Risk
2/6/2013
07:51 AM
50%
50%

RSA Conference 2013: Complete Coverage

A round-up of articles from RSA Conference 2013, Feb. 25 - March 1, San Francisco

RSA Conference 2013

>> Using Intelligence Against Companies That Benefit From Cyberspionage
'Naming and shaming' the ultimate beneficiaries of stolen trade secrets can work

>> White House Cybersecurity Czar: New Executive Order A 'Down Payment'
Michael Daniel says President Obama's Executive Order on Cybersecurity sets the stage for cybersecurity legislation for protecting critical infrastructure

>> Secure Development: Must-Do Or Money Pit?
At the RSA Conference, two software security specialists debate over whether the cost of secure programming is too much for most companies, recommending simple steps to improve development >> Governance Without Metrics Is Just Dogma
Entertaining RSA Conference panel titled 'Why U No Haz Metrics' discusses the importance of measuring security controls against exposure to loss

>> Desktops-As-A-Service Boost Security, But Beware
At RSA session, panelists argue that companies can better protect sensitive data and systems by using virtual desktop infrastructure, but warn that everything relies on the quality of the hypervisor

>> Using DevOps To Upgrade Application Security
The techniques of the DevOps movement designed to bring developers and IT operations into closer alignment for more agility can also be a huge boon for app sec, RSA panelists say

>> Blog: Cool Tech's First Showing At RSA Conference 2013
Learn more about the unsung heroes that showcased their new solutions at the RSA Conference 2013. You may find something you didn't know you needed

>> Tale Of Two Compromises Provides Lessons For SMBs
The stories behind the hacking of a startup's CEO and a journalist, as told at the RSA Conference, provides small and midsize businesses with good tactics to secure their businesses

>> Researchers Solicit Sinkhole-Sharing Among Researchers
Dell SecureWorks researchers will provide their homegrown tools in open source to researchers from other companies and organizations

>> A Vulnerability Disclosure Game Changer
Two new ISO standards will push third-party developers, online service providers and even hardware vendors to stop ignoring vulnerability disclosures

>> 5 Lessons From The FBI Insider Threat Program
Finding ways to improve enterprise insider theft detection and deterrence

>> SCADA 'Sandbox' Tests Real-World Impact Of Cyberattacks On Critical Infrastructure
New testbeds would help operators test software patches as well

>> FBI Director: ID And Deter Attackers 'Behind The Keyboards'
Finding LulzSec's 'Sabu' a prime example of tracking down cybercriminals, official tells RSA Conference 2013 attendees

>> China's Cyberespionage Will Continue Unabated, Say Experts
The U.S. government will be slow to act against aggressors who attack through the Internet, predict policy and China experts at RSA

>> Segmentation Can Increase Risks If Firewalls Aren't Managed Well
The multiplication of internal firewalls to comply with regulations and minimize risk to critical databases and applications has created a rat's nest of firewall configuration issues

>> Stuxnet, The Prequel: Earlier Version Of Cyberweapon Discovered
Symantec finds 'missing link' in infamous Stuxnet malware that sabotages another piece of equipment in Iranian nuclear facility -- attackers became more aggressive as campaign ensued

>> Cloud Security Falls Short ... But Could Be Great
A combination of immature security tools, weak partnerships, and a lack of strong commitment to security leaves cloud service firms short of providing strong protections

>> RSA, Juniper Team Up In Threat Intelligence-Sharing
Intelligence-sharing among vendors -- and about attacks on vendors -- key to thwarting today's attacks, officials say

>> Google Security Vulnerability Allowed Two-Step Verification Bypass
Researchers at Duo Security detailed an attack that could have allowed a hacker to hijack a user's Google account

>> Investors Value A Company's Cybersecurity Record
New HBGary report says majority of U.S. investors steer clear of investing in companies that have suffered multiple data breaches -- and they worry more about theft of customer data than intellectual property

>> Businesses Feel Impact Of IT Security Skill Shortage, Study Finds
(ISC)2 workforce study shows lack of cybersecurity personnel, resources affects bottom line

>> More Improvements To SIEM Than Big Data
For big companies looking to spend big budgets, the Big Data pitch for security information and event management (SIEM) systems is a good fit. But other improvements are on the way

>> You're A Piece Of Conference Meat
Every year folks get hacked off about seeing booth babes at big industry shows. Yet, it seems too many don't understand why these ladies are there and how to disrupt these marketing tactics

>> RSA: What To Watch For And What Vaccinations To Get Before Rocking The Casbah
Pro tip: It's not threats, it's not capabilities -- it's integration

RSA Conference 2012 Coverage

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-6090
Published: 2015-04-27
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix...

CVE-2014-6092
Published: 2015-04-27
IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause...

CVE-2015-0113
Published: 2015-04-27
The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation...

CVE-2015-0174
Published: 2015-04-27
The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.5 does not properly handle configuration data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

CVE-2015-0175
Published: 2015-04-27
IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.