News & Commentary

Content posted in March 2016
Page 1 / 3   >   >>
In Brief: The Unusual Suspects -- DeMystifying Attack Groups
In Brief: The Unusual Suspects -- DeMystifying Attack Groups
Dark Reading Videos  |  3/31/2016  | 
Your adversary is an imperfect human being. Use that knowledge to fight back.
Apples Workflow For Enterprise iOS App Distribution Vulnerable To Attack
News  |  3/31/2016  | 
Millions of iPhones and iPads running iOS 9 can be exploited if enrolled in mobile device management, Check Point Software says.
Symantec: Financial Trojans Declined By 73% In 2015
News  |  3/31/2016  | 
Symantec detected far fewer financial Trojans in 2015 and saw cybercriminals focus more of their efforts directly on financial institutions.
When It Comes To Cyberthreat Intelligence, Sharing Is Caring
Partner Perspectives  |  3/31/2016  | 
Shared cyberthreat intelligence will soon be a critical component of security operations, enabling organizations to better protect their digital assets and respond more quickly to emerging threats.
New Portal Launched For ICS/SCADA Threat Intelligence-Sharing Among Nations
News  |  3/31/2016  | 
The EastWest Institute teamed up with the US ICS-ISAC to create a platform for critical infrastructure operators worldwide to share threat data.
Hackers Attack Major US Law Firms
Quick Hits  |  3/31/2016  | 
Hackers broke into computer networks of prominent law firms, and the FBI is investigating whether the stolen data was used for illegal trading purposes, the WSJ reports.
Machine Learning In Security: Seeing the Nth Dimension in Signatures
Commentary  |  3/31/2016  | 
How adding supervised machine learning to the development of n-dimensional signature engines is moving the detection odds back to the defender.
NIST Publishes New Security Standard For Encrypting Credit Card, Medical Info
Quick Hits  |  3/31/2016  | 
NIST published a new cybersecurity standard that specifies 'format- preserving encryption' techniques to secure credit card number and sensitive medical information.
Business Disruption A Big Focus In 2015 Cyberattacks
News  |  3/30/2016  | 
In a shift from the low and slow attacks of recent years, many incidents last year were attention seeking and were motivated not just by money, according to Mandiant's annual report.
'FBiOS' Case Heading For A New Firestorm
Commentary  |  3/30/2016  | 
The surprise developments in the FBI v Apple case offer little reason to celebrate for encryption and privacy advocates.
Machine Learning In Security: Good & Bad News About Signatures
Commentary  |  3/30/2016  | 
Why security teams that rely solely on signature-based detection are overwhelmed by a high number of alerts.
Cybercrime: A Black Market Price List From The Dark Web
Slideshows  |  3/30/2016  | 
What does it cost for malware, stolen identities and other tools of the cybercriminal trade? Probably less than you think.
New Florida Law Lets Agencies Keep Some Breach Details Under Wraps
Quick Hits  |  3/30/2016  | 
Florida governor Rick Scott signs a bill to keep some critical information about data breaches confidential and out of the public eye.
NIST Cybersecurity Framework Adoption Hampered By Costs, Survey Finds
Quick Hits  |  3/30/2016  | 
Security pros consider the NIST framework an industry best practice, yet half of its adopters say its complete implementation involves a high level of investment.
FBI Cracks Terrorists iPhone -- Sans Apple
News  |  3/29/2016  | 
Now there's a new hole in the iPhone 5c, so what happens next?
From NY To Bangladesh: Inside An Inexcusable Cyber Heist
Commentary  |  3/29/2016  | 
A spelling error was the tipoff to last months multimillion-dollar digital bank heist. But could multifactor authentication have prevented it in the first place?
FBI Investigating MedStar Health Computer Hack
Quick Hits  |  3/29/2016  | 
Questions over whether malware that infected the network of a Washington-based healthcare firm MedStar Health Inc., is ransomware.
Survey Shows Cloud Infrastructure Security A Major Challenge
Quick Hits  |  3/29/2016  | 
Two-thirds of IT security professionals say that network security has become more difficult over the last two years with growing complexity in managing heterogeneous network environments.
Iran Counters US Hacking Indictments Of 7 Iranians
Quick Hits  |  3/28/2016  | 
Foreign ministry spokesperson reportedly argues US has no 'evidence' of the alleged attacks.
Like It Or Not, Firewalls Still Front And Center
News  |  3/28/2016  | 
Firewalls are still central to most network defense strategies, new State of the Firewall report says.
Most Federal Agencies Have Suffered A Data Breach
Quick Hits  |  3/28/2016  | 
Vormetric report indicates that security spending in federal agencies hampers modern security techniques to safeguard critical data.
Chinese National Pleads Guilty In US Defense Contractor Hacking Case
Quick Hits  |  3/28/2016  | 
Su Bin, a Chinese businessman, pleaded guilty before US District Judge for stealing sensitive military information from American defense contractors computer networks.
6 Hot Cybersecurity Startups: MACH37s Spring Class Of 2016
Slideshows  |  3/28/2016  | 
Intense 90-day program mentors budding entrepreneurs in the finer points of developing a viable technology business for the real world of information security.
How To Share Threat Intelligence Through CISA: 10 Things To Know
News  |  3/26/2016  | 
If you want those liability protections the Cybersecurity Information Sharing Act promised, you must follow DHS's new guidelines.
Dangerous New USB Trojan Discovered
News  |  3/25/2016  | 
'USB Thief' could be used for targeted purposes, researchers at ESET say.
In Brief: Using Offense To Create Best Defense
In Brief: Using Offense To Create Best Defense
Dark Reading Videos  |  3/25/2016  | 
Carbon Black execs talk about how their background in offensive security helps them think like attackers, and better defend against them.
How 4 Startups Are Harnessing AI In The Invisible Cyberwar
Commentary  |  3/25/2016  | 
Cybersecurity startups are setting their scopes on a potential goldmine of automated systems they hope will be more effective than hiring human enterprise security teams.
Iranian Hacker Indictment Reminds Us That Risks To Critical Infrastructure Are Real
Partner Perspectives  |  3/24/2016  | 
Defending against the combination of human and technical exploits requires the collaboration of human and technical security defenses.
Apple Zero-Day Flaw Leaves OS X Systems Vulnerable to Attack
News  |  3/24/2016  | 
All versions of OS X including El Capitan affected by bug, SentinelOne says
Meet The Fortune 100 CISO
News  |  3/24/2016  | 
Digital Guardian data shows that the typical Fortune 100 CISO is a white male with a background in IT security and a Bachelors degree in business.
DOJ Indicts 7 Iranian Hackers For Attacks On US Banks And New York Dam
News  |  3/24/2016  | 
Iranian government-backed hackers allegedly behind massive DDoS campaign from 2011- to 2013 against US financial sector, and 2013 breach of Windows XP server at a dam.
Mobile Security: Why App Stores Dont Keep Users Safe
Commentary  |  3/24/2016  | 
In a preview of his Black Hat Asia Briefing next week, a security researcher offers more proof of trouble in the walled gardens of the Apple and Google App stores.
Majority Of Bad Bots Behave Like Humans
News  |  3/24/2016  | 
And for the first time since 2013, humans outnumber bad bots on the Web -- but that doesnt mean humans are beating bots, new study shows.
IRS Tax Fraud And Phishing Advances
News  |  3/23/2016  | 
New techniques and automation have bad guys making more money than ever off of unsuspecting taxpayers.
Multiple Hospitals Hit In Ransomware Attack Wave
News  |  3/23/2016  | 
In the past week alone, three hospitals have reported being victimized by cyber-extortionists.
The Threat Of Security Analytics Complexity
The Threat Of Security Analytics Complexity
Dark Reading Videos  |  3/23/2016  | 
Congratulations! You're protecting your organization with layered security...but now you're drowning in more security analytics data flows than you can handle.
In Brief: Securing IoT & Supporting Innovation
In Brief: Securing IoT & Supporting Innovation
Dark Reading Videos  |  3/23/2016  | 
CTO of BlueCat talks about how the Internet of Things pushes the boundaries of computing and how infosec pros can balance security and innovation.
What The Feds Said At RSA
Slideshows  |  3/23/2016  | 
A look at some of the insights top US government officials from the White House, DoD, NSA, FBI, and other agencies shared at the RSA Conference in San Francisco last month.
Uber Launches Bug Bounty Program
Quick Hits  |  3/23/2016  | 
Uber in collaboration with HackerOne, will reward ethical hackers up to $10,000 for finding vulnerabilities in its software.
Think Risk When You Talk About Application Security Today
Commentary  |  3/23/2016  | 
Security from a risk-based perspective puts the focus on component failures and provides robust security for the ultimate target of most attacks -- company, customer and personal data.
DOJ Charges 3 Syrian Electronic Army (SEA) Hackers
Quick Hits  |  3/23/2016  | 
US authorities issue arrest warrants for suspects who are believed to have played crucial roles in cyberattacks by the SEA.
In Brief: Fidelis CSO Talks Insider Threats, Detection Vs. Prevention
In Brief: Fidelis CSO Talks Insider Threats, Detection Vs. Prevention
Dark Reading Videos  |  3/22/2016  | 
Chief security officer of Fidelis Cybersecurity talks about the balancing act of both protecting the organization's insiders and protecting the organization from its insiders.
FBI's Claim It Can Access iPhone Without Apples Help Prompts Questions
News  |  3/22/2016  | 
In a surprise development, feds say they may have found another way to access the iPhone recovered from a San Bernardino terror suspect.
In Brief: Transforming SOCs to SICs
In Brief: Transforming SOCs to SICs
Dark Reading Videos  |  3/22/2016  | 
SPONSORED: Greg Boison, director of homeland and cybersecurity for Lockheed Martin, talks to Brian Gillooly at the RSA Conference about how to transform a security operations center into a security intelligence center, and Lockheed Martin's approach. See the full interview here.
Here Are 4 Vulnerabilities Ransomware Attacks Are Exploiting Now
News  |  3/22/2016  | 
A zero-day exploit exposed in the Hacking Team breach is among the top weapons deployed in recent ransomware attacks, as well as lots of Flash.
Sextortion, Hacking, Gets Former State Dept. Employee 57 Months In Prison
Quick Hits  |  3/22/2016  | 
Embassy worker targeted young women and started campaign with phishing, social engineering.
Vuln Disclosure: Why Security Vendors & Researchers Dont Trust Each Other
Commentary  |  3/22/2016  | 
The security industry doesnt need a one-size-fits all vulnerability disclosure policy. It needs a culture change. Getting everyone to the table is the first step.
Thycotic Offers Free Privileged Account Security Software
Quick Hits  |  3/22/2016  | 
Secret Server Free tool available now.
Cybersecurity Expert Assisting With Bangladesh Bank Heist Probe Goes Missing
Quick Hits  |  3/22/2016  | 
A cybersecurity expert was reportedly abducted last week, according to his family, after commenting on an attempted cyberattack of $951 million from Bangladeshs central bank.
iMessage Encryption Cracked, But Fixed In New iOS 9.3
News  |  3/21/2016  | 
While FBI fights with Apple over iPhone encryption, Johns Hopkins researchers find a weakness in secure IM on iOS, OSX.
Page 1 / 3   >   >>


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15504
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
CVE-2018-15505
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 a...
CVE-2018-15492
PUBLISHED: 2018-08-18
A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.
CVE-2018-15494
PUBLISHED: 2018-08-18
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
CVE-2018-15495
PUBLISHED: 2018-08-18
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.