Wolf6305, Thanks for the voice of agreement. I think that a small group of people...

Security Budgets Going Up, Thanks To Mega-Breaches

News

Sixty percent of organizations have increased their security spending by one-third -- but many security managers still don't think that's enough, Ponemon study finds.

By Sara Peters Senior Editor at Dark Reading, 1/21/2015

5 comments | Read | Post a Comment

Latest Comment: GonzSTL, Case in point could be Target, the breach that keeps on giving. Incident Response...

Adobe Investigating New Flash Zero-Day Spotted In Crimeware Kit

Quick Hits

Researcher Kafeine's 0day discovery confirmed by Malwarebytes.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/21/2015

2 comments | Read | Post a Comment

Latest Comment: Kelly Jackson Higgins, Thanks, @Jon. I was about to post an update here about the patch. http://blogs.adobe.com/psirt/?p=1157 And...

Facebook Messenger: Classically Bad AppSec

Commentary

Facebook offers a textbook example of what the software industry needs to do to put application security in the forefront of software development.

By Daniel Riedel CEO, New Context, 1/21/2015

2 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, I find it particulary disturbing that Facebook exhibits such flagrant disregard...

Could The Sony Attacks Happen Again? Join The Conversation

Tim Wilson, Editor in Chief, Dark Reading

Commentary

Check out Dark Reading Radio's interview and live chat with CrowdStrike founder and CEO George Kurtz and Shape Security executive Neal Mueller.

By Tim Wilson Editor in Chief, Dark Reading, 1/21/2015

12 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, So noted, Gonz. We may not be hitting this exact topic immediately. But we've...

Ransomware Leads Surge In 2014 Mobile Malware Onslaught

News

Mobile malware increases 75 percent in U.S.

By Ericka Chickowski Contributing Writer, Dark Reading, 1/20/2015

3 comments | Read | Post a Comment

Latest Comment: impactnow, Do you think the current software is adequate to protect our phones or do you...

'123456' & 'Password' Are The 2 Most Common Passwords, Again

Quick Hits

New entrants to the top 25 show that bad password creators are fans of sports, superheroes, dragons, and NSFW numeral combos.

By Sara Peters Senior Editor at Dark Reading, 1/20/2015

3 comments | Read | Post a Comment

Latest Comment: RyanSepe, I think options are the worst part of creating a password. UserID's and passwords...

New Technology Detects Cyberattacks By Their Power Consumption

News

Startup's "power fingerprinting" approach catches stealthy malware within milliseconds in DOE test.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/20/2015

2 comments | Read | Post a Comment

Latest Comment: MichaelE546, Ingenious but I agree with Whoopty on this technique having the "Car Alarm"...

Recruit, Reward & Retain Cybersecurity Experts

How to create a better working environment for security professionals.

By Carric Dooley WW VP of Foundstone Services, Intel Security, 1/20/2015

5 comments | Read | Post a Comment

latest comment CarricDooley I would argue that the CISO often DOES pay - with his job. (A friend of mine...

A Lot of Security Purchases Remain Shelfware

News

Companies may be investing more in security, but many are either underutilizing their new purchases or not using them at all, an Osterman Research survey shows.

By Jai Vijayan Freelance writer, 1/16/2015

9 comments | Read | Post a Comment

Latest Comment: dplyons, I have known many standard IT Admins. I would trust very very few of...

Security MIA In Car Insurance Dongle

News

A researcher finds security holes in Flo the Progressive Girl's Snapshot insurance policy product.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/16/2015

11 comments | Read | Post a Comment

Latest Comment: mumom10, This is downright unethical. There is no way the company didn't know...

The Truth About Malvertising

Commentary

Malvertising accounts for huge amounts of cyberfraud and identity theft. Yet there is still no consensus on who is responsible for addressing these threats.

By Peter Zavlaris Analyst, RiskIQ, 1/16/2015

7 comments | Read | Post a Comment

Latest Comment: RiskIQBlogger, The reason ISPs won't get involved is because its a slippery slope for them....

More Stories

Current Conversations

Posted by Marilyn Cohodas

Yep, I've been on the receiving end of a few security presentations that looked like that. Funny cartoon that very rings too true. :-)

In reply to: Been there..
Post Your Own Reply

Posted by Marilyn Cohodas

The key to the success of these bug-bounty programs relies on the credibility and legitimacy of the white-hat hackers. Not sure that a platform like Wooyun is the right model of the U.S. , especially under the existing...

In reply to: Re: Alas...
Post Your Own Reply

Posted by Marilyn Cohodas

Good points,@andregironda. If you haven't already, I hope you will take a few minutes to check out and comment on Mike's follow up blogs on why Russia and North Korea hack. Coming up next is Iran, then US & Israel. So stay...

In reply to: Re: Why the Hack Not?
Post Your Own Reply

Posted by Neta1

WhiteSource has been helping companies of all sizes to responsibly and effortlessly manage the open source components they use. We've been doing it since 2011 and for all programming languages, we are in a unique position...

In reply to: WhiteSource proves that open source is safe if used responsibly
Post Your Own Reply

Posted by lynnbr2

Russia & China both have a long history of hacking for over fifty years. Their primary reason is military. Remenber the Buran shuttle - amazinging similar to our old Space Shuttle. And now look at the Chinese J-20...

In reply to: Re: Financial gain?
Post Your Own Reply

Posted by andregironda

It is really simple to gauge the intentions of each country leading to cyber indications, based on a sort of personality test.While the sociocultural theories are still under massive development, starter frameworks such...

In reply to: Re: Why the Hack Not?
Post Your Own Reply

Posted by mumom10

This is downright unethical. There is no way the company didn't know how insecure this device was. This is a privacy violation to begin with - to expect a customer to allow an insurance provider to track. It...

In reply to: Hack the dongle
Post Your Own Reply

Posted by Joe Stanganelli

I recently saw former DHS chief Michael Chertoff speak at a cybersecurity conference, and he himself outright accused Russia of actively working with and supporting criminal organizations so as to perpetrate cyberwarfare...

In reply to: FWIW...
Post Your Own Reply

Posted by Joe Stanganelli

Hah! I <3 the Frankenstein analogy! This is the folly of Linus's Law -- i.e., "Given enough eyeballs, all bugs are shallow."Akamai's CSO, Andy Ellis, put it best at a cybersecurity conference I attended a...

In reply to: Frankenstein
Post Your Own Reply

Posted by Joe Stanganelli

Unfortunately, it would seem that if the current administration gets its way (as Jeff Williams wrote for Dark Reading recently), the CFAA will be expanded significantly -- which is harmful to and disincentivizes white-hat...

In reply to: Alas...
Post Your Own Reply

Posted by Joe Stanganelli

*sigh* Unfortunately, the CFAA needs revamping before it needs strengthening/broadening, because it in and of itself hurts cybersecurity efforts by penalizing independent security research.

In reply to: CFAA
Post Your Own Reply

Posted by KennonK748

Wow it's like this article was caught in a time warp and just appeared 10-15 years after it was written and somehow got published. So the parking websites were hacked because they were using open source software?!?! I love...

In reply to: blast from the past
Post Your Own Reply

More Conversations

Products & Releases

Bitglass Breach Discovery Limits Damage From Data Breaches

Adroit Digital Study Reveals Consumer Data Privacy and Security Concerns as President Obama Talks Cybersecurity in State of the Union

Updated for 2015: Tools Designed to Manage Third Party Risk

Vormetric’s 2015 Insider Threat Report: 93% of U.S. Organizations Polled Vulnerable to Insider Threats

Online Trust Alliance Determines Over 90 Percent of Data Breaches in First Half of 2014 Could Have Been Easily Prevented

As State of the Union Tackles Cybersecurity, New ISACA Survey Shows 86% See a Cybersecurity Skills Shortage

ForgeRock and FireEye Join Forces to Detect Cyber Attacks with Identity-Aware Threat Intelligence Solution

RiskIQ Finds More Than 11 Percent of Android Banking and Finance- Related Apps are Suspicious

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

What Government Can (And Can't) Do About Cybersecurity

Jeff Williams, CTO, Aspect Security & Contrast Security, 1/22/2015

Why Russia Hacks

Mike Walls, Managing Director Security Operations & Analysis, EdgeWave, 1/23/2015

Could The Sony Attacks Happen Again? Join The Conversation

Tim Wilson, Editor in Chief, Dark Reading, 1/21/2015

Partner Perspectives

What's This?

Protect Yourself by Protecting Others

How the consumerization of IT is affecting endpoint security. Read >>

Recruit, Reward & Retain Cybersecurity Experts

5 comments

Threat Intelligence: Sink or Swim?

7 comments

More Stories

Live Events

Webinars

More UBM Tech
Live Events

Join Security Experts at Black Hat Asia 2015

Learn About New Era in Business Communications - Enterprise Connect

Transforming Business Communications - Enterprise Connect

Cartoon

Latest Comment: Yep, I've been on the receiving end of a few security presentations that looked like that. Funny cartoon that very rings too true. :-)

Cartoon Archive

Dark Reading Radio

Archived Dark Reading Radio

The Sony Hack: A Security Community Discussion

If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.

FULL SCHEDULE | ARCHIVED SHOWS

White Papers

Capitalizing On Big Data: Managed Services Help Financial Firms Accelerate Big Data Projects

Why Your Next Generation Firewall Protection Isn't Enough

IDC Paper: Foundation for DC Automation and Business Agility

How to Achieve IT Agility: A Survival Guide for IT Decision Makers

SDN: How do you get there from here?

More White Papers

Current Issue

Dark Reading Tech Digest, Dec. 19, 2014

Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.

Download This Issue!

Subscribe Now!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2014-8802

Published: 2015-01-23
The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to (1) add a user by uploading a crafted CSV file or (2) activate a user account via a verifyit action.

CVE-2014-9623

Published: 2015-01-23
OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quote and cause a denial of service (disk consumption) by deleting an image in the saving state.

CVE-2014-9638

Published: 2015-01-23
oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero.

CVE-2014-9639

Published: 2015-01-23
Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.

CVE-2014-9640

Published: 2015-01-23
oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file.

Best of the Web

Unpatched Apple Vulnerabilities Latest Google Project Zero Disclosures

Barrett Brown Sentenced to 5 Years in Prison in Connection to Stratfor Hack

FBI: Ransomware is on the Rise

Nearly every U.S. arms program found vulnerable to cyber attacks

Israeli man arrested over Madonna hack

Reports

Infographics

10 Recommendations for Outsourcing Security

Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?

Download Now!

Title Partner’s Role in Perimeter Security

0 comments

Threat Intel Today

0 comments

DevOps’ Impact on Application Security

0 comments

More Reports