News & Commentary

Content posted in October 2015
Page 1 / 2   >   >>
7 Elements Of Modern Endpoint Security
Slideshows  |  10/31/2015  | 
What it takes to secure and tap into the 'source of the truth' in today's threatscape.
Xen Patches 'Worst'-Ever Virtual Machine Escape Vulnerability
News  |  10/30/2015  | 
Bug remained undetected for seven years and enabled complete control of host system.
The Dawn of Lights-Out Security
Commentary  |  10/30/2015  | 
In the future, the role of humans will focus on the architecture, design and automation of security, not in the actual testing or operational management.
Security Analytics Still Greenfield Opportunity
News  |  10/29/2015  | 
Surveys out this week show improvement in the use of analytics and threat intelligence but room for better execution.
With $325 Million In Extorted Payments CryptoWall 3 Highlights Ransomware Threat
News  |  10/29/2015  | 
Study by Cyber Threat Alliance reveals sophisticated nature of the latest version of CryptoWall
Endpoint Security: Putting The Focus On What Matters
Partner Perspectives  |  10/29/2015  | 
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program.
Machine Learning Is Cybersecuritys Latest Pipe Dream
Commentary  |  10/29/2015  | 
Rather than waste money on the unproven promises of ML and AI, invest in your experts, and in tools that enhance their ability to search for and identify components of a new attack.
Digital Certificate Security Fail
News  |  10/28/2015  | 
Eight percent of digital certificates served by websites had been revoked but are still in use, new study finds.
5 Things To Know About CISA
News  |  10/28/2015  | 
Despite criticism from privacy advocates, the Cybersecurity Information Sharing Act passed through the Senate yesterday.
Ransomware Ranked Number One Mobile Malware Threat
News  |  10/28/2015  | 
Blue Coat report shows cyber blackmail has ported to mobile devices.
How Hackers Can Hack The Oil & Gas Industry Via ERP Systems
News  |  10/28/2015  | 
Researchers at Black Hat Europe next month will demonstrate how SAP applications can be used as a stepping-stone to sabotage oil & gas processes.
The Global CISO: Why U.S. Leaders Must Think Beyond Borders
Commentary  |  10/28/2015  | 
To compete for the top cybersecurity jobs on a world stage, home-grown CISOs need to take a more international approach to professional development.
Symantec CEO: How The Company Is Doubling Down On Enterprise Security
News  |  10/27/2015  | 
Security giant takes next big step in its makeover with a new security platform.
Apple iTunes & QuickTime Named 'Most Exposed' To Threats In US
News  |  10/27/2015  | 
Vulnerability report finds users lazy about patching Apple applications. Plus, in Q3, U.S. had more unpatched operating systems than any other country.
Cisco To Buy Lancope For $452.5 Million
Quick Hits  |  10/27/2015  | 
Deal set to be finalized in the second quarter of 2016.
Bad News is Good News For Security Budgets But Not Skills
Commentary  |  10/27/2015  | 
Cybersecurity is finally getting the attention and dollars it deserves from the C-Suite. The challenge now is finding the talent to take full advantage of these technology investments.
Dridex Botnet Still Alive And Kicking
News  |  10/27/2015  | 
Takedown efforts extremely short-lived, with evidence of resurgence coming even before announcement of the DoJ action.
15-Year-Old Arrested For TalkTalk Attack
News  |  10/26/2015  | 
U.K. police collar Northern Ireland youth for questioning, while security industry tries to make sense of confusing information out of TalkTalk CEO.
Millennials Not Pursuing Cybersecurity Careers
News  |  10/26/2015  | 
Lack of awareness about what cybersecurity jobs entail is widespread worldwide among 18- to 26-year-olds -- especially women -- a new study finds.
New Approaches to Vendor Risk Management
Commentary  |  10/26/2015  | 
The key to managing partner security risk is having truly verifiable evidence.
Attackers Demand Ransom Following Massive Hack on TalkTalk
News  |  10/23/2015  | 
Intrusion is believed to have exposed sensitive data on all four million customers of UK broadband provider.
Youve Been Attacked. Now What?
Commentary  |  10/23/2015  | 
The five steps you take in the first 48 hours after a breach will go a long way towards minimizing your organizations exposure and liability.
Passing the Sniff Test: Security Metrics and Measures
Slideshows  |  10/23/2015  | 
Cigital dishes dirt on top security metrics that dont work well, why theyre ineffective and which measurable to consider instead.
New Technology Won't Remove Endpoint From The Bullseye
Commentary  |  10/22/2015  | 
Dark Reading Radio guests from endpoint security vendor Tanium and Intel Security/McAfee may have different product views, but they concur on the problems plaguing end user machines.
Undermining Security By Attacking Computer Clocks
News  |  10/22/2015  | 
A team of researchers at Boston University has developed several attacks against the Network Time Protocol that is used to synchronize internal computer clocks on the Internet
Report: One-Quarter Of Malicious Sites Healthcare-Related
News  |  10/22/2015  | 
G DATA Security Labs report also shows a spike in banking Trojan action and a move by the Ukraine to be a top 5 player in the malicious hosting business.
To Find The Needle, Chop Down the Haystack: 5 Steps For Effective Threat Monitoring
Commentary  |  10/22/2015  | 
Would bank security screen everyone entering the building then leave the vault door open with no one watching the money? Of course not!
The Rebirth Of Endpoint Security
News  |  10/21/2015  | 
A slew of startups and veteran security firms are moving toward proactive and adaptive detection and mitigation for securing the endpoint. But few enterprises are ready to pull the antivirus plug.
Navigating New Security Architectures For Cloud Data Centers
Commentary  |  10/21/2015  | 
Micro-segmentation is a revolutionary approach to data center complexity and security. But not all architectures are created equal.
Likeliest Fraudsters Are, Or Claim To Be, 85-90 Years Old
News  |  10/20/2015  | 
New report paints a composite picture of the 'Fraudiest Person in America'
State Of Employee Security Behavior
News  |  10/20/2015  | 
End users still lacking situational awareness of security risks, says CompTIA report.
Building A Winning Security Team From The Top Down
Commentary  |  10/20/2015  | 
Dropbox security chief Patrick Heim dishes about the need for strong industry leaders, the 'unique' cybersecurity personality and why successful organizations need 'cupcake.'
Former White House Advisor: Marry Infosec To Economics
News  |  10/19/2015  | 
Melissa Hathaway, former cybersecurity policy advisor to the White House, says the security and economy agendas should go hand-in-hand, and Western nations' use of surveillance technology is 'alarming.'
Next On Dark Reading Radio: Endpoint Security Transformed
Commentary  |  10/19/2015  | 
Modern endpoint security technology is all about focusing on the client as both patient 0 and as a treasure trove of attack forensics intelligence.
Are You Making This Endpoint Security Mistake?
Partner Perspectives  |  10/19/2015  | 
Detecting threats isnt enough. You must also remediate vulnerable endpoints and employ continuous monitoring to reduce exposure.
'HIPAA Not Helping': Healthcare's Software Security Lagging
News  |  10/19/2015  | 
The latest Building Security in Maturity Model (BSIMM) study illustrates the long learning curve for secure coding initiatives.
Secure Software Development in the IoT: 5 Golden Rules
Commentary  |  10/19/2015  | 
The evolving threat landscape doesnt merely expose developers to new problems. It exposes them to old problems that they need to address sooner, faster, and more frequently.
CrowdStrike Spots Chinese APTs Targeting US Firms Post-Pact
Quick Hits  |  10/19/2015  | 
CrowdStrike says Chinese threat actors targeted intellectual property at US firms the day after Obama and Xi announced a pact banning cyber espionage for economic gain.
Enterprises Are Leaving Cloud Security Policies To Chance
News  |  10/19/2015  | 
Only a third have a strategy for securing a mix of different data center and cloud deployment scenarios.
From 55 Cents to $1,200: The Value Chain For Stolen Data
News  |  10/16/2015  | 
The latest pricing models for stolen information in the underground economy.
First Cyberterror Charges: DOJ Accuses Hacker Of Giving Military PII To ISIS
Quick Hits  |  10/16/2015  | 
The data was first stolen from an online retailer, and the suspect is awaiting extradition hearing in Malaysia.
Adobe Patches Pawn Storm Zero-Day Ahead Of Schedule
Quick Hits  |  10/16/2015  | 
Critical bug wasn't expected to be fixed until next week.
The Internet of Things: Its All About Trust
Commentary  |  10/16/2015  | 
As billions of devices come online, it will be critical to protect the keys and certificates we use for authentication, validation, and privileged access control.
Pawn Storm Flashes A New Flash Zero-Day
News  |  10/15/2015  | 
Cyberespionage group shows off another piece of kit in attacks on foreign ministries.
Survey Shows Little Accord On Responsibility For Cloud Security
News  |  10/15/2015  | 
With procurement teams and business groups doing most vendor selection and vetting, IT groups have little role in security.
Gen. Colin Powell: 'Triage' The Cyber Threats
News  |  10/15/2015  | 
In a keynote at FireEye Cyber Defense Summit, the retired Army General and former Secretary of State and chairman of the Joint Chiefs of Staff, also weighed in on the controversy over Hillary Clinton's private email server.
An Atypical Approach To DNS
Commentary  |  10/15/2015  | 
Its now possible to architect network instrumentation to collect fewer data sources of higher value to security operations. Heres how -- and why -- you should care.
Asset Segmentation: The Key To Control
Partner Perspectives  |  10/15/2015  | 
Automated asset segmentation and classification helps focus strong security controls where they are needed most.
The State of Apple Security
Slideshows  |  10/14/2015  | 
A small market share and a trusted development environment protected Apple a long time, but will that last? Plus, EXCLUSIVE: more data on who's behind XCodeGhost.
Dridex Takedown Might Show Evidence Of Good Guys Gains
News  |  10/14/2015  | 
Researchers believe Dridex swooped in to fill Gameover Zeus hole in the black market, but it didnt have time to grow as big as its predecessor before being stopped.
Page 1 / 2   >   >>


New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Cracking 2FA: How It's Done and How to Stay Safe
Kelly Sheridan, Staff Editor, Dark Reading,  5/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "The one you have not seen, won't be remembered".
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10428
PUBLISHED: 2018-05-23
ILIAS before 5.1.26, 5.2.x before 5.2.15, and 5.3.x before 5.3.4, due to inconsistencies in parameter handling, is vulnerable to various instances of reflected cross-site-scripting.
CVE-2018-6495
PUBLISHED: 2018-05-23
Cross-Site Scripting (XSS) in Micro Focus Universal CMDB, version 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.0, CMS, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1 and Micro Focus UCMDB Browser, version 4.10, 4.11, 4.12, 4.13, 4.14, 4.15.1. This vulnerability could be remotely exploited to al...
CVE-2018-10653
PUBLISHED: 2018-05-23
There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
CVE-2018-10654
PUBLISHED: 2018-05-23
There is a Hazelcast Library Java Deserialization Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.
CVE-2018-10648
PUBLISHED: 2018-05-23
There are Unauthenticated File Upload Vulnerabilities in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3.