Vulnerabilities / Threats // Advanced Threats
News & Commentary
Pharmaceuticals, Not Energy, May Have Been True Target Of Dragonfly, Energetic Bear
Sara Peters, Senior Editor at Dark ReadingNews
New research says the compromised companies were suppliers for OEMs that served pharma and biotech.
By Sara Peters Senior Editor at Dark Reading, 10/22/2014
Comment0 comments  |  Read  |  Post a Comment
Cyber Threats: Information vs. Intelligence
Matt Hartley, VP Product Management, iSIGHT PartnersCommentary
Cyber threat intelligence or CTI is touted to be the next big thing in InfoSec. But does it narrow the security problem or compound it?
By Matt Hartley VP Product Management, iSIGHT Partners, 10/22/2014
Comment2 comments  |  Read  |  Post a Comment
Insider Threats: Breaching The Human Barrier
Christopher Hadnagy, Founder & CEO, Social-Engineer, Inc.Commentary
A company can spend all the money it has on technical solutions to protect the perimeter and still not prevent the attack that comes from within.
By Christopher Hadnagy Founder & CEO, Social-Engineer, Inc., 10/20/2014
Comment5 comments  |  Read  |  Post a Comment
Russian Hackers Made $2.5B Over The Last 12 Months
Sara Peters, Senior Editor at Dark ReadingNews
The big bucks are in selling credit card data -- not using it for fraud -- and PoS and ATM attacks are on the rise.
By Sara Peters Senior Editor at Dark Reading, 10/15/2014
Comment13 comments  |  Read  |  Post a Comment
Third-Party Code: Fertile Ground For Malware
Peter Zavlaris, Analyst, RiskIQCommentary
How big-brand corporate websites are becoming a popular method for mass distribution of exploit kits on vulnerable computers.
By Peter Zavlaris Analyst, RiskIQ, 10/15/2014
Comment7 comments  |  Read  |  Post a Comment
Mastering Security Analytics
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
By Ericka Chickowski Contributing Writer, Dark Reading, 10/14/2014
Comment1 Comment  |  Read  |  Post a Comment
HBGary Founder Launches New Security Startup
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Greg Hoglund's new Outlier Security offers SaaS-based security and IR for endpoints.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/7/2014
Comment1 Comment  |  Read  |  Post a Comment
Software Assurance: Time to Raise the Bar on Static Analysis
Kevin E. Greene, Software Assurance Program Manager, Department of Homeland Security Science & Technology DirectorateCommentary
The results from tools studies suggest that using multiple tools together can produce more powerful analytics and more accurate results.
By Kevin E. Greene Software Assurance Program Manager, Department of Homeland Security Science & Technology Directorate, 9/30/2014
Comment8 comments  |  Read  |  Post a Comment
Coordinated Attacks Call For More Sophisticated Cyber Defense
Henry Kenyon, Commentary
Agencies and industry are rethinking how they defend against coordinated attacks by teams of specialized hackers.
By Henry Kenyon , 9/29/2014
Comment0 comments  |  Read  |  Post a Comment
Amazon Reboots Cloud Servers, Xen Bug Blamed
Charles Babcock, Editor At Large, InformationWeek Commentary
Amazon tells customers it has to patch and reboot 10% of its EC2 cloud servers before Oct. 1.
By Charles Babcock Editor At Large, InformationWeek , 9/26/2014
Comment4 comments  |  Read  |  Post a Comment
ISIS Cyber Threat To US Under Debate
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
ICS/SCADA systems and networks hackable but not easily cyber-sabotaged without industrial engineering know-how, experts say.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/23/2014
Comment7 comments  |  Read  |  Post a Comment
'Hand-To-Hand Digital Combat' With Threat Actors
Sara Peters, Senior Editor at Dark ReadingQuick Hits
CrowdStrike CEO and co-founder George Kurtz explains how to fight attackers, not fight malware.
By Sara Peters Senior Editor at Dark Reading, 9/23/2014
Comment2 comments  |  Read  |  Post a Comment
The Truth About Ransomware: You’re On Your Own
Andrew Hay, Sr. Security Research Lead & Evangelist, OpenDNSCommentary
What should enterprises do when faced with ransomware? The answer is, it depends.
By Andrew Hay Sr. Security Research Lead & Evangelist, OpenDNS, 9/22/2014
Comment1 Comment  |  Read  |  Post a Comment
Franchising The Chinese APT
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
At least two different cyber espionage gangs in China appear to be employing uniform tools and techniques, FireEye finds.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/11/2014
Comment7 comments  |  Read  |  Post a Comment
Secure The Core: Advice For Agencies Under Attack
Vijay Basani, CEO, EiQ NetworksCommentary
When facing state-sponsored attacks, perimeter security is never enough.
By Vijay Basani CEO, EiQ Networks, 9/3/2014
Comment2 comments  |  Read  |  Post a Comment
Breach of Homeland Security Background Checks Raises Red Flags
Sara Peters, Senior Editor at Dark ReadingNews
"We should be burning down the house over this," says a GRC expert.
By Sara Peters Senior Editor at Dark Reading, 8/25/2014
Comment13 comments  |  Read  |  Post a Comment
All In For The Coming World of 'Things'
Don Bailey, Founder & CEO, Lab Mouse SecurityCommentary
At a Black Hat round table, experts discuss the strategies necessary to lock down the Internet of Things, the most game-changing concept in Internet history.
By Don Bailey Founder & CEO, Lab Mouse Security, 8/25/2014
Comment6 comments  |  Read  |  Post a Comment
Healthcare Industry, Feds Talk Information Sharing
Brian Prince, Contributing Writer, Dark ReadingNews
Representatives from the healthcare industry as well as government discuss importance of threat intelligence-sharing in light of the Community Health Systems breach.
By Brian Prince Contributing Writer, Dark Reading, 8/22/2014
Comment0 comments  |  Read  |  Post a Comment
Hacker Or Military? Best Of Both In Cyber Security
John B. Dickson, CISSP,  Principal, Denim GroupCommentary
How radically different approaches play out across the security industry.
By John B. Dickson CISSP, Principal, Denim Group, 8/21/2014
Comment6 comments  |  Read  |  Post a Comment
Community Health Systems Breach Atypical For Chinese Hackers
Sara Peters, Senior Editor at Dark ReadingNews
Publicly traded healthcare organization's stock goes up as breach notifications go out.
By Sara Peters Senior Editor at Dark Reading, 8/18/2014
Comment8 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by AnonymousMan
Current Conversations LOL.
In reply to: Re: Time for Apple Pay?
Post Your Own Reply
More Conversations
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7298
Published: 2014-10-24
adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality.

CVE-2014-8346
Published: 2014-10-24
The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic.

CVE-2014-0619
Published: 2014-10-23
Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1.7 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the current working directory.

CVE-2014-2230
Published: 2014-10-23
Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php.

CVE-2014-7281
Published: 2014-10-23
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.