News & Commentary

Content posted in June 2015
Page 1 / 2   >   >>
Securing Critical Infrastructure
Partner Perspectives  |  6/30/2015  | 
Protecting the Industrial Internet of Things from cyberthreats is a national priority.
Getting To Yes: Negotiating Technology Innovation & Security Risk
Commentary  |  6/30/2015  | 
As enterprises look for ways to leverage the cloud, mobility, Big Data, and social media for competitive advantage, CISOs can no longer give blanket refusals to IT experimentation.
Cisco 'Everywhere': Networking Giant To Buy OpenDNS For $635 Million
Quick Hits  |  6/30/2015  | 
OpenDNS, which provides threat intelligence via a software-as-a-service offering, expected to enhance Cisco's existing cloud security offerings.
4 Signs Your Board Thinks Security Readiness Is Better Than It Is
News  |  6/30/2015  | 
Ponemon Institute survey shows a gap in perception between boards of directors and IT executives when it comes to IT risk posture.
Gas Stations In the Bullseye
News  |  6/29/2015  | 
White hats at Black Hat USA will release free honeypot tool for monitoring attacks against gas tank monitoring systems.
Clever CryptoWall Spreading Via New Attacks
News  |  6/29/2015  | 
Top ransomware doesn't waste time jumping on the latest Flash zero-day, and hops rides on click fraud campaigns, too.
CSA Announces New Working Group For Cloud Security API Standards
News  |  6/29/2015  | 
CipherCloud, Deloitte, InfoSys, Intel Security and SAP all on board to start developing vendor-neutral guidelines that could further accelerate CASB growth
Cyber Resilience And Spear Phishing
Partner Perspectives  |  6/29/2015  | 
Balanced security capability, defense in depth, integrated countermeasures, and a threat-intelligence strategy are critical to defending your business from spear-phishing attacks.
Social Engineering & Black Hat: Do As I Do Not As I Say
Commentary  |  6/29/2015  | 
Yes, I will be at Black Hat, where people will yell at me about NOT giving my PII to anyone, especially if they ask me for it via email.
4 Ways Cloud Usage Is Putting Health Data At Risk
News  |  6/26/2015  | 
A huge shadow IT problem is just one of the risks of uncontrolled cloud usage in healthcare organizations, new study shows.
3 Simple Steps For Minimizing Ransomware Exposure
Commentary  |  6/26/2015  | 
If your data is important enough to pay a ransom, why wasn't it important enough to properly backup and protect in the first place?
Stealthy Fobber Malware Takes Anti-Analysis To New Heights
News  |  6/25/2015  | 
Built off the Tinba banking Trojan and distributed through the elusive HanJuan exploit kit, Fobber info-stealer defies researchers with layers upon layers of encryption.
FireEye Report Prompts Reported SEC Probe Of FIN4 Hacking Gang
News  |  6/25/2015  | 
Security vendor's report from last year had warned about group targeting insider data from illegal trading.
5 Things You Probably Missed In The Verizon DBIR
Slideshows  |  6/25/2015  | 
A look at a few of the lesser-noticed but meaty nuggets in the annual Verizon Data Breach Investigations Report (DBIR).
What Do You Mean My Security Tools Dont Work on APIs?!!
Commentary  |  6/25/2015  | 
SAST and DAST scanners havent advanced much in 15 years. But the bigger problem is that they were designed for web apps, not to test the security of an API.
Breach Defense Playbook: Cybersecurity Governance
Partner Perspectives  |  6/25/2015  | 
Time to leave the island: Integrate cybersecurity into your risk management strategy.
How To Avoid Collateral Damage In Cybercrime Takedowns
News  |  6/24/2015  | 
Internet pioneer and DNS expert Paul Vixie says 'passive DNS' is way to shut down malicious servers and infrastructure without affecting innocent users.
Breach Defense Playbook: Incident Response Readiness (Part 2)
Partner Perspectives  |  6/24/2015  | 
Will your incident response plan work when a real-world situation occurs?
User Monitoring Not Keeping Up With Risk Managers' Needs
News  |  6/24/2015  | 
Biggest concern is negligence, but monitoring capabilities can't detect this type of activity within most applications.
FBI: CryptoWall Ransomware Cost US Users $18 Million
News  |  6/24/2015  | 
Increasing pace of ransomware innovation likely to keep that number going up.
The Secret Of War Lies In The Communications --Napoleon
Partner Perspectives  |  6/24/2015  | 
DXL helps organizations keep an eye on external and internal threats using relevant information in real time.
Why China Wants Your Sensitive Data
Commentary  |  6/24/2015  | 
Since May 2014, the Chinese government has been amassing a 'Facebook for human intelligence.' Here's what it's doing with the info.
Child Exploitation & Assassins For Hire On The Deep Web
News  |  6/23/2015  | 
'Census report' of the unindexed parts of the Internet unearths everything from Bitcoin-laundering services to assassins for hire.
Banks Targeted By Hackers Three Times More Than Other Sectors
News  |  6/23/2015  | 
Active targeted attacks on financial services firms in quest for lucrative data -- and of course, money.
Breach Defense Playbook: Incident Response Readiness (Part 1)
Partner Perspectives  |  6/23/2015  | 
Will your incident response plan work when a real-world situation occurs?
Government, Healthcare Particularly Lackluster In Application Security
News  |  6/23/2015  | 
Veracode's State of Software Security Report lays out industry-specific software security metrics.
The Dark Web: An Untapped Source For Threat Intelligence
Commentary  |  6/23/2015  | 
Most organizations already have the tools for starting a low-cost, high-return Dark Web cyber intelligence program within their existing IT and cybersecurity teams. Heres how.
3 Clues That Collaboration And File Sharing Tools Are Cloud Security's Weak Link
News  |  6/23/2015  | 
Cloud collaboration and file sharing applications continue to raise CISOs' blood pressure.
Report: NSA, GCHQ Actively Targeted Kaspersky Lab, Other Security Vendors
Quick Hits  |  6/22/2015  | 
Snowden documents reveal government intelligence agencies were working to subvert security software. Kaspersky Lab calls nation-states' targeting of security companies 'extremely worrying.'
FitBit, Acer Liquid Leap Fail In Security Fitness
News  |  6/22/2015  | 
Transmissions to the cloud are secured with these Internet of Things devices, but wristband-to-phone comms are open to eavesdropping.
What You Probably Missed In Verizon's Latest DBIR
Commentary  |  6/22/2015  | 
Tune in to Dark Reading Radio at 1pm ET/11am Pacific on Wednesday, June 24, when Verizon Data Breach Investigations Report co-author Marc Spitler discusses some of the possibly lesser-noticed nuggets in the industry's popular report on real-world attacks.
Breach Defense Playbook: Open Source Intelligence
Partner Perspectives  |  6/22/2015  | 
Do you know what information out there is putting you at risk?
Security Surveys: Read With Caution
Commentary  |  6/22/2015  | 
Im skeptical of industry surveys that tell security practitioners what they already know. Dont state the obvious. Tell us the way forward.
US Hosts The Most Botnet Servers
News  |  6/19/2015  | 
More malicious command and control servers are based in the US than anywhere else, and China is home to the most bots.
7 Top Security Quotes From London Technology Week
Slideshows  |  6/19/2015  | 
Tech events across the city hit on IoT, smart cities, mobility and Legos.
9 Questions For A Healthy Application Security Program
Commentary  |  6/19/2015  | 
Teams often struggle with building secure software because fundamental supporting practices aren't in place. But those practices don't require magic, just commitment.
An Effective Community Is More Than Just An Online Forum
Partner Perspectives  |  6/19/2015  | 
It is important to develop a strong base of contributors who can communicate effectively, answer questions, and summarize issues.
Houston Astros' Breach A 'Wake-Up Call' On Industrial Cyber Espionage
News  |  6/18/2015  | 
The St. Louis Cardinals' alleged breach of the Astros' proprietary database raises concern over the possibility of US companies hacking their rivals for intel.
New Apple iOS, OS X Flaws Pose Serious Risk
News  |  6/18/2015  | 
Security vulnerabilities could expose passwords for Apple iCloud, email, and bank accounts, and other sensitive information, researchers say.
Breach Defense Playbook: Reviewing Your Cybersecurity Program (Part 2)
Partner Perspectives  |  6/18/2015  | 
Cybersecurity requires a combination of people, process, and technology in a coordinated implementation leveraging a defense-in-depth methodology.
Cybersecurity Advice From A Former White House CIO
Commentary  |  6/18/2015  | 
Today's playbook demands 'human-centered' user education that assumes people will share passwords, forget them, and do unsafe things to get their jobs done.
No End In Sight For Exposed Internet Of Things, Other Devices
News  |  6/17/2015  | 
New data from an Internet-scanning project shows vulnerable consumer and enterprise systems remain a big problem on the public Net.
Breach Defense Playbook: Reviewing Your Cybersecurity Program (Part 1)
Partner Perspectives  |  6/17/2015  | 
How does your cybersecurity program compare to your industry peers?
Smart Cities', IoT's Key Challenges: Security, Lack of Standards
News  |  6/17/2015  | 
London Technology Week: At IFSEC, futurologist Simon Moores asks who's responsible when a smart city crashes.
Time to Focus on Data Integrity
Commentary  |  6/17/2015  | 
Information security efforts have historically centered on data theft. But cybercriminals who alter corporate records and personal information can also cause serious harm.
New Malware Found Hiding Inside Image Files
News  |  6/16/2015  | 
Dell SecureWorks CTU researchers say Stegoloader is third example in a year of malware using digital steganography as a detection countermeasure.
Is Your Security Operation Hooked On Malware?
Commentary  |  6/16/2015  | 
It may seem counterintuitive, but an overzealous focus on malware may be preventing you from detecting even bigger threats.
FBI Investigating St. Louis Cardinals For Allegedly Hacking Houston Astros
Quick Hits  |  6/16/2015  | 
Cyber criminals, nation-states, and now professional baseball teams are apparently getting into the hacking game.
Password Manager LastPass Hacked
Quick Hits  |  6/16/2015  | 
LastPass says user account email addresses, password reminders, server per user salts, and authentication hashes compromised.
London Tech Week Kicks Off
Quick Hits  |  6/15/2015  | 
Before IFSEC and Interop get underway, tech events are scattered about town in the unlikeliest places.
Page 1 / 2   >   >>


Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
Charlie Miller, Senior Vice President, The Santa Fe Group,  5/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11232
PUBLISHED: 2018-05-18
The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.
CVE-2017-15855
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, the camera application triggers "user-memory-access" issue as the Camera CPP module Linux driver directly accesses the application provided buffer, which resides in u...
CVE-2018-3567
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WLAN while processing the HTT_T2H_MSG_TYPE_PEER_MAP or HTT_T2H_MSG_TYPE_PEER_UNMAP messages.
CVE-2018-3568
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, in __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur.
CVE-2018-5827
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WLAN while processing an extscan hotlist event.