Vulnerabilities / Threats // Advanced Threats
News & Commentary
Researchers Develop 'BlackForest' to Collect, Correlate Threat Intelligence
Brian Prince, Contributing Writer, Dark ReadingNews
Researchers at the Georgia Tech Research Institute develop the BlackForest system to help organizations uncover and anticipate cyberthreats.
By Brian Prince Contributing Writer, Dark Reading, 7/25/2014
Comment1 Comment  |  Read  |  Post a Comment
Government-Grade Stealth Malware In Hands Of Criminals
Sara Peters, News
"Gyges" can be bolted onto other malware to hide it from anti-virus, intrusion detection systems, and other security tools.
By Sara Peters , 7/17/2014
Comment12 comments  |  Read  |  Post a Comment
Senate Hearing Calls for Changes to Cybercrime Law
Sara Peters, News
In the wake of Microsoft's seizure of No-IP servers and domains, private and public sector representatives met to discuss what can be done to address the problem of botnets.
By Sara Peters , 7/16/2014
Comment10 comments  |  Read  |  Post a Comment
In Fog Of Cyberwar, US Tech Is Caught In Crossfire
Julian Waits, President & CEO, ThreatTrack SecurityCommentary
Distrust of the US intelligence community is eroding consumer confidence and hampering US technology firms on the global stage at a time when the sector should be showing unprecedented growth.
By Julian Waits President & CEO, ThreatTrack Security, 7/9/2014
Comment6 comments  |  Read  |  Post a Comment
Chinese Attackers Targeting U.S. Think Tanks, Researchers Say
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Government-backed group "Deep Panda" compromised "several" nonprofit national security policy research organizations, CrowdStrike says
By Tim Wilson Editor in Chief, Dark Reading, 7/7/2014
Comment0 comments  |  Read  |  Post a Comment
Microsoft's Seizure Of No-IP Domains Disrupted Criminals & Innocents Alike
Sara Peters, News
Microsoft successfully disrupted roughly one-quarter of the APT actors Kaspersky monitors, but took down millions of innocent hostnames too.
By Sara Peters , 7/3/2014
Comment6 comments  |  Read  |  Post a Comment
CosmicDuke: Cosmu & MiniDuke Mash-Up
Sara Peters, News
F-Secure believes that the combo malware might have connections to the perpetrators of the miniDuke attacks.
By Sara Peters , 7/2/2014
Comment1 Comment  |  Read  |  Post a Comment
Cyberspying Campaign Comes With Sabotage Option
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
New research from Symantec spots US and Western European energy interests in the bull's eye, but the campaign could encompass more than just utilities.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 6/30/2014
Comment3 comments  |  Read  |  Post a Comment
As Stuxnet Anniversary Approaches, New SCADA Attack Is Discovered
Sara Peters, News
F-Secure has unearthed a new attack against industrial control systems that goes after European targets, using rare infection vectors.
By Sara Peters , 6/26/2014
Comment4 comments  |  Read  |  Post a Comment
Luuuk Stole Half-Million Euros in One Week
Sara Peters, News
A man-in-the-browser and a big team of money mules quickly, systematically robbed 190 account holders at a European bank.
By Sara Peters , 6/25/2014
Comment8 comments  |  Read  |  Post a Comment
Crowdsourcing & Cyber Security: Who Do You Trust?
Robert R. Ackerman Jr., Founder & Managing Director, Allegis CapitalCommentary
A collective security defense can definitely tip the balance in favor of the good guys. But challenges remain.
By Robert R. Ackerman Jr. Founder & Managing Director, Allegis Capital, 6/24/2014
Comment3 comments  |  Read  |  Post a Comment
P.F. Chang's Breach Went Undetected For Months
Lucas Zaichkowsky, Enterprise Defense Architect, AccessDataCommentary
Early reports indicate that the compromise involved a large number of restaurant locations and dates as far back as September 2013.
By Lucas Zaichkowsky Enterprise Defense Architect, AccessData, 6/23/2014
Comment4 comments  |  Read  |  Post a Comment
Phishing Scam Targeted 75 US Airports
William Welsh, Contributing WriterCommentary
Major cyberattack carried out in 2013 by an undisclosed nation-state sought to breach US commercial aviation networks, says Center for Internet Security report.
By William Welsh Contributing Writer, 6/23/2014
Comment0 comments  |  Read  |  Post a Comment
A Dyre New Banking Trojan
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Newly discovered RAT sneaks by SSL and steals victims' banking credentials.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/17/2014
Comment0 comments  |  Read  |  Post a Comment
NIST Security Guidance Revision: Prepare Now
Vincent Berk, Commentary
NIST 800-53 Revision 5 will likely put more emphasis on continuous monitoring. Don't wait until it arrives to close your security gaps.
By Vincent Berk , 6/16/2014
Comment4 comments  |  Read  |  Post a Comment
New Commercialized Trojan Takes Fresh Approach To Password-Stealing
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Unlike most banking malware of today, new Pandemiya skips the Zeus source code and starts from scratch.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/10/2014
Comment3 comments  |  Read  |  Post a Comment
Putter Panda: Tip Of The Iceberg
George Kurtz, President & CEO, CrowdStrikeCommentary
What CrowdStrike's outing of Putter Panda -- the second hacking group linked to China's spying on US defense and European satellite and aerospace industries -- means for the security industry.
By George Kurtz President & CEO, CrowdStrike, 6/10/2014
Comment3 comments  |  Read  |  Post a Comment
Government Advances Continuous Security Monitoring
Henry Kenyon, Commentary
DOD, DHS expect smart technologies will defend networks against common attacks, free IT personnel to deal with more dangerous threats.
By Henry Kenyon , 6/6/2014
Comment3 comments  |  Read  |  Post a Comment
Global Effort Disrupts GOZeuS Botnet, CryptoLocker; One Indicted
Sara Peters, News
An international public-private collaboration involving security companies and law enforcement agencies in 11 countries aims to disrupt the underlying infrastructure of the cybercrime industry.
By Sara Peters , 6/2/2014
Comment4 comments  |  Read  |  Post a Comment
FireEye: Malware Traffic to Ukraine, Russia Spiked During Peak of Conflict
Sara Peters, News
A FireEye researcher posits that a significant spike in malware traffic to Russia and the Ukraine at the height of the conflict between the two countries could be part of a trend -- and could improve threat intelligence.
By Sara Peters , 5/29/2014
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2363
Published: 2014-07-26
Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request.

CVE-2014-3071
Published: 2014-07-26
Cross-site scripting (XSS) vulnerability in the Data Quality Console in IBM InfoSphere Information Server 11.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL for adding a project connection.

CVE-2014-3301
Published: 2014-07-26
The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned messages, aka Bug ID CSCuj81700.

CVE-2014-3305
Published: 2014-07-26
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuj81735.

CVE-2014-3324
Published: 2014-07-26
Multiple cross-site scripting (XSS) vulnerabilities in the login page in the administrative web interface in Cisco TelePresence Server Software 4.0(2.8) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCup90060.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.