Dark Reading | Security | Protect The Business

Advertise With Us

About Us

Digital Subscription

Microsoft's Remarkable Pivot: Windows 10 Abandons Privacy

Cyberspies Impersonate Security Researcher

Valasek Not Done With Car Hacking Just Yet

Top Stories

Microsoft's Remarkable Pivot: Windows 10 ...

RSA's Ex-CEO Coviello Back In The Game

Cyberspies Impersonate Security Researcher

Cartoon: Security Moment Of Zen

Valasek Not Done With Car Hacking Just Yet

News & Commentary

'SandBlast' A Different Spin On Sandboxing

Rutrell Yasin, Business Technology Writer, Tech Writers Bureau

News

Hackers are finding ways to bypass sandboxes and sneak in their malware, so some vendors are creating new approaches to counter them.

By Rutrell Yasin Business Technology Writer, Tech Writers Bureau, 9/4/2015

0 comments | Read | Post a Comment

Jeremiah Grossman's Tips For Black Hat Hopefuls & More

Sara Peters, Senior Editor at Dark Reading

Commentary Video

Founder of WhiteHat Security visits the Dark Reading News Desk to dish on the Black Hat Briefings selection process, the state of Web security, the Wassenaar Arrangement, and Flash.

By Sara Peters Senior Editor at Dark Reading, 9/4/2015

0 comments | Read | Post a Comment

Back To Basics: 10 Security Best Practices

Nimmy Reichenberg, VP of Strategy, AlgoSec

Commentary

The most effective strategy for keeping organizations, users and customers safe is to focus on the fundamentals.

By Nimmy Reichenberg VP of Strategy, AlgoSec, 9/4/2015

0 comments | Read | Post a Comment

HyTrust Claims Advances In Virtual Data Center Ops

News

VMware security partner HyTrust has been pushing new steps in virtual machine and virtual network operations, including role-based access.

By Charles Babcock Editor at Large, Cloud, 9/4/2015

2 comments | Read | Post a Comment

RSA's Ex-CEO Coviello Back In The Game

Kelly Jackson Higgins, Executive Editor at Dark Reading

News

Art Coviello, former head of RSA Security, has returned to the security industry after retiring from RSA for health reasons.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/3/2015

0 comments | Read | Post a Comment

Stealing Data By 'Living Off The Land'

News

Hackers latest tactic involves a malware-free attack using a company’s own system credentials and admin tools to gain access.

By Rutrell Yasin Business Technology Writer, Tech Writers Bureau, 9/3/2015

0 comments | Read | Post a Comment

VMware Expands NSX Platform Security

Marcia Savage, Managing Editor, Network Computing

News

VMware is working to add network encryption as a distributed service via its network virtualization platform.

By Marcia Savage Managing Editor, Network Computing, 9/3/2015

1 Comment | Read | Post a Comment

Latest Comment: jinumadhavan, now days security has the first preferance many of them are cracked during...

China's Great Cannon: The Great Firewall's More Aggressive Partner

Commentary Video

Crowdstrike researchers visit Dark Reading News Desk at Black Hat to describe how China went on the offensive and extended its Internet censorship efforts beyond Chinese borders.

By Sara Peters Senior Editor at Dark Reading, 9/3/2015

0 comments | Read | Post a Comment

New Shifu Banking Trojan An ‘Uber Patchwork’ Of Malware Tools

News

Sophisticated threat hitting banks in Japan combines best features of multiple previous banking malware, new IBM research says.

By Jai Vijayan Freelance writer, 9/2/2015

0 comments | Read | Post a Comment

Malware Author Stamped Code 'For Targeted Attacks Only'

News

When the Microsoft Word Intruder Office malware creation kit got too high-profile, the developer changed terms of service, Sophos report says.

By Sara Peters Senior Editor at Dark Reading, 9/2/2015

0 comments | Read | Post a Comment

Microsoft, Google, Mozilla Abandon RC4 Cryptographic Standard

Commentary

With Microsoft, Google, and Mozilla turning against the RC4 cryptographic suite, the standard will likely die in 2016.

By Larry Loeb Blogger, Informationweek, 9/2/2015

0 comments | Read | Post a Comment

Endpoint Security Firm Tanium Valued At $3.5 Billion

Quick Hits

Highest-valued venture-backed cybersecurity company worldwide closes $120 million venture capital round.

By Dark Reading Staff , 9/2/2015

1 Comment | Read | Post a Comment

Latest Comment: RyanSepe, Is Tanium the parent company? What are the names of some of the solutions they...

Microsoft's Remarkable Pivot: Windows 10 Abandons Privacy

Commentary

You can read all you want about Windows 10 powerful new privacy features, but that doesn’t mean you have them.

By Mark Weinstein CEO, MeWe.com, 9/2/2015

5 comments | Read | Post a Comment

Latest Comment: dieselnerd, Glad I'm a slave to the Redmond Beast only at work these days, with Linux the...

Baby Monitors Expose Home -- And Business -- Networks

News

Researchers find major security flaws in popular networked video baby monitor products that could allow attackers to snoop on babies and businesses.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/2/2015

2 comments | Read | Post a Comment

Latest Comment: Kelly Jackson Higgins, Yes--devices that were designed for peace of mind, security end up being a...

Cyberspies Impersonate Security Researcher

News

'Rocket Kitten' pro-Iranian regime hackers focusing more on targeting individuals for geopolitical espionage.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/1/2015

3 comments | Read | Post a Comment

Latest Comment: wrstanton3, Umm... Persian is Farsi...

Report: Ransomware Jumped 58 Percent in Q2

News

McAfee Threat Labs Report also zooms in on GPU malware and looks back on the first five years of the Intel-McAfee marriage.

By Sara Peters Senior Editor at Dark Reading, 9/1/2015

1 Comment | Read | Post a Comment

Latest Comment: RyanSepe, I am not surprised at this. Ransomware is very effective with its simplicity...

Malware Pre-Installed On Over Two-Dozen Android Smartphone Brands

News

Threat affects several smartphones shipping from Asia including some popular ones such as Lenovo, Huawei, and Xiaomi, says G Data.

By Jai Vijayan Freelance writer, 9/1/2015

1 Comment | Read | Post a Comment

Latest Comment: hmayle, "Fortunately for Android users, the malware presents a threat mostly to people...

We Can Allow Cybersecurity Research Without Stifling Innovation

Gavin Reid, Vice President, Threat Intelligence, Lancope Inc

Commentary

The U.S. government is in a unique position to become a global leader in cybersecurity. But only if it retains the open spirit of the Internet that kick-started the Information Age.

By Gavin Reid Vice President, Threat Intelligence, Lancope Inc, 9/1/2015

0 comments | Read | Post a Comment

Your Worst Day In IT

Turns out the most common culprits aren't what you might think.

By David Spark Veteran Tech journalist and founder of Spark Media Solutions, 9/1/2015

0 comments | Read | Post a Comment

Sights & Sounds Of Black Hat USA And DEF CON

Some hackers call the week of Black Hat USA and DEF CON 'security summer camp' -- a look at some of the highlights of the two shows.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/31/2015

0 comments | Read | Post a Comment

More Stories

Current Conversations

Posted by smani631

Security is a state of mind... the more you think you are close, the more it moves away... We need to continuously strive to try and get closer.

In reply to: Its all a Maaya
Post Your Own Reply

Posted by wrstanton3

Umm... Persian is Farsi...

In reply to: Re: That Cute Name
Post Your Own Reply

Posted by Joe Stanganelli

As a pedantic point of information, Farsi isn't one of the primary languages of Iran. You might be thinking of Persian.So I tried to copy-paste what Google Translate says "Rocket Kitten" is in Persian, but the website...

In reply to: Re: That Cute Name
Post Your Own Reply

Posted by Joe Stanganelli

Other pertinent factors, I think, include the breadth/depth of the breach, and the vulnerabilities (both technical and cultural) that contributed to the breach.Another important factor: crisis response. Adobe presents...

In reply to: Re: C-suiters resigning
Post Your Own Reply

Posted by stallion m

Yes the modern world uses the hacking and spamming are the main weapon, the largest countries like usa, china, india all add moe concentration in security issues, i think usa develop more security sheals on their systems...

In reply to: Re: 100% true
Post Your Own Reply

Posted by jinumadhavan

now days security has the first preferance many of them are cracked during less security . the big companies are invest a big amount for add security inb their networks so the VM going to the rioght paths anyway thanks for...

In reply to: its a good news
Post Your Own Reply

Posted by JohnP175

"For security I joined the Global Resource Bank network. - GRB.net"

In reply to: Global Resource Bank
Post Your Own Reply

Posted by dieselnerd

Glad I'm a slave to the Redmond Beast only at work these days, with Linux the primary OS at home, the dust blown off Win7Pro only when I must. Managed to avoid Win8 like I managed to avoid Vista (and Me before that); with...

In reply to: Pivot This, MSFT
Post Your Own Reply

Posted by RyanSepe

Is Tanium the parent company? What are the names of some of the solutions they provide?

In reply to: Tanium Products
Post Your Own Reply

Posted by RyanSepe

I am not surprised at this. Ransomware is very effective with its simplicity and variation. The samples can be easily crafted and as soon as one is blocked changed in a small fashion to create a new sample thats not.

In reply to: Not Surprised
Post Your Own Reply

Posted by Juif

I hate W10 for that, now we are the product !

In reply to: Re: Good Advice
Post Your Own Reply

Posted by dfunk1

If it's free, then the product is you.

In reply to: If it's free
Post Your Own Reply

More Conversations

Products & Releases

MACH37 Announces New Funding for Virgil Security and Cyph

Webroot Secures the IoT by Protecting Critical Devices, Gateways and Systems

Zscaler Delivers Record Performance for Q4 and Fiscal Year 2015

Information Technology Manager Pleads Guilty to Sending Damaging Computer Code to Former Company’s Servers

Gigamon Teams with RSA

FireHost Is Now Armor, for Active Cyber Defense Focused on Outcomes

Security Pros @ Black Hat Say C-Suite Has "Head in the Sand," Not Paranoid Enough

NEW NET TECHNOLOGIES DEBUTS CHANGE TRACKER™ GENERATION 7

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

Microsoft's Remarkable Pivot: Windows 10 Abandons Privacy

Mark Weinstein, CEO, MeWe.com, 9/2/2015

Cyberspies Impersonate Security Researcher

Kelly Jackson Higgins, Executive Editor at Dark Reading, 9/1/2015

Baby Monitors Expose Home -- And Business -- Networks

Kelly Jackson Higgins, Executive Editor at Dark Reading, 9/2/2015

Partner Perspectives

What's This?

From Vicious To Virtuous: A Plan Of Attack For Incident Response

How do you get there? Increase the cost and effort required by the bad guys and boost your efficiency. Read >>

What Would You Do Differently If You Knew You Were Going To Be Robbed?

0 comments

Survey Says: Incident Response Is Fighting Back

0 comments

More Stories

Partner Perspectives

What's This?

Breach Defense Playbook: Cybersecurity Governance

Time to leave the island: Integrate cybersecurity into your risk management strategy. Read >>

Breach Defense Playbook: Incident Response Readiness (Part 2)

0 comments

Breach Defense Playbook: Incident Response Readiness (Part 1)

0 comments

More Stories

Partner Perspectives

What's This?

Your Worst Day In IT

Turns out the most common culprits aren't what you might think. Read >>

Flash: Web Browser Plugins Are Vulnerable

1 Comment

How Much Threat Intelligence Is Too Much?

0 comments

More Stories

Live Events

Webinars

More UBM Tech
Live Events

The Destination for Connecting Technology, Ideas and Canadians - GTEC 2015

FREE VIRTUAL EVENT: Implementing Microsoft Lync/Skype for Business

Cartoon

Latest Comment: Security is a state of mind... the more you think you are close, the more it moves away... We need to continuously strive to try and get closer.

Cartoon Archive

Dark Reading Radio

Archived Dark Reading Radio

Dark Reading at Black Hat: Highlights and Lessons

Another Black Hat is in the books and Dark Reading was there. Join the editors as they share their top stories, biggest lessons, and best conversations from the premier security conference.

UPCOMING!
Wednesday, September 23, 1pm EDT
Fixing IoT Security

FULL SCHEDULE | ARCHIVED SHOWS

White Papers

7 Ways to Address the Gaping Data Security Hole in Your Supply Chain

Static code analysis in an Agile world

Data Center Interconnect Trends & Requirements

Moving beyond unified communications

Top 5 Reasons Why Financial Services Firms Should Consider SDN Now

More White Papers

Current Issue

Dark Reading Tech Digest, June 2015

Download This Issue!

Subscribe Now!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2014-9605

Published: 2015-09-04
WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a ' (single quote) character in the login and password parameters to webup...

CVE-2015-2990

Published: 2015-09-04
Directory traversal vulnerability in NEOJAPAN desknet NEO 2.0R1.0 through 2.5R1.4 allows remote authenticated users to read arbitrary files via a crafted parameter.

CVE-2015-2991

Published: 2015-09-04
Buffer overflow in NScripter before 3.00 allows remote attackers to execute arbitrary code via crafted save data.

CVE-2015-5612

Published: 2015-09-04
Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via the caption tag of a profile image.

CVE-2015-5688

Published: 2015-09-04
Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.

Reports

Infographics

10 Recommendations for Outsourcing Security

Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?

Download Now!

Title Partner’s Role in Perimeter Security

0 comments

Threat Intel Today

0 comments

DevOps’ Impact on Application Security

0 comments

More Reports