Network Computing Darkreading

Advertise

Risk

News & Commentary

Software Assurance: Thinking Back, Looking Forward

Kevin E. Greene, Cyber Security Thought Leader

Commentary

Ten personal observations that aim to bolster state-of-the-art and state-of-practice in application security.

By Kevin E. Greene Cyber Security Thought Leader, 9/20/2017

0 comments | Read | Post a Comment

GDPR & the Rise of the Automated Data Protection Officer

Terry Ray, Chief Technology Officer, Imperva

Commentary

Can artificial intelligence and machine learning solve the skills shortage as the EU's General Data Protection Regulation deadline approaches?

By Terry Ray Chief Technology Officer, Imperva, 9/19/2017

0 comments | Read | Post a Comment

To Be Ready for the Security Future, Pay Attention to the Security Past

Liz Maida, Co-founder, CEO & CTO, Uplevel Security

Commentary

It's easy to just move on to the next problem, ignoring what's happened -- but that's a mistake.

By Liz Maida Co-founder, CEO & CTO, Uplevel Security, 9/18/2017

3 comments | Read | Post a Comment

Latest Comment: jcavery, Agree Joe, and any new attack methods captured by honeypots or otherwise need...

Public, Hybrid Cloud Security Fears Abound

Kelly Sheridan, Associate Editor, Dark Reading

News

Most CISOs say encryption is the most effective security tool for data in the public cloud, but only one in six encrypt all data stored there.

By Kelly Sheridan Associate Editor, Dark Reading, 9/16/2017

0 comments | Read | Post a Comment

OurMine Claims Vevo Hack, Releases 3.12TB of Data

Quick Hits

Group known for claiming responsibility for hacking Mark Zuckerberg's Twitter account and the WikiLeaks' DNS attack says it's behind the Vevo breach.

By Dark Reading Staff , 9/16/2017

4 comments | Read | Post a Comment

Latest Comment: Damien-metlife, This leak is very impressive !

Senators Propose US Elections Cybersecurity Commission

Quick Hits

The proposed commission would aim to review the 2016 election process and safeguard future elections from interference.

By Dark Reading Staff , 9/15/2017

0 comments | Read | Post a Comment

Attacks on Android Soared 40% in Q2

Dawn Kawamoto, Associate Editor, Dark Reading

News

Despite a rise in attacks, the average number of malicious variants remains surprisingly limited, according to a report from Avast.

By Dawn Kawamoto Associate Editor, Dark Reading, 9/15/2017

0 comments | Read | Post a Comment

Cloud Security's Shared Responsibility Is Foggy

Ben Johnson, Co-founder and CTO, Obsidian Security

Commentary

Security is a two-way street. The cloud provider isn't the only one that must take precautions.

By Ben Johnson Co-founder and CTO, Obsidian Security, 9/14/2017

3 comments | Read | Post a Comment

Latest Comment: dimitri-dr, Shared security responsibility is like playing 3D-Chess.

Encryption: A New Boundary for Distributed Infrastructure

Rob Enns, VP Engineering, Bracket Computing

Commentary

As the sheet metal surrounding traditional infrastructure continues to fall away, where should security functions in a cloud environment reside?

By Rob Enns VP Engineering, Bracket Computing, 9/14/2017

0 comments | Read | Post a Comment

Trump Orders Removal of Kaspersky Products from Federal Systems

Quick Hits

The president cites concern that the Russia-based company could be influenced by the Kremlin.

By Dark Reading Staff , 9/13/2017

1 Comment | Read | Post a Comment

Latest Comment: theb0x, I highly doubt Kaspersky has any ties. Even if they did.. their security software...

Businesses Fail to Properly Secure, Assess SSH: ISACA

Quick Hits

Frequently used but underappreciated, Secure Shell is rarely secured, assessed, documented, or managed in a systematic way, researchers report.

By Kelly Sheridan Associate Editor, Dark Reading, 9/13/2017

0 comments | Read | Post a Comment

5 Problems That Keep CISOs Awake at Night

Joshua Douglas, Chief Strategy Officer, Raytheon

Commentary

The last few years have shown a big difference in the way cyber-risks are acknowledged, but progress still needs to be made.

By Joshua Douglas Chief Strategy Officer, Raytheon, 9/13/2017

0 comments | Read | Post a Comment

China to Create Data Repository to Log Cyberattacks

Quick Hits

Telcos, government agencies, Internet companies, and domain-name organizations to file cybersecurity information.

By Dark Reading Staff , 9/13/2017

0 comments | Read | Post a Comment

20 Questions to Help Achieve Security Program Goals

Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRA

Commentary

There are always projects, maturity improvements, and risk mitigation endeavors on the horizon. Here's how to keep them from drifting into the sunset.

By Joshua Goldfarb Co-founder & Chief Product Officer, IDDRA, 9/13/2017

0 comments | Read | Post a Comment

Why InfoSec Hiring Managers Miss the Oasis in the Desert

News

Despite a sharp shortage of IT security professionals, a pool of potential talent is swimming below the surface.

By Dawn Kawamoto Associate Editor, Dark Reading, 9/13/2017

0 comments | Read | Post a Comment

Shopify Risk Director Talks Ecommerce, Bug Bounty Program

News

Andrew Dunbar shares his experience growing a retail-focused security team, and combating the many threats facing online merchants and their customers.

By Kelly Sheridan Associate Editor, Dark Reading, 9/12/2017

0 comments | Read | Post a Comment

Deception: A Convincing New Approach to Cyber Defense

Ofer Israeli, CEO & Founder, illusive networks

Commentary

How defenders in a US national security agency capture-the-flag exercise used an endless stream of false data across the network to thwart attackers and contain damage.

By Ofer Israeli CEO & Founder, illusive networks, 9/12/2017

0 comments | Read | Post a Comment

Spain Slaps Facebook with a 1.2 Million Euro Privacy Violation Fine

Quick Hits

Three infringements - one 'very serious' - of the country's data protection law are cited by the Spanish regulatory agency.

By Dark Reading Staff , 9/11/2017

2 comments | Read | Post a Comment

Latest Comment: Melissa Anders, I absolutely agree with you.

New Android 'Toast' Vuln Makes Overlay Attacks Easier

News

The vast majority of Android devices are at risk of a 'Toast' overlay attack that builds on Cloak and Dagger exploits. The bug could lead to remote control of the device unless Google's latest security patch is applied.

By Dawn Kawamoto Associate Editor, Dark Reading, 9/8/2017

0 comments | Read | Post a Comment

If Blockchain Is the Answer, What Is the Security Question?

Duncan Jones, Head of Skunkworks, Thales e-Security

Commentary

Like any technology, blockchain has its strengths and weaknesses. But debunking three common myths can help you cut through the hype.

By Duncan Jones Head of Skunkworks, Thales e-Security, 9/8/2017

0 comments | Read | Post a Comment

More Stories

Current Conversations

Posted by csanders

Yes, it seems they still use mixed content (embbeded content from non-HTTPS sites). In this event it is still possible for attackers to inject content into the site if they are MITMing your connection. Additionally, it may...

In reply to: Re: Not Showing HTTPS is being secure
Post Your Own Reply

Posted by Damien-metlife

This leak is very impressive !

In reply to: Re: End the Risk and Repercussions of Hacks
Post Your Own Reply

Posted by ASD459

Its amazing how even powerful and wealthy people are so powerless against these hackers. I actually had to change my messenger app so make sure the data i was transferring b/w me and my wife was secure. Follow these Peerio...

In reply to: More hacking, eh?
Post Your Own Reply

Posted by RyanSepe

Just shows you how powerful phishing can be; leveraging the human element to subvert security safeguards. I wonder what Vevo's network segmentation looked like?

In reply to: Phishing
Post Your Own Reply

Posted by mjohnson681

Make the data people want to steal worthless by implementing proper controls, devaluing the data to criminals. https://www.linkedin.com/pulse/give-up-cybersecurity-programs-matthew-r-johnson-cpa-cisa

In reply to: End the Risk and Repercussions of Hacks
Post Your Own Reply

Posted by dimitri-dr

Shared security responsibility is like playing 3D-Chess.

In reply to: Re: Amazon Security
Post Your Own Reply

Posted by obsidianben

In reply to: Re: Amazon Security
Post Your Own Reply

Posted by jcavery

Agree Joe, and any new attack methods captured by honeypots or otherwise need to be shared as soon as possible so we can benefit from the information, instead of acting reactively as you mentioned.

In reply to: Re: Learn from History
Post Your Own Reply

Posted by Joe Stanganelli

This really comes down to acting proactively instead of always running around acting reactively. Given that history repeats itself -- and many hackers tend to be lazy and recycle the same old attacks and malicious code in...

In reply to: Re: Learn from History
Post Your Own Reply

Posted by jenshadus

I agree that AMazon needs to streamline their security, and simplify instructions. I was just reviewing one of our security configurations, and I was scratching my head a couple of time. They use abbreviations...

In reply to: Amazon Security
Post Your Own Reply

Posted by jcavery

It will be true for computing as long as new technologies and concepts are invented. For example, quantum computing will force us to re-visit all the same problems we originally faced with the internet in its infancy. Even...

In reply to: Learn from History
Post Your Own Reply

Posted by theb0x

I highly doubt Kaspersky has any ties. Even if they did.. their security software has some of the most effective and advanced heuristic detection capabilities in comparison to other vendors. It's a poor decision to dump...

In reply to: Ridiculous Statements
Post Your Own Reply

More Conversations

Products & Releases

3 Companies to Settle FTC Charges They Falsely Claimed Participation in EU-US Privacy Shield Framework

81% of Infosec Pros Say Required Job Skills Have Changed

Nearly 25% of Companies Haven’t Hired a Data Protection Officer: Imperva

NIST, DHS Join Forces to Create Cybersecure Communities Around the Globe

Rohde & Schwarz Cybersecurity Launches DNS Tunneling Detection

Respond Software Powers Self-Driving SOC

Calyptix Releases Threat Intelligence Report

Information Security Forum Updates Information Risk Assessment Methodology

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

FTC Opens Probe into Equifax Data Breach

Jai Vijayan, Freelance writer, 9/14/2017

OurMine Claims Vevo Hack, Releases 3.12TB of Data

Dark Reading Staff 9/16/2017

Equifax CIO, CSO Step Down

Dark Reading Staff 9/15/2017

Live Events

Webinars

More UBM Tech
Live Events

INsecurity - A Dark Reading Conference: Join Us November 29-30 In The D.C. Area

Transform Business Processes with API-enabled Integrations

Registration is Open for Enterprise Connect Conference and Expo

White Papers

Datacenters Are Short on Compute Capacity

AI & Machine Learning: How to Get Ready for the Next Wave of Advanced Analytics

[Cybersecurity] Moving to a More Efficient Strategy

[Digital Transformation] Myths & Truths

Data Diode Vendor Comparison Guide

More White Papers

Video

All Risk Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: Jan, check this out! I found an unhackable PC.

Cartoon Archive

Current Issue

Security Vulnerabilities: The Next Wave

Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem

Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.

Download Now!

The Impact of a Security Breach 2017

0 comments

[Strategic Security Report] Assessing Cybersecurity Risk

0 comments

New Best Practices for Secure App Development

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading OR #DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2017-0290

Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Terms of Service
Privacy Statement
Legal Entities