Risk
2/4/2014
10:57 AM
Connect Directly
RSS
E-Mail
50%
50%

RSA Conference 2014: Complete Coverage

Catch up on RSA Conference 2014 with our round-up of articles leading up to, from, and after the event

>> Securing Software Requires Design, Testing and Improvement
Adopting secure development, incorporating frequent testing, and creating measures of software security are important to create more secure code

>> Security Firms Face Crisis Of Trust
Mikko Hypponen reflects on shift toward rampant government spying and use of malware -- and targeted attack attempts on F-Secure

>> Researchers Create Legal Botnet Abusing Free Cloud Service Offers
Hack depends on scripts creating scores of unique email addresses and automating execution of email verification

>> Hacking Critical Infrastructure Companies -- A Pen Tester's View
At the RSA Conference, a pen tester outlines some of the elements of a successful attack on energy companies

>> Supply-Chain Threats Still An Uncertain Danger
With a global manufacturing economy muddying the definition of a foreign product, nations are still hashing out strategies to secure their supply chains

>> Today's Network Security Challenges: No Easy Answers
The BYOD trend and proliferation of mobile devices are making life hard for security teams, but solutions are elusive, panelists say at RSA Conference 2014

>> Headline Here
Dek here

>> Today's Network Security Challenges: No Easy Answers
The BYOD trend and proliferation of mobile devices are making life hard for security teams, but solutions are elusive, panelists say at RSA Conference 2014

>> Fewer Than Half Of IT Pros At RSA Conference Say NSA Went Too Far
Spying revelations and document leaks a big theme at RSA Conference 2014, but views on the controversy are split

>> Big Data A Big Focus Of Security Analytics Products
At the RSA Conference in San Francisco, vendors pitched big the importance of properly leveraging big data to improve security

>> IBM Software Vulnerabilities Spiked In 2013
Most code flaws still involve non-Microsoft products, and overall patching speed has improved, study presented at RSA conference finds

>> More Than 100 Flavors Of Malware Stealing Bitcoins
Specialized form of malware empties electronic wallets of digital currency, and antivirus often misses it

>> Juniper Security Chief Takes Swipe At Security Apathy
Juniper Security Chief Takes Swipe At Security Apathy

>> Coviello: RSA Security's Work With NSA 'A Matter Of Public Record'
RSA chairman calls for global intelligence community reforms, spinning IAD off from NSA

>> Microsoft Beefs Up EMET
Early release of anti-exploit tool shuts down bypass methods created by Bromium Labs

>> NSA Spying Scandal Darkens Cloud Discussions At RSA
From Europe's efforts to create regulations for data localization to worries over the security of the cloud, the leaks of the past eight months have cast a shadow over cloud providers

>> Cisco-Sourcefire Integration Takes Shape
Integration includes adding Sourcefire's AMP technology into its email and Web security appliances

>> Researchers Bypass Protections In Microsoft's EMET Security Tool
Bromium Labs researchers create exploit that the Enhanced Mitigation Experience Toolkit (EMET) 4.1 can't detect

>> Is The Hypervisor Security's Goldilocks Zone?
RSA presentation to put virtualization forward as a tool to fix security's architectural problems

>> Solving The Security Workforce Shortage
To solve the skills shortage, the industry will need to attract a wider group of people and create an entirely new sort of security professional

>> Algosec Partners With Qualys
New integration delivers application-centric vulnerability management, aggregating and scoring vulnerabilities based on risk and continuously monitoring for changes within data center environments

>> Microsoft Windows Crash Reports Reveal New APT, POS Attacks
Researchers discover zero-day attacks after studying the contents of various "Dr. Watson" error reports

>> U.S. Running Out Of Allies In On Cyber Battlefield
International cyber policy and enforcement, and ownership over the Internet are thorny topics that will be tackled at the 2014 RSA Conference next week

>> Abusing Cloud Services for Cybercrime
At the upcoming RSA conference, researchers will discuss how a lack of anti-automation protections allow attackers to take advantage of free cloud services

>> RSA Conference Controversy Swirls, Spurs Debate Over Boycotts
Talk of boycotts has circled the RSA conference, but what will the outcome of it all be?

>> 9 Security Experts Boycott RSA Conference
Several leading security experts have pulled out of the RSA conference over unanswered questions concerning the NSA's $10 million payment to RSA

>> Using Attackers' Tactics To Battle Banking Trojans
At the upcoming RSA conference, Trustwave researchers will discuss using obfuscation to break the functionality of banking Trojans, such as ZeuS

RSA LIBRARY
RSA Conference 2013 Coverage
RSA Conference 2012 Coverage

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2003-1598
Published: 2014-10-01
SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable.

CVE-2011-4624
Published: 2014-10-01
Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.

CVE-2012-0811
Published: 2014-10-01
Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files gene...

CVE-2012-5485
Published: 2014-09-30
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.

CVE-2012-5486
Published: 2014-09-30
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Chris Hadnagy, who hosts the annual Social Engineering Capture the Flag Contest at DEF CON, will discuss the latest trends attackers are using.