Risk
2/4/2014
10:57 AM
Connect Directly
RSS
E-Mail
50%
50%

RSA Conference 2014: Complete Coverage

Catch up on RSA Conference 2014 with our round-up of articles leading up to, from, and after the event

>> Securing Software Requires Design, Testing and Improvement
Adopting secure development, incorporating frequent testing, and creating measures of software security are important to create more secure code

>> Security Firms Face Crisis Of Trust
Mikko Hypponen reflects on shift toward rampant government spying and use of malware -- and targeted attack attempts on F-Secure

>> Researchers Create Legal Botnet Abusing Free Cloud Service Offers
Hack depends on scripts creating scores of unique email addresses and automating execution of email verification

>> Hacking Critical Infrastructure Companies -- A Pen Tester's View
At the RSA Conference, a pen tester outlines some of the elements of a successful attack on energy companies

>> Supply-Chain Threats Still An Uncertain Danger
With a global manufacturing economy muddying the definition of a foreign product, nations are still hashing out strategies to secure their supply chains

>> Today's Network Security Challenges: No Easy Answers
The BYOD trend and proliferation of mobile devices are making life hard for security teams, but solutions are elusive, panelists say at RSA Conference 2014

>> Headline Here
Dek here

>> Today's Network Security Challenges: No Easy Answers
The BYOD trend and proliferation of mobile devices are making life hard for security teams, but solutions are elusive, panelists say at RSA Conference 2014

>> Fewer Than Half Of IT Pros At RSA Conference Say NSA Went Too Far
Spying revelations and document leaks a big theme at RSA Conference 2014, but views on the controversy are split

>> Big Data A Big Focus Of Security Analytics Products
At the RSA Conference in San Francisco, vendors pitched big the importance of properly leveraging big data to improve security

>> IBM Software Vulnerabilities Spiked In 2013
Most code flaws still involve non-Microsoft products, and overall patching speed has improved, study presented at RSA conference finds

>> More Than 100 Flavors Of Malware Stealing Bitcoins
Specialized form of malware empties electronic wallets of digital currency, and antivirus often misses it

>> Juniper Security Chief Takes Swipe At Security Apathy
Juniper Security Chief Takes Swipe At Security Apathy

>> Coviello: RSA Security's Work With NSA 'A Matter Of Public Record'
RSA chairman calls for global intelligence community reforms, spinning IAD off from NSA

>> Microsoft Beefs Up EMET
Early release of anti-exploit tool shuts down bypass methods created by Bromium Labs

>> NSA Spying Scandal Darkens Cloud Discussions At RSA
From Europe's efforts to create regulations for data localization to worries over the security of the cloud, the leaks of the past eight months have cast a shadow over cloud providers

>> Cisco-Sourcefire Integration Takes Shape
Integration includes adding Sourcefire's AMP technology into its email and Web security appliances

>> Researchers Bypass Protections In Microsoft's EMET Security Tool
Bromium Labs researchers create exploit that the Enhanced Mitigation Experience Toolkit (EMET) 4.1 can't detect

>> Is The Hypervisor Security's Goldilocks Zone?
RSA presentation to put virtualization forward as a tool to fix security's architectural problems

>> Solving The Security Workforce Shortage
To solve the skills shortage, the industry will need to attract a wider group of people and create an entirely new sort of security professional

>> Algosec Partners With Qualys
New integration delivers application-centric vulnerability management, aggregating and scoring vulnerabilities based on risk and continuously monitoring for changes within data center environments

>> Microsoft Windows Crash Reports Reveal New APT, POS Attacks
Researchers discover zero-day attacks after studying the contents of various "Dr. Watson" error reports

>> U.S. Running Out Of Allies In On Cyber Battlefield
International cyber policy and enforcement, and ownership over the Internet are thorny topics that will be tackled at the 2014 RSA Conference next week

>> Abusing Cloud Services for Cybercrime
At the upcoming RSA conference, researchers will discuss how a lack of anti-automation protections allow attackers to take advantage of free cloud services

>> RSA Conference Controversy Swirls, Spurs Debate Over Boycotts
Talk of boycotts has circled the RSA conference, but what will the outcome of it all be?

>> 9 Security Experts Boycott RSA Conference
Several leading security experts have pulled out of the RSA conference over unanswered questions concerning the NSA's $10 million payment to RSA

>> Using Attackers' Tactics To Battle Banking Trojans
At the upcoming RSA conference, Trustwave researchers will discuss using obfuscation to break the functionality of banking Trojans, such as ZeuS

RSA LIBRARY
RSA Conference 2013 Coverage
RSA Conference 2012 Coverage

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0640
Published: 2014-08-20
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote authenticated users to bypass intended restrictions on resource access via unspecified vectors.

CVE-2014-0641
Published: 2014-08-20
Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users.

CVE-2014-2505
Published: 2014-08-20
EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors.

CVE-2014-2511
Published: 2014-08-20
Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the (1) startat or (2) entryId parameter.

CVE-2014-2515
Published: 2014-08-20
EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod, which allows remote authenticated users to gain privileges via a request for a superuser ticket.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.