Analytics
News & Commentary
What You Need To Know About Nation-State Hacked Hard Drives
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The nation-state Equation Group compromise of most popular hard drives won't be a widespread threat, but future disk security -- and forensic integrity -- remain unclear.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/2/2015
Comment9 comments  |  Read  |  Post a Comment
Cyber Intelligence: Defining What You Know
Jason Polancich, Founder & Chief Architect, SurfWatchLabsCommentary
Too often management settles for security data about things that are assumed rather than things you can prove or that you know are definitely wrong.
By Jason Polancich Founder & Chief Architect, SurfWatchLabs, 2/27/2015
Comment1 Comment  |  Read  |  Post a Comment
DOJ R&D Agency Awards Grants For Speedier Digital Forensics
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The US Department of Justice's National Institute of Justice is funding new incident response technology to assist law enforcement.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/23/2015
Comment0 comments  |  Read  |  Post a Comment
NSA, GCHQ Theft Of SIM Crypto Keys Raises Fresh Security Concerns
Jai Vijayan, Freelance writerNews
Pilfered SIM card encryption keys also could allow the spy agencies to deploy malicious Java applets or to send rogue SMS messages from fake cell towers, experts say.
By Jai Vijayan Freelance writer, 2/20/2015
Comment1 Comment  |  Read  |  Post a Comment
Who Cares Who’s Behind A Data Breach?
Kerstyn Clover, Attack & Defense Team ConsultantCommentary
Attribution takes a long time, a lot of work, and a healthy dose of luck. But is it worth the effort?
By Kerstyn Clover Attack & Defense Team Consultant, 2/20/2015
Comment27 comments  |  Read  |  Post a Comment
HP Goes Open Source For Haven Predictive Analytics
Curtis Franklin Jr., Executive Editor, Technical ContentCommentary
HP develops Haven Predictive Analytics for big data, then releases it as open source software.
By Curtis Franklin Jr. Executive Editor, Technical Content, 2/18/2015
Comment0 comments  |  Read  |  Post a Comment
Obama, Tim Cook, Others Debate Sharing Cyber Security Data
Thomas Claburn, Editor at Large, Enterprise MobilityNews
The Obama White House wants more effective sharing of cyber security data between the public and private sectors. Despite some snubs, Apple's Tim Cook spoke at a special summit on the issue.
By Thomas Claburn Editor at Large, Enterprise Mobility, 2/14/2015
Comment6 comments  |  Read  |  Post a Comment
How Anthem Shared Key Markers Of Its Cyberattack
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Insurer shared the MD5 malware hashes, IP addresses, and email addresses used by its attackers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/12/2015
Comment1 Comment  |  Read  |  Post a Comment
How Malware Bypasses Our Most Advanced Security Measures
Alon Nafta, Senior Security Researcher, SentinelOneCommentary
We unpack three common attack vectors and five evasion detection techniques.
By Alon Nafta Senior Security Researcher, SentinelOne, 2/10/2015
Comment8 comments  |  Read  |  Post a Comment
Nation-State Cyber Espionage, Targeted Attacks Becoming Global Norm
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New report shows 2014 as the year of China's renewed resiliency in cyber espionage--with Hurricane Panda storming its targets--while Russia, Iran, and North Korea, emerging as major players in hacking for political, nationalistic, and competitive gain.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/10/2015
Comment2 comments  |  Read  |  Post a Comment
Report: Russian Hacker Broke Into Sony & Is Still There
Sara Peters, Senior Editor at Dark ReadingNews
But can we trust the words of black hat hackers with unclear motives for candor? Either way, report supports credible theory of multiple attackers hitting Sony.
By Sara Peters Senior Editor at Dark Reading, 2/4/2015
Comment2 comments  |  Read  |  Post a Comment
Shifting Paradigms: The Case for Cyber Counter-Intelligence
Adam Firestone, President & GM, Kaspersky Government Security SolutionsCommentary
Cyber Counter-Intelligence and traditional information security share many aspects. But CCI picks up where infosec ends -- with an emphasis on governance, automation, timeliness, and reporting.
By Adam Firestone President & GM, Kaspersky Government Security Solutions, 2/4/2015
Comment2 comments  |  Read  |  Post a Comment
How The Skills Shortage Is Killing Defense in Depth
David Holmes, World-Wide Security Evangelist, F5Commentary
It used to be easy to sell specialized security gizmos but these days when a point product gets pitched to a CSO, the response is likely “looks nifty, but I don’t have the staff to deploy it.”
By David Holmes World-Wide Security Evangelist, F5, 1/30/2015
Comment12 comments  |  Read  |  Post a Comment
Power Consumption Technology Could Help Enterprises Identify Counterfeit Devices
Tim Wilson, Editor in Chief, Dark ReadingCommentary
Understanding a device's "power fingerprint" might make it possible to detect security anomalies in Internet of Things as well, startup says
By Tim Wilson Editor in Chief, Dark Reading, 1/26/2015
Comment1 Comment  |  Read  |  Post a Comment
New Technology Detects Cyberattacks By Their Power Consumption
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Startup's "power fingerprinting" approach catches stealthy malware within milliseconds in DOE test.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/20/2015
Comment2 comments  |  Read  |  Post a Comment
Why North Korea Hacks
Mike Walls, Managing Director Security Operations & Analysis, EdgeWaveCommentary
The motivation behind Democratic People’s Republic of Korea hacking is rooted in a mix of retribution, paranoia, and the immature behavior of an erratic leader.
By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 1/15/2015
Comment10 comments  |  Read  |  Post a Comment
Nation-State Cyberthreats: Why They Hack
Mike Walls, Managing Director Security Operations & Analysis, EdgeWaveCommentary
All nations are not created equal and, like individual hackers, each has a different motivation and capability.
By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 1/8/2015
Comment10 comments  |  Read  |  Post a Comment
Using Free Tools To Detect Attacks On ICS/SCADA Networks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
ICS/SCADA experts say open-source network security monitoring software is a simple and cheap way to catch hackers targeting plant operations.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/8/2015
Comment0 comments  |  Read  |  Post a Comment
Deconstructing The Sony Hack: What I Know From Inside The Military
Jeff Schilling, CSO, FirehostCommentary
Don't get caught up in the guessing game on attribution. The critical task is to understand the threat data and threat actor tactics to ensure you are not vulnerable to the same attack.
By Jeff Schilling CSO, Firehost, 1/6/2015
Comment15 comments  |  Read  |  Post a Comment
Cybercrime Dipped During Holiday Shopping Season
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The number of businesses breached dropped by half from years past, but attackers got more bang for their buck in terms of stolen records, a new IBM report reveals.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/5/2015
Comment7 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8617
Published: 2015-03-04
Cross-site scripting (XSS) vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via the release parameter to module/re...

CVE-2015-2209
Published: 2015-03-04
DLGuard 4.5 allows remote attackers to obtain the installation path via the c parameter to index.php.

CVE-2014-7896
Published: 2015-03-03
Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered Storage Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Replication Manager 6.x and 7.x before ...

CVE-2014-9283
Published: 2015-03-03
The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vectors.

CVE-2014-9683
Published: 2015-03-03
Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.