Dark Reading | Security | Protect The Business

Advertise With Us

About Us

Digital Subscription

Dark Reading Radio: Data Loss Prevention (DLP) Fail

7 Black Hat Sessions Sure To Cause A Stir

Infographic: With BYOD, Mobile Is The New Desktop

Top Stories

Dark Reading Radio: Data Loss Prevention ...

7 Black Hat Sessions Sure To Cause A Stir

Myth-Busting Machine Learning In Security

DHS-Funded 'SWAMP' Helps Scour Code For Bugs

Infographic: With BYOD, Mobile Is The New ...

News & Commentary

10 Dramatic Moments In Black Hat History

From Google hacking to ATM "jackpotting" to the NSA -- Black Hat has had some memorable moments over the years.

By Ericka Chickowski Contributing Writer, Dark Reading, 7/31/2014

0 comments | Read | Post a Comment

New Mobile Phone '0wnage' Threat Discovered

Kelly Jackson Higgins, Senior Editor, Dark Reading

News

Widespread major vulnerabilities discovered in client control software that affect nearly all smartphone platforms: Details to come at Black Hat USA next week.

By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/31/2014

5 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, While the researchers won't name names until their talk next week, they say...

Phishing: What Once Was Old Is New Again

Commentary

I used to think the heyday of phishing had passed. But as Symantec notes in its 2014 Internet Security Threat Report, I was wrong!

By Dave Kearns Analyst, Kuppinger-Cole, 7/30/2014

9 comments | Read | Post a Comment

Latest Comment: prospecttoreza, "They can potentially use these bills in the money laundering process such...

Security Holes Found In Some DLP Products

News

Researchers to reveal key security flaws in commercial and open-source data loss prevention software at Black Hat USA next week.

By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/30/2014

3 comments | Read | Post a Comment

Latest Comment: RyanSepe, I agree. Unfortunaltely, you expect this from a 3rd party producing a product...

Dark Reading Radio: Data Loss Prevention (DLP) Fail

Commentary

Learn about newly found vulnerabilities in commercial and open-source DLP software in our latest episode of Dark Reading Radio with security researchers Zach Lanier and Kelly Lum.

By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/29/2014

8 comments | Read | Post a Comment

Latest Comment: Kelly Jackson Higgins, Ryan, you can post that question in the Comment box below the show's page if...

Scan Shows Possible Heartbleed Fix Failures

Quick Hits

Study indicates many Global 2000 firms patched, but failed to replace digital certificates.

By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/29/2014

4 comments | Read | Post a Comment

Latest Comment: Whoopty, I wonder if major bugs like this that affect thousands of sites will become...

The Perfect InfoSec Mindset: Paranoia + Skepticism

Corey Nachreiner, Director, Security Strategy & Research, WatchGuard Technologies

Commentary

A little skeptical paranoia will ensure that you have the impulse to react quickly to new threats while retaining the logic to separate fact from fiction.

By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 7/29/2014

3 comments | Read | Post a Comment

Latest Comment: j.h.keegan, Another good one would be: "a common mistake that people make when...

Internet Of Things Contains Average Of 25 Vulnerabilities Per Device

News

New study finds high volume of security flaws in such IoT devices as webcams, home thermostats, remote power outlets, sprinkler controllers, home alarms, and garage door openers.

By Ericka Chickowski Contributing Writer, Dark Reading, 7/29/2014

6 comments | Read | Post a Comment

Latest Comment: markoer, Thanks a lot, Kelly!

DHS-Funded 'SWAMP' Helps Scour Code For Bugs

News

Cloud-based platform offering free secure coding tools for developers in government, enterprises, academia, gaining commercial attention as well.

By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/28/2014

5 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, Awareness of the tools is a good first step. Awareness that software assurance...

Weak Password Advice From Microsoft

Andrey Dulkin, Senior Director, Cyber Innovation, CyberArk

Commentary

Tempting as it may seem to do away with strong passwords for low-risk websites, password reuse is still a significant threat to both users and business.

By Andrey Dulkin Senior Director, Cyber Innovation, CyberArk, 7/28/2014

8 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, Or create some kind of SSO or security vault where employees can create individual...

Myth-Busting Machine Learning In Security

News

Black Hat USA presentation to help quell misconceptions and confusion over machine learning methods in today's security tools.

By Ericka Chickowski Contributing Writer, Dark Reading, 7/28/2014

4 comments | Read | Post a Comment

Latest Comment: Kelly Jackson Higgins, Good point, @tgulati. It is definitely evolving, and I think this talk should...

Researchers Develop 'BlackForest' To Collect, Correlate Threat Intelligence

Brian Prince, Contributing Writer, Dark Reading

News

Researchers at the Georgia Tech Research Institute develop the BlackForest system to help organizations uncover and anticipate cyberthreats.

By Brian Prince Contributing Writer, Dark Reading, 7/25/2014

2 comments | Read | Post a Comment

Latest Comment: imeena, Sounds great!!! I hope you will soon have an online demo

Internet of Things: 4 Security Tips From The Military

Michael K. Daly, CTO, Cybersecurity & Special Missions, Raytheon Intelligence, Information & Services

Commentary

The military has been connecting mobile command posts, unmanned vehicles, and wearable computers for decades. It’s time to take a page from their battle plan.

By Michael K. Daly CTO, Cybersecurity & Special Missions, Raytheon Intelligence, Information & Services, 7/25/2014

13 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, I couldn't resist posting this image of Cylon, :-)

Travel Agency Fined £150,000 For Violating Data Protection Act

News

That'll teach them not to retain credit card data in perpetuity.

By Sara Peters , 7/24/2014

1 Comment | Read | Post a Comment

Latest Comment: Thomas Claburn, When it comes to data storage, less is more.

Passwords Be Gone! Removing 4 Barriers To Strong Authentication

Phillip M. Dunkelberger, President & CEO, Nok Nok Labs

Commentary

As biometric factors become more prevalent on mobile devices, FIDO Alliance standards will gain traction as an industry-wide authentication solution.

By Phillip M. Dunkelberger President & CEO, Nok Nok Labs, 7/24/2014

9 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, @HAnatomi,I'm not sure my visual memory is any better than my textual memory....

7 Arrested, 3 More Indicted For Roles In Cyber Fraud Ring That Stung StubHub

News

Arrests made in New York state, London, Toronto, and Spain for money laundering, grand larceny, and using StubHub customers' credit cards to buy and sell 3,500 e-tickets to prime events.

By Sara Peters , 7/23/2014

3 comments | Read | Post a Comment

Latest Comment: RyanSepe, Never thought of it like that. That does make sense to a certain extent. However,...

RAM Scraper Malware: Why PCI DSS Can't Fix Retail

Brian Riley, Technical Director, Government Programs, Green Hills Software

Commentary

There is a gaping hole in the pre-eminent industry security standard aimed at protecting customers, credit card and personal data

By Brian Riley Technical Director, Government Programs, Green Hills Software, 7/23/2014

8 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, That's a great call to action, @brianriley. Here are two links about how to...

Dark Reading Radio: The Winners & Losers of Botnet Takedowns

Commentary

Our guests are Cheri McGuire, VP of global government affairs and cyber security policy for Symantec, and Craig D. Spiezle, executive director and founder of the Online Trust Alliance.

By Sara Peters , 7/23/2014

0 comments | Read | Post a Comment

7 Black Hat Sessions Sure To Cause A Stir

At Black Hat, researchers will point out the weaknesses in everything from the satellites in outer space to the thermostat in your home.

By Ericka Chickowski Contributing Writer, Dark Reading, 7/22/2014

11 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, This will be my first Black Hat & I'm psyched! Any session recommendations...

Nigerian 419 Scammers Evolving Into Malware Pushers (But Not Very Good Ones)

Quick Hits

"Silver Spaniel" attacks use commodity malware to damage others' security, but they aren't very good at protecting their own.

By Sara Peters , 7/22/2014

10 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, My thinking is that the earlier good practices can be drummed in the better....

More Stories

Current Conversations

Posted by dlpexpert

Here are a few suggested best practices for Data Security Global Governance, Risk & Compliance: - Be aware of the data that is being sent out of your control, either to an employee's cloud, the organizations own cloud,...

In reply to: Best Practices for Data Security GR&C
Post Your Own Reply

Posted by RyanSepe

I agree. Unfortunaltely, you expect this from a 3rd party producing a product for its functionality. But when its functionality is security you would think that they would do their due diligence.

In reply to: Re: Remediation
Post Your Own Reply

Posted by Marilyn Cohodas

While the researchers won't name names until their talk next week, they say some vendors' products are less vulnerable than others. That's information I will be checking back for after Black Hat! Thx Kelly!

In reply to: Naming Names
Post Your Own Reply

Posted by Andre Leonard

Outstanding observation. If a consumer really needs an app for everything. Then buyer beware.

In reply to: Re: Worried
Post Your Own Reply

Posted by Kelly Jackson Higgins

I know it's impossible to write perfect code, but I still can't wrap my head around how a security company could not be more careful with its software. Even if 3rd party code was the source of the vulns, they should be testing...

In reply to: Re: Remediation
Post Your Own Reply

Posted by Whoopty

Hacks like these make me worried that even if we do manage to find a way to stop the governments of the world tracing our calls metadata and content throug ISPs, that they'll just set up snooping stations in between which...

In reply to: Worried
Post Your Own Reply

Posted by Kelly Jackson Higgins

I'll be interested to see just which vendors are tasked with the patches. Smartphones are such a maze of software, with cellular provider interfaces, hardware manufacturer software, the OS, and apps.

In reply to: Re: Mobile Phone Threats 'Ownage'
Post Your Own Reply

Posted by Andre Leonard

Let's face it. There will always be people who's mission is to hack, spoof, steal and infect systems. Like the poor, they are not going anywhere. The good news is, this will create opportunites for others to devise patches...

In reply to: Mobile Phone Threats 'Ownage'
Post Your Own Reply

Posted by prospecttoreza

"They can potentially use these bills in the money laundering process such as in creating a bank account in someone else's name and using the online bill as proof of identity." I really hope that bank regulations do not...

In reply to: Creating a bank account with an online bill as a proof of identity???
Post Your Own Reply

Posted by Marilyn Cohodas

Or create some kind of SSO or security vault where employees can create individual passwords for the various enterprise apps they use which are then stored in a safe place, and accessed by the password managaer app for a...

In reply to: Re: password mess
Post Your Own Reply

Posted by Marilyn Cohodas

This will be my first Black Hat & I'm psyched! Any session recommendations from seasoned show veterans or security pros who would like to attend but can't? Complete BH briefing list is here.

In reply to: Re: Dates and Times
Post Your Own Reply

Posted by RyanSepe

I hope that when names are dropped, vendors really take the time to close the gaps in their software. Being allowed to reconfigure policies to your will is bad enough, but being able to execute malicious code under a privileged...

In reply to: Remediation
Post Your Own Reply

More Conversations

Security Insights

Microsoft, No-IP, And The Need For Clarity

The Microsoft vs. No-IP case highlights the need for clear standards of abuse handling and transparency on which service providers measure up.

0 comments
Read | Post a Comment

More Sophos Security Insights

Products & Releases

Experian Launches Platform For Managing Cross-Channel Fraud Risk

Bayshore Networks Extends PallatonCapabilities for High-Value IP Protection

Microsoft and Akamai Join Forces in First Cyber-Security Focused Accelerator in Israel

Cyber security and big data innovator ThetaRay closes $10m oversubscribed series B funding round

Android Fake ID Vulnerability Lets Malware Impersonate Trusted Applications, Puts All Android Since January 2010 At Risk

Business and IT Emerge as Essential Allies in the Move to Social IDs and 'Bring Your Own Identity'

IT Security Pros Surveyed: Poor password management leaves accounts open to attack

New Windows App to Detect WiFi Security

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

Internet of Things: 4 Security Tips From The Military

Michael K. Daly, CTO, Cybersecurity & Special Missions, Raytheon Intelligence, Information & Services, 7/25/2014

Phishing: What Once Was Old Is New Again

Dave Kearns, Analyst, Kuppinger-Cole, 7/30/2014

Dark Reading Radio: Data Loss Prevention (DLP) Fail

Kelly Jackson Higgins, Senior Editor, Dark Reading, 7/29/2014

Live Events

Webinars

More UBM Tech
Live Events

Plan and Deploy a Most Cost-Effective 4G Infrastructure

Join the Conference for 4G/LTE Professionals at CTIA

Come to Interop New York, Sept 29 - Oct 3, 2014

Dark Reading Radio

Archived Dark Reading Radio

Data Loss Prevention (DLP) FAIL

Join us as security researcher Zach Lanier provides a peek at the surprising weaknesses in DLP

UPCOMING!
Wednesday, August 6, 1pm EDT
Dark Reading Radio LIVE from Black Hat 2014

UPCOMING!
Wednesday, August 6, 8pm EDT
Dark Reading Radio LIVE from Black Hat 2014

UPCOMING!
Thursday, August 7, 1pm EDT
Dark Reading Radio LIVE from Black Hat 2014

UPCOMING!
Thursday, August 7, 7pm EDT
Dark Reading Radio LIVE from Black Hat 2014

FULL SCHEDULE | ARCHIVED SHOWS

Flash Poll

All Polls

White Papers

Accelerating Cloud Deployment and Operations with Managed Services

Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk

5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain

Designing a Secure DNS Architecture

Visibility for Converged Infrastructure Solutions

More White Papers

Current Issue

Dark Reading Must Reads July 15, 2014

Download This Issue!

Subscribe Now!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2012-6651

Published: 2014-07-31
Multiple directory traversal vulnerabilities in the Vitamin plugin before 1.1.0 for WordPress allow remote attackers to access arbitrary files via a .. (dot dot) in the path parameter to (1) add_headers.php or (2) minify.php.

CVE-2014-2970

Published: 2014-07-31
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5139. Reason: This candidate is a duplicate of CVE-2014-5139, and has also been used to refer to an unrelated topic that is currently outside the scope of CVE. This unrelated topic is a LibreSSL code change adding functionality ...

CVE-2014-3488

Published: 2014-07-31
The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.

CVE-2014-3554

Published: 2014-07-31
Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp allows remote routers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS Search List (DNSSL) in an IPv6 router advertisement.

CVE-2014-5171

Published: 2014-07-31
SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network.

Best of the Web

Hackers "Join" World Cup 2014 Matches on the Web

Serious security issues affect 14 of 17 major antivirus engines

Hackers Plundered Israeli Defense Firms that Built ‘Iron Dome’ Missile Defense System

Instasheep--Instagram Hacking Tool Released

Tor security advisory: "relay early" traffic confirmation attack

Reports

Infographics

DevOps’ Impact on Application Security

Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.

Download Now!

More Reports

Slideshows

10 Dramatic Moments In Black Hat History

0 comments | Read | Post a Comment

7 Black Hat Sessions Sure To Cause A Stir

Ransomware: 5 Threats To Watch