Risk

2/6/2013
07:51 AM
50%
50%

RSA Conference 2013: Complete Coverage

A round-up of articles from RSA Conference 2013, Feb. 25 - March 1, San Francisco

RSA Conference 2013

>> Using Intelligence Against Companies That Benefit From Cyberspionage
'Naming and shaming' the ultimate beneficiaries of stolen trade secrets can work

>> White House Cybersecurity Czar: New Executive Order A 'Down Payment'
Michael Daniel says President Obama's Executive Order on Cybersecurity sets the stage for cybersecurity legislation for protecting critical infrastructure

>> Secure Development: Must-Do Or Money Pit?
At the RSA Conference, two software security specialists debate over whether the cost of secure programming is too much for most companies, recommending simple steps to improve development >> Governance Without Metrics Is Just Dogma
Entertaining RSA Conference panel titled 'Why U No Haz Metrics' discusses the importance of measuring security controls against exposure to loss

>> Desktops-As-A-Service Boost Security, But Beware
At RSA session, panelists argue that companies can better protect sensitive data and systems by using virtual desktop infrastructure, but warn that everything relies on the quality of the hypervisor

>> Using DevOps To Upgrade Application Security
The techniques of the DevOps movement designed to bring developers and IT operations into closer alignment for more agility can also be a huge boon for app sec, RSA panelists say

>> Blog: Cool Tech's First Showing At RSA Conference 2013
Learn more about the unsung heroes that showcased their new solutions at the RSA Conference 2013. You may find something you didn't know you needed

>> Tale Of Two Compromises Provides Lessons For SMBs
The stories behind the hacking of a startup's CEO and a journalist, as told at the RSA Conference, provides small and midsize businesses with good tactics to secure their businesses

>> Researchers Solicit Sinkhole-Sharing Among Researchers
Dell SecureWorks researchers will provide their homegrown tools in open source to researchers from other companies and organizations

>> A Vulnerability Disclosure Game Changer
Two new ISO standards will push third-party developers, online service providers and even hardware vendors to stop ignoring vulnerability disclosures

>> 5 Lessons From The FBI Insider Threat Program
Finding ways to improve enterprise insider theft detection and deterrence

>> SCADA 'Sandbox' Tests Real-World Impact Of Cyberattacks On Critical Infrastructure
New testbeds would help operators test software patches as well

>> FBI Director: ID And Deter Attackers 'Behind The Keyboards'
Finding LulzSec's 'Sabu' a prime example of tracking down cybercriminals, official tells RSA Conference 2013 attendees

>> China's Cyberespionage Will Continue Unabated, Say Experts
The U.S. government will be slow to act against aggressors who attack through the Internet, predict policy and China experts at RSA

>> Segmentation Can Increase Risks If Firewalls Aren't Managed Well
The multiplication of internal firewalls to comply with regulations and minimize risk to critical databases and applications has created a rat's nest of firewall configuration issues

>> Stuxnet, The Prequel: Earlier Version Of Cyberweapon Discovered
Symantec finds 'missing link' in infamous Stuxnet malware that sabotages another piece of equipment in Iranian nuclear facility -- attackers became more aggressive as campaign ensued

>> Cloud Security Falls Short ... But Could Be Great
A combination of immature security tools, weak partnerships, and a lack of strong commitment to security leaves cloud service firms short of providing strong protections

>> RSA, Juniper Team Up In Threat Intelligence-Sharing
Intelligence-sharing among vendors -- and about attacks on vendors -- key to thwarting today's attacks, officials say

>> Google Security Vulnerability Allowed Two-Step Verification Bypass
Researchers at Duo Security detailed an attack that could have allowed a hacker to hijack a user's Google account

>> Investors Value A Company's Cybersecurity Record
New HBGary report says majority of U.S. investors steer clear of investing in companies that have suffered multiple data breaches -- and they worry more about theft of customer data than intellectual property

>> Businesses Feel Impact Of IT Security Skill Shortage, Study Finds
(ISC)2 workforce study shows lack of cybersecurity personnel, resources affects bottom line

>> More Improvements To SIEM Than Big Data
For big companies looking to spend big budgets, the Big Data pitch for security information and event management (SIEM) systems is a good fit. But other improvements are on the way

>> You're A Piece Of Conference Meat
Every year folks get hacked off about seeing booth babes at big industry shows. Yet, it seems too many don't understand why these ladies are there and how to disrupt these marketing tactics

>> RSA: What To Watch For And What Vaccinations To Get Before Rocking The Casbah
Pro tip: It's not threats, it's not capabilities -- it's integration

RSA Conference 2012 Coverage

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Intel Says to Stop Applying Problematic Spectre, Meltdown Patch
Kelly Jackson Higgins, Executive Editor at Dark Reading,  1/22/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.