News & Commentary

Content posted in July 2015
Page 1 / 2   >   >>
Cyber Boot Camp: Lessons Learned
Slideshows  |  7/31/2015  | 
What happens when 50 young people spend a week in the trenches with cybersecurity researchers from ESET? One picture is worth a thousand words. Here are seven.
GM Vehicles Can Be Located, Unlocked, Started Remotely Via OnStar App
News  |  7/31/2015  | 
White Hat hacker Samy Kamkars OwnStart device latest to show up vulnerabilities in modern vehicles
Startup 'Stealth Worker' Matches Businesses With Security Talent
News  |  7/30/2015  | 
New online service helps businesses looking for part-time security professionals fill specific job needs.
There's Another Android Media Vulnerability, But Google Isn't Worried
News  |  7/30/2015  | 
Vulnerability could become a favorite of ransomware operators, but Google has left it unpatched for more than two months.
Study Reveals the Most Common Attack Methods of Data Thieves
Partner Perspectives  |  7/30/2015  | 
Learning more about your attackers helps to improve your security profile and reduce the possibility of a breach.
Closing The Gap Between Security & Networking Ops: 5 Best Practices
Commentary  |  7/30/2015  | 
If your factions are warring, theres a lot you can do about it. Heres how -- and why you cant afford to wait.
From Russia With Love: A Slew of New Hacker Capabilities and Services
News  |  7/30/2015  | 
A review of the Russian underground by Trend Micro reveals it to be the worlds most sophisticated.
Anthem Breach Linked To Black Vine Group & Beijing InfoSec Firm
News  |  7/29/2015  | 
Health insurer's breach of 80 million records attributed to 'well-resourced cyberespionage group' Black Vine. Could they also be behind breaches at OPM and United Airlines?
Can't Touch This: 'Hammertoss' Russian Cyberspies Hide In Plain Sight
News  |  7/29/2015  | 
APT29 cyber espionage attackers operate under the cover of legitimate services including Twitter, Github, and cloud storage services.
Code Theft: Protecting IP At The Source
Commentary  |  7/29/2015  | 
Your corporate assets are at risk and every day that you avoid taking action shortens the time until your IP will be leaked. Here are six steps toward better data security.
Lockheed Martin-Led Consortium Builds Secure 'System Of Systems'
News  |  7/28/2015  | 
Multilevel Security (MLS) group says this policy-based architecture could apply to sensitive commercial networks as well as government agencies.
Researchers Steal Door Badge Credentials Using Smartphone Bluetooth
News  |  7/28/2015  | 
Weakness in facility access control protocol leaves most badge-in systems open to attack.
How To Put Data At The Heart Of Your Security Practice
Commentary  |  7/28/2015  | 
First step: A good set of questions that seek out objective, measurable answers.
What 30 Classic Games Can Teach Us about Security
Partner Perspectives  |  7/28/2015  | 
Information security experts share their thoughts on how participating in games and sports helped hone their professional skills.
New Phishing Campaign Leverages Google Drive
News  |  7/28/2015  | 
Researchers believe technique is geared to take over Google SSO accounts.
Stagefright Android Bug: 'Heartbleed for Mobile' But Harder To Patch
News  |  7/27/2015  | 
Critical vulnerability in Android's multimedia playback engine is easy to exploit, requires no user interaction, and affects 95 percent of Android devices.
Phishing Attacks Drive Spike In DNS Threat
News  |  7/27/2015  | 
Nearly 75% jump in phishing helped propel DNS abuse in the second quarter of this year.
The First 24 Hours In The Wake Of A Data Breach
Commentary  |  7/27/2015  | 
There is a direct correlation between how quickly an organization can identify and contain a data breach and the financial consequences that may result.
Chrysler Recalls 1.4 Million Vehicles After Jeep Hacking Demo
Quick Hits  |  7/24/2015  | 
National Highway Traffic Safety Administration will be watching to see if it works.
Smartwatches Could Become New Frontier for Cyber Attackers
News  |  7/24/2015  | 
Every single smartwatch tested in a recent study by HP had serious security weaknesses.
Car Hacking Shifts Into High Gear
News  |  7/23/2015  | 
Researchers now have proven you can hack a car remotely, and at Black Hat USA will share most -- but not all -- of the details on how they did it.
Emerging Web Infrastructure Threats
Slideshows  |  7/23/2015  | 
A secure cloud relies on some weak Internet infrastructure with some new BGP vulnerabilities that will be disclosed at Black Hat USA.
Internet of Things: Anything You Track Could Be Used Against You
Commentary  |  7/23/2015  | 
Lawyers not security advocates have fired the first salvos over wearable tech privacy. The results may surprise you.
Out of Aspen: State of Critical Infrastructure Cybersecurity, 2015
Partner Perspectives  |  7/22/2015  | 
The good, bad, and potentially worse of critical infrastructure protection.
Researchers Enlist Machine Learning In Malware Detection
News  |  7/22/2015  | 
No sandbox required for schooling software to speedily spot malware, researchers will demonstrate at Black Hat USA.
Finding The ROI Of Threat Intelligence: 5 Steps
Commentary  |  7/22/2015  | 
Advice from a former SOC manager on how to leverage threat intel without increasing the bottom line.
Angler Climbing To Top Of Exploit Heap
News  |  7/22/2015  | 
Exploit kit dominates the field, making up 82 percent of all exploit kits currently used.
Hacking Team Detection Tools Released By Rook, Facebook
News  |  7/21/2015  | 
Organizations get help keeping up with Hacking Team threats, and Microsoft releases an out-of-band patch for a new Hacking Team 0-day.
Arrests Made In JPMorgan Hack, Securities Fraud Scheme
Quick Hits  |  7/21/2015  | 
Four individuals arrested in Israel and Florida, one more at large, according to report.
Times Running Out For The $76 Billion Detection Industry
Commentary  |  7/21/2015  | 
The one strategy that can deliver the needle to the security team without the haystack is prevention.
Detection: A Balanced Approach For Mitigating Risk
Commentary  |  7/21/2015  | 
Only detection and response can complete the security picture that begins with prevention.
CISOs Caught In A Catch-22
News  |  7/21/2015  | 
Chief information security officers are considered 'accountable' for breaches while not always in charge of all infosec strategy and purchases, new report shows.
Photo Processing Vendor Exposes CVS, Wal-Mart, Costco
News  |  7/20/2015  | 
Retail breaches highlight third-party risk -- again.
6 Ex-Employees Questioned About Hacking Team Breach, Prior Leak
News  |  7/20/2015  | 
Japanese targets also getting hit with leaked Flash zero-day exploits, and Hacking Team reportedly worked on drone-based WiFi surveillance tools.
Ashley Madison Exposed: Affair Hookup Site Hacked, Member Data Posted Online
Quick Hits  |  7/20/2015  | 
Member data pilfered, posted in apparent hacktivist-style doxing attack.
How I Learned To Love Active Defense
Commentary  |  7/20/2015  | 
Yes, traditional cyber defenses can be effective. They just need to be a little more active.
Darkode Shuttered But Cybercrime Still Alive And Well
News  |  7/17/2015  | 
Major international law enforcement takedown of exclusive criminal hacker forum highlights victory -- and challenges -- of global law enforcement of cybercrime.
Mobile App Security: 4 Critical Issues
Commentary  |  7/17/2015  | 
Securing the mobile workforce in the age of BYOD is no easy task. You can begin with these four measures.
U.S. Vuln Research, Pen Test Firms Protest Impending Export Controls
News  |  7/16/2015  | 
American security companies have the most to lose from new rules that would restrict the export of tools and information about network surveillance and 'intrusion software.'
10 Trends In Infosec Careers And Staffing
Slideshows  |  7/16/2015  | 
Employment stable for job-seekers, but staffing gaps persist for employers who need better security teams to counter threats
Java Back In The Bullseye
News  |  7/16/2015  | 
Adobe Flash may be all the attack rage lately, but Oracle's new pile of patches -- including one for an 0day spotted in the wild -- highlight how Java remains an attractive target.
The Insiders: A Rogues Gallery
Commentary  |  7/16/2015  | 
You can defend against an insider threat if you know where to look.
4 Lasting Impacts Of The Hacking Team Leaks
News  |  7/15/2015  | 
Doxing attack against Italian surveillance company put some nasty tools in the hands of attackers and might be the final nail in the coffin for Adobe Flash.
Researchers To Offer Free BGP Security Alert Tool Via Twitter
News  |  7/15/2015  | 
New tool to be unveiled at Black Hat USA next month will tweet out route hijacking attacks on the Net.
Notorious Cybercrime Underground Forum Infiltrated By FBI And Shut Down
Quick Hits  |  7/15/2015  | 
International law enforcement operation shutters Darkode underground cybercrime forum, leads to charges, arrests, searches of 70 members worldwide.
The End Of Whac-A-Mole: From Incident Response To Strategic Intelligence
Commentary  |  7/15/2015  | 
In the face of mounting cybercrime, hacktivism, and espionage, network defenders need to transform their tactical IR groups into full-scale cyber intelligence teams.
Poor Priorities, Lack Of Resources Put Enterprises At Risk, Security Pros Say
News  |  7/15/2015  | 
In Black Hat survey, security professionals say misplaced enterprise priorities often leave them without the time and budget they need to address the most critical threats.
Shared Passwords And No Accountability Plague Privileged Account Use
News  |  7/14/2015  | 
Even IT decision-makers guilty of poor account hygiene.
Automobile Industry Gears Up For Cyber-Threat Intel-Sharing
News  |  7/14/2015  | 
New auto industry ISAC is now official, with major automakers as the charter members.
Most Ransomware's Not So Bad
News  |  7/14/2015  | 
Although some ransomware is getting smarter and scarier, most of it is pretty dumb, as one researcher will show at Black Hat.
Page 1 / 2   >   >>


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15504
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
CVE-2018-15505
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 a...
CVE-2018-15492
PUBLISHED: 2018-08-18
A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.
CVE-2018-15494
PUBLISHED: 2018-08-18
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
CVE-2018-15495
PUBLISHED: 2018-08-18
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.