Risk
News & Commentary
Dark Reading News Desk Comes To You Live From Black Hat
Sara Peters, Senior Editor at Dark ReadingCommentary
Live video coverage from Las Vegas Wednesday and Thursday
By Sara Peters Senior Editor at Dark Reading, 8/3/2015
Comment3 comments  |  Read  |  Post a Comment
From Russia With Love: A Slew of New Hacker Capabilities and Services
Jai Vijayan, Freelance writerNews
A review of the Russian underground by Trend Micro reveals it to be the world’s most sophisticated.
By Jai Vijayan Freelance writer, 7/30/2015
Comment0 comments  |  Read  |  Post a Comment
Code Theft: Protecting IP At The Source
Anna Chiang, Technical Marketing Manager, Perforce SoftwareCommentary
Your corporate assets are at risk and every day that you avoid taking action shortens the time until your IP will be leaked. Here are six steps toward better data security.
By Anna Chiang Technical Marketing Manager, Perforce Software, 7/29/2015
Comment2 comments  |  Read  |  Post a Comment
Researchers Steal Door Badge Credentials Using Smartphone Bluetooth
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Weakness in facility access control protocol leaves most badge-in systems open to attack.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/28/2015
Comment2 comments  |  Read  |  Post a Comment
How To Put Data At The Heart Of Your Security Practice
Jay Jacobs, Senior Data Scientist, BitSight TechnologiesCommentary
First step: A good set of questions that seek out objective, measurable answers.
By Jay Jacobs Senior Data Scientist, BitSight Technologies, 7/28/2015
Comment1 Comment  |  Read  |  Post a Comment
The First 24 Hours In The Wake Of A Data Breach
Stephen Treglia, JD, HCISPP, Legal Counsel & HIPAA Compliance Officer- Investigations, Absolute SoftwareCommentary
There is a direct correlation between how quickly an organization can identify and contain a data breach and the financial consequences that may result.
By Stephen Treglia JD, HCISPP, Legal Counsel & HIPAA Compliance Officer- Investigations, Absolute Software, 7/27/2015
Comment0 comments  |  Read  |  Post a Comment
Detection: A Balanced Approach For Mitigating Risk
Joshua Goldfarb, VP & CTO - Americas, FireEye.Commentary
Only detection and response can complete the security picture that begins with prevention.
By Joshua Goldfarb VP & CTO - Americas, FireEye., 7/21/2015
Comment0 comments  |  Read  |  Post a Comment
Time’s Running Out For The $76 Billion Detection Industry
Simon Crosby, Co-founder & CTO, BromiumCommentary
The one strategy that can deliver the needle to the security team without the haystack is prevention.
By Simon Crosby Co-founder & CTO, Bromium, 7/21/2015
Comment3 comments  |  Read  |  Post a Comment
Photo Processing Vendor Exposes CVS, Wal-Mart, Costco
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Retail breaches highlight third-party risk -- again.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/20/2015
Comment0 comments  |  Read  |  Post a Comment
Mobile App Security: 4 Critical Issues
Subbu Sthanu, Director, Mobile Security & Application Security, IBMCommentary
Securing the mobile workforce in the age of BYOD is no easy task. You can begin with these four measures.
By Subbu Sthanu Director, Mobile Security & Application Security, IBM, 7/17/2015
Comment3 comments  |  Read  |  Post a Comment
Poor Priorities, Lack Of Resources Put Enterprises At Risk, Security Pros Say
Tim Wilson, Editor in Chief, Dark ReadingNews
In Black Hat survey, security professionals say misplaced enterprise priorities often leave them without the time and budget they need to address the most critical threats.
By Tim Wilson Editor in Chief, Dark Reading, 7/15/2015
Comment0 comments  |  Read  |  Post a Comment
Shared Passwords And No Accountability Plague Privileged Account Use
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Even IT decision-makers guilty of poor account hygiene.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/14/2015
Comment1 Comment  |  Read  |  Post a Comment
The Role of the Board In Cybersecurity: ‘Learn, Ensure, Inspect’
Jason Straight, Senior VP & Chief Privacy Officer, UnitedLexCommentary
Board members of the most forward-thinking U.S. companies are not just throwing money at the mounting problem of managing cyber risk.
By Jason Straight Senior VP & Chief Privacy Officer, UnitedLex, 7/8/2015
Comment1 Comment  |  Read  |  Post a Comment
New Google Search Poisoning Method Cloaks With PDF Docs
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Using PDF documents to keyword stuff is growing in popularity as it circumvents anti-cloaking mechanisms in Google's algorithms.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/7/2015
Comment0 comments  |  Read  |  Post a Comment
In The Cyber Realm, Let’s Be Knights Not Blacksmiths
Jeff Schilling, CSO, FirehostCommentary
Why the Internet of Things is our chance to finally get information security right.
By Jeff Schilling CSO, Firehost, 7/2/2015
Comment3 comments  |  Read  |  Post a Comment
PCI Update Paves Way For Expanding Point-to-Point Encryption
Jai Vijayan, Freelance writerNews
Move appears designed mainly for large organizations and big-box retailers looking to lock down payment card security.
By Jai Vijayan Freelance writer, 7/1/2015
Comment4 comments  |  Read  |  Post a Comment
Why We Need In-depth SAP Security Training
Juan Pablo Perez-Etchegoyen, CTO, OnapsisCommentary
SAP and Oracle are releasing tons of patches every month, but are enterprises up to this complex task? I have my doubts.
By Juan Pablo Perez-Etchegoyen CTO, Onapsis, 7/1/2015
Comment2 comments  |  Read  |  Post a Comment
Getting To Yes: Negotiating Technology Innovation & Security Risk
Tsion Gonen , Chief Strategy Office, Gemalto, Identity & Data ProtectionCommentary
As enterprises look for ways to leverage the cloud, mobility, Big Data, and social media for competitive advantage, CISOs can no longer give blanket refusals to IT experimentation.
By Tsion Gonen Chief Strategy Office, Gemalto, Identity & Data Protection, 6/30/2015
Comment0 comments  |  Read  |  Post a Comment
FireEye Report Prompts Reported SEC Probe Of FIN4 Hacking Gang
Jai Vijayan, Freelance writerNews
Security vendor's report from last year had warned about group targeting insider data from illegal trading.
By Jai Vijayan Freelance writer, 6/25/2015
Comment0 comments  |  Read  |  Post a Comment
User Monitoring Not Keeping Up With Risk Managers' Needs
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Biggest concern is negligence, but monitoring capabilities can't detect this type of activity within most applications.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/24/2015
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by pentareddy
Current Conversations good video
In reply to: Re: Pending Review
Post Your Own Reply
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2001-1594
Published: 2015-08-04
GE Healthcare eNTEGRA P&R has a password of (1) entegra for the entegra user, (2) passme for the super user of the Polestar/Polestar-i Starlink 4 upgrade, (3) 0 for the entegra user of the Codonics printer FTP service, (4) eNTEGRA for the eNTEGRA P&R user account, (5) insite for the WinVNC Login, an...

CVE-2002-2445
Published: 2015-08-04
GE Healthcare Millennium MG, NC, and MyoSIGHT has a default password of (1) root.genie for the root user, (2) "service." for the service user, (3) admin.genie for the admin user, (4) reboot for the reboot user, and (5) shutdown for the shutdwon user, which has unspecified impact and attack vectors.

CVE-2002-2446
Published: 2015-08-04
GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite.genieacq for the insite account that cannot be changed without disabling product functionality for remote InSite support, which has unspecified impact and attack vectors.

CVE-2003-1603
Published: 2015-08-04
GE Healthcare Discovery VH has a default password of (1) interfile for the ftpclient user of the Interfile server or (2) "2" for the LOCAL user of the FTP server for the Codonics printer, which has unspecified impact and attack vectors.

CVE-2004-2777
Published: 2015-08-04
GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value for the gemsservice account of the Ultrasound Database, and possibly (4) gemnet2002 for the gemnet2002...

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!