Attacks/Breaches
News & Commentary
Moose Malware Uses Linux Routers For Social Network Fraud
Sara Peters, Senior Editor at Dark ReadingNews
Linux/Moose is sophisticated enough to do DNS hijacks, DDoSes, and deep network penetration...so why is it wasting its time on Instagram?
By Sara Peters Senior Editor at Dark Reading, 5/27/2015
Comment2 comments  |  Read  |  Post a Comment
Escalating Cyberattacks Threaten US Healthcare Systems
Rick Kam and Larry Ponemon, Rick Kam, President & Co-founder, ID Experts & Larry Ponemon, Chairman & Founder, Ponemon InstituteCommentary
Electronic health records are prime targets because healthcare organizations lack the resources, processes, and technologies to protect them. And it’s only going to get worse.
By Rick Kam and Larry Ponemon Rick Kam, President & Co-founder, ID Experts & Larry Ponemon, Chairman & Founder, Ponemon Institute, 5/27/2015
Comment0 comments  |  Read  |  Post a Comment
What Data Breaches Now Cost And Why
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New Ponemon report says the cost of a data breach has increased by 23% and healthcare and education breaches are the most pricey.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/27/2015
Comment1 Comment  |  Read  |  Post a Comment
IRS Breach Exposes 100,000 Taxpayers' Tax Returns, Other Data
Dark Reading Staff, Quick Hits
Online 'Get Transcript' service accessed from February to mid-May.
By Dark Reading Staff , 5/26/2015
Comment7 comments  |  Read  |  Post a Comment
Profile Of A Cybercrime Petty Thief
Sara Peters, Senior Editor at Dark ReadingNews
Trend Micro provides peek at methods of amateur, lone-wolf carder.
By Sara Peters Senior Editor at Dark Reading, 5/26/2015
Comment0 comments  |  Read  |  Post a Comment
State-Sponsored Cybercrime: A Growing Business Threat
David Venable,  Director, Professional Services, Masergy CommunicationsCommentary
You don’t have to be the size of Sony -- or even mock North Korea -- to be a target.
By David Venable Director, Professional Services, Masergy Communications, 5/26/2015
Comment1 Comment  |  Read  |  Post a Comment
DR Radio: Incident Response War-Gaming
Sara Peters, Senior Editor at Dark ReadingCommentary
Learn how to practice the post-breach panicking.
By Sara Peters Senior Editor at Dark Reading, 5/25/2015
Comment2 comments  |  Read  |  Post a Comment
Cyber Threat Analysis: A Call for Clarity
Michael McMahon, Director, Cyber Strategy & Analysis, Innovative Analytics & Training, LLCCommentary
The general public deserves less hyperbole and more straight talk
By Michael McMahon Director, Cyber Strategy & Analysis, Innovative Analytics & Training, LLC, 5/22/2015
Comment8 comments  |  Read  |  Post a Comment
1.1 Million Hit In Another BlueCross BlueShield Breach
Dark Reading Staff, Quick Hits
CareFirst BCBS announces breach, two months after Premera Blue Cross disclosed a breach of 11 million records.
By Dark Reading Staff , 5/20/2015
Comment0 comments  |  Read  |  Post a Comment
Planes, Tweets & Possible Hacks From Seats
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
There are conflicting reports over whether security researcher Chris Roberts hacked into flight controls and manipulated a plane.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/20/2015
Comment9 comments  |  Read  |  Post a Comment
Hacking Airplanes: No One Benefits When Lives Are Risked To Prove A Point
Don Bailey, Founder & CEO, Lab Mouse SecurityCommentary
In the brave new world of self-driving cars and Wifi-enabled pacemakers, everything we do as information security professionals, everything we hack, every joke we make on Twitter, has real, quantifiable consequences.
By Don Bailey Founder & CEO, Lab Mouse Security, 5/19/2015
Comment7 comments  |  Read  |  Post a Comment
Why We Can't Afford To Give Up On Cybersecurity Defense
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
There is no quick fix, but organizations can massively reduce the complexity of building secure applications by empowering developers with four basic practices.
By Jeff Williams CTO, Aspect Security & Contrast Security, 5/18/2015
Comment3 comments  |  Read  |  Post a Comment
The Cybercrime Carnival in Brazil: Loose Cyberlaws Make for Loose Cybercriminals
Limor S Kessem, Sr. Cybersecurity Evangelist, IBM SecurityCommentary
Brazil loses over $8 billion a year to Internet crime, making it the second-largest cybercrime generator in the world.
By Limor S Kessem Sr. Cybersecurity Evangelist, IBM Security, 5/15/2015
Comment8 comments  |  Read  |  Post a Comment
Teaming Up to Educate and Enable Better Defense Against Phishing
Rees Johnson, Sr. VP and GM the Content Security Business Unit, Intel Security
Companies need to both educate their employees and implement prevention technology.
By Rees Johnson Sr. VP and GM the Content Security Business Unit, Intel Security, 5/13/2015
Comment4 comments  |  Read  |  Post a Comment
Oil & Gas Firms Hit By Cyberattacks That Forgo Malware
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New spin on the 'Nigerian scam' scams crude oil buyers out of money with bait-and-switch.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/13/2015
Comment0 comments  |  Read  |  Post a Comment
Taking A Security Program From Zero To Hero
Joshua Goldfarb, VP & CTO - Americas, FireEye.Commentary
Breaking the enigma of InfoSec into smaller bites is a proven method for building up an organization’s security capabilities. Here are six steps to get you started.
By Joshua Goldfarb VP & CTO - Americas, FireEye., 5/13/2015
Comment2 comments  |  Read  |  Post a Comment
Verizon 2015 Data Breach Cover Puzzler Solved: Defending Champs Win
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The 2015 DBIR Cover Challenge is as highly anticipated by some as the DBIR report itself.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/12/2015
Comment0 comments  |  Read  |  Post a Comment
Vulnerability Disclosure Deja Vu: Prosecute Crime Not Research
Katie Moussouris, Chief Policy Officer, HackerOneCommentary
There is a lesson to be learned from a locksmith living 150 years ago: Attackers and criminals are the only parties who benefit when security researchers fear the consequences for reporting issues.
By Katie Moussouris Chief Policy Officer, HackerOne, 5/12/2015
Comment10 comments  |  Read  |  Post a Comment
First Example Of SAP Breach Surfaces
Ericka Chickowski, Contributing Writer, Dark ReadingNews
USIS attack in 2013 stealing background check information about government personnel with classified clearance came by way of an SAP exploit.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/12/2015
Comment0 comments  |  Read  |  Post a Comment
Protecting The Data Lifecycle From Network To Cloud
Gerry Grealish, CMO, PerspecsysCommentary
Enterprises are pushing more sensitive and regulated data into the public cloud than ever before. But the journey carries many new risks.
By Gerry Grealish CMO, Perspecsys, 5/12/2015
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-6628
Published: 2015-05-28
Aruba Networks ClearPass Policy Manager (CPPM) before 6.5.0 allows remote administrators to execute arbitrary code via unspecified vectors.

CVE-2015-1389
Published: 2015-05-28
Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote attackers to inject arbitrary web script or HTML via the username parameter to tips/tipsLoginSubmit.action.

CVE-2015-1392
Published: 2015-05-28
Multiple SQL injection vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to execute arbitrary SQL commands via unspecified vectors.

CVE-2015-1550
Published: 2015-05-28
Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote administrators to execute arbitrary files via unspecified vectors.

CVE-2015-1551
Published: 2015-05-28
Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.4 allows remote administrators to read arbitrary files via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
After a serious cybersecurity incident, everyone will be looking to you for answers -- but you’ll never have complete information and you’ll never have enough time. So in those heated moments, when a business is on the brink of collapse, how will you and the rest of the board room executives respond?