Dark Reading | Security | Protect The Business

Advertise With Us

About Us

Digital Subscription

Taking A Security Program From Zero To Hero

10 Security Questions To Ask A Cloud Service Provider

Healthcare Data Breaches From Cyberattacks, Criminals Eclipse Employee Error For The First Time

Top Stories

VENOM Zero-Day May Affect Thousands Of ...

Taking A Security Program From Zero To Hero

10 Security Questions To Ask A Cloud ...

Healthcare Data Breaches From ...

Beginning Of The End For Patch Tuesday

News & Commentary

Polish Security Firm Discloses Unpatched Security Flaws in Google App Engine

News

Google was given enough time to respond researcher says.

By Jai Vijayan Freelance writer, 5/15/2015

0 comments | Read | Post a Comment

Drinking from the Malware Fire Hose

Take a staged approach to processing malware in bulk so that scarce and time-limited resources can be prioritized for only those threats that truly require them.

By John Bambenek Senior Threat Researcher, Fidelis Cybersecurity, 5/15/2015

0 comments | Read | Post a Comment

The Cybercrime Carnival in Brazil: Loose Cyberlaws Make for Loose Cybercriminals

Limor S Kessem, Sr. Cybersecurity Evangelist, IBM Security

Commentary

Brazil loses over $8 billion a year to Internet crime, making it the second-largest cybercrime generator in the world.

By Limor S Kessem Sr. Cybersecurity Evangelist, IBM Security, 5/15/2015

2 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, Yes, it was a surprise to me to find out that cybercrime is alive and well...

Experts' Opinions Mixed On VENOM Vulnerability

Sara Peters, Senior Editor at Dark Reading

News

Some say the virtualization vuln could be worse than Heartbleed, while others advise to patch, but don't panic.

By Sara Peters Senior Editor at Dark Reading, 5/14/2015

2 comments | Read | Post a Comment

Latest Comment: DavidH031, Can anyone readily address the question of whether or not this affects VMware...

When Encrypted Communication Is Not Good Enough

Commentary

For the vast majority of conversations -- on paper, by phone or computer -- encryption is a perfectly adequate form of protection. Unless, of course, a life or livelihood is at stake.

By Lysa Myers Security Researcher, ESET, 5/14/2015

3 comments | Read | Post a Comment

Latest Comment: Christian Bryant, ...from a couple of apps deemend by the EFF to fit the bill: Cryptocat...

Cloud Security Alliance, Waverley Labs Collaborate On Open-Source Software-Defined Perimeter Spec

News

SDPs offer enterprises an alternative to traditional perimeter tools for protecting network assets, says CSA, Waverley

By Jai Vijayan Freelance writer, 5/13/2015

0 comments | Read | Post a Comment

Teaming Up to Educate and Enable Better Defense Against Phishing

Companies need to both educate their employees and implement prevention technology.

By Rees Johnson Sr. VP and GM the Content Security Business Unit, Intel Security, 5/13/2015

4 comments | Read | Post a Comment

latest comment RyanSepe Ah ok, thanks for clarifying. I would imagine pulling sites is based on a "level...

Oil & Gas Firms Hit By Cyberattacks That Forgo Malware

Kelly Jackson Higgins, Executive Editor at Dark Reading

News

New spin on the 'Nigerian scam' scams crude oil buyers out of money with bait-and-switch.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/13/2015

0 comments | Read | Post a Comment

Taking A Security Program From Zero To Hero

Joshua Goldfarb, VP & CTO - Americas, FireEye.

Commentary

Breaking the enigma of InfoSec into smaller bites is a proven method for building up an organization’s security capabilities. Here are six steps to get you started.

By Joshua Goldfarb VP & CTO - Americas, FireEye., 5/13/2015

2 comments | Read | Post a Comment

Latest Comment: Christian Bryant, Let's not forget Step 7 which could take your security group from zero to hero...

Microsoft Edge Browser Gets Security Boost

Kelly Sheridan, Associate Editor, InformationWeek

News

The new Windows 10 browser, Microsoft Edge, is fortified with security measures to keep users safe.

By Kelly Sheridan Associate Editor, InformationWeek, 5/13/2015

4 comments | Read | Post a Comment

VENOM Zero-Day May Affect Thousands Of Cloud, Virtualization Products

News

Critical vulnerability in the open-source QEMU hypervisor lets attackers break out of a virtual machine, execute code on a host machine and access all the other VMs on the host.

By Sara Peters Senior Editor at Dark Reading, 5/13/2015

6 comments | Read | Post a Comment

Latest Comment: ODA155, @ kenwestin ... You said... "I do believe that some of the media surrounding...

Verizon 2015 Data Breach Cover Puzzler Solved: Defending Champs Win

News

The 2015 DBIR Cover Challenge is as highly anticipated by some as the DBIR report itself.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/12/2015

0 comments | Read | Post a Comment

Vulnerability Disclosure Deja Vu: Prosecute Crime Not Research

Katie Moussouris, Chief Policy Officer, HackerOne

Commentary

There is a lesson to be learned from a locksmith living 150 years ago: Attackers and criminals are the only parties who benefit when security researchers fear the consequences for reporting issues.

By Katie Moussouris Chief Policy Officer, HackerOne, 5/12/2015

9 comments | Read | Post a Comment

Latest Comment: Marilyn Cohodas, @Thomas Claburn, love how you expanded on the metaphor of the lock picker...

First Example Of SAP Breach Surfaces

Ericka Chickowski, Contributing Writer, Dark Reading

News

USIS attack in 2013 stealing background check information about government personnel with classified clearance came by way of an SAP exploit.

By Ericka Chickowski Contributing Writer, Dark Reading, 5/12/2015

0 comments | Read | Post a Comment

Protecting The Data Lifecycle From Network To Cloud

Commentary

Enterprises are pushing more sensitive and regulated data into the public cloud than ever before. But the journey carries many new risks.

By Gerry Grealish CMO, Perspecsys, 5/12/2015

0 comments | Read | Post a Comment

10 Security Questions To Ask A Cloud Service Provider

Help the business assess the risks of cloud services with these handy questions.

By Ericka Chickowski Contributing Writer, Dark Reading, 5/12/2015

2 comments | Read | Post a Comment

Latest Comment: Charlie Babcock, No. 7, "Where do the servers, processes, and data physically reside?" It's...

What Does China-Russia 'No Hack' Pact Mean For US?

News

It could be an Internet governance issue or a response to the U.S. DoD's new cyber strategy, but one thing is certain: it doesn't really mean China and Russia aren't spying on one another anymore.

By Sara Peters Senior Editor at Dark Reading, 5/11/2015

2 comments | Read | Post a Comment

Latest Comment: Sara Peters, @RyanSepe I think that sums it up nicely: "This pact seems like more of statement...

Women In Security Speak Out On Why There Are Still So Few Of Them

News

They're now CISOs, security officials in DHS and the NSA, researchers, and key players in security -- but women remain a mere 10% of the industry population.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/11/2015

7 comments | Read | Post a Comment

Latest Comment: rasoolirfan, its vital to empower women security professionals at all levels and orgarnizations...

PHP Hash Comparison Weakness A Threat To Websites, Researcher Says

News

Flaw could allow attackers to compromise user accounts, WhiteHat Security's Robert Hansen -- aka "RSnake" -- says in new finding on 'Magic Hash' vulnerability.

By Jai Vijayan Freelance writer, 5/9/2015

2 comments | Read | Post a Comment

Latest Comment: KGutzmann201, PHP programmers may want to consider using hexadecimal representations of the...

Beginning Of The End For Patch Tuesday

News

Starting with Windows 10, Microsoft will introduce Windows Update for Business, issuing patches as they're available, instead of once a month.

By Sara Peters Senior Editor at Dark Reading, 5/7/2015

6 comments | Read | Post a Comment

Latest Comment: macker490, updates only; no version changes? it's an old idea that doesn't...

More Stories

Current Conversations

Posted by Christian Bryant

...from a couple of apps deemend by the EFF to fit the bill: Cryptocat or TextSecure. I use 4096-bit GnuPG encryption for files that I exchange with trusted key-holders and talk on private IRCs with OTR encryption. But,...

In reply to: If Pressed, Then I Choose...
Post Your Own Reply

Posted by Marilyn Cohodas

Yes, it was a surprise to me to find out that cybercrime is alive and well (and toppoing the charts) in Brazil. Fascinating, really! Glad you liked the info, @Christian Bryant.

In reply to: Re: Remembering Boleto and Brazilian Bank Fraud
Post Your Own Reply

Posted by Christian Bryant

I remember last year reading about the Boleto fraud ring and the details of that operation spanning from malware, to social engineering and even murder (cited in one article but not clear whether this was confirmed). This...

In reply to: Remembering Boleto and Brazilian Bank Fraud
Post Your Own Reply

Posted by DavidH031

Can anyone readily address the question of whether or not this affects VMware or HyperV?

In reply to: HyperV and/or VMware affected?
Post Your Own Reply

Posted by RiskIQBlogger

This vulnerability is incredibly serious in my opinion. I spent almost 5 years working for a Xen shop, cloud hosting provider. It's largely taken for granted that no one can escape the VM. However, in these massive server...

In reply to: Why Should It Be Different This Time?
Post Your Own Reply

Posted by AMARGHEIM570

I give your article a thumbs-up for emphasizing the dangers of electronic communication but it gets a thumbs-down for not answering the original question. The group's response would have been much more useful...

In reply to: The group didn't answer the question.
Post Your Own Reply

Posted by ODA155

@ kenwestin ... You said... "I do believe that some of the media surrounding this vulnerability has been a bit overblown, some stating that this vulnerability is has broken cloud security and millions of systems are in danger...

In reply to: Re: Good Research Bad Media Reaction
Post Your Own Reply

Posted by Marilyn Cohodas

Great insight on the limitations of encryption in the digital era. Thanks, Lysa. Nice job putting the issue into a real-world context.

In reply to: Very thoughtful
Post Your Own Reply

Posted by Marilyn Cohodas

@Thomas Claburn, love how you expanded on the metaphor of the lock picker at the front door. Perfect!

In reply to: Re: Defender's point of view
Post Your Own Reply

Posted by Marilyn Cohodas

That is so true,cebess02. Definitely a mixed blessing -- especially for security professionals defending in such an expansive threat universe!

In reply to: Re: Cartoon: Spring Fever
Post Your Own Reply

Posted by LiveMsic

The answer is, of course it is.

In reply to: Re: Good Advice from Mathew J. Schwartz
Post Your Own Reply

Posted by sixscrews

OK, we have a vlun - surprise. But it's in a component that maybe 50% of us have never touched, much less know about. And where's the next one coming from - the joystick interface? the UV-EEPROM programmer? I'm...

In reply to: So, why is your disk floppy?
Post Your Own Reply

More Conversations

Products & Releases

Decline in detected malware attacks in organisations coincides perfectly with weekends.

SANs Survey Reveals Organizations Lack Control Over Mobile Workspaces

CoroNet Launches Solution to Protect from Eavesdropping, Data Interception and Remote Manipulation of Devices on WiFi and Cellular Networks

Digital Guardian Acquires Savant Protection

Videology and White Ops Unveil Partnership to Combat Bot Traffic and Non-Human Activity Across Campaigns, Devices

Absolute Survey Shows Millennials Represent Greatest Risk to Corporate Data

Bitdefender Rolls Out New Technology for Virtualized Infrastructure Security

LiveEnsure Launches FourSure, a Peer-to-Peer Trust App

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

Vulnerability Disclosure Deja Vu: Prosecute Crime Not Research

Katie Moussouris, Chief Policy Officer, HackerOne, 5/12/2015

Women In Security Speak Out On Why There Are Still So Few Of Them

Kelly Jackson Higgins, Executive Editor at Dark Reading, 5/11/2015

VENOM Zero-Day May Affect Thousands Of Cloud, Virtualization Products

Sara Peters, Senior Editor at Dark Reading, 5/13/2015

Partner Perspectives

What's This?

Teaming Up to Educate and Enable Better Defense Against Phishing

Companies need to both educate their employees and implement prevention technology. Read >>

Defenses Outside the Wall

5 comments

Application Layer Exfiltration Protection: A New Perspective on Firewalls

2 comments

More Stories

Live Events

Webinars

More UBM Tech
Live Events

The Destination for Connecting Technology, Ideas and Canadians - GTEC 2015

Cartoon

Latest Comment: That is so true,cebess02. Definitely a mixed blessing -- especially for security professionals defending in such an expansive threat universe!

Cartoon Archive

Dark Reading Radio

Archived Dark Reading Radio

Information Security, Risk, and The Road Ahead

Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.

UPCOMING!
Tuesday, June 2, 1pm EDT
How to Develop a Data Breach Incident Response Plan

FULL SCHEDULE | ARCHIVED SHOWS

White Papers

Managing Risk in an Active Directory Integrated Virtualized Environment

Hosted vs. OnSite UC: Who wins?

Server Security: Not What It Used to Be!

Selecting the Best Platform for Cloud Service Integration

Federate Identities - Key to Seamless SSO

More White Papers

Current Issue

Dark Reading - March 2, 2015

Download This Issue!

Subscribe Now!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2015-0717

Published: 2015-05-16
Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546.

CVE-2015-0723

Published: 2015-05-16
The wireless web-authentication subsystem on Cisco Wireless LAN Controller (WLC) devices 7.5.x and 7.6.x before 7.6.120 allows remote attackers to cause a denial of service (process crash and device restart) via a crafted value, aka Bug ID CSCum03269.

CVE-2015-0726

Published: 2015-05-16
The web administration interface on Cisco Wireless LAN Controller (WLC) devices before 7.0.241, 7.1.x through 7.4.x before 7.4.122, and 7.5.x and 7.6.x before 7.6.120 allows remote authenticated users to cause a denial of service (device crash) via unspecified parameters, aka Bug IDs CSCum65159 and ...

CVE-2015-0729

Published: 2015-05-16
Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server Solution Engine (ACSE) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a file-inclusion attack, aka Bug ID CSCuu11005.

CVE-2015-0730

Published: 2015-05-16
The SMB module in Cisco Wide Area Application Services (WAAS) 6.0(1) allows remote attackers to cause a denial of service (module reload) via an invalid field in a Negotiate Protocol request, aka Bug ID CSCuo75645.

Reports

Infographics

10 Recommendations for Outsourcing Security

Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?

Download Now!

Title Partner’s Role in Perimeter Security

0 comments

Threat Intel Today

0 comments

DevOps’ Impact on Application Security

0 comments

More Reports