Dark Reading Issue Archive
- STOP Targeted Attackers. All cyber-attackers aren't equal. Focus more attention on exploits made just for you.
- PLUS Handling targeted attacks: Experts speak.
- Secure The Cloud: Cloud security needn't be an oxymoron. Here's how to get it right.
- A Deeper Look At The Data: Find out what types of cloud apps are in use and what the top cloud computing threats are.
- The IPS Makeover: Next-gen intrusion-prevention systems have fuller visibility into applications and data. But do newer firewalls make IPS redundant?
- A Deeper Look At The Data: Find out what our 2013 Strategic Security Survey respondents have to say about IPS and firewalls.
- Stop Data Leaks: The NSA leak showed that one rogue insider can do massive damage. Use these three steps to keep your information safe from internal threats.
- If You See Something, Say Something: Technology is critical, but corporate culture also plays a central role in stopping a big breach.
- Who's Who In Your Cloud: Managing and securing user identity in the cloud is complicated. Here's how to keep it under control.
- Security's Pain The Neck: Evolving Users: Enterprises need to build access management strategies that recognize changing user roles.
- Big Data Detectives: Could big data be the key to identifying sophisticated threats? Security experts are on the case.
- Secure The Perimeter, Then Add Big Data:Security analytics is the next generation of defense.
- How To Cushion The Impact Of A Data Breach:Steps security pros should take to understand what happened and prevent it from happening again.
- Don't Be The Security Pro Who Cried Wolf: The effectiveness of a warning depends on a security pro's credibility and the supporting data.
- The Changing Face of APTsThe Changing Face of APTs:Advanced persistent threats are evolving in motivation, malice and sophistication. Are you ready to stop the madness?.
- Cyber Espionage Goes From Unusual To Everyday: Governments aren't the only victims of targeted "intelligence gathering." Enterprises need to be on guard too.
- 10 Web-Based Attacks Targeting Your End Users: Make sure they recognize and know how to avoid the latest threats.
- Refresh Often For Effective Security Training: Security threats change like the weather, yet many companies only have security training once a year.
- Endpoint Security: End user security requires layers of tools and training as employees use more devices and apps.
- Security Isn't A Piece Of Cake: It's time we rethink the conventional wisdom about security layering.
- BYOD Is Here To Stay: Trying to keep employees' devices off the network is futile.
- The Future Of Web Authentication: Password technology is out of steam. We need safer ways to prove who's who online.
- Rethink ID Management: If the technology continues to improve, it might soon be OK for all of us to be one person on the Web.
- How Hackers Fool Your Employees: People are your most vulnerable endpoint. Make sure your security strategy addresses that fact.
- Not All Or Nothing: Effective security doesn't mean stopping all attackers.
- 10 Web Threats: Easily overlooked vulnerabilities could put your data and business at risk
- Recent Zero-Day Attacks: How hackers compromised an iOS developers' website to exploit Java plug-in vulnerabilities and attack Apple, Facebook, Microsoft and Twitter.
- How To Sharpen Endpoint Security: Protect the most fragile part of your IT infrastructure -- the endpoints and the unpredictable users who control them.
- Technology Or Education? Some say the focus should be on education to deal with the endpoint security conundrum; some say technology. But it's not a binary choice.
- Malware's Next Generation: Attackers are using shape-shifting malware to fool your defenses. Are you ready?
- Targeted Cybercrime: The shift in hacking requires a new defense mindset.
- How Crimeware Kits Work: Hackers are using kits to automate the creation and spread of malware.
- Digital Certificates: Recent breaches have tarnished this Web security technology. Here are five ways to keep it going.
- Newer Technology Isn't Necessarily Better: There's a lot of pressure to keep up with the latest in security technology, but that doesn't mean some older tech isn't worth another look.
- The Many Flavors Of CA Compromises: There's more than one way for attackers to take down a certificate authority.
- 10 Ways To Secure Web Data: Help for online retailers stuck in a maze of e-business security and PCI compliance requirements.
- The High Stakes Of Data Hoarding: Being a data pack rat puts you at risk for a major breach and becoming the next headline.
- Holes In BYOD: Time to patch your security policy to address people bringing their own mobile devices to work.
- Five Tips For Better BYOD Security: Letting employees use their own devices for work doesn't have to be complicated.
- Mobile Device Security On The Road: Metasploit creator HD Moore has five practical tips for business travelers.
- Are You At Home Or At Work? Smartphones and tablets have erased the line between home and work, raising security issues.
- Armored Road Warriors: Mobile employees' data and apps need protecting. Here are 10 ways to get the job done.
- The New Mobile World: Mobile technology is forcing businesses to rethink the fundamentals of how their networks work.
- 10 Steps To E-Commerce Security: Cybercriminals are taking aim at your website. Is your security strategy up to the challenge?
- Web Bots Everywhere: About half of the traffic to e-commerce sites is machine generated--and much of it is malicious.
- Security In The Open Air: Protecting your e-commerce servers may require not only a shift in your technology but also a shift in your thinking.
- 10 Ways To Fail A PCI Audit: Don't get tripped up by these common payment card data security mistakes: failing to vet the auditor, skipping the pre-audit assessment, losing track of your data, and seven more.
- Practice Makes For Audit Success: Test data security before the auditor arrives, Tim Wilson recommends.
- Save Your Assets: Distributed denial-of-service attacks can do serious damage. Get ready before you're hit.
- New Age Of Political Hacktivism: Next-gen attackers aren't out to steal your money, and your old style of defense isn't going to stop them.
- DNSChanger Threat Could Re-Emerge: Temporary servers and efforts from ISPs have helped fight the Trojan, but problems aren't over.
- Critical Infrastructure Targeted: Banks, utilities, and other parts of the U.S. critical infrastructure face more cybersecurity threats.
- Endpoint Insecurity: Employees and their browsers might be the weak link in your security plan. Here's how to close the gap.
- Get Security Savvy: Tim Wilson explains why security-aware end users make such a difference.
- Close The Door On Data Leaks: Stop insider theft and accidental disclosure with network and host controls--and don't forget to keep employees on their toes.
- Make Security Everyone's Business: Even the best data leak prevention tools will fail if employees don't make security a priority.
- Lessons From The Global Payments Breach: Recent attack underscores problems with knowledge-based authentication and perimeter defense.
- FTC Proposes "Privacy By Design": The agency's privacy guidelines could raise issues for e-commerce and online advertising.
- Web Encryption That Works: Secure Sockets Layer isn't perfect, but there are ways to optimize it. Here are four places to start.
- Security Success: As you look at the way you use security technology, be sure to follow best practices and do your updates. Success is all in the execution.
- Digital Detectives: The right forensic tools in the right hands are just a start. Here's how to better apply the lessons they teach.
- Take The Offensive: It's time to be proactive, not reactive, with digital forensics.
- DoS Attack Cripples Web Servers: Researcher's proof-of-concept code takes a different spin on slow HTTP denial-of-service attacks.
- When Someone Else's Insider Is Your Threat: Protecting intellectual property is difficult when a third party has access to confidential information.
- Access Denied: Database access controls keep information out of the wrong hands. Limit who sees what to stop leaks -- accidental or otherwise.
- Take Aim At Database Access: User provisioning isn't as simple as it sounds.
- Search And Secure: Sensitive data is scattered in forgotten corners of your IT infrastructure. Find and protect it before it winds up in the wrong hands.
- The Practical Side Of Data Defense: The most common data breaches are the result of the simplest attacks.
- Dueling SIEM Deals: IBM is buying Q1 Labs, and McAfee is picking up NitroSecurity. Deals come amid concerns that security information and event management must meet today's advanced threats.
- Poor Marks For Training Programs: Experts say the security industry must figure out why cybersecurity awareness programs are so ineffective.
- The SQL Injection Threat: Knowing how attackers find and exploit these vulnerabilities can help you defend against them.
- Take The Defensive: 6 techniques you can use to stop these attacks.
- Constant Vigilance: Don't ignore this dull but dangerous threat, Tim Wilson warns.
- Threats In The Supply Chain: The suppliers and contractors coming through your door could be a security risk to your business. Here's what you need to watch out for.
- Look Beyond Security's Garden Path:Focusing solely on your own company's security ignores the bigger picture.
- Take Me Out To The Breach Game: What do baseball and incident response have in common? Teamwork.
- Homeland Security And IRS Vulnerabilities Cited: Vulnerabilities At Homeland Security And IRS Agencies have been cited for database security problems.
- Anonymous Hacks Booz Allen: Hacker group says it nabbed military email addresses and password hashes from the contractor.
- U.S.-Russia Cybersecurity Pact: U.S. plans to start regularly sharing cybersecurity information with Russia.
- Database Defenses: Lessons learned from five of the latest security breaches.
- The Harsh Reality: The possibility of a database breach may be remote, but the costs are huge if it happens.
- Diary Of A Breach: Our intrusion detection timeline illustrates common but costly errors in companies' risk management processes.
- Connect The Log Data Dots: Companies collect massive amounts of data for compliance and forensics, but don't use it to develop real security.
- Take Me Out To The Breach Game: What do baseball and incident response have in common? Teamwork.
- Epsilon Attack Means Long-Term Pain: The theft of millions of email addresses could lead to years of phishing, spamming, and targeted attacks.
- EMC Adds Forensic Capabilities: Its NetWitness acquisition brings tools for better incident investigation.
- Phishing Scam Snares RSA: Why didn't the security company use its own technology to prevent the attack that exposed its SecurID customers?
- What Makes DB2 Security Different? IBM and its database customers didn't always give much thought to protecting their DB2 data. Both are now stepping up. Here's how and why.
- Same Song, New Music For Database Security: As database attacks increase, many enterprises are looking to recentralize their sensitive data and reduce the size of the potential attack surface.
- Wicked Innovation: Cutting-edge attacks like Stuxnet and Zeus will be the everyday attacks of the future. We tell you what you need to know to keep your company safe
- Rationalizing Security: Rationalizing Security: Five best practices to improve the budgeting process for security spending
- Prosperous New Year For Hackers: Tim Wilson explores five prime targets for exploits, including social networks, mobile devices, and wireless services.
- TPM Chips Sit Idle: Could activating the authentication chips built into millions of machines solve our cybersecurity problems?
- Mobile Users Go Phishing: Smartphone users are far more apt than PC users to visit phishing Web sites, new research shows.
Free Research and Reports
- Plan and Deploy a Most Cost-Effective 4G Infrastructure - 4G World
- Join the Conference for 4G/LTE Professionals at CTIA - 4G World
- Come to Interop New York, Sept 29 - Oct 3, 2014 - Interop New York
- Learn to Maximize Your Next-Gen Network Investments - 4G World
- Tower & Small Cell Summit - Tower & Small Cell Summit
Dark Reading Digital Magazine
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a denial of service (NULL pointer dereference and daemon crash) via vectors that trigger a missing hostname value.
Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/.
The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, when a reverse proxy is enabled, allows remote attackers to cause a denial of service (child-process crash) via a crafted HTTP Connection header.
The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.