Perimeter
News & Commentary
How We Can Prevent Another Anthem Breach
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Two things could have mitigated the damage and maybe even prevented any loss at all: behavioral analysis and context-aware access control.
By Dave Kearns Analyst, Kuppinger-Cole, 2/18/2015
Comment18 comments  |  Read  |  Post a Comment
Sony Hack: Poster Child For A New Era Of Cyber Attacks
Dmitri Alperovitch, Co-Founder & CTO, CrowdStrikeCommentary
What made the Sony breach unique is the combination of four common tactics into a single orchestrated campaign designed to bend a victim to the will of the attackers.
By Dmitri Alperovitch Co-Founder & CTO, CrowdStrike, 2/13/2015
Comment4 comments  |  Read  |  Post a Comment
How Malware Bypasses Our Most Advanced Security Measures
Alon Nafta, Senior Security Researcher, SentinelOneCommentary
We unpack three common attack vectors and five evasion detection techniques.
By Alon Nafta Senior Security Researcher, SentinelOne, 2/10/2015
Comment8 comments  |  Read  |  Post a Comment
Why Israel Hacks
Mike Walls, Managing Director Security Operations & Analysis, EdgeWaveCommentary
Israel's tenuous position in the world drives its leaders to stay ahead of its cyber adversaries, chief among them the Islamic Republic of Iran.
By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 2/5/2015
Comment3 comments  |  Read  |  Post a Comment
How The Skills Shortage Is Killing Defense in Depth
David Holmes, World-Wide Security Evangelist, F5Commentary
It used to be easy to sell specialized security gizmos but these days when a point product gets pitched to a CSO, the response is likely “looks nifty, but I don’t have the staff to deploy it.”
By David Holmes World-Wide Security Evangelist, F5, 1/30/2015
Comment12 comments  |  Read  |  Post a Comment
Why Iran Hacks
Mike Walls, Managing Director Security Operations & Analysis, EdgeWaveCommentary
Iran is using its increasingly sophisticated cyber capabilities to minimize Western influence and establish itself as the dominant power in the Middle East.
By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 1/29/2015
Comment7 comments  |  Read  |  Post a Comment
Half Of Enterprises Worldwide Hit By DDoS Attacks, Report Says
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New data illustrates how distributed denial-of-service (DDoS) attacks remain a popular attack weapon -- and continue to evolve.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/27/2015
Comment2 comments  |  Read  |  Post a Comment
Gas Stations Urged To Secure Internet-Exposed Fuel Tank Devices
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers find more than 5,000 US gas stations' automated tank gauges unprotected on the public Internet and open to hackers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/26/2015
Comment11 comments  |  Read  |  Post a Comment
Power Consumption Technology Could Help Enterprises Identify Counterfeit Devices
Tim Wilson, Editor in Chief, Dark ReadingCommentary
Understanding a device's "power fingerprint" might make it possible to detect security anomalies in Internet of Things as well, startup says
By Tim Wilson Editor in Chief, Dark Reading, 1/26/2015
Comment1 Comment  |  Read  |  Post a Comment
Chick-fil-A Breach: Avoiding 5 Common Security Mistakes
Kevin Watson, CEO, VendorSafeCommentary
On the surface these suggestions may seem simplistic. But almost every major retail breach in the last 12 months failed to incorporate at least one of them.
By Kevin Watson CEO, VendorSafe, 1/9/2015
Comment3 comments  |  Read  |  Post a Comment
Banking Trojans Disguised As ICS/SCADA Software Infecting Plants
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researcher spots spike in traditional financial malware hitting ICS/SCADA networks -- posing as popular GE, Siemens, and Advantech HMI products.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/8/2015
Comment4 comments  |  Read  |  Post a Comment
Using Free Tools To Detect Attacks On ICS/SCADA Networks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
ICS/SCADA experts say open-source network security monitoring software is a simple and cheap way to catch hackers targeting plant operations.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/8/2015
Comment0 comments  |  Read  |  Post a Comment
Dear Cyber Criminals: We’re Not Letting Our Guard Down in 2015
Sergio Galindo, GM, GFI SoftwareCommentary
Next year, you’ll keep exploiting vulnerabilities, and we’ll make sure our systems are patched, our antivirus is up to date, and our people are too smart to click the links you send them.
By Sergio Galindo GM, GFI Software, 12/31/2014
Comment5 comments  |  Read  |  Post a Comment
20 Startups To Watch In 2015
Ericka Chickowski, Contributing Writer, Dark Reading
Check our list of security startups sure to start (or continue) making waves in the coming year.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/29/2014
Comment6 comments  |  Read  |  Post a Comment
A 2014 Lookback: Predictions vs. Reality
TK Keanini, CTO, LancopeCommentary
It was a tumultuous year for cyber security, but it drove the adoption of incident response plans and two-factor authentication.
By TK Keanini CTO, Lancope, 12/29/2014
Comment5 comments  |  Read  |  Post a Comment
Why Digital Forensics In Incident Response Matters More Now
Craig Carpenter, President & COO, Resolution1 SecurityCommentary
By understanding what happened, when, how, and why, security teams can prevent similar breaches from occurring in the future.
By Craig Carpenter President & COO, Resolution1 Security, 12/24/2014
Comment6 comments  |  Read  |  Post a Comment
JPMorgan Hack: 2FA MIA In Breached Server
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Sources close to the breach investigation say a network server missing two-factor authentication let attackers make their way into JPMorgan's servers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/24/2014
Comment17 comments  |  Read  |  Post a Comment
How PCI DSS 3.0 Can Help Stop Data Breaches
Troy Leach and Christopher Strand, Chief Technology Officer, PCI Security Standards Council & Senior Director of Compliance, Bit9Commentary
New Payment Card Industry security standards that took effect January 1 aim to replace checkmark mindsets with business as usual processes. Here are three examples.
By Troy Leach and Christopher Strand Chief Technology Officer, PCI Security Standards Council & Senior Director of Compliance, Bit9, 12/23/2014
Comment9 comments  |  Read  |  Post a Comment
Security News No One Saw Coming In 2014
John B. Dickson, CISSP,  Principal, Denim GroupCommentary
John Dickson shares his list (and checks it twice) of five of the most surprising security headlines of the year.
By John B. Dickson CISSP, Principal, Denim Group, 12/22/2014
Comment12 comments  |  Read  |  Post a Comment
The Internet's Winter Of Discontent
Paul Vixie, Chairman & CEO, Farsight Security, Inc.Commentary
The new great cybersecurity challenge in trying to sum up the most dangerous weaknesses in the world’s connected economy is that the hits just keep on coming.
By Paul Vixie Chairman & CEO, Farsight Security, Inc., 12/19/2014
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2188
Published: 2015-02-26
The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connecti...

CVE-2015-0594
Published: 2015-02-26
Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS) and Cisco Security Manager, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq54654 and CSCun1...

CVE-2015-0632
Published: 2015-02-26
Race condition in the Neighbor Discovery (ND) protocol implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service via a flood of Router Solicitation messages on the local network, aka Bug ID CSCuo67770.

CVE-2015-0651
Published: 2015-02-26
Cross-site request forgery (CSRF) vulnerability in the web GUI in Cisco Application Networking Manager (ANM), and Device Manager (DM) on Cisco 4710 Application Control Engine (ACE) appliances, allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo99753.

CVE-2015-0882
Published: 2015-02-26
Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka Zen Cart Japanese edition) 1.3 jp through 1.3.0.2 jp8 and 1.5 ja through 1.5.1 ja allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to admin/includes/init_includes/init_sanitize.php an...

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.