News & Commentary
Latest Content
Page 1 / 2   >   >>
JP Morgan Targeted in New Phishing Campaign
Quick Hits  |  8/22/2014  | 
Double-whammy 'Smash and Grab' hits targets with two ways to steal credentials.
Flash Poll: CSOs Need A New Boss
Commentary  |  8/22/2014  | 
Only one out of four respondents to our flash poll think the CSO should report to the CIO.
Hacker Or Military? Best Of Both In Cyber Security
Commentary  |  8/21/2014  | 
How radically different approaches play out across the security industry.
51 UPS Stores' Point-of-Sale Systems Breached
News  |  8/21/2014  | 
Customers will not receive individual breach notifications.
Heartbleed Not Only Reason For Health Systems Breach
News  |  8/20/2014  | 
Community Health Systems' bad patching practices are nothing compared to its poor encryption, network monitoring, fraud detection, and data segmentation, experts say.
Website Attack Attempts Via Vegas Rose During Black Hat, DEF CON
Quick Hits  |  8/20/2014  | 
Data snapshot from Imperva shows major jump in malicious activity during security and hacker conferences in Sin City.
US, German Researchers Build Android Security Framework
News  |  8/20/2014  | 
The Android Security Modules (ASM) framework aims to streamline and spread security features, updates to Android devices.
Debugging The Myths Of Heartbleed
Commentary  |  8/20/2014  | 
Does Heartbleed really wreak havoc without a trace? The media and many technical sites seemed convinced of this, but some of us were skeptical.
Q&A: DEF CON At 22
News  |  8/19/2014  | 
DEF CON founder Jeff Moss, a.k.a. The Dark Tangent, reflects on DEF CON's evolution, the NSA fallout, and wider security awareness.
Nuclear Regulatory Commission Compromised 3 Times In Past 3 Years
Quick Hits  |  8/19/2014  | 
Unnamed actors try to swipe privileged credentials.
Access Point Pinched From Black Hat Show WLAN
Commentary  |  8/19/2014  | 
A few apparent pranks, practice DDoS attacks, and other mischievous activities were spotted on the Black Hat USA wireless network in Las Vegas this month.
Why John McAfee Is Paranoid About Mobile
Commentary  |  8/19/2014  | 
Mobile apps are posing expanding risks to both enterprises and their customers. But maybe being paranoid about mobile is actually healthy for security.
Community Health Systems Breach Atypical For Chinese Hackers
News  |  8/18/2014  | 
Publicly traded healthcare organization's stock goes up as breach notifications go out.
Pakistan The Latest Cyberspying Nation
Quick Hits  |  8/18/2014  | 
A look at Operation Arachnophobia, a suspected cyber espionage campaign against India.
Hacker Couture: As Seen At Black Hat USA, BSides, DEF CON
Slideshows  |  8/18/2014  | 
'Leet tattoos, piercings, mega-beards, (the real) John McAfee, and even a cute puppy were among the colorful sights in Las Vegas this month.
Cloud Apps & Security: When Sharing Matters
Commentary  |  8/18/2014  | 
Sharing documents and data is happening all over the cloud today but not all sharing activity carries equal risk.
Identity And Access Management Market Heats Up
News  |  8/15/2014  | 
The past few weeks have seen a number of acquisitions and investments surrounding cloud and on-premises IAM vendors.
SuperValu Food Stores Reports Network Intrusion
Quick Hits  |  8/15/2014  | 
The company is investigating whether data was breached, but it is already offering customers identity theft protection.
Infographic: 70 Percent of World's Critical Utilities Breached
Commentary  |  8/15/2014  | 
New research from Unisys and Ponemon Institute finds alarming security gaps in worldwide ICS and SCADA systems within the last 12 months.
Test Drive: GFI LanGuard 2014
Commentary  |  8/15/2014  | 
LanGuard worked well in the lab and may prove more beneficial to IT operations than security teams.
Traffic To Hosting Companies Hijacked In Crypto Currency Heist
News  |  8/14/2014  | 
Attacker likely a current or former ISP employee, researchers say.
Stuxnet Exploits Still Alive & Well
Quick Hits  |  8/14/2014  | 
Exploits continue abusing a four-year-old bug used in the Stuxnet attack, Kaspersky Lab says.
Why Patching Makes My Heart Bleed
Commentary  |  8/14/2014  | 
Heartbleed was a simple mistake that was allowed to propagate through "business as usual" patching cycles and change management. It could easily happen again.
Tech Insight: Hacking The Nest Thermostat
News  |  8/14/2014  | 
Researchers at Black Hat USA demonstrated how they were able to compromise a popular smart thermostat.
Cyberspies Target Chinese Ethnic Group
Quick Hits  |  8/13/2014  | 
Academic researchers study phishing emails targeting the World Uyghur Congress (WUC), which represents the Uyghur ethnic group residing in China and in exile.
Internet Of Things Security Reaches Tipping Point
News  |  8/13/2014  | 
Public safety issues bubble to the top in security flaw revelations.
NSA Collected More Records Than Court Allowed
News  |  8/13/2014  | 
New documents show the Foreign Intelligence Surveillance Court is stumped by the NSA's "systemic overcollection."
Time To Broaden CompSci Curriculum Beyond STEM
Commentary  |  8/13/2014  | 
Having a visual arts background may not be the traditional path for a career in infosec, but itís a skill that makes me no less effective in analyzing malware patterns -- and often faster.
Get Smart About Threat Intelligence
Infographics  |  8/13/2014  | 
Is threat intel the best way to improve defenses and stay ahead of new and complex attacks? Nearly 400 respondents to Dark Readingís new Threat Intelligence Survey seem to think so.
Security Holes Exposed In Trend Micro, Websense, Open Source DLP
News  |  8/12/2014  | 
Researchers Zach Lanier and Kelly Lum at Black Hat USA took the wraps off results of their security testing of popular data loss prevention software.
UK Reconsidering Biometrics
Quick Hits  |  8/12/2014  | 
Parliament is looking for answers about biometrics' privacy, security, future uses, and whether or not legislation is ready for what comes next.
6 Biometric Factors That Are Working Today
Slideshows  |  8/12/2014  | 
From fingerprints to wearable ECG monitors, there are real options in the market that may relegate the despised password to the dustbin of history.
CloudBot: A Free, Malwareless Alternative To Traditional Botnets
News  |  8/11/2014  | 
Researchers take advantage of cloud service providers' free trials and lousy anti-automation controls to use cloud instances like bots.
Closing The Skills Gap Between Hackers & Defenders: 4 Steps
Commentary  |  8/11/2014  | 
Improvements in security education, budgets, tools, and methods will help our industry avoid more costly and dangerous attacks and data breaches in the future.
Small IoT Firms Get A Security Assist
Quick Hits  |  8/10/2014  | 
BuildItSecure.ly, an initiative where researchers vet code for small Internet of Things vendors, in the spotlight at DEF CON 22.
Researcher Finds Potholes In Vehicle Traffic Control Systems
News  |  8/9/2014  | 
Hundreds of thousands of road traffic sensors and repeater equipment are at risk of attack, researcher says.
Automakers Openly Challenged To Bake In Security
News  |  8/8/2014  | 
An open letter sent to automobile manufacturer CEOs asks carmakers to adopt a proposed five-star cyber safety program.
The Hyperconnected World Has Arrived
Commentary  |  8/8/2014  | 
Yes, the ever-expanding attack surface of the Internet of Things is overwhelming. But next-gen security leaders gathered at Black Hat are up to the challenge.
No Fixes In Sight For Satellite Terminal Flaws
News  |  8/7/2014  | 
At Black Hat USA, a researcher who in April revealed weaknesses in popular satellite ground terminal equipment found on air, land and sea, demonstrates possible attack scenarios.
Heartbleed, GotoFail Bring Home Pwnie Awards
Quick Hits  |  8/7/2014  | 
The Pwnie Awards celebrate the best bug discoveries and worst security fails.
Attack Harbors Malware In Images
Quick Hits  |  8/7/2014  | 
'Lurk' click-fraud campaign now employing steganography.
When Good USB Devices Go Bad
News  |  8/7/2014  | 
Researchers offer more details about how USB devices can be leveraged in attacks.
Dan Geer Touts Liability Policies For Software Vulnerabilities
News  |  8/6/2014  | 
Vendor beware. At Black Hat, Dan Geer suggests legislation to change product liability and abandonment rules for vulnerable and unsupported software.
The Illegitimate Millinerís Guide to Black Hat
Commentary  |  8/6/2014  | 
A less-than-honest "Abe" goes undercover to get a behind-the-scenes look at Black Hat and its infamous attendees.
TSA Checkpoint Systems Found Exposed On The Net
News  |  8/6/2014  | 
Researcher Billy Rios exposes new threats to airport security systems.
5 Steps To Supply Chain Security
News  |  8/6/2014  | 
The integrity of enterprise data is only as strong as your most vulnerable third-party supplier or business partner. It's time to shore up these connection points.
Biggest Cache of Stolen Creds Ever Includes 1.2 Billion Unique Logins
Quick Hits  |  8/5/2014  | 
A Russian crime ring has swiped more than a billion unique username-password combinations, plus a half-million email addresses.
A Peek Inside The Black Hat Show Network
News  |  8/5/2014  | 
Black Hat USA's wireless network offers authenticated, secure access as well as 'open' access.
Dark Reading Plans Special Coverage Of Black Hat USA 2014
Commentary  |  8/4/2014  | 
Radio shows, daily newsletter, and panel sessions highlight Dark Reading's comprehensive coverage of the Black Hat conference.
How Malware Writers Cheat AV Zero-Day Detection
News  |  8/4/2014  | 
A researcher reverse engineers AVG's code emulation engine after easily bypassing other major antivirus software products.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6306
Published: 2014-08-22
Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 01Ax740_121, 760 before 760.40 Ax760_078, and 770 before 770.30 01Ax770_062 allows local users to gain Service Processor privileges via unknown vectors.

CVE-2014-0232
Published: 2014-08-22
Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a (1)...

CVE-2014-3525
Published: 2014-08-22
Unspecified vulnerability in Apache Traffic Server 4.2.1.1 and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks.

CVE-2014-3563
Published: 2014-08-22
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.

CVE-2014-3594
Published: 2014-08-22
Cross-site scripting (XSS) vulnerability in the Host Aggregates interface in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-3 allows remote administrators to inject arbitrary web script or HTML via a new host aggregate name.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.