News & Commentary

Content posted in February 2016
Page 1 / 2   >   >>
IBM To Buy Resilient Systems In Bid To Build Incident Response Capabilities
News  |  2/29/2016  | 
Company has also launched a new incident response service and entered into a partnership with Carbon Black.
CISO Still Viewed As Tech Not Business Leader
News  |  2/29/2016  | 
RSAC/ISACA study shows only one in seven CISOs report to CEO.
Measuring Security: My Dwell Time Obsession
Commentary  |  2/29/2016  | 
How I discovered the critical metric to fuel my drive to create the most secure environment possible.
Encryption Adoption On The Rise
News  |  2/29/2016  | 
Rise in breaches, increase in cloud adoption are natural drivers for encryption, but hurdles remain for many organizations worldwide.
The ROI Of Infosec: 11 Dos and Donts For Management Buy In
Commentary  |  2/27/2016  | 
The case for a bigger bottom line depends on how well you argue that the business cant run without a specific level of security infrastructure.
5 Reasons SAP Security Matters
News  |  2/26/2016  | 
New research shows many organizations may not realize the threat posed by vulnerabilities in SAP applications.
So You Want to Be a Security Researcher?
News  |  2/26/2016  | 
Security researchers need a broad set of skills to investigate a constantly-changing threat landscape. But specializing in areas such as reverse engineering or network forensics will boost opportunities.
Modern Web Apps: Not The Risk They Used To Be (Theyre Worse!)
Commentary  |  2/26/2016  | 
Even a tiny Web application without a single byte of confidential data can expose your corporate crown jewels to cybercriminals.
Nissan Disables LEAFs Remote Telematics System After Profoundly Trivial Hack
News  |  2/25/2016  | 
All that is needed to gain access to any LEAFs telematics system is the cars VIN, researcher says.
Phishing Attacks Increase Tech Sophistication, Focus On Financial Fraud
News  |  2/25/2016  | 
With a prevalence of free, feature-rich phishing kits and multi-million dollar profits from business email compromise attacks, no wonder phishing's so popular.
Breach Stats: Improving From Abysmal To Just Awful
News  |  2/25/2016  | 
Breach response times and volumes decreased significantly last year, but overall numbers still look ugly.
Security Lessons From My Doctor
Commentary  |  2/25/2016  | 
Why its hard to change risky habits like weak passwords and heavy smoking, even when advice is clear.
Apple Reportedly Further Locking Down The iPhone
Quick Hits  |  2/25/2016  | 
Apple is reportedly working on making it even harder to unlock its iPhone, upping the ante in its dispute with the FBI.
The Week In Justice: 3 Confessions, 2 Convictions & 2 Years For Two Hackers
News  |  2/24/2016  | 
Courts obtain convictions and guilty pleas from those involved with 'largest known' hacking and securities fraud scheme, online hacking forums, celebrity photo theft, and malicious insider destructive attacks.
FBI Vs. Apple: Privacy Syllabus
Slideshows  |  2/24/2016  | 
Some of the very best articles, blogs, and other opinions on the issue of government meddling in encryption technology.
Public Vs. Private: Is A Prestigious Infosec College Degree Worth It?
Commentary  |  2/24/2016  | 
Today's graduates coming into the information security industry from private universities arent ready for the workforce.
Sony Hackers Behind Previous Cyberattacks Tied To North Korea
News  |  2/24/2016  | 
'Lazarus Group' cyber espionage group has been operating in major attack campaigns since at least 2009, according to new investigation, bolstering the FBI conclusion that North Korea was behind the epic Sony breach.
Operation Dust Storm Hackers Set Sights On Japan's Critical Infrastructure
News  |  2/23/2016  | 
Japanese energy, oil/gas, and transportation industries the target of stealthy, patient cyber-espionage group.
New Study Shows Mobile Devices The Cause Of Some Data Breaches
News  |  2/23/2016  | 
A single mobile device infected with malware can cost a victim organization an average of $9,485, according to a Ponemon Institute report.
Leaky Apps Far Riskier Than Mobile Malware
News  |  2/23/2016  | 
Even top enterprise apps are rampant with data leakage and privacy-invasive behavior.
Coalition Aims To Bridge Gap Between Government, Industry On Encryption
News  |  2/23/2016  | 
Digital Equilibrium Project says it will work to avert standoffs like the one between Apple and the FBI.
Anatomy Of An Account Takeover Attack
Commentary  |  2/23/2016  | 
How organized crime rings are amassing bot armies for password-cracking attacks on personal accounts in retail, financial, gaming, and other consumer-facing services.
FAQ: Heres What You Need To Know About The Apple, FBI Dispute
News  |  2/23/2016  | 
The case marks a watershed moment in the debate over national security interests and privacy rights.
'MouseJack' Attack Bites Non-Bluetooth Wireless Mice
News  |  2/23/2016  | 
PCs, Macs, and Linux machines at risk of attack that exploits unencrypted communications between wireless mice and dongles.
New Cybersecurity Venture Firm Launched
News  |  2/22/2016  | 
Former US-CERT director joins 'accelerator' Strategic Cyber Ventures LLC.
7 Ways Banking Botnets Are Keeping With The Times
News  |  2/22/2016  | 
Banking botnets have been plaguing online bankers and financial institutions for years now, and the attacks keep evolving.
A Proactive Approach To Incident Response: 7 Benefits
Commentary  |  2/22/2016  | 
How implementing a digital forensic readiness program maximizes the value of digital evidence.
Cybercrime And Hacking Atlas
Slideshows  |  2/20/2016  | 
A geographic guide with cybercrime threat and target trends in 10 notable countries.
New Trojan Xbot A Swiss-Army Knife Of Malicious Features
News  |  2/19/2016  | 
Malware can steal banking and card info, encrypt SD cards, intercept messages and more, say researchers at Palo Alto Networks
Web Gateways Need Backstops
News  |  2/19/2016  | 
New report emphasizes the importance of layered defense.
Adding Up The Total Costs of Ransomware
Commentary  |  2/19/2016  | 
Its a lot more than just the ransom. We did the math.
Here Comes Locky, A Brand New Ransomware Threat
News  |  2/18/2016  | 
Infected Word files being used to spread ransomware, security researchers say.
The Secret Life Of Stolen Credentials
News  |  2/18/2016  | 
Bitglass Threat Research Team's Project Cumulus demonstrates what happens when Google Drive credentials are 'stolen.'
Hospital Hacktivist Arrested In Miami After Failed Escape Attempt
Quick Hits  |  2/18/2016  | 
Boston Children's Hospital hacker's flee to Cuba foiled by troubles with getaway boat.
Security Lessons From My Car Mechanic
Commentary  |  2/18/2016  | 
What an unlocked oil pan taught me about me about the power of two-way communication between security pros and the organizations they serve.
Navigating Next-Gen Endpoint Security: A Buyers Journey
Commentary  |  2/18/2016  | 
Organizations will face a market in a state of transition as they evaluate information security solutions from both new and established vendors.
5 Exploit Trends Driving Attacks Today
News  |  2/17/2016  | 
HPE Cyber Risk Report 2016 picks apart infection stats from the past year.
Glibc Flaw Affects Thousands Of Linux Apps But How Dangerous Is It?
News  |  2/17/2016  | 
The difficulty involved in exploiting flaw could mitigate some of the risk, say some security researchers.
Today's New Payment Card Security In A Nutshell
Commentary  |  2/17/2016  | 
Businesses taking their time rolling out EMV card-compatible terminals are putting their data security and financial well-being at risk.
20 Cybersecurity Startups To Watch In 2016
Slideshows  |  2/17/2016  | 
Some of the most intriguing security startups flush with funds, talent and ideas.
Stuxnet Part Of Widespread Cyber-Intrusion Of Iranian Infrastructure, New Film Claims
News  |  2/16/2016  | 
New Stuxnet documentary that debuts tomorrow in Berlin reportedly reveals how Israel blew its cover, and the worm just one element of a much larger US-Israel cyber spy operation in Iran.
Hollywood Hospital Hit By Ransomware Attack, FBI Investigates
Quick Hits  |  2/16/2016  | 
Registration, medical records systems appear to be locked in a cyber-extortion attack demanding $3.6 million.
A Not-So-Secret Secret About Cybercrime
Commentary  |  2/16/2016  | 
Cybersecurity is an issue business leaders fret a lot about in public, but they rarely treat the problem as a real and immediate threat.
Sony Hackers Still Active, Darkhotel Checks Out Of Hotel Hacking
News  |  2/15/2016  | 
How some cyber espionage and other advanced attack groups don't go dark anymore after being outed.
How To Retain Good Security People: Keep The Work Exciting
News  |  2/15/2016  | 
Security managers should foster a challenging but rewarding work environment and invest in training to keep their security teams intact.
Name That Toon: Dark Reading Caption Contest
Commentary  |  2/13/2016  | 
Take part in our brand new cartoon caption contest. Join the fun and maybe you'll win a prize.
Valentine's Day Inspires DDoS Attacks Against Online Florists
News  |  2/13/2016  | 
Security vendor Imperva says it has observed a sharp increase in automated bot traffic directed at florist sites.
Quick Guide To Cyber Insurance Shopping
News  |  2/12/2016  | 
Experts offer their opinions on important due diligence tasks when procuring cyber insurance.
Ukraine Railway, Mining Company Attacked With BlackEnergy
News  |  2/12/2016  | 
Weeks after the malware played a role in a massive power outage in the Ukraine, BlackEnergy and its cohort KillDisk were used in other attacks as well, Trend Micro says.
Perceptions Of IT Risk Changing In Business Ranks
News  |  2/12/2016  | 
Business leaders increasingly see IT risk as huge, but policy making and visibility still lag.
Page 1 / 2   >   >>


More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark Reading,  5/24/2018
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11471
PUBLISHED: 2018-05-25
Cockpit 0.5.5 has XSS via a collection, form, or region.
CVE-2018-11472
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php).
CVE-2018-11473
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration).
CVE-2018-11474
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at admin/index.php?id=users&action=edit&user_id=1 does not invalidate a session that is open in a different browser.
CVE-2018-11475
PUBLISHED: 2018-05-25
Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser.