Risk
2/4/2014
10:57 AM
50%
50%

RSA Conference 2014: Complete Coverage

Catch up on RSA Conference 2014 with our round-up of articles leading up to, from, and after the event

>> Securing Software Requires Design, Testing and Improvement
Adopting secure development, incorporating frequent testing, and creating measures of software security are important to create more secure code

>> Security Firms Face Crisis Of Trust
Mikko Hypponen reflects on shift toward rampant government spying and use of malware -- and targeted attack attempts on F-Secure

>> Researchers Create Legal Botnet Abusing Free Cloud Service Offers
Hack depends on scripts creating scores of unique email addresses and automating execution of email verification

>> Hacking Critical Infrastructure Companies -- A Pen Tester's View
At the RSA Conference, a pen tester outlines some of the elements of a successful attack on energy companies

>> Supply-Chain Threats Still An Uncertain Danger
With a global manufacturing economy muddying the definition of a foreign product, nations are still hashing out strategies to secure their supply chains

>> Today's Network Security Challenges: No Easy Answers
The BYOD trend and proliferation of mobile devices are making life hard for security teams, but solutions are elusive, panelists say at RSA Conference 2014

>> Headline Here
Dek here

>> Today's Network Security Challenges: No Easy Answers
The BYOD trend and proliferation of mobile devices are making life hard for security teams, but solutions are elusive, panelists say at RSA Conference 2014

>> Fewer Than Half Of IT Pros At RSA Conference Say NSA Went Too Far
Spying revelations and document leaks a big theme at RSA Conference 2014, but views on the controversy are split

>> Big Data A Big Focus Of Security Analytics Products
At the RSA Conference in San Francisco, vendors pitched big the importance of properly leveraging big data to improve security

>> IBM Software Vulnerabilities Spiked In 2013
Most code flaws still involve non-Microsoft products, and overall patching speed has improved, study presented at RSA conference finds

>> More Than 100 Flavors Of Malware Stealing Bitcoins
Specialized form of malware empties electronic wallets of digital currency, and antivirus often misses it

>> Juniper Security Chief Takes Swipe At Security Apathy
Juniper Security Chief Takes Swipe At Security Apathy

>> Coviello: RSA Security's Work With NSA 'A Matter Of Public Record'
RSA chairman calls for global intelligence community reforms, spinning IAD off from NSA

>> Microsoft Beefs Up EMET
Early release of anti-exploit tool shuts down bypass methods created by Bromium Labs

>> NSA Spying Scandal Darkens Cloud Discussions At RSA
From Europe's efforts to create regulations for data localization to worries over the security of the cloud, the leaks of the past eight months have cast a shadow over cloud providers

>> Cisco-Sourcefire Integration Takes Shape
Integration includes adding Sourcefire's AMP technology into its email and Web security appliances

>> Researchers Bypass Protections In Microsoft's EMET Security Tool
Bromium Labs researchers create exploit that the Enhanced Mitigation Experience Toolkit (EMET) 4.1 can't detect

>> Is The Hypervisor Security's Goldilocks Zone?
RSA presentation to put virtualization forward as a tool to fix security's architectural problems

>> Solving The Security Workforce Shortage
To solve the skills shortage, the industry will need to attract a wider group of people and create an entirely new sort of security professional

>> Algosec Partners With Qualys
New integration delivers application-centric vulnerability management, aggregating and scoring vulnerabilities based on risk and continuously monitoring for changes within data center environments

>> Microsoft Windows Crash Reports Reveal New APT, POS Attacks
Researchers discover zero-day attacks after studying the contents of various "Dr. Watson" error reports

>> U.S. Running Out Of Allies In On Cyber Battlefield
International cyber policy and enforcement, and ownership over the Internet are thorny topics that will be tackled at the 2014 RSA Conference next week

>> Abusing Cloud Services for Cybercrime
At the upcoming RSA conference, researchers will discuss how a lack of anti-automation protections allow attackers to take advantage of free cloud services

>> RSA Conference Controversy Swirls, Spurs Debate Over Boycotts
Talk of boycotts has circled the RSA conference, but what will the outcome of it all be?

>> 9 Security Experts Boycott RSA Conference
Several leading security experts have pulled out of the RSA conference over unanswered questions concerning the NSA's $10 million payment to RSA

>> Using Attackers' Tactics To Battle Banking Trojans
At the upcoming RSA conference, Trustwave researchers will discuss using obfuscation to break the functionality of banking Trojans, such as ZeuS

RSA LIBRARY
RSA Conference 2013 Coverage
RSA Conference 2012 Coverage

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8142
Published: 2014-12-20
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys w...

CVE-2013-4440
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

CVE-2013-4442
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

CVE-2013-7401
Published: 2014-12-19
The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method.

CVE-2014-2026
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.