News & Commentary

Content posted in March 2016
Page 1 / 3   >   >>
In Brief: The Unusual Suspects -- DeMystifying Attack Groups
In Brief: The Unusual Suspects -- DeMystifying Attack Groups
Dark Reading Videos  |  3/31/2016  | 
Your adversary is an imperfect human being. Use that knowledge to fight back.
Apples Workflow For Enterprise iOS App Distribution Vulnerable To Attack
News  |  3/31/2016  | 
Millions of iPhones and iPads running iOS 9 can be exploited if enrolled in mobile device management, Check Point Software says.
Symantec: Financial Trojans Declined By 73% In 2015
News  |  3/31/2016  | 
Symantec detected far fewer financial Trojans in 2015 and saw cybercriminals focus more of their efforts directly on financial institutions.
When It Comes To Cyberthreat Intelligence, Sharing Is Caring
Partner Perspectives  |  3/31/2016  | 
Shared cyberthreat intelligence will soon be a critical component of security operations, enabling organizations to better protect their digital assets and respond more quickly to emerging threats.
New Portal Launched For ICS/SCADA Threat Intelligence-Sharing Among Nations
News  |  3/31/2016  | 
The EastWest Institute teamed up with the US ICS-ISAC to create a platform for critical infrastructure operators worldwide to share threat data.
Hackers Attack Major US Law Firms
Quick Hits  |  3/31/2016  | 
Hackers broke into computer networks of prominent law firms, and the FBI is investigating whether the stolen data was used for illegal trading purposes, the WSJ reports.
Machine Learning In Security: Seeing the Nth Dimension in Signatures
Commentary  |  3/31/2016  | 
How adding supervised machine learning to the development of n-dimensional signature engines is moving the detection odds back to the defender.
NIST Publishes New Security Standard For Encrypting Credit Card, Medical Info
Quick Hits  |  3/31/2016  | 
NIST published a new cybersecurity standard that specifies 'format- preserving encryption' techniques to secure credit card number and sensitive medical information.
Business Disruption A Big Focus In 2015 Cyberattacks
News  |  3/30/2016  | 
In a shift from the low and slow attacks of recent years, many incidents last year were attention seeking and were motivated not just by money, according to Mandiant's annual report.
'FBiOS' Case Heading For A New Firestorm
Commentary  |  3/30/2016  | 
The surprise developments in the FBI v Apple case offer little reason to celebrate for encryption and privacy advocates.
Machine Learning In Security: Good & Bad News About Signatures
Commentary  |  3/30/2016  | 
Why security teams that rely solely on signature-based detection are overwhelmed by a high number of alerts.
Cybercrime: A Black Market Price List From The Dark Web
Slideshows  |  3/30/2016  | 
What does it cost for malware, stolen identities and other tools of the cybercriminal trade? Probably less than you think.
New Florida Law Lets Agencies Keep Some Breach Details Under Wraps
Quick Hits  |  3/30/2016  | 
Florida governor Rick Scott signs a bill to keep some critical information about data breaches confidential and out of the public eye.
NIST Cybersecurity Framework Adoption Hampered By Costs, Survey Finds
Quick Hits  |  3/30/2016  | 
Security pros consider the NIST framework an industry best practice, yet half of its adopters say its complete implementation involves a high level of investment.
FBI Cracks Terrorists iPhone -- Sans Apple
News  |  3/29/2016  | 
Now there's a new hole in the iPhone 5c, so what happens next?
From NY To Bangladesh: Inside An Inexcusable Cyber Heist
Commentary  |  3/29/2016  | 
A spelling error was the tipoff to last months multimillion-dollar digital bank heist. But could multifactor authentication have prevented it in the first place?
FBI Investigating MedStar Health Computer Hack
Quick Hits  |  3/29/2016  | 
Questions over whether malware that infected the network of a Washington-based healthcare firm MedStar Health Inc., is ransomware.
Survey Shows Cloud Infrastructure Security A Major Challenge
Quick Hits  |  3/29/2016  | 
Two-thirds of IT security professionals say that network security has become more difficult over the last two years with growing complexity in managing heterogeneous network environments.
Iran Counters US Hacking Indictments Of 7 Iranians
Quick Hits  |  3/28/2016  | 
Foreign ministry spokesperson reportedly argues US has no 'evidence' of the alleged attacks.
Like It Or Not, Firewalls Still Front And Center
News  |  3/28/2016  | 
Firewalls are still central to most network defense strategies, new State of the Firewall report says.
Most Federal Agencies Have Suffered A Data Breach
Quick Hits  |  3/28/2016  | 
Vormetric report indicates that security spending in federal agencies hampers modern security techniques to safeguard critical data.
Chinese National Pleads Guilty In US Defense Contractor Hacking Case
Quick Hits  |  3/28/2016  | 
Su Bin, a Chinese businessman, pleaded guilty before US District Judge for stealing sensitive military information from American defense contractors computer networks.
6 Hot Cybersecurity Startups: MACH37s Spring Class Of 2016
Slideshows  |  3/28/2016  | 
Intense 90-day program mentors budding entrepreneurs in the finer points of developing a viable technology business for the real world of information security.
How To Share Threat Intelligence Through CISA: 10 Things To Know
News  |  3/26/2016  | 
If you want those liability protections the Cybersecurity Information Sharing Act promised, you must follow DHS's new guidelines.
Dangerous New USB Trojan Discovered
News  |  3/25/2016  | 
'USB Thief' could be used for targeted purposes, researchers at ESET say.
In Brief: Using Offense To Create Best Defense
In Brief: Using Offense To Create Best Defense
Dark Reading Videos  |  3/25/2016  | 
Carbon Black execs talk about how their background in offensive security helps them think like attackers, and better defend against them.
How 4 Startups Are Harnessing AI In The Invisible Cyberwar
Commentary  |  3/25/2016  | 
Cybersecurity startups are setting their scopes on a potential goldmine of automated systems they hope will be more effective than hiring human enterprise security teams.
Iranian Hacker Indictment Reminds Us That Risks To Critical Infrastructure Are Real
Partner Perspectives  |  3/24/2016  | 
Defending against the combination of human and technical exploits requires the collaboration of human and technical security defenses.
Apple Zero-Day Flaw Leaves OS X Systems Vulnerable to Attack
News  |  3/24/2016  | 
All versions of OS X including El Capitan affected by bug, SentinelOne says
Meet The Fortune 100 CISO
News  |  3/24/2016  | 
Digital Guardian data shows that the typical Fortune 100 CISO is a white male with a background in IT security and a Bachelors degree in business.
DOJ Indicts 7 Iranian Hackers For Attacks On US Banks And New York Dam
News  |  3/24/2016  | 
Iranian government-backed hackers allegedly behind massive DDoS campaign from 2011- to 2013 against US financial sector, and 2013 breach of Windows XP server at a dam.
Mobile Security: Why App Stores Dont Keep Users Safe
Commentary  |  3/24/2016  | 
In a preview of his Black Hat Asia Briefing next week, a security researcher offers more proof of trouble in the walled gardens of the Apple and Google App stores.
Majority Of Bad Bots Behave Like Humans
News  |  3/24/2016  | 
And for the first time since 2013, humans outnumber bad bots on the Web -- but that doesnt mean humans are beating bots, new study shows.
IRS Tax Fraud And Phishing Advances
News  |  3/23/2016  | 
New techniques and automation have bad guys making more money than ever off of unsuspecting taxpayers.
Multiple Hospitals Hit In Ransomware Attack Wave
News  |  3/23/2016  | 
In the past week alone, three hospitals have reported being victimized by cyber-extortionists.
The Threat Of Security Analytics Complexity
The Threat Of Security Analytics Complexity
Dark Reading Videos  |  3/23/2016  | 
Congratulations! You're protecting your organization with layered security...but now you're drowning in more security analytics data flows than you can handle.
In Brief: Securing IoT & Supporting Innovation
In Brief: Securing IoT & Supporting Innovation
Dark Reading Videos  |  3/23/2016  | 
CTO of BlueCat talks about how the Internet of Things pushes the boundaries of computing and how infosec pros can balance security and innovation.
What The Feds Said At RSA
Slideshows  |  3/23/2016  | 
A look at some of the insights top US government officials from the White House, DoD, NSA, FBI, and other agencies shared at the RSA Conference in San Francisco last month.
Uber Launches Bug Bounty Program
Quick Hits  |  3/23/2016  | 
Uber in collaboration with HackerOne, will reward ethical hackers up to $10,000 for finding vulnerabilities in its software.
Think Risk When You Talk About Application Security Today
Commentary  |  3/23/2016  | 
Security from a risk-based perspective puts the focus on component failures and provides robust security for the ultimate target of most attacks -- company, customer and personal data.
DOJ Charges 3 Syrian Electronic Army (SEA) Hackers
Quick Hits  |  3/23/2016  | 
US authorities issue arrest warrants for suspects who are believed to have played crucial roles in cyberattacks by the SEA.
In Brief: Fidelis CSO Talks Insider Threats, Detection Vs. Prevention
In Brief: Fidelis CSO Talks Insider Threats, Detection Vs. Prevention
Dark Reading Videos  |  3/22/2016  | 
Chief security officer of Fidelis Cybersecurity talks about the balancing act of both protecting the organization's insiders and protecting the organization from its insiders.
FBI's Claim It Can Access iPhone Without Apples Help Prompts Questions
News  |  3/22/2016  | 
In a surprise development, feds say they may have found another way to access the iPhone recovered from a San Bernardino terror suspect.
In Brief: Transforming SOCs to SICs
In Brief: Transforming SOCs to SICs
Dark Reading Videos  |  3/22/2016  | 
SPONSORED: Greg Boison, director of homeland and cybersecurity for Lockheed Martin, talks to Brian Gillooly at the RSA Conference about how to transform a security operations center into a security intelligence center, and Lockheed Martin's approach. See the full interview here.
Here Are 4 Vulnerabilities Ransomware Attacks Are Exploiting Now
News  |  3/22/2016  | 
A zero-day exploit exposed in the Hacking Team breach is among the top weapons deployed in recent ransomware attacks, as well as lots of Flash.
Sextortion, Hacking, Gets Former State Dept. Employee 57 Months In Prison
Quick Hits  |  3/22/2016  | 
Embassy worker targeted young women and started campaign with phishing, social engineering.
Vuln Disclosure: Why Security Vendors & Researchers Dont Trust Each Other
Commentary  |  3/22/2016  | 
The security industry doesnt need a one-size-fits all vulnerability disclosure policy. It needs a culture change. Getting everyone to the table is the first step.
Thycotic Offers Free Privileged Account Security Software
Quick Hits  |  3/22/2016  | 
Secret Server Free tool available now.
Cybersecurity Expert Assisting With Bangladesh Bank Heist Probe Goes Missing
Quick Hits  |  3/22/2016  | 
A cybersecurity expert was reportedly abducted last week, according to his family, after commenting on an attempted cyberattack of $951 million from Bangladeshs central bank.
iMessage Encryption Cracked, But Fixed In New iOS 9.3
News  |  3/21/2016  | 
While FBI fights with Apple over iPhone encryption, Johns Hopkins researchers find a weakness in secure IM on iOS, OSX.
Page 1 / 3   >   >>


13 Russians Indicted for Massive Operation to Sway US Election
Kelly Sheridan, Associate Editor, Dark Reading,  2/16/2018
From DevOps to DevSecOps: Structuring Communication for Better Security
Robert Hawk, Privacy & Security Lead at xMatters,  2/15/2018
3 Tips to Keep Cybersecurity Front & Center
Greg Kushto, Vice President of Sales Engineering at Force 3,  2/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.