News & Commentary

Content posted in July 2015
Page 1 / 2   >   >>
Cyber Boot Camp: Lessons Learned
Slideshows  |  7/31/2015  | 
What happens when 50 young people spend a week in the trenches with cybersecurity researchers from ESET? One picture is worth a thousand words. Here are seven.
GM Vehicles Can Be Located, Unlocked, Started Remotely Via OnStar App
News  |  7/31/2015  | 
White Hat hacker Samy Kamkars OwnStart device latest to show up vulnerabilities in modern vehicles
Startup 'Stealth Worker' Matches Businesses With Security Talent
News  |  7/30/2015  | 
New online service helps businesses looking for part-time security professionals fill specific job needs.
There's Another Android Media Vulnerability, But Google Isn't Worried
News  |  7/30/2015  | 
Vulnerability could become a favorite of ransomware operators, but Google has left it unpatched for more than two months.
Study Reveals the Most Common Attack Methods of Data Thieves
Partner Perspectives  |  7/30/2015  | 
Learning more about your attackers helps to improve your security profile and reduce the possibility of a breach.
Closing The Gap Between Security & Networking Ops: 5 Best Practices
Commentary  |  7/30/2015  | 
If your factions are warring, theres a lot you can do about it. Heres how -- and why you cant afford to wait.
From Russia With Love: A Slew of New Hacker Capabilities and Services
News  |  7/30/2015  | 
A review of the Russian underground by Trend Micro reveals it to be the worlds most sophisticated.
Anthem Breach Linked To Black Vine Group & Beijing InfoSec Firm
News  |  7/29/2015  | 
Health insurer's breach of 80 million records attributed to 'well-resourced cyberespionage group' Black Vine. Could they also be behind breaches at OPM and United Airlines?
Can't Touch This: 'Hammertoss' Russian Cyberspies Hide In Plain Sight
News  |  7/29/2015  | 
APT29 cyber espionage attackers operate under the cover of legitimate services including Twitter, Github, and cloud storage services.
Code Theft: Protecting IP At The Source
Commentary  |  7/29/2015  | 
Your corporate assets are at risk and every day that you avoid taking action shortens the time until your IP will be leaked. Here are six steps toward better data security.
Lockheed Martin-Led Consortium Builds Secure 'System Of Systems'
News  |  7/28/2015  | 
Multilevel Security (MLS) group says this policy-based architecture could apply to sensitive commercial networks as well as government agencies.
Researchers Steal Door Badge Credentials Using Smartphone Bluetooth
News  |  7/28/2015  | 
Weakness in facility access control protocol leaves most badge-in systems open to attack.
How To Put Data At The Heart Of Your Security Practice
Commentary  |  7/28/2015  | 
First step: A good set of questions that seek out objective, measurable answers.
What 30 Classic Games Can Teach Us about Security
Partner Perspectives  |  7/28/2015  | 
Information security experts share their thoughts on how participating in games and sports helped hone their professional skills.
New Phishing Campaign Leverages Google Drive
News  |  7/28/2015  | 
Researchers believe technique is geared to take over Google SSO accounts.
Stagefright Android Bug: 'Heartbleed for Mobile' But Harder To Patch
News  |  7/27/2015  | 
Critical vulnerability in Android's multimedia playback engine is easy to exploit, requires no user interaction, and affects 95 percent of Android devices.
Phishing Attacks Drive Spike In DNS Threat
News  |  7/27/2015  | 
Nearly 75% jump in phishing helped propel DNS abuse in the second quarter of this year.
The First 24 Hours In The Wake Of A Data Breach
Commentary  |  7/27/2015  | 
There is a direct correlation between how quickly an organization can identify and contain a data breach and the financial consequences that may result.
Chrysler Recalls 1.4 Million Vehicles After Jeep Hacking Demo
Quick Hits  |  7/24/2015  | 
National Highway Traffic Safety Administration will be watching to see if it works.
Smartwatches Could Become New Frontier for Cyber Attackers
News  |  7/24/2015  | 
Every single smartwatch tested in a recent study by HP had serious security weaknesses.
Car Hacking Shifts Into High Gear
News  |  7/23/2015  | 
Researchers now have proven you can hack a car remotely, and at Black Hat USA will share most -- but not all -- of the details on how they did it.
Emerging Web Infrastructure Threats
Slideshows  |  7/23/2015  | 
A secure cloud relies on some weak Internet infrastructure with some new BGP vulnerabilities that will be disclosed at Black Hat USA.
Internet of Things: Anything You Track Could Be Used Against You
Commentary  |  7/23/2015  | 
Lawyers not security advocates have fired the first salvos over wearable tech privacy. The results may surprise you.
Out of Aspen: State of Critical Infrastructure Cybersecurity, 2015
Partner Perspectives  |  7/22/2015  | 
The good, bad, and potentially worse of critical infrastructure protection.
Researchers Enlist Machine Learning In Malware Detection
News  |  7/22/2015  | 
No sandbox required for schooling software to speedily spot malware, researchers will demonstrate at Black Hat USA.
Finding The ROI Of Threat Intelligence: 5 Steps
Commentary  |  7/22/2015  | 
Advice from a former SOC manager on how to leverage threat intel without increasing the bottom line.
Angler Climbing To Top Of Exploit Heap
News  |  7/22/2015  | 
Exploit kit dominates the field, making up 82 percent of all exploit kits currently used.
Hacking Team Detection Tools Released By Rook, Facebook
News  |  7/21/2015  | 
Organizations get help keeping up with Hacking Team threats, and Microsoft releases an out-of-band patch for a new Hacking Team 0-day.
Arrests Made In JPMorgan Hack, Securities Fraud Scheme
Quick Hits  |  7/21/2015  | 
Four individuals arrested in Israel and Florida, one more at large, according to report.
Times Running Out For The $76 Billion Detection Industry
Commentary  |  7/21/2015  | 
The one strategy that can deliver the needle to the security team without the haystack is prevention.
Detection: A Balanced Approach For Mitigating Risk
Commentary  |  7/21/2015  | 
Only detection and response can complete the security picture that begins with prevention.
CISOs Caught In A Catch-22
News  |  7/21/2015  | 
Chief information security officers are considered 'accountable' for breaches while not always in charge of all infosec strategy and purchases, new report shows.
Photo Processing Vendor Exposes CVS, Wal-Mart, Costco
News  |  7/20/2015  | 
Retail breaches highlight third-party risk -- again.
6 Ex-Employees Questioned About Hacking Team Breach, Prior Leak
News  |  7/20/2015  | 
Japanese targets also getting hit with leaked Flash zero-day exploits, and Hacking Team reportedly worked on drone-based WiFi surveillance tools.
Ashley Madison Exposed: Affair Hookup Site Hacked, Member Data Posted Online
Quick Hits  |  7/20/2015  | 
Member data pilfered, posted in apparent hacktivist-style doxing attack.
How I Learned To Love Active Defense
Commentary  |  7/20/2015  | 
Yes, traditional cyber defenses can be effective. They just need to be a little more active.
Darkode Shuttered But Cybercrime Still Alive And Well
News  |  7/17/2015  | 
Major international law enforcement takedown of exclusive criminal hacker forum highlights victory -- and challenges -- of global law enforcement of cybercrime.
Mobile App Security: 4 Critical Issues
Commentary  |  7/17/2015  | 
Securing the mobile workforce in the age of BYOD is no easy task. You can begin with these four measures.
U.S. Vuln Research, Pen Test Firms Protest Impending Export Controls
News  |  7/16/2015  | 
American security companies have the most to lose from new rules that would restrict the export of tools and information about network surveillance and 'intrusion software.'
10 Trends In Infosec Careers And Staffing
Slideshows  |  7/16/2015  | 
Employment stable for job-seekers, but staffing gaps persist for employers who need better security teams to counter threats
Java Back In The Bullseye
News  |  7/16/2015  | 
Adobe Flash may be all the attack rage lately, but Oracle's new pile of patches -- including one for an 0day spotted in the wild -- highlight how Java remains an attractive target.
The Insiders: A Rogues Gallery
Commentary  |  7/16/2015  | 
You can defend against an insider threat if you know where to look.
4 Lasting Impacts Of The Hacking Team Leaks
News  |  7/15/2015  | 
Doxing attack against Italian surveillance company put some nasty tools in the hands of attackers and might be the final nail in the coffin for Adobe Flash.
Researchers To Offer Free BGP Security Alert Tool Via Twitter
News  |  7/15/2015  | 
New tool to be unveiled at Black Hat USA next month will tweet out route hijacking attacks on the Net.
Notorious Cybercrime Underground Forum Infiltrated By FBI And Shut Down
Quick Hits  |  7/15/2015  | 
International law enforcement operation shutters Darkode underground cybercrime forum, leads to charges, arrests, searches of 70 members worldwide.
The End Of Whac-A-Mole: From Incident Response To Strategic Intelligence
Commentary  |  7/15/2015  | 
In the face of mounting cybercrime, hacktivism, and espionage, network defenders need to transform their tactical IR groups into full-scale cyber intelligence teams.
Poor Priorities, Lack Of Resources Put Enterprises At Risk, Security Pros Say
News  |  7/15/2015  | 
In Black Hat survey, security professionals say misplaced enterprise priorities often leave them without the time and budget they need to address the most critical threats.
Shared Passwords And No Accountability Plague Privileged Account Use
News  |  7/14/2015  | 
Even IT decision-makers guilty of poor account hygiene.
Automobile Industry Gears Up For Cyber-Threat Intel-Sharing
News  |  7/14/2015  | 
New auto industry ISAC is now official, with major automakers as the charter members.
Most Ransomware's Not So Bad
News  |  7/14/2015  | 
Although some ransomware is getting smarter and scarier, most of it is pretty dumb, as one researcher will show at Black Hat.
Page 1 / 2   >   >>


13 Russians Indicted for Massive Operation to Sway US Election
Kelly Sheridan, Associate Editor, Dark Reading,  2/16/2018
Facebook Aims to Make Security More Social
Kelly Sheridan, Associate Editor, Dark Reading,  2/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.