News & Commentary

Content posted in January 2016
Page 1 / 2   >   >>
Wendy's Could Become Test Case For New EMV Liability Rules
News  |  1/29/2016  | 
The fast food giant confirms it is investigating fraudulent activity involving payment cards used at some of its 6,500 locations.
Clever LG Droid Bug Can Attack You Through Birthday Notifications
Quick Hits  |  1/29/2016  | 
'SNAP' vulnerability affects Smart Notice application pre-installed on every new LG device.
Cloud Security: Its Become A People Problem
Commentary  |  1/29/2016  | 
Now that the cloud is becoming secure enough for sensitive data, are cloud customers ready to hold up their end of a shared liability model?
How Incident Response Fails In Industrial Control System Networks
News  |  1/28/2016  | 
Experts say a solid incident response plan is the best way to minimize the damage of a cyberattack--but IR isn't so simple for the ICS/SCADA world.
New Version Of CenterPOS Malware Taps Rush To Attack Retail Systems
News  |  1/28/2016  | 
EMV will make it much harder for criminals to steal payment card data, so theres a rush to do it while they can
Big Week For Ransomware
News  |  1/28/2016  | 
Inventive new variants and damaging attacks swept through the headlines this week.
Oracle Retires Java Browser Plug-In
Quick Hits  |  1/28/2016  | 
Move in response to the 'plug-in free Web' trend.
Why InfoSec Pros Should Keep A Close Eye On Cyber Efficiency
Partner Perspectives  |  1/28/2016  | 
No organization will ever be impervious to breaches, but efficient organizations can lower their overall spend.
Data Privacy: Key Elements Of An Information Governance Plan
Commentary  |  1/28/2016  | 
For Data Privacy Day! Do you have the policies in place to safeguard your companys most strategic information? Here are nine best practices.
Hot-Patching Tools Another Crack In Apple's Walled Garden
News  |  1/27/2016  | 
Researchers at FireEye investigate how the tools some iOS developers use to push out patches more quickly are themselves a threat to Apple security.
Macros, Network Sniffers, But Still No 'Smoking Gun' In Ukraine Blackout
News  |  1/27/2016  | 
Further analysis of the Black Energy 3 malware studies payloads used for reconnaissance in the attacks.
Careers in InfoSec: Dont Be Fooled By The Credential Alphabet
Commentary  |  1/27/2016  | 
Analytical skills, work ethic, an ability to overcome obstacles, and a natural drive to solve problems are the critical hiring factors in todays tight job market.
When It Comes To Facebook Apps, Be Like Mike -- Not Bill
Partner Perspectives  |  1/27/2016  | 
New apps such as Be Like Bill raise a red flag when it comes to privacy.
Post-Breach Costs And Impact Can Last Years
News  |  1/26/2016  | 
SANS study examines long-term effects of breach events.
NetFlow Or sFlow For Fastest DDoS Detection?
Commentary  |  1/26/2016  | 
It's still not an easy choice, but combined with the faster NetFlow exporters that have recently come to market, the speed advantage of sFlow is starting to fade.
Why Cybersecurity Certifications Matter -- Or Not
News  |  1/26/2016  | 
Job candidates with a certification make more money, but there's more to the equation for cybersecurity professionals.
Insurers Getting Smarter About Assessing Cyber Insurance Policy Risks
News  |  1/26/2016  | 
2016 shaping up to be a year of greater maturity in how insurance companies underwrite their cyber insurance policies.
'Scarlet Mimic' Hackers Snoop On Minority Activists In China
News  |  1/25/2016  | 
Weapon of choice is the FakeM Windows backdoor, but it's making moves to more platforms.
How (And Why) Hackers Target Your Business
Commentary  |  1/25/2016  | 
Dont miss this inside look by a trio of experts from industry and law enforcement during Dark Reading's virtual event, Cybersecurity: The Business View. Now available On-Demand.
AMX Harman Disputes Deliberately Hiding Backdoor In Its Products
News  |  1/22/2016  | 
Control systems for AV, lighting, and other equipment used widely by the White House, Fortune 100, government, and defense agencies likely affected.
Measuring Real Risk: The Business View
Commentary  |  1/22/2016  | 
Dark Reading's Jan. 26 virtual event on the business perspective of cybersecurity will feature a panel discussion on how to measure risk and the cost of a security program.
The Apple App Store Incident: Trouble in Paradise?
Commentary  |  1/22/2016  | 
The fact that Apples security model has worked so well in the past doesnt mean it will work well forever. Heres why.
No Safe Harbor Is Coming -- CISA Made Sure Of It
News  |  1/22/2016  | 
It's time to take your data classification procedures more seriously. If not, that helpful information-sharing you did in the US could cost you hefty fines for privacy violations in the European Union.
'Asacub' Trojan Converted To Mobile Banking Weapon
News  |  1/21/2016  | 
In a sign of the times, what was once a routine data-stealing tool has evolved into a dangerous mobile banking threat.
When The Boss Is Your Biggest Security Risk
Commentary  |  1/21/2016  | 
No one possesses more sensitive information in an organization than upper management. So why do companies screen executives on the way in but not on the way out?
Preparing Your Business For A Major Data Breach: The Business View
Commentary  |  1/20/2016  | 
Today's Dark Reading's Virtual Conference on the business perspectives of cybersecurity will include a panel to prep your leaders for responding to the inevitable breach.
IT Confidence Ticks Down
News  |  1/20/2016  | 
Cisco security report shows aging infrastructure no match for constantly advancing attack techniques.
Medical Device Security Gets Intensive Care
News  |  1/20/2016  | 
FDA draft cybersecurity guidance for medical device-makers and a new 'Hippocratic Oath' for the industry debut amid growing concerns of patient safety.
HD Moore To Depart Rapid7 For New Venture Capital Gig
Quick Hits  |  1/20/2016  | 
Moore plans to continue work on Metasploit Framework.
Behavioral Analytics: The Future of Just-in-Time Awareness Training?
Commentary  |  1/20/2016  | 
Its high time we leveraged modern threat detection tools to keep users on the straight and narrow road of information security.
Bots Will Inflict $7.2 Billion In Fraud On Digital Advertisers In 2016
News  |  1/19/2016  | 
Fraudsters see a gold mine in online ad ecosystem.
Employee Data More Exposed Than Customer Data
News  |  1/19/2016  | 
New encryption report shows midsized organizations fail to encrypt all the sensitive things -- including their own intellectual property and financial data.
Linux Kernel Bug Allows Local-To-Root Privilege Escalation
Quick Hits  |  1/19/2016  | 
Tens of millions of Linux servers, desktops, plus 66 percent of Android devices affected.
Cloud Security: To Scale Safely, Think Small
Commentary  |  1/19/2016  | 
Why today's enterprises need an adaptable cloud infrastructure centered around flexibility, portability, and speed.
Dark Reading Radio: A New Job Description For the CISO
Commentary  |  1/19/2016  | 
As cyberattacks grow and evolve, so too has the role of the chief information security officer. Fascinating discussion on key trends and challenges.
OpenSSH Patches Flaw That Lets Attackers Steal Private Keys
News  |  1/15/2016  | 
Flaw exists in an a feature that is turned on by default in all OpenSSH clients between versions 5.4 and 7.1, says Qualys
The Internet of Private Things: 7 Privacy Missteps
Slideshows  |  1/15/2016  | 
A cautionary tale about the rules of Privacy by Design and seven IoT companies that broke them in recent years.
Successful Attacks On Oil And Gas Companies Increasing, Survey Shows
News  |  1/14/2016  | 
What remains unclear is how many of them actually impact critical industrial control systems
More Signs Point To Cyberattack Behind Ukraine Power Outage
News  |  1/14/2016  | 
'KillDisk' and BlackEnergy were not the culprits behind the power outage -- there's still a missing link in the chain of attack.
IoT Security: $1-per-Thing To Protect Connected Devices
Commentary  |  1/14/2016  | 
Locking down the Internet of Things wont be cheap. Here's the math.
The State Of Mobile Insecurity
News  |  1/13/2016  | 
It's deja vu all over again as mobile app development looks like traditional dev shops did a half a decade ago.
Top Survival Tips For IE End-Of-Life
News  |  1/13/2016  | 
If an immediate upgrade to the latest version is not an option for all your machines running Internet Explorer, here's how to mitigate your risk.
We Are What We Eat: Software Assurance Edition
Commentary  |  1/13/2016  | 
The fact that open-source code you use is free from vulnerabilities today doesnt mean that it will remain that way in the near future.
Former Director Of NSA And CIA Says US Cybersecurity Policy MIA
News  |  1/13/2016  | 
Gen. Michael Hayden says US government doesn't have the 'framework' to handle attacks by nation-states, others against the power grid, data.
Kaspersky Caught Scent Of Silverlight Zero-Day In Hacking Team Breach
News  |  1/13/2016  | 
Hacking Team wasn't interested in this critical, cross-platform, remote code execution bug in Silverlight, but the exploit writer may have found another buyer.
A DDoS Learning Curve for Universities, Government & Enterprises
Commentary  |  1/12/2016  | 
Distributed Denial of Service attacks are easy, cheap and too often, effective. But theyre not unstoppable.
'Main Target' Of DD4BC DDoS Extortionist Group Arrested
News  |  1/12/2016  | 
International group of law enforcement agencies zeroes in on group that spawned the DDoS for Bitcoin cyber-extortion business.
CES 2016: Top 10 Security Innovations
News  |  1/12/2016  | 
Check out some of the most interesting security innovations unveiled at the Consumer Electronics Show in Las Vegas last week.
Q&A: Trend Micro CEO Chen On IoT Security
News  |  1/12/2016  | 
Eva Chen on what it takes to secure IoT devices, the TippingPoint acquisition, and 'reverse-engineering' engineers.
The Four Big Problems With Security Metrics
News  |  1/11/2016  | 
Metrics can be very useful, but only if they track the things that matter.
Page 1 / 2   >   >>


Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
White Hat to Black Hat: What Motivates the Switch to Cybercrime
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
PGA of America Struck By Ransomware
Dark Reading Staff 8/9/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Now about that mortgage refinance offer from Wells Fargo .....
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-7097
PUBLISHED: 2018-08-14
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow cross-site request forgery.
CVE-2018-7098
PUBLISHED: 2018-08-14
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow directory traversal.
CVE-2018-7099
PUBLISHED: 2018-08-14
A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow disclosure of privileged information.
CVE-2018-7100
PUBLISHED: 2018-08-14
A potential security vulnerability has been identified in HPE OfficeConnect 1810 Switch Series (HP 1810-24G - P.2.22 and previous versions, HP 1810-48G PK.1.34 and previous versions, HP 1810-8 v2 P.2.22 and previous versions). The vulnerability could allow local disclosure of sensitive information.
CVE-2018-7077
PUBLISHED: 2018-08-14
A security vulnerability in HPE XP P9000 Command View Advanced Edition (CVAE) Device Manager (DevMgr 8.5.0-00 and prior to 8.6.0-00), Configuration Manager (CM 8.5.0-00 and prior to 8.6.0-00) could be exploited to allow local and remote unauthorized access to sensitive information.