Vulnerabilities / Threats // Advanced Threats
News & Commentary
Software Assurance: Time to Raise the Bar on Static Analysis
Kevin E. Greene, Software Assurance Program Manager, Department of Homeland Security Science & Technology DirectorateCommentary
The results from tools studies suggest that using multiple tools together can produce more powerful analytics and more accurate results.
By Kevin E. Greene Software Assurance Program Manager, Department of Homeland Security Science & Technology Directorate, 9/30/2014
Comment3 comments  |  Read  |  Post a Comment
Coordinated Attacks Call For More Sophisticated Cyber Defense
Henry Kenyon, Commentary
Agencies and industry are rethinking how they defend against coordinated attacks by teams of specialized hackers.
By Henry Kenyon , 9/29/2014
Comment0 comments  |  Read  |  Post a Comment
Amazon Reboots Cloud Servers, Xen Bug Blamed
Charles Babcock, Editor At Large, InformationWeek Commentary
Amazon tells customers it has to patch and reboot 10% of its EC2 cloud servers before Oct. 1.
By Charles Babcock Editor At Large, InformationWeek , 9/26/2014
Comment4 comments  |  Read  |  Post a Comment
ISIS Cyber Threat To US Under Debate
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
ICS/SCADA systems and networks hackable but not easily cyber-sabotaged without industrial engineering know-how, experts say.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/23/2014
Comment7 comments  |  Read  |  Post a Comment
'Hand-To-Hand Digital Combat' With Threat Actors
Sara Peters, Senior Editor at Dark ReadingQuick Hits
CrowdStrike CEO and co-founder George Kurtz explains how to fight attackers, not fight malware.
By Sara Peters Senior Editor at Dark Reading, 9/23/2014
Comment2 comments  |  Read  |  Post a Comment
The Truth About Ransomware: You’re On Your Own
Andrew Hay, Sr. Security Research Lead & Evangelist, OpenDNSCommentary
What should enterprises do when faced with ransomware? The answer is, it depends.
By Andrew Hay Sr. Security Research Lead & Evangelist, OpenDNS, 9/22/2014
Comment1 Comment  |  Read  |  Post a Comment
Franchising The Chinese APT
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
At least two different cyber espionage gangs in China appear to be employing uniform tools and techniques, FireEye finds.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/11/2014
Comment7 comments  |  Read  |  Post a Comment
Secure The Core: Advice For Agencies Under Attack
Vijay Basani, CEO, EiQ NetworksCommentary
When facing state-sponsored attacks, perimeter security is never enough.
By Vijay Basani CEO, EiQ Networks, 9/3/2014
Comment2 comments  |  Read  |  Post a Comment
Breach of Homeland Security Background Checks Raises Red Flags
Sara Peters, Senior Editor at Dark ReadingNews
"We should be burning down the house over this," says a GRC expert.
By Sara Peters Senior Editor at Dark Reading, 8/25/2014
Comment13 comments  |  Read  |  Post a Comment
All In For The Coming World of 'Things'
Don Bailey, Founder & CEO, Lab Mouse SecurityCommentary
At a Black Hat round table, experts discuss the strategies necessary to lock down the Internet of Things, the most game-changing concept in Internet history.
By Don Bailey Founder & CEO, Lab Mouse Security, 8/25/2014
Comment6 comments  |  Read  |  Post a Comment
Healthcare Industry, Feds Talk Information Sharing
Brian Prince, Contributing Writer, Dark ReadingNews
Representatives from the healthcare industry as well as government discuss importance of threat intelligence-sharing in light of the Community Health Systems breach.
By Brian Prince Contributing Writer, Dark Reading, 8/22/2014
Comment0 comments  |  Read  |  Post a Comment
Hacker Or Military? Best Of Both In Cyber Security
John B. Dickson, CISSP,  Principal, Denim GroupCommentary
How radically different approaches play out across the security industry.
By John B. Dickson CISSP, Principal, Denim Group, 8/21/2014
Comment6 comments  |  Read  |  Post a Comment
Community Health Systems Breach Atypical For Chinese Hackers
Sara Peters, Senior Editor at Dark ReadingNews
Publicly traded healthcare organization's stock goes up as breach notifications go out.
By Sara Peters Senior Editor at Dark Reading, 8/18/2014
Comment8 comments  |  Read  |  Post a Comment
Researcher Finds Potholes In Vehicle Traffic Control Systems
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Hundreds of thousands of road traffic sensors and repeater equipment are at risk of attack, researcher says.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/9/2014
Comment15 comments  |  Read  |  Post a Comment
No Fixes In Sight For Satellite Terminal Flaws
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
At Black Hat USA, a researcher who in April revealed weaknesses in popular satellite ground terminal equipment found on air, land and sea, demonstrates possible attack scenarios.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/7/2014
Comment2 comments  |  Read  |  Post a Comment
Heartbleed, GotoFail Bring Home Pwnie Awards
Sara Peters, Senior Editor at Dark ReadingQuick Hits
The Pwnie Awards celebrate the best bug discoveries and worst security fails.
By Sara Peters Senior Editor at Dark Reading, 8/7/2014
Comment5 comments  |  Read  |  Post a Comment
Dan Geer Touts Liability Policies For Software Vulnerabilities
Sara Peters, Senior Editor at Dark ReadingNews
Vendor beware. At Black Hat, Dan Geer suggests legislation to change product liability and abandonment rules for vulnerable and unsupported software.
By Sara Peters Senior Editor at Dark Reading, 8/6/2014
Comment6 comments  |  Read  |  Post a Comment
TSA Checkpoint Systems Found Exposed On The Net
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researcher Billy Rios exposes new threats to airport security systems.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/6/2014
Comment2 comments  |  Read  |  Post a Comment
Dark Reading Plans Special Coverage Of Black Hat USA 2014
Tim Wilson, Editor in Chief, Dark ReadingCommentary
Radio shows, daily newsletter, and panel sessions highlight Dark Reading's comprehensive coverage of the Black Hat conference.
By Tim Wilson Editor in Chief, Dark Reading, 8/4/2014
Comment0 comments  |  Read  |  Post a Comment
The World's Most Hackable Cars
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers find 2014 models of Dodge Viper, Audi A8, Honda Accord are the least likely to be hit by hackers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/2/2014
Comment25 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5485
Published: 2014-09-30
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.

CVE-2012-5486
Published: 2014-09-30
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

CVE-2012-5487
Published: 2014-09-30
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.

CVE-2012-5488
Published: 2014-09-30
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.

CVE-2012-5489
Published: 2014-09-30
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
In our next Dark Reading Radio broadcast, we’ll take a close look at some of the latest research and practices in application security.