News & Commentary

Cloud Security Alliance and Waverley Labs to build software-defined perimeter (SDP) to protect cloud and critical infrastructure from DDoS attacks.

A Father’s Perspective On The Gender Gap In Cybersecurity

Commentary | 9/30/2015 |

18 comments

There are multiple reasons for the dearth of women in infosec when the field is so rich with opportunity. The big question is what the industry is going to do about it.

State Trooper Vehicles Hacked

News | 9/30/2015 |

22 comments

Car-hacking research initiative in Virginia shows how even older vehicles could be targeted in cyberattacks.

New Tactic Finds RAT Operators Fast

News | 9/29/2015 |

Low tolerance for latency makes RAT operators less likely to use proxies, easier to track back home.

3 Steps To Knowing Your Network

Partner Perspectives | 9/29/2015 |

Managing your IT assets is a daily effort requiring vigilance and persistence.

Visual Analytics And Threat Intelligence With Raffael Marty

Dark Reading Videos | 9/29/2015 |

Raffael Marty, founder and CEO of PixlCloud, stops by Dark Reading News Desk at Black Hat to discuss how to harness security data, visualize it, and put it to use, so it's more than just pretty pictures.

Why Many Organizations Still Don't Use Threat Intelligence Portals

News | 9/29/2015 |

New data shows definite interest in adopting threat intel offerings, but also concerns about costs, resources.

The 'Remediation Gap:' A 4-Month Invitation To Attack

News | 9/29/2015 |

Organizations set out the welcome mat for cyberattackers by taking an average of 120 days to patch flaws.

The Unintended Attack Surface Of The Internet Of Things

Commentary | 9/29/2015 |

9 comments

How a vulnerability in a common consumer WiFi device is challenging today’s enterprise security.

10 Password Managers For Business Use

Slideshows | 9/28/2015 |

4 comments

Beyond helping end users keep track of their logins, some password managers can integrate with Active Directory and generate compliance reports.

Getting The Most From Your Security Investments

Dark Reading Videos | 9/28/2015 |

In an interview at Black Hat, Shehzad Merchant, CTO of Gigamon, shares his thoughts with the Dark Reading News Desk on how CISOs can get the most out of their technology investments when it comes to fighting breaches.

Keep Your Digital Assets Safe

Dark Reading Videos | 9/28/2015 |

Arian Evans, VP of product strategy at RiskIQ, talks to the Dark Reading News Desk at Black Hat about RiskIQ’s new online digital asset inventory discovery and security platform, Enterprise Digital Footprint.

Deconstructing The Challenges Of Software Assurance For Connected Cars

Commentary | 9/28/2015 |

Ensuring software security in the auto industry will entail careful attention to all aspects of software development: design, coding standards, testing, verification and run-time assurance.

New Data Finds Women Still Only 10% Of Security Workforce

News | 9/28/2015 |

9 comments

But more women hold governance, risk and compliance (GRC) roles than men, new (ISC)2 report finds.

China, US Agree To Not Conduct Cyberespionage For Economic Gain

Quick Hits | 9/27/2015 |

11 comments

Pledge applies to stealing trade secrets but stops short of banning traditional espionage via hacking.

Google, Others Seek to Make Cybercrime Costlier For Criminals

News | 9/25/2015 |

11 comments

Most effective long-term strategy is to target the support infrastructure and financial services used by criminals, Google says

FTC v. Wyndham: ‘Naughty 9’ Security Fails to Avoid

Commentary | 9/25/2015 |

The Federal Trade Commission’s fair trade suit against Wyndham hotels offers insight into the brave new world of cybersecurity regulation of consumer data.

Chinese Military Behind South China Sea Cyber Espionage Attacks

News | 9/24/2015 |

An infamous advanced persistent threat hacking group known as Naikon is actually China's PLA Unit 78020 and a military intelligence expert there, traced to the attacks via his social media and other activity.

4 IoT Cybersecurity Issues You Never Thought About

Commentary | 9/24/2015 |

Government, industry and security professionals problem-solve the daunting challenges of the Internet of Things.

Cisco Offers Free Tool To Detect SYNful Knock Router Malware

News | 9/24/2015 |

Tool helps businesses detect routers running known version of newly discovered malicious implant.

Shellshock’s Cumulative Risk One Year Later

Commentary | 9/24/2015 |

How long does it take to patch an entire distribution and bring it up to date? Longer than you think.

Healthcare Organizations Twice As Likely To Experience Data Theft

News | 9/23/2015 |

12 comments

Bad guys very willing to invest in attacking medical data, but healthcare not very willing to invest in defending it.

Cloud Security Visibility Gap Dogs Deployments

News | 9/23/2015 |

SANS says visibility is the top cloud security concern.

Gartner: Global Security Spending Rises Nearly 5% Despite 'Commoditization'

News | 9/23/2015 |

Security market to hit $75.4 billion in 2015, but endpoint and consumer software segments slowing due to saturation.

What Companies Want In A CISO

Dark Reading Videos | 9/23/2015 |

Joyce Brocaglia founder of the Executive Women's Forum and CEO of Alta Associates joins the Dark Reading News Desk at Black Hat to discuss closing the gender gap in security and what companies are looking for in a CISO.

OPM Finds Another 4 Million Fingerprints Stolen In Hack

Quick Hits | 9/23/2015 |

Fallout from the data breach at the Office of Personnel Management continues to swell.

Healthcare Biggest Offender In 10 Years Of Data Breaches

News | 9/22/2015 |

Missing devices and untrustworthy insiders made the healthcare industry responsible for more (reported) data breaches than any other sector all decade.

Free Tool Helps Companies Measure And Map Their Bug Reporting Programs

News | 9/22/2015 |

The new Vulnerability Coordination Maturity Model (VCMM) created by HackerOne's Katie Moussouris, includes an assessment tool, key elements, and best practices in a vulnerability coordination program.

The Common Core Of Application Security

Commentary | 9/22/2015 |

Why you will never succeed by teaching to the test.

Why It’s Insane To Trust Static Analysis

Commentary | 9/22/2015 |

6 comments

If you care about achieving application security at scale, then your highest priority should be to move to tools that empower everyone, not just security experts.

Buyer Beware: How To Avoid Getting Sucked Into Shelfware

Partner Perspectives | 9/22/2015 |

Three simple questions can help ensure you get the most value out of your information security investments.

Run, Jump, Shoot, Infect: Trojanized Games Invade Google Play

News | 9/22/2015 |

4 comments

ESET Researchers find Trojan Mapin bundled with games that look like popular titles such as Plants vs. Zombies and Candy Crush.

XcodeGhost Another Crack In Apple's Circle of Trust

News | 9/21/2015 |

On the heels of KeyRaider's attack on jailbroken iPhones, attackers show they can hit non-broken devices too, sneaking 39 weaponized apps onto the official App Store and around Apple's best efforts to lock down its developer environment.

Navigating The Slippery Slope Of Public Security Disclosure

Commentary | 9/21/2015 |

In talking publicly about cybersecurity, CISOs need to portray capability, strength, and confidence, but without offering critical details that could lead to an attack.

How Tactical Security Works At LinkedIn

Dark Reading Videos | 9/21/2015 |

LinkedIn Director of House Security Cory Scott visits the Dark Reading News Desk at Black Hat to describe the art and science of getting things done.

Windows PCs Make Up 80% Of Mobile Network Infections

News | 9/18/2015 |

Microsoft Windows PCs -- not smartphones and tablets -- harbor most of the malware on mobile networks, according to a new Alcatel-Lucent report.

Visibility: The Key To Security In The Cloud

Commentary | 9/18/2015 |

You can’t secure what you can’t see. These five best practices will shed some light on how to protect your data from the ground up.

MiniDuke, CosmicDuke APT Group Likely Sponsored By Russia

News | 9/17/2015 |

F-Sure's look at the Dukes' seven years of attack campaigns and impressive portfolio of malware suggests stable financial backing, interest in Russian foreign policy, and no fear of getting caught.

Law Enforcement's Winning Week In Cybercrime

News | 9/17/2015 |

Russian hackers cop to Heartland breach and two men are arrested in connection with a major ransomware scheme -- but meanwhile, the hacking beat goes on.

5 Most Common Firewall Configuration Mistakes

Commentary | 9/17/2015 |

A misconfigured firewall can damage your organization in more ways than you think. Here’s where to look for the holes.

Why Is Endpoint Security Failing?

Partner Perspectives | 9/17/2015 |

Endpoint security assurance is not just about detecting threats, but about building a more effective endpoint security program.

Darknet Is Full Of Criminals & Governments Giving TOR A Bad Name

News | 9/16/2015 |

4 comments

Human traffickers, crowd-sourcing murderers, child pornographers, and governments in the market for juicy zero-days are flooding the Dark Web -- making it hard for the good guys to defend it.

How Is Your Data Getting Out?

Partner Perspectives | 9/16/2015 |

It’s 11:00 p.m. Do you know where your data is?

Wordpress Dodges Further Embarassment By Patching Three Vulns

News | 9/16/2015 |

The popular platform for building and running websites fixed two XSS-scripting vulnerabilities and a potential privilege escalation exploit that could have put millions of sites at risk.

AirDrop Exploit Drops Malware On Mac, iPhone, But Not iOS 9

Quick Hits | 9/16/2015 |

iOS 9 drops today, and includes a patch for the vulnerability that lets attackers bomb any iOS and Mac device within Bluetooth range, via the Airdrop file-sharing feature.

Dan Kaminsky's Visions Of The CISO's Future

Dark Reading Videos | 9/16/2015 |

Dan Kaminsky, chief scientist and founder of White Ops, visits Dark Reading News Desk at Black Hat to explain a 'fairly controversial' opinion about how to fix the security skills shortage, and why CISOs' budgets will double, then double again.

'No-Tell' Motel: Where Hospitality Meets Cybercrime On The Dark Web

Commentary | 9/16/2015 |

In the month of July alone, hundreds of hospitality-related goods and services were offered for sale on the Dark Web including big names like Wyndham, Marriott, Hilton and Starwood.

Fixing IoT Security: Dark Reading Radio Wednesday at 1 P.M. ET

Commentary | 9/15/2015 |

Join us for a conversation about what is being done and what needs to be done to secure the Internet of Things.

Backdoored Business Routers An Emerging Threat

News | 9/15/2015 |

Discovery of malicious implants in 14 Cisco routers, “tip of iceberg” FireEye says

Information Security Lessons From Literature

Commentary | 9/15/2015 |