News & Commentary

Yes, it’s true that the speed of DevOps has made security more difficult. But that doesn’t mean accelerated release cycles and secure applications have to be mutually exclusive.

Malware At Root Of Bangladesh Bank Heist Lies To SWIFT Financial Platform

News | 4/25/2016 |

Customized malware hid $81 million of wire transfers until the money had been safely laundered.

10 Tips for Securing Your SAP Implementation

Slideshows | 4/23/2016 |

Without clear ownership of security for a critical business platform like SAP, it should come as no surprise that SAP cybersecurity continues to fall through the cracks among IT, admin, security and InfoSec teams.

Databases Remain Soft Underbelly Of Cybersecurity

News | 4/21/2016 |

Most enterprises still don't continuously monitor database activity.

EU Privacy Officials Push Back On Privacy Shield

News | 4/13/2016 |

Better than Safe Harbor, but not good enough. Should we care what they think?

7 Lessons From The Panama Papers Leak

News | 4/5/2016 |

Hopefully your organization isn't hiding as many dark secrets as Mossack Fonseca, but the incident still brings helpful hints about data security, breach response, and breach impact.

Modern Web Apps: Not The Risk They Used To Be (They’re Worse!)

Commentary | 2/26/2016 |

Even a tiny Web application without a single byte of confidential data can expose your corporate crown jewels to cybercriminals.

Survey: When Leaving Company, Most Insiders Take Data They Created

News | 12/23/2015 |

15 comments

Most employees believe they own their work, and take strategy documents or intellectual property with them as they head out the door.

6 Critical SAP HANA Vulns Can't Be Fixed With Patches

News | 11/9/2015 |

Onapsis releases 21 SAP HANA security advisories, including some Trexnet vulnerabilities that require upgrades and reconfigurations.

15-Year-Old Arrested For TalkTalk Attack

News | 10/26/2015 |

18 comments

U.K. police collar Northern Ireland youth for questioning, while security industry tries to make sense of confusing information out of TalkTalk CEO.

Defending & Exploiting SAP Systems

Dark Reading Videos | 10/7/2015 |

Juan Pablo Perez-Etchegoyen, CTO of Onapsis, joins the Dark Reading News Desk at Black Hat to discuss the technological and organizational challenges of SAP security.

Another Healthcare Insurer, Excellus BCBS, Hit With Mega-Breach

News | 9/10/2015 |

Excellus Blue Cross Blue Shield and parent company Lifetime Healthcare Companies join ranks of Anthem and Premera after breach that may have exposed more than 10 million patient records.

RiskIQ's Arian Evans Talks Up Hunting Down Digital Assets

Dark Reading Videos | 8/27/2015 |

You can't protect what you can't find. Arian Evans, vice president of product marketing for RiskIQ, joins the Dark Reading News Desk at Black Hat to explain how to discover all your assets.

Data Protection: The 98 Percent Versus The 2 Percent

Commentary | 8/11/2015 |

Four steps for defending your most sensitive corporate information from the inside out.

How Ionic Says It Makes Data Breaches Irrelevant

News | 4/15/2015 |

Ionic Security goes public with a data security platform that manages trillions of encryption keys and enables a user to sign each pixel with its own unique key.

7 Bugs, Breaches, & Compromises To Rock 2015 (So Far)

Slideshows | 3/30/2015 |

The year's started off with a bang; will we hear risk management pros whimper?

Two More Health Insurers Report Data Breach

Quick Hits | 3/17/2015 |

Premera Blue Cross and LifeWise say 11.25 million customers' records might have been exposed.

Cybercrime Dipped During Holiday Shopping Season

News | 1/5/2015 |

7 comments

The number of businesses breached dropped by half from years past, but attackers got more bang for their buck in terms of stolen records, a new IBM report reveals.

JPMorgan Hack: 2FA MIA In Breached Server

Quick Hits | 12/24/2014 |

18 comments

Sources close to the breach investigation say a network server missing two-factor authentication let attackers make their way into JPMorgan's servers.

Data Management Vs. Data Loss Prevention: Vive La Différence!

Commentary | 11/25/2014 |

A sensitive data management strategy can include the use of DLP technology, but it also involves a comprehensive understanding of where your data is and what specifically is at risk.

Don't Discount XSS Vulnerabilities

News | 11/24/2014 |

XSS flaws are more serious than you'd think.

Retailers Now Actively Sharing Cyberthreat Intelligence

News | 10/30/2014 |

8 comments

The retail industry's R-CISC has been up and running for four months now and is looking for more retailers to sign up.

MBIA Breach Highlights Need For Tightened Security Ops

News | 10/9/2014 |

Configuration change management and better monitoring could have prevented search engine indexing of sensitive financial information.

Heartland CEO On Why Retailers Keep Getting Breached

News | 10/6/2014 |

17 comments

Robert Carr, chairman and CEO of Heartland Payment Systems, says lack of end-to-end encryption and tokenization were factors in recent data breaches.

Backoff, Dairy Queen, UPS & Retail's Growing PoS Security Problem

News | 8/27/2014 |

13 comments

Retail brands are trying to pass the buck for data security to banks and franchisees, say some experts.

Breach of Homeland Security Background Checks Raises Red Flags

News | 8/25/2014 |

14 comments

"We should be burning down the house over this," says a GRC expert.

Heartbleed Not Only Reason For Health Systems Breach

News | 8/20/2014 |

14 comments

Community Health Systems' bad patching practices are nothing compared to its poor encryption, network monitoring, fraud detection, and data segmentation, experts say.

Community Health Systems Breach Atypical For Chinese Hackers

News | 8/18/2014 |

8 comments

Publicly traded healthcare organization's stock goes up as breach notifications go out.

Biggest Cache of Stolen Creds Ever Includes 1.2 Billion Unique Logins

Quick Hits | 8/5/2014 |

16 comments

A Russian crime ring has swiped more than a billion unique username-password combinations, plus a half-million email addresses.

Researcher Finds Flaws In Key Oracle Security Feature

News | 7/2/2014 |

Famed security researcher and Oracle database expert David Litchfield next month at Black Hat USA will present details of weaknesses he discovered in a widely touted new security feature in Oracle databases.

Dark Reading Radio: Oracle Database Security Hacked

Commentary | 7/1/2014 |

Learn about newly found vulnerabilities in a key database security feature tomorrow in the next episode of Dark Reading Radio.

The Only 2 Things Every Developer Needs To Know About Injection

Commentary | 5/22/2014 |

There’s no simple solution for preventing injection attacks. There are effective strategies that can stop them in their tracks.

Into The Breach: The Limits Of Data Security Technology

Commentary | 5/12/2014 |

8 comments

When it comes to cyberdefense spending, the smart money should bet on people and compliance as much as on machines.

Privacy, Cybercrime Headline the Infosecurity Europe Conference

Slideshows | 5/2/2014 |

6 comments

Attendees debate NSA surveillance, privacy reforms, cybercrime defenses, and sharpen their CISO skills.

Michaels Retail Chain Reveals Details Of Breach: Nearly 3M Affected

Quick Hits | 4/18/2014 |

5 comments

Attack on point-of-sale systems went on for more than six months, officials say.

SQL Injection Cleanup Takes Two Months or More

Quick Hits | 4/17/2014 |

A new report highlights the prevalence and persistence of SQL injection attacks.

What Is The FIDO Alliance?

Dark Reading Videos | 4/2/2014 |

Phillip Dunkelberger of Nok Nok Labs explains why its proposed specifications will transform computing.

Finally, Plug & Play Authentication!

Dark Reading Videos | 3/26/2014 |

FIDO Alliance technology will allow enterprises to replace passwords with plug-and-play multifactor authentication.

Attackers Hit Clearinghouse Selling Stolen Target Data

News | 3/18/2014 |

Hackers interrupt and deface sites of black-market forums selling credit card data stolen from Target and other retailers.

7 Behaviors That Could Indicate A Security Breach

News | 3/14/2014 |

Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.

The Case For Browser-Based Access Controls

Commentary | 3/7/2014 |

Is "browser-ized" security a better defense against hackers than traditional methods? Check out these two examples.

FIDO Alliance Releases Authentication Standards, Unveils Products

News | 2/18/2014 |

Proponents say the new specifications will pave the way for the replacement of passwords, which are frequently lost, stolen, or hacked.

Target Breach: Phishing Attack Implicated

News | 2/13/2014 |

12 comments

Report suggests malware-laced email attack on Target's HVAC subcontractor leaked access credentials for retailer's network.

Data Breach Notifications: Time For Tough Love

Commentary | 2/7/2014 |

12 comments

Target and Neiman Marcus came clean quickly about their data breaches, but most business don't. It's time for standards -- and fines.

4 Hurdles That Trip Security Analytics Efforts

News | 1/29/2014 |

Don't let these people and process problems get in the way of security analytics effectiveness.

Target Mocks, Not Helps, Its Data Breach Victims

Commentary | 1/22/2014 |

22 comments

The only thing consumers did wrong is to shop at Target. Why are they being blamed for the retailer's security failings?

HIPAA, SOX & PCI: The Coming Compliance Crisis In IT Security

Commentary | 1/21/2014 |

11 comments

New mandates around datacenter virtualization, enterprise apps, and BYOD will stretch IT security staffs and budgets to the max in 2014.

Target Breach: 8 Facts On Memory-Scraping Malware

News | 1/14/2014 |