News & Commentary

Excellus Blue Cross Blue Shield and parent company Lifetime Healthcare Companies join ranks of Anthem and Premera after breach that may have exposed more than 10 million patient records.

RiskIQ's Arian Evans Talks Up Hunting Down Digital Assets

Dark Reading Videos | 8/27/2015 |

You can't protect what you can't find. Arian Evans, vice president of product marketing for RiskIQ, joins the Dark Reading News Desk at Black Hat to explain how to discover all your assets.

Data Protection: The 98 Percent Versus The 2 Percent

Commentary | 8/11/2015 |

Four steps for defending your most sensitive corporate information from the inside out.

How Ionic Says It Makes Data Breaches Irrelevant

News | 4/15/2015 |

Ionic Security goes public with a data security platform that manages trillions of encryption keys and enables a user to sign each pixel with its own unique key.

7 Bugs, Breaches, & Compromises To Rock 2015 (So Far)

Slideshows | 3/30/2015 |

3 comments

The year's started off with a bang; will we hear risk management pros whimper?

Two More Health Insurers Report Data Breach

Quick Hits | 3/17/2015 |

Premera Blue Cross and LifeWise say 11.25 million customers' records might have been exposed.

Cybercrime Dipped During Holiday Shopping Season

News | 1/5/2015 |

7 comments

The number of businesses breached dropped by half from years past, but attackers got more bang for their buck in terms of stolen records, a new IBM report reveals.

JPMorgan Hack: 2FA MIA In Breached Server

Quick Hits | 12/24/2014 |

18 comments

Sources close to the breach investigation say a network server missing two-factor authentication let attackers make their way into JPMorgan's servers.

Data Management Vs. Data Loss Prevention: Vive La Différence!

Commentary | 11/25/2014 |

A sensitive data management strategy can include the use of DLP technology, but it also involves a comprehensive understanding of where your data is and what specifically is at risk.

Don't Discount XSS Vulnerabilities

News | 11/24/2014 |

XSS flaws are more serious than you'd think.

Retailers Now Actively Sharing Cyberthreat Intelligence

News | 10/30/2014 |

8 comments

The retail industry's R-CISC has been up and running for four months now and is looking for more retailers to sign up.

MBIA Breach Highlights Need For Tightened Security Ops

News | 10/9/2014 |

Configuration change management and better monitoring could have prevented search engine indexing of sensitive financial information.

Heartland CEO On Why Retailers Keep Getting Breached

News | 10/6/2014 |

17 comments

Robert Carr, chairman and CEO of Heartland Payment Systems, says lack of end-to-end encryption and tokenization were factors in recent data breaches.

Backoff, Dairy Queen, UPS & Retail's Growing PoS Security Problem

News | 8/27/2014 |

13 comments

Retail brands are trying to pass the buck for data security to banks and franchisees, say some experts.

Breach of Homeland Security Background Checks Raises Red Flags

News | 8/25/2014 |

14 comments

"We should be burning down the house over this," says a GRC expert.

Heartbleed Not Only Reason For Health Systems Breach

News | 8/20/2014 |

14 comments

Community Health Systems' bad patching practices are nothing compared to its poor encryption, network monitoring, fraud detection, and data segmentation, experts say.

Community Health Systems Breach Atypical For Chinese Hackers

News | 8/18/2014 |

8 comments

Publicly traded healthcare organization's stock goes up as breach notifications go out.

Biggest Cache of Stolen Creds Ever Includes 1.2 Billion Unique Logins

Quick Hits | 8/5/2014 |

16 comments

A Russian crime ring has swiped more than a billion unique username-password combinations, plus a half-million email addresses.

Researcher Finds Flaws In Key Oracle Security Feature

News | 7/2/2014 |

Famed security researcher and Oracle database expert David Litchfield next month at Black Hat USA will present details of weaknesses he discovered in a widely touted new security feature in Oracle databases.

Dark Reading Radio: Oracle Database Security Hacked

Commentary | 7/1/2014 |

Learn about newly found vulnerabilities in a key database security feature tomorrow in the next episode of Dark Reading Radio.

The Only 2 Things Every Developer Needs To Know About Injection

Commentary | 5/22/2014 |

3 comments

There’s no simple solution for preventing injection attacks. There are effective strategies that can stop them in their tracks.

Into The Breach: The Limits Of Data Security Technology

Commentary | 5/12/2014 |

8 comments

When it comes to cyberdefense spending, the smart money should bet on people and compliance as much as on machines.

Privacy, Cybercrime Headline the Infosecurity Europe Conference

Slideshows | 5/2/2014 |

6 comments

Attendees debate NSA surveillance, privacy reforms, cybercrime defenses, and sharpen their CISO skills.

Michaels Retail Chain Reveals Details Of Breach: Nearly 3M Affected

Quick Hits | 4/18/2014 |

5 comments

Attack on point-of-sale systems went on for more than six months, officials say.

SQL Injection Cleanup Takes Two Months or More

Quick Hits | 4/17/2014 |

A new report highlights the prevalence and persistence of SQL injection attacks.

What Is The FIDO Alliance?

Dark Reading Videos | 4/2/2014 |

Phillip Dunkelberger of Nok Nok Labs explains why its proposed specifications will transform computing.

Finally, Plug & Play Authentication!

Dark Reading Videos | 3/26/2014 |

FIDO Alliance technology will allow enterprises to replace passwords with plug-and-play multifactor authentication.

Attackers Hit Clearinghouse Selling Stolen Target Data

News | 3/18/2014 |

Hackers interrupt and deface sites of black-market forums selling credit card data stolen from Target and other retailers.

7 Behaviors That Could Indicate A Security Breach

News | 3/14/2014 |

Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.

The Case For Browser-Based Access Controls

Commentary | 3/7/2014 |

Is "browser-ized" security a better defense against hackers than traditional methods? Check out these two examples.

FIDO Alliance Releases Authentication Standards, Unveils Products

News | 2/18/2014 |

Proponents say the new specifications will pave the way for the replacement of passwords, which are frequently lost, stolen, or hacked.

Target Breach: Phishing Attack Implicated

News | 2/13/2014 |

12 comments

Report suggests malware-laced email attack on Target's HVAC subcontractor leaked access credentials for retailer's network.

Data Breach Notifications: Time For Tough Love

Commentary | 2/7/2014 |

12 comments

Target and Neiman Marcus came clean quickly about their data breaches, but most business don't. It's time for standards -- and fines.

4 Hurdles That Trip Security Analytics Efforts

News | 1/29/2014 |

Don't let these people and process problems get in the way of security analytics effectiveness.

Target Mocks, Not Helps, Its Data Breach Victims

Commentary | 1/22/2014 |

22 comments

The only thing consumers did wrong is to shop at Target. Why are they being blamed for the retailer's security failings?

HIPAA, SOX & PCI: The Coming Compliance Crisis In IT Security

Commentary | 1/21/2014 |

11 comments

New mandates around datacenter virtualization, enterprise apps, and BYOD will stretch IT security staffs and budgets to the max in 2014.

Target Breach: 8 Facts On Memory-Scraping Malware

News | 1/14/2014 |

Target confirmed that malware compromised its point-of-sale systems. How does such malware work, and how can businesses prevent infections?

Cloud Gazing: 3 Security Trends To Watch

Commentary | 1/9/2014 |

9 comments

The ultimate success of cloud computing depends on the security solutions we wrap around it.

Security, Privacy & The Democratization Of Data

Commentary | 12/30/2013 |

11 comments

Data gathering and profiling capabilities that today are only available to nation states will eventually be at the disposal of everyone. What then?

RSA Denies Trading Security For NSA Payout

News | 12/23/2013 |

13 comments

EMC security subsidiary accused of accepting $10 million from the NSA to purposefully use encryption for which the intelligence agency enjoyed backdoor access.

Database Risks Increase As Patch Frequency Decreases

News | 12/23/2013 |

Department of Energy breach report offers stark lesson in patch management's relationship with database risk postures

Mobility & Cloud: A Double Whammy For Securing Data

Commentary | 12/23/2013 |

In 2014, legacy security solutions like firewalls and intrusion detection systems will no longer be sufficient to protect corporate data against BYOD and cybercrime.

Target Breach: 10 Facts

News | 12/21/2013 |

23 comments

Experts advise consumers not to panic as suspicion falls on point-of-sale terminals used to scan credit cards.

My 5 Wishes For Security In 2014

Commentary | 12/18/2013 |

Security skeptic Dave Piscitello tells why his end-of-year InfoSec predictions are like a fine wine.

Advanced Power Botnet: Firefox Users, Beware

News | 12/16/2013 |

Malicious Firefox plugin scans websites for exploitable SQL injection vulnerabilities.

7 Habits Of Highly Secure Database Administrators

News | 12/10/2013 |

Most organizations could still stand for improvement in database security best practices, according to IOUG survey

IT Security Risk Management: Is It Worth The Cost?

Commentary | 12/6/2013 |

7 comments

The attitude that IT security risk shouldn't be governed by traditional measures of cost and benefit is ludicrous.

NSA Surveillance: First Prism, Now Muscled Out Of Cloud

Commentary | 11/26/2013 |