News & Commentary

Content posted in February 2015
Page 1 / 2   >   >>
Cyber Intelligence: Defining What You Know
Commentary  |  2/27/2015  | 
Too often management settles for security data about things that are assumed rather than things you can prove or that you know are definitely wrong.
Hits Keep On Coming For Both SSL & Its Abusers
Quick Hits  |  2/26/2015  | 
Hacktivist group Lizard Squad punishes Lenovo with a DNS hijack. Will Comodo be next?
'Shadow' Cloud Services Rampant In Government Networks
News  |  2/26/2015  | 
Survey finds public sector employees use unmanaged cloud services just as much as private employees.
How To Reduce Spam & Phishing With DMARC
Commentary  |  2/26/2015  | 
Providers of more than 3 billion email boxes have taken up a new Internet protocol to help put trust back into electronic messaging.
How to Strengthen Enterprise Defenses against Ransomware
Partner Perspectives  |  2/26/2015  | 
Eight essential ways that companies can enforce their borders.
5 New Vulnerabilities Uncovered In SAP
News  |  2/26/2015  | 
Onapsis researchers find bugs in SAP BusinessObjects and SAP HANA.
Millions Of Non-Anthem Customers Also Hit By Anthem Breach
Quick Hits  |  2/25/2015  | 
Blue Cross Blue Shield customers -- as many as 8.8 to 18.8 million of them -- might have also had their data compromised.
Ramnit Botnet Disrupted By International Public-Private Collaboration
News  |  2/25/2015  | 
Europol leads the effort to bring down the bank credential-stealing botnet that infected 3.2 million computers across the globe.
Gemalto: NSA, GCHQ May Have Been Behind Breaches It Suffered In 2010 And 2011
News  |  2/25/2015  | 
But the 'sophisticated' attacks hit only Gemalto office networks--not 'massive theft' of SIM crypto keys, vendor says, and such an attack, if waged, would only affect 2G networks, not 3G or 4G.
Five Easiest Ways to Get Hacked Part 2
Partner Perspectives  |  2/25/2015  | 
Continuing a conversation with principal security consultant Amit Bagree
Customers Arent the Only Victims: 5 Stages Of Data Breach Grief
Commentary  |  2/25/2015  | 
What can we learn from organizations that have experienced a data beach? For one thing, infosec teams on the front lines of cyber security are also victims.
5 Ways To Prepare For IoT Security Risks
News  |  2/24/2015  | 
As the Internet of Things begins to take shape, IT organizations must prepare for change.
Medical Identity Theft Costs Victims $13,450 Apiece
News  |  2/24/2015  | 
New study shows not only is medical identity fraud costly for individuals, it's happening a lot more often.
FBI Offers $3 Million Reward For Info On Whereabouts Of GameoverZeus Botnet Operator
Quick Hits  |  2/24/2015  | 
Evgeniy Mikhailovich Bogachev, who faces charges for his alleged role as an administrator of the GameOver Zeus botnet, is at large in Russia.
7 Things You Should Know About Secure Payment Technology
Slideshows  |  2/24/2015  | 
Despite the existence of EMV and Apple Pay, we're a long way from true payment security, especially in the US.
Cybercrime, Cyber Espionage Tactics Converge
News  |  2/24/2015  | 
Real-world cyberattack investigations by incident response firm Mandiant highlight how hackers are adapting to better achieve their goals.
From Hacking Systems To Hacking People
Commentary  |  2/24/2015  | 
New low-tech attack methods like visual hacking demand an information security environment that values data privacy and a self-policing culture.
DOJ R&D Agency Awards Grants For Speedier Digital Forensics
News  |  2/23/2015  | 
The US Department of Justice's National Institute of Justice is funding new incident response technology to assist law enforcement.
Blackhat, The Movie: Good, Bad & Ridiculous
Commentary  |  2/23/2015  | 
It didnt take home an Oscar, but in some instances Blackhat was right on point. Still, a white-hat hacker with the skills to take out armed opponents?
NSA, GCHQ Theft Of SIM Crypto Keys Raises Fresh Security Concerns
News  |  2/20/2015  | 
Pilfered SIM card encryption keys also could allow the spy agencies to deploy malicious Java applets or to send rogue SMS messages from fake cell towers, experts say.
Who Cares Whos Behind A Data Breach?
Commentary  |  2/20/2015  | 
Attribution takes a long time, a lot of work, and a healthy dose of luck. But is it worth the effort?
Hackin' At The Car Wash, Yeah
News  |  2/19/2015  | 
Drive-through car washes can be hacked via the Internet, to wreak physical damage or to get a free wash for your ride.
Superfish Compromises All SSL Connections On Lenovo Gear
News  |  2/19/2015  | 
More than just pre-installed adware on some Lenovo laptops, Superfish acts as a man-in-the-middle certificate authority, hijacking every SSL session the laptop makes.
Our Governments Are Making Us More Vulnerable
Commentary  |  2/19/2015  | 
Stuxnet opened Pandoras box and today state-sponsored cyber security policies continue to put us at risk. Here are three reasons why.
End Users Causing Bulk Of Infosec Headaches
News  |  2/18/2015  | 
Report shows 80 percent of IT pros blame users for their security woes.
Russian Hacker Who Hit Heartland, NASDAQ, Extradited To US
News  |  2/18/2015  | 
Vladimir Drinkman, cohort of Albert Gonzalez, appears before US federal court after arrest and extradition by Dutch authorities.
Five Easiest Ways to Get Hacked Part 1
Partner Perspectives  |  2/18/2015  | 
A conversation with principal security consultant Amit Bagree.
How We Can Prevent Another Anthem Breach
Commentary  |  2/18/2015  | 
Two things could have mitigated the damage and maybe even prevented any loss at all: behavioral analysis and context-aware access control.
How To Get More Involved In The IT Security Community
Commentary  |  2/18/2015  | 
Dark Reading Radio offers tips on how to network with your IT security peers, learn more about the industry and the profession, and participate in community outreach
A Look At Sony Wiper In Action
News  |  2/17/2015  | 
Crowdstrike demonstrates how attackers could have destroyed Sony assets and how behavior analysis could combat it.
Researchers Report Details On Arabic-Speaking Cyberespionage Gang
News  |  2/17/2015  | 
Trend Micro and Kaspersky researchers warn of Middle Eastern attack campaigns focused on "perceived enemies of Islam."
Cyberespionage: Youre Not Paranoid, Someone Is Spying on Your Company
Partner Perspectives  |  2/17/2015  | 
Its time for all of your counter-espionage tools to work together.
Why The USA Hacks
Commentary  |  2/17/2015  | 
The U.S. government views cyberspace as just another theater of war akin to air, land and sea, and it operates in the domain for one basic reason: national defense.
Cyberciminals Target Bank Employees, Steal $1 Billion From Financial Institutions Worldwide
News  |  2/16/2015  | 
'Carbanak' includes operatives from Russia, Ukraine, China, and other parts of Europe.
Newly Discovered 'Master' Cyber Espionage Group Trumps Stuxnet
News  |  2/16/2015  | 
The so-called Equation Group epitomizes the goal of persistence in cyber spying--reprogramming hard drives and hacking other targets such as air-gapped computers--and points to possible US connection.
Antivirus Tools Slow To Respond To New Threats, Another Study Confirms
News  |  2/13/2015  | 
A 10-month study of four scanning tools by Damballa highlights some familiar weaknesses.
Obama Signs New Executive Order For Sharing Cyberthreat Information
Quick Hits  |  2/13/2015  | 
EO comes on the heels of massive breaches at Sony, Anthem.
Sony Hack: Poster Child For A New Era Of Cyber Attacks
Commentary  |  2/13/2015  | 
What made the Sony breach unique is the combination of four common tactics into a single orchestrated campaign designed to bend a victim to the will of the attackers.
How Anthem Shared Key Markers Of Its Cyberattack
News  |  2/12/2015  | 
Insurer shared the MD5 malware hashes, IP addresses, and email addresses used by its attackers.
Five Techniques to Keep Employees Computing Secure
Partner Perspectives  |  2/12/2015  | 
With BYOD on the rise, these tips can help IT staff mitigate security risks, from mobile devices to data centers.
Malvertising Gets Boost From Malicious Browser Plug-ins
Quick Hits  |  2/12/2015  | 
Cisco discovers malicious browser add-ons that serve up unwanted and sometimes infected ads.
Microsoft Fix For Critical Active Directory Bug A Year In The Making
News  |  2/11/2015  | 
This critical Active Directory vuln along with two other particularly 'nasty' critical flaws have experts pushing organizations to pick up patching pace.
A Winning Strategy: Must Patch, Should Patch, Can't Patch
Commentary  |  2/11/2015  | 
The best way to have a significant impact on your company's security posture is to develop an organized effort for patching vulnerabilities.
Obama Launches Cyberthreat Intel-Sharing Center
Quick Hits  |  2/11/2015  | 
Long-awaited central repository for cyber threat information and intelligence created by The White House.
Chinese Hacking Group Codoso Team Uses Forbes.com As Watering Hole
News  |  2/10/2015  | 
ASLR vulnerability patched today used in tandem with previously patched Flash vuln to carry out drive-by-downloads against political and economic targets
Box Giving Customers Control Over Encryption Keys
News  |  2/10/2015  | 
Box says they've eliminated the last major barrier to cloud adoption, even in highly regulated organizations.
How Malware Bypasses Our Most Advanced Security Measures
Commentary  |  2/10/2015  | 
We unpack three common attack vectors and five evasion detection techniques.
Nation-State Cyber Espionage, Targeted Attacks Becoming Global Norm
News  |  2/10/2015  | 
New report shows 2014 as the year of China's renewed resiliency in cyber espionage--with Hurricane Panda storming its targets--while Russia, Iran, and North Korea, emerging as major players in hacking for political, nationalistic, and competitive gain.
Anthem Breach Prompts New York To Conduct Cybersecurity Reviews Of All Insurers
News  |  2/9/2015  | 
Meanwhile, Anthem victims are now being harassed by scammers trying to collect even more personal information.
Bridging the Cybersecurity Skills Gap: 3 Big Steps
Commentary  |  2/9/2015  | 
The stakes are high. Establishing clear pathways into the industry, standardizing jobs, and assessing skills will require industry-wide consensus and earnest collaboration.
Page 1 / 2   >   >>


Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
7 Free (or Cheap) Ways to Increase Your Cybersecurity Knowledge
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15769
PUBLISHED: 2018-11-16
RSA BSAFE Micro Edition Suite versions prior to 4.0.11 (in 4.0.x series) and versions prior to 4.1.6.2 (in 4.1.x series) contain a key management error issue. A malicious TLS server could potentially cause a Denial Of Service (DoS) on TLS clients during the handshake when a very large prime value is...
CVE-2018-18955
PUBLISHED: 2018-11-16
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resour...
CVE-2018-19311
PUBLISHED: 2018-11-16
Centreon 3.4.x allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen.
CVE-2018-19312
PUBLISHED: 2018-11-16
Centreon 3.4.x allows SQL Injection via the searchVM parameter to the main.php?p=20408 URI.
CVE-2018-19318
PUBLISHED: 2018-11-16
SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to change the username and password of the super administrator account.