Vulnerabilities / Threats // Advanced Threats
News & Commentary
Hacker Or Military? Best Of Both In Cyber Security
John B. Dickson, CISSP,  Principal, Denim GroupCommentary
How radically different approaches play out across the security industry.
By John B. Dickson CISSP, Principal, Denim Group, 8/21/2014
Comment4 comments  |  Read  |  Post a Comment
Community Health Systems Breach Atypical For Chinese Hackers
Sara Peters, Senior Editor at Dark ReadingNews
Publicly traded healthcare organization's stock goes up as breach notifications go out.
By Sara Peters Senior Editor at Dark Reading, 8/18/2014
Comment8 comments  |  Read  |  Post a Comment
Researcher Finds Potholes In Vehicle Traffic Control Systems
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Hundreds of thousands of road traffic sensors and repeater equipment are at risk of attack, researcher says.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/9/2014
Comment15 comments  |  Read  |  Post a Comment
No Fixes In Sight For Satellite Terminal Flaws
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
At Black Hat USA, a researcher who in April revealed weaknesses in popular satellite ground terminal equipment found on air, land and sea, demonstrates possible attack scenarios.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/7/2014
Comment2 comments  |  Read  |  Post a Comment
Heartbleed, GotoFail Bring Home Pwnie Awards
Sara Peters, Senior Editor at Dark ReadingQuick Hits
The Pwnie Awards celebrate the best bug discoveries and worst security fails.
By Sara Peters Senior Editor at Dark Reading, 8/7/2014
Comment5 comments  |  Read  |  Post a Comment
Dan Geer Touts Liability Policies For Software Vulnerabilities
Sara Peters, Senior Editor at Dark ReadingNews
Vendor beware. At Black Hat, Dan Geer suggests legislation to change product liability and abandonment rules for vulnerable and unsupported software.
By Sara Peters Senior Editor at Dark Reading, 8/6/2014
Comment6 comments  |  Read  |  Post a Comment
TSA Checkpoint Systems Found Exposed On The Net
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researcher Billy Rios exposes new threats to airport security systems.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/6/2014
Comment2 comments  |  Read  |  Post a Comment
Dark Reading Plans Special Coverage Of Black Hat USA 2014
Tim Wilson, Editor in Chief, Dark ReadingCommentary
Radio shows, daily newsletter, and panel sessions highlight Dark Reading's comprehensive coverage of the Black Hat conference.
By Tim Wilson Editor in Chief, Dark Reading, 8/4/2014
Comment0 comments  |  Read  |  Post a Comment
The World's Most Hackable Cars
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers find 2014 models of Dodge Viper, Audi A8, Honda Accord are the least likely to be hit by hackers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/2/2014
Comment24 comments  |  Read  |  Post a Comment
10 Dramatic Moments In Black Hat History
Ericka Chickowski, Contributing Writer, Dark Reading
From Google hacking to ATM "jackpotting" to the NSA -- Black Hat has had some memorable moments over the years.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/31/2014
Comment4 comments  |  Read  |  Post a Comment
Researchers Develop 'BlackForest' To Collect, Correlate Threat Intelligence
Brian Prince, Contributing Writer, Dark ReadingNews
Researchers at the Georgia Tech Research Institute develop the BlackForest system to help organizations uncover and anticipate cyberthreats.
By Brian Prince Contributing Writer, Dark Reading, 7/25/2014
Comment2 comments  |  Read  |  Post a Comment
Government-Grade Stealth Malware In Hands Of Criminals
Sara Peters, Senior Editor at Dark ReadingNews
"Gyges" can be bolted onto other malware to hide it from anti-virus, intrusion detection systems, and other security tools.
By Sara Peters Senior Editor at Dark Reading, 7/17/2014
Comment13 comments  |  Read  |  Post a Comment
Senate Hearing Calls For Changes To Cybercrime Law
Sara Peters, Senior Editor at Dark ReadingNews
In the wake of Microsoft's seizure of No-IP servers and domains, private and public sector representatives met to discuss what can be done to address the problem of botnets.
By Sara Peters Senior Editor at Dark Reading, 7/16/2014
Comment10 comments  |  Read  |  Post a Comment
In Fog Of Cyberwar, US Tech Is Caught In Crossfire
Julian Waits, President & CEO, ThreatTrack SecurityCommentary
Distrust of the US intelligence community is eroding consumer confidence and hampering US technology firms on the global stage at a time when the sector should be showing unprecedented growth.
By Julian Waits President & CEO, ThreatTrack Security, 7/9/2014
Comment9 comments  |  Read  |  Post a Comment
Chinese Attackers Targeting U.S. Think Tanks, Researchers Say
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Government-backed group "Deep Panda" compromised "several" nonprofit national security policy research organizations, CrowdStrike says
By Tim Wilson Editor in Chief, Dark Reading, 7/7/2014
Comment0 comments  |  Read  |  Post a Comment
Microsoft's Seizure Of No-IP Domains Disrupted Criminals & Innocents Alike
Sara Peters, Senior Editor at Dark ReadingNews
Microsoft successfully disrupted roughly one-quarter of the APT actors Kaspersky monitors, but took down millions of innocent hostnames too.
By Sara Peters Senior Editor at Dark Reading, 7/3/2014
Comment6 comments  |  Read  |  Post a Comment
CosmicDuke: Cosmu & MiniDuke Mash-Up
Sara Peters, Senior Editor at Dark ReadingNews
F-Secure believes that the combo malware might have connections to the perpetrators of the miniDuke attacks.
By Sara Peters Senior Editor at Dark Reading, 7/2/2014
Comment1 Comment  |  Read  |  Post a Comment
Cyberspying Campaign Comes With Sabotage Option
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New research from Symantec spots US and Western European energy interests in the bull's eye, but the campaign could encompass more than just utilities.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/30/2014
Comment3 comments  |  Read  |  Post a Comment
As Stuxnet Anniversary Approaches, New SCADA Attack Is Discovered
Sara Peters, Senior Editor at Dark ReadingNews
F-Secure has unearthed a new attack against industrial control systems that goes after European targets, using rare infection vectors.
By Sara Peters Senior Editor at Dark Reading, 6/26/2014
Comment4 comments  |  Read  |  Post a Comment
Luuuk Stole Half-Million Euros in One Week
Sara Peters, Senior Editor at Dark ReadingNews
A man-in-the-browser and a big team of money mules quickly, systematically robbed 190 account holders at a European bank.
By Sara Peters Senior Editor at Dark Reading, 6/25/2014
Comment8 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0232
Published: 2014-08-22
Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a (1)...

CVE-2014-3525
Published: 2014-08-22
Unspecified vulnerability in Apache Traffic Server 4.2.1.1 and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks.

CVE-2014-3594
Published: 2014-08-22
Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name.

CVE-2014-4197
Published: 2014-08-22
Multiple SQL injection vulnerabilities in Bank Soft Systems (BSS) RBS BS-Client 3.17.9 allow remote attackers to execute arbitrary SQL commands via the (1) CARDS or (2) XACTION parameter.

CVE-2014-5097
Published: 2014-08-22
Multiple SQL injection vulnerabilities in Free Reprintables ArticleFR 3.0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) get or (2) set action to rate.php.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.