News & Commentary

Content posted in December 2015
Page 1 / 2   >   >>
Boldest Cybersecurity Predictions For 2016
Slideshows  |  12/31/2015  | 
Forget the boring, safe predictions -- here instead are the most interesting, cringe-worthy, humorous, or otherwise shocking predictions for the coming year.
Tor Project To Launch Bug Bounty Program
News  |  12/31/2015  | 
Open Technology Fund will sponsor program and HackerOne will manage it
The Changing Face Of Encryption: What You Need To Know Now
Commentary  |  12/30/2015  | 
Encryption today is now an absolute must and the fact that it is difficult does not change the fact that you have to use it.
Users No Longer Need to Jailbreak Apple iOS To Load Rogue Apps
News  |  12/29/2015  | 
'DarkSideLoader' app stores can side-load apps and circumvent official app stores on any iOS device.
5 Tips For Getting The Most Out Of Your Firewall
News  |  12/29/2015  | 
Despite concerns over the effectiveness of perimeter technologies, firewalls remain a staple in the enterprise security arsenal.
The Fraud Tsunami Heads To The Sharing Economy
Commentary  |  12/29/2015  | 
When it comes to cyberfraud, online marketplaces like AirBnB can expect an uphill battle in the wake of the rollout of new chip card technology in 2016.
15 Cybersecurity Lessons We Should Have Learned From 2015, But Probably Didn't
News  |  12/28/2015  | 
Another infosec year is almost in the books. What did all the breaches, vulnerabilities, trends, and controversies teach us?
Tech Gifts That Security Pros Will Probably Return
Slideshows  |  12/28/2015  | 
Insecure gifts that CISOs and other security pros are likely returning as we speak.
Giant Mystery Database Of US Voters Leaked
Quick Hits  |  12/28/2015  | 
No organization will take responsibility for the database that includes 191 million voter registration records.
The Rise Of Community-Based Information Security
Commentary  |  12/28/2015  | 
The more vendors, service providers, and companies band together to fight security threats, the more difficult it will become for attacks to succeed.
Security Vendors Report Uptick in Whaling, Phishing Scams
News  |  12/23/2015  | 
Expect to see an increase in attempts by cyber crooks to trick businesses and individuals to part with their money say Mimecast, Kaspersky Labs.
Survey: When Leaving Company, Most Insiders Take Data They Created
News  |  12/23/2015  | 
Most employees believe they own their work, and take strategy documents or intellectual property with them as they head out the door.
A Hidden Insider Threat: Visual Hackers
Commentary  |  12/23/2015  | 
Ponemon experiment shows how low-tech white-hat hackers, posing as temps, captured information from exposed documents and computer screens in nearly nine out of ten attempts.
2015 Ransomware Wrap-Up
Slideshows  |  12/22/2015  | 
Here's a rundown of the innovative ransomware that frightened users and earned attackers big bucks this year.
Torrenting Still A Thorn In Enterprise Networks
News  |  12/22/2015  | 
A quarter of enterprises still see torrenting activity and among those, 43 percent of apps contain malicious elements.
The Industrial Cyber Myth: Its No Fantasy
Commentary  |  12/22/2015  | 
As threats become more sophisticated, the industry is still playing catch-up.
9 Coolest Hacks Of 2015
News  |  12/21/2015  | 
Cars, guns, gas stations, and satellites, all got '0wned' by good hackers this year in some of the most creative yet unnerving hacks.
Oracle Settles FTC Charges That It Deceived Users About Java Security Updates
Quick Hits  |  12/21/2015  | 
Oracle will have to be more forthright and communicate the truth via social media and anti-virus companies going forward.
Yellow Alert Sounded For Juniper Vulns, Feds Called In
News  |  12/21/2015  | 
SANS ISC raises infosec alert level and FBI investigates potential nation-state activity leading to backdoor vulnerabilities in Juniper ScreenOS products.
Security Tech: Its Not What You Buy, Its How You Deploy
Commentary  |  12/21/2015  | 
Good information security depends on a holistic strategy, not on an elite lineup of discretely moving parts.
10 Funny Twitter Feeds For Security Geeks
Slideshows  |  12/18/2015  | 
These must-follow Twitter feeds offer plenty of cybersecurity humor to keep infosec pros giggling even when the attacks keep coming.
Juniper Discovers Unauthorized Code In Its Firewall OS
News  |  12/18/2015  | 
'Troubling' incident exposes code designed to decrypt VPN communication and enable remote administrative control of devices.
When RATs Become a Social Engineers Best Friend
Commentary  |  12/18/2015  | 
Hacking humans in the banking industry through rogue help desks is becoming a significant problem.
90% Of Industries, Not Just Healthcare, Have Disclosed PHI In Breaches
News  |  12/17/2015  | 
New Verizon PHI report finds that organizations' workers comp and wellness programs are also vulnerable repositories for personal health information.
Validating Supply Chain Cybersecurity
Partner Perspectives  |  12/17/2015  | 
How to identify risks, understand downstream effects, and prepare for incidents.
The InfoSec Gender Divide: Practical Advice For Empowering Women
Commentary  |  12/17/2015  | 
There is no one-size-fits-all approach for women to succeed in IT security. What you need is a roadmap and a little help from your friends.
Security Talent Gap Threatens Adoption Of Analytics Tools
News  |  12/17/2015  | 
Finding qualified personnel with the right skillsets to configure and operate analytics platforms is a big challenge today, but workforce development, training, and more intuitive technology could help.
SQL Injection, XSS Flaws Found In Network Management System Products
News  |  12/16/2015  | 
Patches available for two flaws, pending for four others.
An Ill Wynd Blowing But No Safe Harbor
Commentary  |  12/16/2015  | 
What will state-of-the-art for cybersecurity look like in 2016? The regulatory headwinds on both sides of the Atlantic portend big changes.
The End Of Passwords?
News  |  12/15/2015  | 
IT professionals believe they won't exist in 10 years, but this prediction's been on tap for a decade already.
Detecting the Undetectable: Windows Registry Attacks
Partner Perspectives  |  12/15/2015  | 
Fileless attacks are becoming more sophisticated, requiring a team of defenses.
Macro Malware Is Back
Partner Perspectives  |  12/15/2015  | 
Social engineering drives macro malware levels to six-year highs.
Investigating Mobile Banking Attacks
Partner Perspectives  |  12/15/2015  | 
Poor mobile app back-end security coding puts consumer information at risk.
To Better Defend Yourself, Think Like A Hacker
Commentary  |  12/15/2015  | 
As attacks become more sophisticated and attackers more determined, organizations need to adopt an offensive approach to security that gets inside the head of the hacker.
The CISO's New Best Friend & New Boss
News  |  12/15/2015  | 
What does the rise of the chief data officer and the digital risk officer mean for the chief information security officer?
Internet Of Things Christmas Security Survival Guide
News  |  12/14/2015  | 
Here's how CISOs, security researchers, and all security-minded folks in between can channel their healthy paranoia into helpful ways of protecting friends and family from IoT gifts.
Twitter Says Nation-State Hackers Targeted Some Accounts
Quick Hits  |  12/14/2015  | 
Social media giant warns a small number of users that attackers appear to have been after their information.
Making Security Everyones Job, One Carrot At A Time
Commentary  |  12/14/2015  | 
These five user education strategies will turn employee bad behavior into bulletproof policies that protect data and systems.
Latentbot: A Ghost in the Internet
News  |  12/11/2015  | 
Malwares multiple layers of obfuscation make it almost invisible FireEye says,
How Digital Forensic Readiness Reduces Business Risk
Commentary  |  12/11/2015  | 
These six real-world scenarios show how to turn reactive investigative capabilities into proactive, problem-solving successes.
FBI Tweaks Stance On Encryption BackDoors, Admits To Using 0-Day Exploits
Quick Hits  |  12/10/2015  | 
FBI retreats a step, but makes stand on end-to-end encryption. Meanwhile, European Union gets ready with a rougher, tougher replacement for Safe Harbor.
Spy Banker Trojan Being Hosted On Google Cloud
News  |  12/10/2015  | 
Spy Banker spreading through Brazil via malicious links posted on social networks.
The Lizard Squad: Cyber Weapon or Business?
Commentary  |  12/10/2015  | 
Even a hacker with the noblest intentions can run afoul of the law by not following six important dos and donts.
Sea Craft Voyage Data Systems Vulnerable To Tampering, Spying
News  |  12/9/2015  | 
Remote attackers could snoop on or corrupt the systems that collect and store radar images, vessels' position and speed, and audio recorded in the ships' bridge or engine room.
The Employee Password Habits That Could Hurt Enterprises
Slideshows  |  12/9/2015  | 
While education and efforts around online credentials are improving, password hygiene still has problems
Re-innovating Static Analysis: 4 Steps
Commentary  |  12/9/2015  | 
Before we pronounce the death of static analysis, lets raise the bar with a modern framework that keeps pace with the complexity and size found in todays software.
Known Security Flaw Found In More Antivirus Products
News  |  12/8/2015  | 
A vulnerability discovered earlier this year in AVG software also spotted in Intel McAfee, Kaspersky Lab AV products.
Retailers Inadequately Secured Against Risks From Temporary Workers
News  |  12/8/2015  | 
Retailers recognize temps are higher-risk, but have lower visibility into their activity.
Iranian Groups Conducting Sophisticated Surveillance On Middle Eastern Targets
News  |  12/8/2015  | 
Two groups have been using backdoor threats to spy on targeted individuals, Symantec says.
How CISOs Can Reframe The Conversation Around Security: 4 Steps
Commentary  |  12/8/2015  | 
Security professionals often complain that people are the weak link in the data security system. But in reality, they could be your biggest asset and ally.
Page 1 / 2   >   >>


'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Kelly Sheridan, Staff Editor, Dark Reading,  12/5/2018
Starwood Breach Reaction Focuses on 4-Year Dwell
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/5/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-8651
PUBLISHED: 2018-12-12
A cross site scripting vulnerability exists when Microsoft Dynamics NAV does not properly sanitize a specially crafted web request to an affected Dynamics NAV server, aka "Microsoft Dynamics NAV Cross Site Scripting Vulnerability." This affects Microsoft Dynamics NAV.
CVE-2018-8652
PUBLISHED: 2018-12-12
A Cross-site Scripting (XSS) vulnerability exists when Windows Azure Pack does not properly sanitize user-provided input, aka "Windows Azure Pack Cross Site Scripting Vulnerability." This affects Windows Azure Pack Rollup 13.1.
CVE-2018-8617
PUBLISHED: 2018-12-12
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8...
CVE-2018-8618
PUBLISHED: 2018-12-12
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8...
CVE-2018-8619
PUBLISHED: 2018-12-12
A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, aka "Internet Explorer Remote Code Execution Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Exp...