Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management

News & Commentary

Content posted in September 2015
Page 1 / 2   >   >>
DHS Funds Project For Open Source 'Invisible Clouds'
News  |  9/30/2015  | 
Cloud Security Alliance and Waverley Labs to build software-defined perimeter (SDP) to protect cloud and critical infrastructure from DDoS attacks.
A Father’s Perspective On The Gender Gap In Cybersecurity
Commentary  |  9/30/2015  | 
There are multiple reasons for the dearth of women in infosec when the field is so rich with opportunity. The big question is what the industry is going to do about it.
State Trooper Vehicles Hacked
News  |  9/30/2015  | 
Car-hacking research initiative in Virginia shows how even older vehicles could be targeted in cyberattacks.
New Tactic Finds RAT Operators Fast
News  |  9/29/2015  | 
Low tolerance for latency makes RAT operators less likely to use proxies, easier to track back home.
3 Steps To Knowing Your Network
Partner Perspectives  |  9/29/2015  | 
Managing your IT assets is a daily effort requiring vigilance and persistence.
Visual Analytics And Threat Intelligence With Raffael Marty
Visual Analytics And Threat Intelligence With Raffael Marty
Dark Reading Videos  |  9/29/2015  | 
Raffael Marty, founder and CEO of PixlCloud, stops by Dark Reading News Desk at Black Hat to discuss how to harness security data, visualize it, and put it to use, so it's more than just pretty pictures.
Why Many Organizations Still Don't Use Threat Intelligence Portals
News  |  9/29/2015  | 
New data shows definite interest in adopting threat intel offerings, but also concerns about costs, resources.
The 'Remediation Gap:' A 4-Month Invitation To Attack
News  |  9/29/2015  | 
Organizations set out the welcome mat for cyberattackers by taking an average of 120 days to patch flaws.
The Unintended Attack Surface Of The Internet Of Things
Commentary  |  9/29/2015  | 
How a vulnerability in a common consumer WiFi device is challenging today’s enterprise security.
10 Password Managers For Business Use
Slideshows  |  9/28/2015  | 
Beyond helping end users keep track of their logins, some password managers can integrate with Active Directory and generate compliance reports.
Getting The Most From Your Security Investments
Getting The Most From Your Security Investments
Dark Reading Videos  |  9/28/2015  | 
In an interview at Black Hat, Shehzad Merchant, CTO of Gigamon, shares his thoughts with the Dark Reading News Desk on how CISOs can get the most out of their technology investments when it comes to fighting breaches.
Keep Your Digital Assets Safe
Keep Your Digital Assets Safe
Dark Reading Videos  |  9/28/2015  | 
Arian Evans, VP of product strategy at RiskIQ, talks to the Dark Reading News Desk at Black Hat about RiskIQ’s new online digital asset inventory discovery and security platform, Enterprise Digital Footprint.
Deconstructing The Challenges Of Software Assurance For Connected Cars
Commentary  |  9/28/2015  | 
Ensuring software security in the auto industry will entail careful attention to all aspects of software development: design, coding standards, testing, verification and run-time assurance.
New Data Finds Women Still Only 10% Of Security Workforce
News  |  9/28/2015  | 
But more women hold governance, risk and compliance (GRC) roles than men, new (ISC)2 report finds.
China, US Agree To Not Conduct Cyberespionage For Economic Gain
Quick Hits  |  9/27/2015  | 
Pledge applies to stealing trade secrets but stops short of banning traditional espionage via hacking.
Google, Others Seek to Make Cybercrime Costlier For Criminals
News  |  9/25/2015  | 
Most effective long-term strategy is to target the support infrastructure and financial services used by criminals, Google says
FTC v. Wyndham: ‘Naughty 9’ Security Fails to Avoid
Commentary  |  9/25/2015  | 
The Federal Trade Commission’s fair trade suit against Wyndham hotels offers insight into the brave new world of cybersecurity regulation of consumer data.
Chinese Military Behind South China Sea Cyber Espionage Attacks
News  |  9/24/2015  | 
An infamous advanced persistent threat hacking group known as Naikon is actually China's PLA Unit 78020 and a military intelligence expert there, traced to the attacks via his social media and other activity.
4 IoT Cybersecurity Issues You Never Thought About
Commentary  |  9/24/2015  | 
Government, industry and security professionals problem-solve the daunting challenges of the Internet of Things.
Cisco Offers Free Tool To Detect SYNful Knock Router Malware
News  |  9/24/2015  | 
Tool helps businesses detect routers running known version of newly discovered malicious implant.
Shellshock’s Cumulative Risk One Year Later
Commentary  |  9/24/2015  | 
How long does it take to patch an entire distribution and bring it up to date? Longer than you think.
Healthcare Organizations Twice As Likely To Experience Data Theft
News  |  9/23/2015  | 
Bad guys very willing to invest in attacking medical data, but healthcare not very willing to invest in defending it.
Cloud Security Visibility Gap Dogs Deployments
News  |  9/23/2015  | 
SANS says visibility is the top cloud security concern.
Gartner: Global Security Spending Rises Nearly 5% Despite 'Commoditization'
News  |  9/23/2015  | 
Security market to hit $75.4 billion in 2015, but endpoint and consumer software segments slowing due to saturation.
What Companies Want In A CISO
What Companies Want In A CISO
Dark Reading Videos  |  9/23/2015  | 
Joyce Brocaglia founder of the Executive Women's Forum and CEO of Alta Associates joins the Dark Reading News Desk at Black Hat to discuss closing the gender gap in security and what companies are looking for in a CISO.
OPM Finds Another 4 Million Fingerprints Stolen In Hack
Quick Hits  |  9/23/2015  | 
Fallout from the data breach at the Office of Personnel Management continues to swell.
Healthcare Biggest Offender In 10 Years Of Data Breaches
News  |  9/22/2015  | 
Missing devices and untrustworthy insiders made the healthcare industry responsible for more (reported) data breaches than any other sector all decade.
Free Tool Helps Companies Measure And Map Their Bug Reporting Programs
News  |  9/22/2015  | 
The new Vulnerability Coordination Maturity Model (VCMM) created by HackerOne's Katie Moussouris, includes an assessment tool, key elements, and best practices in a vulnerability coordination program.
The Common Core Of Application Security
Commentary  |  9/22/2015  | 
Why you will never succeed by teaching to the test.
Why It’s Insane To Trust Static Analysis
Commentary  |  9/22/2015  | 
If you care about achieving application security at scale, then your highest priority should be to move to tools that empower everyone, not just security experts.
Buyer Beware: How To Avoid Getting Sucked Into Shelfware
Partner Perspectives  |  9/22/2015  | 
Three simple questions can help ensure you get the most value out of your information security investments.
Run, Jump, Shoot, Infect: Trojanized Games Invade Google Play
News  |  9/22/2015  | 
ESET Researchers find Trojan Mapin bundled with games that look like popular titles such as Plants vs. Zombies and Candy Crush.
XcodeGhost Another Crack In Apple's Circle of Trust
News  |  9/21/2015  | 
On the heels of KeyRaider's attack on jailbroken iPhones, attackers show they can hit non-broken devices too, sneaking 39 weaponized apps onto the official App Store and around Apple's best efforts to lock down its developer environment.
Navigating The Slippery Slope Of Public Security Disclosure
Commentary  |  9/21/2015  | 
In talking publicly about cybersecurity, CISOs need to portray capability, strength, and confidence, but without offering critical details that could lead to an attack.
How Tactical Security Works At LinkedIn
How Tactical Security Works At LinkedIn
Dark Reading Videos  |  9/21/2015  | 
LinkedIn Director of House Security Cory Scott visits the Dark Reading News Desk at Black Hat to describe the art and science of getting things done.
Windows PCs Make Up 80% Of Mobile Network Infections
News  |  9/18/2015  | 
Microsoft Windows PCs -- not smartphones and tablets -- harbor most of the malware on mobile networks, according to a new Alcatel-Lucent report.
Visibility: The Key To Security In The Cloud
Commentary  |  9/18/2015  | 
You can’t secure what you can’t see. These five best practices will shed some light on how to protect your data from the ground up.
MiniDuke, CosmicDuke APT Group Likely Sponsored By Russia
News  |  9/17/2015  | 
F-Sure's look at the Dukes' seven years of attack campaigns and impressive portfolio of malware suggests stable financial backing, interest in Russian foreign policy, and no fear of getting caught.
Law Enforcement's Winning Week In Cybercrime
News  |  9/17/2015  | 
Russian hackers cop to Heartland breach and two men are arrested in connection with a major ransomware scheme -- but meanwhile, the hacking beat goes on.
5 Most Common Firewall Configuration Mistakes
Commentary  |  9/17/2015  | 
A misconfigured firewall can damage your organization in more ways than you think. Here’s where to look for the holes.
Why Is Endpoint Security Failing?
Partner Perspectives  |  9/17/2015  | 
Endpoint security assurance is not just about detecting threats, but about building a more effective endpoint security program.
Darknet Is Full Of Criminals & Governments Giving TOR A Bad Name
News  |  9/16/2015  | 
Human traffickers, crowd-sourcing murderers, child pornographers, and governments in the market for juicy zero-days are flooding the Dark Web -- making it hard for the good guys to defend it.
How Is Your Data Getting Out?
Partner Perspectives  |  9/16/2015  | 
It’s 11:00 p.m. Do you know where your data is?
Wordpress Dodges Further Embarassment By Patching Three Vulns
News  |  9/16/2015  | 
The popular platform for building and running websites fixed two XSS-scripting vulnerabilities and a potential privilege escalation exploit that could have put millions of sites at risk.
AirDrop Exploit Drops Malware On Mac, iPhone, But Not iOS 9
Quick Hits  |  9/16/2015  | 
iOS 9 drops today, and includes a patch for the vulnerability that lets attackers bomb any iOS and Mac device within Bluetooth range, via the Airdrop file-sharing feature.
Dan Kaminsky's Visions Of The CISO's Future
Dan Kaminsky's Visions Of The CISO's Future
Dark Reading Videos  |  9/16/2015  | 
Dan Kaminsky, chief scientist and founder of White Ops, visits Dark Reading News Desk at Black Hat to explain a 'fairly controversial' opinion about how to fix the security skills shortage, and why CISOs' budgets will double, then double again.
'No-Tell' Motel: Where Hospitality Meets Cybercrime On The Dark Web
Commentary  |  9/16/2015  | 
In the month of July alone, hundreds of hospitality-related goods and services were offered for sale on the Dark Web including big names like Wyndham, Marriott, Hilton and Starwood.
Fixing IoT Security: Dark Reading Radio Wednesday at 1 P.M. ET
Commentary  |  9/15/2015  | 
Join us for a conversation about what is being done and what needs to be done to secure the Internet of Things.
Backdoored Business Routers An Emerging Threat
News  |  9/15/2015  | 
Discovery of malicious implants in 14 Cisco routers, “tip of iceberg” FireEye says
Information Security Lessons From Literature
Commentary  |  9/15/2015  | 
How classic themes about listening, honesty, and truthfulness can strengthen your organization’s security posture, programs and operations.
Page 1 / 2   >   >>


Windows 10 Migration: Getting It Right
Kevin Alexandra, Principal Solutions Engineer at BeyondTrust,  5/15/2019
Baltimore Ransomware Attack Takes Strange Twist
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/14/2019
When Older Windows Systems Won't Die
Kelly Sheridan, Staff Editor, Dark Reading,  5/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12184
PUBLISHED: 2019-05-19
There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME element, a different vulnerability than CVE-2019-12136.
CVE-2019-12173
PUBLISHED: 2019-05-18
MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138.
CVE-2019-12172
PUBLISHED: 2019-05-17
Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137.
CVE-2019-12168
PUBLISHED: 2019-05-17
Four-Faith Wireless Mobile Router F3x24 v1.0 devices allow remote code execution via the Command Shell (aka Administration > Commands) screen.
CVE-2019-12170
PUBLISHED: 2019-05-17
ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/_core/backups/upload.php (aka backup) component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PH...