Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in October 2015
<<   <   Page 2 / 2
Mandia: US-China No-Hack Pact Could Be Game Changer
News  |  10/14/2015  | 
Mandiant founder Kevin Mandia says change is coming in the wake of Xi and Obama's pledge not to conduct cyberespionage for economic gain if China holds up its end of the deal.
'POODLE' One Year Later: Still Around? Not So Much
Commentary  |  10/14/2015  | 
As high-severity vulnerabilities go, POODLE remediation rates and times have proven to be astonishingly better than expected.
Prolific Cybercrime Gang Favors Legit Login Credentials
News  |  10/13/2015  | 
FireEye researchers shed more light on infamous cybercriminals associated with RawPOS malware. and christen it 'FIN5.'
In Wake Of Resurgence, US-CERT Issues Alert About Dridex
Quick Hits  |  10/13/2015  | 
U.S. issues alert about banking Trojan, but recent attacks focus on U.K.
Believe It Or Not, Millennials Do Care About Privacy, Security
News  |  10/13/2015  | 
80% say it is vitally or very important that PII, financial, and/or medical data be shared only with authorized parties
Why DevOps Fails At Application Security
Commentary  |  10/13/2015  | 
In a recent survey of developers, nearly half of respondents admit to releasing applications with known vulnerabilities at least 80 percent of the time.
Japan's Cybercrime Underground On The Rise
News  |  10/13/2015  | 
New report sheds light on stealthy cybercrime operations in Japan.
Dell Acquisition of EMC Has Big Cybersecurity Implications
News  |  10/12/2015  | 
The devil will be in the details, but if company cooks up a winning integration strategy to combine the likes of SecureWorks and RSA, it is poised to become a major cybersecurity player.
Police Car Hacks: Under The Hood
Commentary  |  10/12/2015  | 
A closer look at how researchers hacked two Virginia State Trooper vehicles.
Cybersecurity Insurance: 4 Practical Considerations
Commentary  |  10/12/2015  | 
There can't be reliable cybersecurity insurance until companies can identify who is responsible for the continuous exploitation of stolen data, long-lasting attacks, and hardly-detectable APTs.
Data Deletion: A Disconnect Between Perception And Reality
News  |  10/9/2015  | 
Study shows that methods used to erase data before equipment is resold not as effective as assumed.
More Reasons To Drop The War On Encryption
More Reasons To Drop The War On Encryption
Dark Reading Videos  |  10/9/2015  | 
Rod Beckstrom, founding director of the US National Cybersecurity Center visits the Dark Reading News Desk at Black Hat to discuss cybercrime legislation, takedown operations, and why law enforcement should drop the war on encryption.
Jailbreaking Mobile Devices: Thats Not The Real Problem
Commentary  |  10/9/2015  | 
Despite what mobile operating system vendors say, its the OS flaws that put everyone at risk.
Corporate VPNs In The Bullseye
News  |  10/8/2015  | 
When the corporate virtual private network gets 0wned.
Researchers Warn Against Continuing Use Of SHA-1 Crypto Standard
News  |  10/8/2015  | 
New attack methods have made it economically feasible to crack SHA-1 much sooner than expected.
Chipping Away At Credit Card Fraud With EMV
Commentary  |  10/8/2015  | 
As of October 1, so-called chip-and-pin technology is now the law of the land for electronic payments in the US. But its not the silver bullet that will instantly stop all cybercrime.
'Evil' Kemoge Serves Androids Ads And Rootkits
News  |  10/7/2015  | 
Malware is wrapped into a wide variety of legitimate apps on third-party stores and one on Google Play.
US Consumers More Worried About Cyber Risks Than Their Physical Safety
News  |  10/7/2015  | 
Cyberthreats among the biggest worries of consumers, new Travelers Consumer Risk Index shows.
Intro To Machine Learning & Cybersecurity: 5 Key Steps
Commentary  |  10/7/2015  | 
Software-based machine learning attempts to emulate the same process that the brain uses. Heres how.
Defending & Exploiting SAP Systems
Defending & Exploiting SAP Systems
Dark Reading Videos  |  10/7/2015  | 
Juan Pablo Perez-Etchegoyen, CTO of Onapsis, joins the Dark Reading News Desk at Black Hat to discuss the technological and organizational challenges of SAP security.
Cost Of Cybercrime Reaches $15 Million Annually Per Org
News  |  10/6/2015  | 
Ponemon Institute study details annual costs incurred by organizations with over 1,000 employees.
Survey Shows Surprisingly High Number Of Breaches Via Mobile
News  |  10/6/2015  | 
IDG/Lookout study shows another take on the mobile threat, while Verizon says breaches it's seen so far this year still aren't due to mobile devices.
What The EUs Safe Harbor Ruling Means For Data Privacy In The Cloud
Commentary  |  10/6/2015  | 
The European Court of Justice today struck down the 15-year-old data transfer agreement between the European Union and the US. Heres how to begin to prepare for the fallout.
Researchers Disrupt Angler Exploit Kit, Ransomware Operation
News  |  10/6/2015  | 
Cisco Talos Group estimates Angler is making $60 million per year from ransomware alone.
Dont Be Fooled: In Cybersecurity Big Data Is Not The Goal
Commentary  |  10/6/2015  | 
In other words, the skills to be a security expert do not translate to being able to understand and extract meaning from security data.
10 Security Certifications To Boost Your Career
Slideshows  |  10/5/2015  | 
Earning a security credential can help you open the door to a great job. But you need to know which certification is the right one for you.
5 Signs Security's Finally Being Taken Seriously
News  |  10/5/2015  | 
It's taken years, but infosec may have finally won a seat at the table, as executive leadership reports more mature attitudes and practices.
Nuclear Plants' Cybersecurity Is Bad -- And Hard To Fix
News  |  10/5/2015  | 
Report: 'Very few' nuclear plants worldwide patch software, and operations engineers 'dislike' security pros.
Segmentation: A Fire Code For Network Security
Commentary  |  10/5/2015  | 
New technologies like software-defined segmentation are making it easier to prevent a compromise from spreading by separating users and network resources into zones.
A Wassenaar Arrangement Primer, With Katie Moussouris
A Wassenaar Arrangement Primer, With Katie Moussouris
Dark Reading Videos  |  10/5/2015  | 
The chief policy officer for HackerOne joins the Dark Reading News Desk at Black Hat to explain how the security community is working to prevent a policy 'dragnet' that would injure American infosec companies and researchers.
Youre Doing BYOD Wrong: These Numbers Prove It
Partner Perspectives  |  10/5/2015  | 
Almost 40% of users who connect personal mobile devices to corporate networks have no lock-screen mechanism set in place.
Scottrade Breach Hit 4.6 Million Customers, Began 2 Years Ago
Quick Hits  |  10/2/2015  | 
Social Security numbers might have been exposed, but the main target appears to have been contact information.
Amazon Downplays New Hack For Stealing Crypto Keys In Cloud
News  |  10/2/2015  | 
Attack works only under extremely rare conditions, cloud giant says of the latest research.
What Security Pros Really Worry About
What Security Pros Really Worry About
Dark Reading Videos  |  10/2/2015  | 
Editor-in-Chief Tim Wilson visits the Dark Reading News Desk to report what security pros have told us in latest Black Hat and Dark Reading surveys about their priorities and what keeps them from them.
The Evolution Of Malware
Commentary  |  10/2/2015  | 
Like the poor in the famous Biblical verse, malware will always be with us. Heres a 33-year history from Elk Cloner to Cryptolocker. What will be next?
Experian Gets Hacked, Exposing SSNs, Data From 15 Million T-Mobile Customers
Quick Hits  |  10/2/2015  | 
Credit monitoring firm suffers its second major data breach.
Deceit As A Defense Against Cyberattacks
News  |  10/1/2015  | 
A new generation of 'threat deception' technology takes the honeypot to a new, enterprise level.
Stagefright 2.0 Vuln Affects Nearly All Android Devices
News  |  10/1/2015  | 
Worst threat is only to version 5.0 Lollipop and later.
And Now A Malware Tool That Has Your Back
News  |  10/1/2015  | 
In an unusual development, white hat malware is being used to secure thousands of infected systems, not to attack them, Symantec says.
Automating Breach Detection For The Way Security Professionals Think
Commentary  |  10/1/2015  | 
The missing ingredient in making a real difference in the cumbersome process of evaluating a flood of alerts versus a small, actionable number is context.
<<   <   Page 2 / 2


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21195
PUBLISHED: 2021-04-09
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.