News & Commentary

Localities and education networks suffered twice as many infections of the infamous CyptoWall ransomware than other sectors.

How Facebook Bakes Security Into Corporate Culture

Commentary | 11/30/2015 |

4 comments

Security is everyone's responsibility at the famous social network. These five ingredients are what make up the secret sauce.

Security Geek Gift Guide

Slideshows | 11/30/2015 |

Whether you're looking for a gift to give at the IT department's holiday party, for your science-loving kids, or for a genuine friend in the cube beside you, these gifts are sure winners.

Hilton Data Breach Focuses Attention On Growing POS Malware Threat

News | 11/25/2015 |

17 comments

Analysts expect an increase in POS attacks against retailers and others during this holiday shopping season.

The Youthful Side Of Hacking

Commentary | 11/25/2015 |

11 comments

If the iconic 1955 movie Rebel Without a Cause was remade today, would James Dean be a computer hacker?

Cyber Monday: What Retailers & Shoppers Should Watch For

News | 11/24/2015 |

12 comments

Attackers have a variety of ways to commit fraud and may take advantage of busy time to sneak in a data breach.

RSA Warns Of Zero Detection Trojan

News | 11/24/2015 |

4 comments

GlassRAT has remained undetected for more than three years while stealthily targeting victims, security firm says.

Cisco Cert Tracker Offline After Pearson VUE Breach

News | 11/24/2015 |

Third-party certification credential manager used by Cisco and others is taken down after malware infection.

Stealthy ModPOS Is 'Most Sophisticated PoS Malware' Ever

News | 11/24/2015 |

More than just a point-of-sale card scraper, it's modular malware, and every module is a rootkit.

Dell Hands Hackers Keys To Customer Systems

News | 11/24/2015 |

Dell installs root certificate with associated private keys to create its very own Superfish scenario.

Parsing What Is ‘Reasonable’ In Security, Post FTC v Wyndham

Commentary | 11/24/2015 |

In today's regulatory climate, companies can no longer depend on technology solutions alone – for example, SIEM -- to protect corporate data and customer privacy. Here's why.

Black Friday Security: Brick-and-Mortar Retailers Have Cyber Threats, Too

News | 11/23/2015 |

PoS malware, ways to trick new payment technology, and zero tolerance for down-time or slow-time make for a stressful combination.

SAFECode Releases Framework For Assessing Security Of Software

News | 11/23/2015 |

Guide for evaluating how software companies are adopting secure coding and security support practices.

A Comprehensive Look At China's Cybercrime Culture

News | 11/23/2015 |

Trend Micro report offers a full view of espionage and theft perpetrated by Chinese hackers.

Where Is Ransomware Going?

Partner Perspectives | 11/23/2015 |

As PCs and servers get better protected and employees more knowledgeable about the ransomware threat, criminals will go after less secure systems such as smart TVs, conferencing equipment, or other unsecured devices.

We Need A New Word For Cyber

Commentary | 11/23/2015 |

6 comments

It’s time to find an alternative for 'cyber' (an adjective or noun) before the term – like 'google' -- becomes a verb.

Russian Cybergangs Stole Some $790 Million Over 3 Years

News | 11/20/2015 |

More than $500 million of that is from victims located outside the borders of the former USSR, Kaspersky Lab reveals.

Starwood Hotels Hit With PoS Malware, Payment Card Info Exposed

Quick Hits | 11/20/2015 |

More than 50 Sheraton, Westin, other hotel chains in North America affected.

Introducing ‘RITA’ for Real Intelligence Threat Analysis

Commentary | 11/20/2015 |

SANS' free, new framework can help teams hunt for attackers by extending traditional signature analysis to blacklisted IP addresses and accounts that have multiple concurrent logons to multiple systems.

Why The Java Deserialization Bug Is A Big Deal

News | 11/19/2015 |

Millions of app servers are potentially open to compromise due to how they handle serialized Java apps, researchers say.

4 Tricks For Getting The Most Out Of User Behavior Analytics

News | 11/19/2015 |

First thing's first: establish what 'normal' metrics look like.

US-China Security Review Commission Discusses 'Hack-Back' Laws

Quick Hits | 11/19/2015 |

Commission's annual report to Congress recommends a closer look at whether companies should be allowed to launch counterattacks on hackers.

And Now, A Cyber Arms Race Towards Critical Infrastructure Attacks

Commentary | 11/19/2015 |

As traditional explosives give way to 'logic bombs,' the need to protect our industrial networks and systems has never been more important.

'Xindi' Online Ad Fraud Botnet Exposed

News | 11/18/2015 |

Billions of dollars in ad revenue overall could be lost to botnet that exploits 'Amnesia' bug.

Siri’s Lockscreen Bypass A Growing Privacy Issue For iOS Users

News | 11/18/2015 |

11 comments

In less than 30 seconds, anyone with access to an Apple iPhone or iPad can extract a lot of personal data using Siri, Trend Micro says.

Exploit Kit Explosion Will Keep Victims Off Kilter

News | 11/18/2015 |

3 comments

Exploit kit C&C infrastructure expanded by 75% in Q3.

DDoS And The Internet's Liability Problem

Commentary | 11/18/2015 |

15 comments

It's past time for an improved liability model to disrupt DDoS.

Attack Attempt Numbers Down, But PoS Malware & Angler Up in Q3

News | 11/17/2015 |

Politically motivated cyberespionage groups also hard at work between July and September, according to Trend Micro.

Must Automation Remain A Four-Letter Word?

Partner Perspectives | 11/17/2015 |

It doesn’t have to. We just need to apply the compensating safeguards and automated controls selectively so CISOs and their security teams can comfortably embrace it.

Microsoft Invests $1 Billion In 'Holistic' Security Strategy

News | 11/17/2015 |

7 comments

Executives detail strategic and cultural shift at Microsoft to an integrated security approach across its software and services, and announce new managed services group and cyber defense operation center.

5 Reasons Enterprises Don't Get Enough Value From Threat Intelligence

News | 11/17/2015 |

Maturity levels still keeping threat intelligence efficacy stunted.

IBM Report: Ransomware, Malicious Insiders On The Rise

News | 11/16/2015 |

X-Force's top four cyber threat trends also names upper management's increasing interest in infosec.

Don’t Toy With The Dark Web, Harness It

Commentary | 11/16/2015 |

5 comments

The Dark Web’s sinister allure draws outsized attention, but time-strapped security teams would benefit from knowing what's already circulating in places they don't need Tor or I2P to find.

Dark Reading Radio: A Cybersecurity Generation Gap

Commentary | 11/16/2015 |

5 comments

Millennials--especially young women--not pursuing careers in cybersecurity due to lack of both awareness and interest.

Google Study Finds Email Security A Mixed Bag

News | 11/13/2015 |

The use of encryption and authentication mechanisms by Google, Yahoo, and Microsoft has improved security -- but problems remain.

More Ransomware Being Spread Via Malvertising

Quick Hits | 11/13/2015 |

3 comments

Magnitude exploit kit has popped up in new malvertising campaign and dropping CryptoWall.

Healthcare Apps, WordPress Most Popular Web Attack Targets

News | 11/12/2015 |

No application escaped without a Shellshock attack in 2015, either, report finds.

Cherry Picker POS Malware Has Remained Hidden For Four Years

News | 11/12/2015 |

Sophisticated obfuscation techniques have allowed malware to evade AV systems and security vendors for a long time, says Trustwave.

Solving Security: If You Want Something New, Stop Doing Something Old

News | 11/12/2015 |

Black Hat Europe keynoter Haroon Meer tells security pros to work smarter, think out of the box, and speak out to the C-suite.

Incidence-Response Imperative: Take Immediate Action

Partner Perspectives | 11/12/2015 |

Something malicious this way comes. A fast reaction can reduce your risk.

Point of Entry: The Missing Link in the Security Hiring Gap

Commentary | 11/12/2015 |

How misguided notions of capability and lack of access to enterprise tools discourage diversity in Infosec.

Federal Government Most Prone To Repeat Breaches

News | 11/11/2015 |

It isn't just the White House that gets compromised more than once. Also, in a shifting trend, malicious insider attacks don't cut quite as deep as outsiders' do, report finds.

Tool Controls Botnet With Twitter Direct Messages

News | 11/11/2015 |

'Twittor' exploits the expanded capacity of Twitter DMs to replace traditional botnet command-and-control server infrastructure.

Machine Learning: Perception Problem? Maybe. Pipe Dream? No Way!

Commentary | 11/11/2015 |

Guided by an organization's internal security experts,'algorithmic assistants' provide a powerful new way to find anomalies and patterns for detecting cyberthreat activity.

Privileged Account Control Still Weak In Most Organizations

News | 11/11/2015 |

Two studies this week show there's a long way to go in securing credentials for risky accounts.

JP Morgan Breach Only One Piece Of Vast Criminal Enterprise, Indictments Reveal

News | 11/10/2015 |

Three men at the head of 'diversified criminal conglomerate' used hacking to commit and enhance their securities fraud, illegal online gambling, illegal Bitcoin exchange, and illegal payment processing businesses, 23-count indictment alleges.

Adobe Flash Bug Discovery Leads To New Attack Mitigation Method

News | 11/10/2015 |

Prototype aims to prevent exploits that employ 'use after free' bugs in Windows, Linux, OS X software.

Why Threat Intelligence Feels Like A Game Of Connect Four

Commentary | 11/10/2015 |

In real life, solving the cybersecurity puzzle has many challenges. But shared wisdom and community defense models are making it easier to connect the dots.

New 4G LTE Hacks Punch Holes In Privacy

News | 11/9/2015 |

Black Hat Europe researchers to demonstrate newly found flaws in 4G mobile that expose privacy and disrupt phone service.

NSA Discloses 91 Percent Of Vulns It Finds, But How Quickly?

News | 11/9/2015 |