News & Commentary

Content posted in December 2015
Page 1 / 2   >   >>
Boldest Cybersecurity Predictions For 2016
Slideshows  |  12/31/2015  | 
Forget the boring, safe predictions -- here instead are the most interesting, cringe-worthy, humorous, or otherwise shocking predictions for the coming year.
Tor Project To Launch Bug Bounty Program
News  |  12/31/2015  | 
Open Technology Fund will sponsor program and HackerOne will manage it
The Changing Face Of Encryption: What You Need To Know Now
Commentary  |  12/30/2015  | 
Encryption today is now an absolute must and the fact that it is difficult does not change the fact that you have to use it.
Users No Longer Need to Jailbreak Apple iOS To Load Rogue Apps
News  |  12/29/2015  | 
'DarkSideLoader' app stores can side-load apps and circumvent official app stores on any iOS device.
5 Tips For Getting The Most Out Of Your Firewall
News  |  12/29/2015  | 
Despite concerns over the effectiveness of perimeter technologies, firewalls remain a staple in the enterprise security arsenal.
The Fraud Tsunami Heads To The Sharing Economy
Commentary  |  12/29/2015  | 
When it comes to cyberfraud, online marketplaces like AirBnB can expect an uphill battle in the wake of the rollout of new chip card technology in 2016.
15 Cybersecurity Lessons We Should Have Learned From 2015, But Probably Didn't
News  |  12/28/2015  | 
Another infosec year is almost in the books. What did all the breaches, vulnerabilities, trends, and controversies teach us?
Tech Gifts That Security Pros Will Probably Return
Slideshows  |  12/28/2015  | 
Insecure gifts that CISOs and other security pros are likely returning as we speak.
Giant Mystery Database Of US Voters Leaked
Quick Hits  |  12/28/2015  | 
No organization will take responsibility for the database that includes 191 million voter registration records.
The Rise Of Community-Based Information Security
Commentary  |  12/28/2015  | 
The more vendors, service providers, and companies band together to fight security threats, the more difficult it will become for attacks to succeed.
Security Vendors Report Uptick in Whaling, Phishing Scams
News  |  12/23/2015  | 
Expect to see an increase in attempts by cyber crooks to trick businesses and individuals to part with their money say Mimecast, Kaspersky Labs.
Survey: When Leaving Company, Most Insiders Take Data They Created
News  |  12/23/2015  | 
Most employees believe they own their work, and take strategy documents or intellectual property with them as they head out the door.
A Hidden Insider Threat: Visual Hackers
Commentary  |  12/23/2015  | 
Ponemon experiment shows how low-tech white-hat hackers, posing as temps, captured information from exposed documents and computer screens in nearly nine out of ten attempts.
2015 Ransomware Wrap-Up
Slideshows  |  12/22/2015  | 
Here's a rundown of the innovative ransomware that frightened users and earned attackers big bucks this year.
Torrenting Still A Thorn In Enterprise Networks
News  |  12/22/2015  | 
A quarter of enterprises still see torrenting activity and among those, 43 percent of apps contain malicious elements.
The Industrial Cyber Myth: Its No Fantasy
Commentary  |  12/22/2015  | 
As threats become more sophisticated, the industry is still playing catch-up.
9 Coolest Hacks Of 2015
News  |  12/21/2015  | 
Cars, guns, gas stations, and satellites, all got '0wned' by good hackers this year in some of the most creative yet unnerving hacks.
Oracle Settles FTC Charges That It Deceived Users About Java Security Updates
Quick Hits  |  12/21/2015  | 
Oracle will have to be more forthright and communicate the truth via social media and anti-virus companies going forward.
Yellow Alert Sounded For Juniper Vulns, Feds Called In
News  |  12/21/2015  | 
SANS ISC raises infosec alert level and FBI investigates potential nation-state activity leading to backdoor vulnerabilities in Juniper ScreenOS products.
Security Tech: Its Not What You Buy, Its How You Deploy
Commentary  |  12/21/2015  | 
Good information security depends on a holistic strategy, not on an elite lineup of discretely moving parts.
10 Funny Twitter Feeds For Security Geeks
Slideshows  |  12/18/2015  | 
These must-follow Twitter feeds offer plenty of cybersecurity humor to keep infosec pros giggling even when the attacks keep coming.
Juniper Discovers Unauthorized Code In Its Firewall OS
News  |  12/18/2015  | 
'Troubling' incident exposes code designed to decrypt VPN communication and enable remote administrative control of devices.
When RATs Become a Social Engineers Best Friend
Commentary  |  12/18/2015  | 
Hacking humans in the banking industry through rogue help desks is becoming a significant problem.
90% Of Industries, Not Just Healthcare, Have Disclosed PHI In Breaches
News  |  12/17/2015  | 
New Verizon PHI report finds that organizations' workers comp and wellness programs are also vulnerable repositories for personal health information.
Validating Supply Chain Cybersecurity
Partner Perspectives  |  12/17/2015  | 
How to identify risks, understand downstream effects, and prepare for incidents.
The InfoSec Gender Divide: Practical Advice For Empowering Women
Commentary  |  12/17/2015  | 
There is no one-size-fits-all approach for women to succeed in IT security. What you need is a roadmap and a little help from your friends.
Security Talent Gap Threatens Adoption Of Analytics Tools
News  |  12/17/2015  | 
Finding qualified personnel with the right skillsets to configure and operate analytics platforms is a big challenge today, but workforce development, training, and more intuitive technology could help.
SQL Injection, XSS Flaws Found In Network Management System Products
News  |  12/16/2015  | 
Patches available for two flaws, pending for four others.
An Ill Wynd Blowing But No Safe Harbor
Commentary  |  12/16/2015  | 
What will state-of-the-art for cybersecurity look like in 2016? The regulatory headwinds on both sides of the Atlantic portend big changes.
The End Of Passwords?
News  |  12/15/2015  | 
IT professionals believe they won't exist in 10 years, but this prediction's been on tap for a decade already.
Detecting the Undetectable: Windows Registry Attacks
Partner Perspectives  |  12/15/2015  | 
Fileless attacks are becoming more sophisticated, requiring a team of defenses.
Macro Malware Is Back
Partner Perspectives  |  12/15/2015  | 
Social engineering drives macro malware levels to six-year highs.
Investigating Mobile Banking Attacks
Partner Perspectives  |  12/15/2015  | 
Poor mobile app back-end security coding puts consumer information at risk.
To Better Defend Yourself, Think Like A Hacker
Commentary  |  12/15/2015  | 
As attacks become more sophisticated and attackers more determined, organizations need to adopt an offensive approach to security that gets inside the head of the hacker.
The CISO's New Best Friend & New Boss
News  |  12/15/2015  | 
What does the rise of the chief data officer and the digital risk officer mean for the chief information security officer?
Internet Of Things Christmas Security Survival Guide
News  |  12/14/2015  | 
Here's how CISOs, security researchers, and all security-minded folks in between can channel their healthy paranoia into helpful ways of protecting friends and family from IoT gifts.
Twitter Says Nation-State Hackers Targeted Some Accounts
Quick Hits  |  12/14/2015  | 
Social media giant warns a small number of users that attackers appear to have been after their information.
Making Security Everyones Job, One Carrot At A Time
Commentary  |  12/14/2015  | 
These five user education strategies will turn employee bad behavior into bulletproof policies that protect data and systems.
Latentbot: A Ghost in the Internet
News  |  12/11/2015  | 
Malwares multiple layers of obfuscation make it almost invisible FireEye says,
How Digital Forensic Readiness Reduces Business Risk
Commentary  |  12/11/2015  | 
These six real-world scenarios show how to turn reactive investigative capabilities into proactive, problem-solving successes.
FBI Tweaks Stance On Encryption BackDoors, Admits To Using 0-Day Exploits
Quick Hits  |  12/10/2015  | 
FBI retreats a step, but makes stand on end-to-end encryption. Meanwhile, European Union gets ready with a rougher, tougher replacement for Safe Harbor.
Spy Banker Trojan Being Hosted On Google Cloud
News  |  12/10/2015  | 
Spy Banker spreading through Brazil via malicious links posted on social networks.
The Lizard Squad: Cyber Weapon or Business?
Commentary  |  12/10/2015  | 
Even a hacker with the noblest intentions can run afoul of the law by not following six important dos and donts.
Sea Craft Voyage Data Systems Vulnerable To Tampering, Spying
News  |  12/9/2015  | 
Remote attackers could snoop on or corrupt the systems that collect and store radar images, vessels' position and speed, and audio recorded in the ships' bridge or engine room.
The Employee Password Habits That Could Hurt Enterprises
Slideshows  |  12/9/2015  | 
While education and efforts around online credentials are improving, password hygiene still has problems
Re-innovating Static Analysis: 4 Steps
Commentary  |  12/9/2015  | 
Before we pronounce the death of static analysis, lets raise the bar with a modern framework that keeps pace with the complexity and size found in todays software.
Known Security Flaw Found In More Antivirus Products
News  |  12/8/2015  | 
A vulnerability discovered earlier this year in AVG software also spotted in Intel McAfee, Kaspersky Lab AV products.
Retailers Inadequately Secured Against Risks From Temporary Workers
News  |  12/8/2015  | 
Retailers recognize temps are higher-risk, but have lower visibility into their activity.
Iranian Groups Conducting Sophisticated Surveillance On Middle Eastern Targets
News  |  12/8/2015  | 
Two groups have been using backdoor threats to spy on targeted individuals, Symantec says.
How CISOs Can Reframe The Conversation Around Security: 4 Steps
Commentary  |  12/8/2015  | 
Security professionals often complain that people are the weak link in the data security system. But in reality, they could be your biggest asset and ally.
Page 1 / 2   >   >>


Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
Charlie Miller, Senior Vice President, The Santa Fe Group,  5/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11311
PUBLISHED: 2018-05-20
A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.
CVE-2018-11319
PUBLISHED: 2018-05-20
Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root). This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to ...
CVE-2018-11242
PUBLISHED: 2018-05-20
An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files.
CVE-2018-11315
PUBLISHED: 2018-05-20
The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonstrated by a tstat t_heat request that accesses a device purchased in the Spring of 2018, and sets a ho...
CVE-2018-11239
PUBLISHED: 2018-05-19
An integer overflow in the _transfer function of a smart contract implementation for Hexagon (HXG), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets by providing a _to argument in conjunction with a large _value argument, as exploited in the wild in ...