Attacks/Breaches
News & Commentary
Poll: Employees Clueless About Social Engineering
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Not surprisingly, our latest poll confirms that threats stemming from criminals hacking humans are all too frequently ignored.
By Marilyn Cohodas Community Editor, Dark Reading, 10/2/2014
Comment0 comments  |  Read  |  Post a Comment
SuperValu Reports Second Cyberattack
Brian Prince, Contributing Writer, Dark ReadingNews
So far, no payment card data is known to have been stolen, according to the company.
By Brian Prince Contributing Writer, Dark Reading, 10/1/2014
Comment0 comments  |  Read  |  Post a Comment
Software Assurance: Time to Raise the Bar on Static Analysis
Kevin E. Greene, Software Assurance Program Manager, Department of Homeland Security Science & Technology DirectorateCommentary
The results from tools studies suggest that using multiple tools together can produce more powerful analytics and more accurate results.
By Kevin E. Greene Software Assurance Program Manager, Department of Homeland Security Science & Technology Directorate, 9/30/2014
Comment5 comments  |  Read  |  Post a Comment
Coordinated Attacks Call For More Sophisticated Cyber Defense
Henry Kenyon, Commentary
Agencies and industry are rethinking how they defend against coordinated attacks by teams of specialized hackers.
By Henry Kenyon , 9/29/2014
Comment0 comments  |  Read  |  Post a Comment
Making Sense Of Shellshock Attack Chaos
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Attacks against the Bash bug increase in volume and variety, with an emphasis on information gathering and botnet building.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/29/2014
Comment4 comments  |  Read  |  Post a Comment
Shellshock's Threat To Healthcare
Mac McMillan, CEO, CynergisTekCommentary
The Bash bug is everywhere, including in medical devices. The industry must be better prepared to protect itself and patients.
By Mac McMillan CEO, CynergisTek, 9/29/2014
Comment2 comments  |  Read  |  Post a Comment
Breach Awareness Made Easy
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
What if companies had to disclose breach history in the same way food companies display nutritional information?
By Sara Peters Senior Editor at Dark Reading, 9/26/2014
Comment3 comments  |  Read  |  Post a Comment
Shellshocked: A Future Of ‘Hair On Fire’ Bugs
Paul Vixie, Chairman & CEO, Farsight Security, Inc.Commentary
Most computers affected by Bash will be updated within 10 years. The rest will be vulnerable for the lifespans of all humans now living. This should concern us. But then, global warming should also concern us.
By Paul Vixie Chairman & CEO, Farsight Security, Inc., 9/26/2014
Comment22 comments  |  Read  |  Post a Comment
Malvertising Could Rival Exploit Kits
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Spate of malvertising campaigns gain steam in recent months, including the Kyle and Stan network, which researchers now believe is nine times bigger than initially estimated.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/25/2014
Comment2 comments  |  Read  |  Post a Comment
'Shellshock' Bash Bug Impacts Basically Everything, Exploits Appear In Wild
Sara Peters, Senior Editor at Dark ReadingNews
CGI-based web servers are the biggest target, but other web servers, hosting services, embedded systems, Mac OSX, and IoT endpoints are all at risk.
By Sara Peters Senior Editor at Dark Reading, 9/25/2014
Comment6 comments  |  Read  |  Post a Comment
'BERserk' Bug Uncovered In Mozilla NSS Crypto Library Impacts Firefox, Chrome
Brian Prince, Contributing Writer, Dark ReadingNews
Attackers can exploit the bug to create forged RSA certificates -- it affects versions of Firefox, Thunderbird, Chrome, and SeaMonkey.
By Brian Prince Contributing Writer, Dark Reading, 9/25/2014
Comment1 Comment  |  Read  |  Post a Comment
How SaaS Adoption Is Changing Cloud Security
Tal Klein, VP Strategy, AdallomCommentary
Sanctioning cloud-based services requires a new approach to security that "assumes breach" and accounts for the limitations of endpoint and perimeter defenses.
By Tal Klein VP Strategy, Adallom, 9/25/2014
Comment6 comments  |  Read  |  Post a Comment
From Securities To Security: Why The SEC Is Bringing Cyber To The Boardroom
Stephen Boyer, CTO & Founder, BitSight TechnologiesCommentary
The SEC is emerging as a key proponent of corporate cyber security responsibility and diligence. What does that mean for the CISO?
By Stephen Boyer CTO & Founder, BitSight Technologies, 9/24/2014
Comment5 comments  |  Read  |  Post a Comment
Creating A DDoS Response Playbook
Brian Prince, Contributing Writer, Dark ReadingNews
A new report details challenges posed by DDoS attacks that you might not have considered.
By Brian Prince Contributing Writer, Dark Reading, 9/23/2014
Comment1 Comment  |  Read  |  Post a Comment
Healthcare Needs Cyber Security Leadership & Governance
Mansur Hasib, Contributing WriterCommentary
Cyber security breaches point to a bigger problem than inadequate security technology or processes. They point to failed leadership and governance strategies.
By Mansur Hasib Contributing Writer, 9/23/2014
Comment4 comments  |  Read  |  Post a Comment
Dark Reading Radio: Trends In Application Security
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
How can we get more security baked into applications? Join us for a discussion today, Wednesday, September 24, at 1:00 p.m. New York, 10 a.m. San Francisco time.
By Marilyn Cohodas Community Editor, Dark Reading, 9/23/2014
Comment0 comments  |  Read  |  Post a Comment
The Truth About Ransomware: You’re On Your Own
Andrew Hay, Sr. Security Research Lead & Evangelist, OpenDNSCommentary
What should enterprises do when faced with ransomware? The answer is, it depends.
By Andrew Hay Sr. Security Research Lead & Evangelist, OpenDNS, 9/22/2014
Comment1 Comment  |  Read  |  Post a Comment
Home Depot Breach Surpasses Target In Scope
Brian Prince, Contributing Writer, Dark ReadingNews
New details have emerged about the breach affecting Home Depot, which exposed 56 million payment cards in stores in the US and Canada and utilized custom malware.
By Brian Prince Contributing Writer, Dark Reading, 9/19/2014
Comment6 comments  |  Read  |  Post a Comment
An AppSec Report Card: Developers Barely Passing
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
A new study reveals that application developers are getting failing grades when it comes to their knowledge of critical security such as how to protect sensitive data, Web services, and threat modeling.
By Jeff Williams CTO, Aspect Security & Contrast Security, 9/19/2014
Comment11 comments  |  Read  |  Post a Comment
5 Ways To Monitor DNS Traffic For Security Threats
Dave Piscitello, VP Security, ICANNCommentary
Check out these examples of how to implement real-time or offline traffic monitoring using common commercial or open source security products.
By Dave Piscitello VP Security, ICANN, 9/18/2014
Comment4 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
3 Places to Enable 2-Factor Authentication Now
3 Places to Enable 2-Factor Authentication Now
Two-factor authentication is a ubiquitous, mature technology. Whether or not you use it for your network, here are three external services for which you should immediately enable it.
Comment1 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-6856
Published: 2014-10-02
The AHRAH (aka com.vet2pet.aid219426) application 219426 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6857
Published: 2014-10-02
The Car Wallpapers HD (aka com.arab4x4.gallery.app) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6858
Published: 2014-10-02
The Mostafa Shemeas (aka com.mostafa.shemeas.website) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6859
Published: 2014-10-02
The Daum Maps - Subway (aka net.daum.android.map) application 3.9.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-6860
Published: 2014-10-02
The Trial Tracker (aka com.etcweb.android.trial_tracker) application 1.1.9 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Chris Hadnagy, who hosts the annual Social Engineering Capture the Flag Contest at DEF CON, will discuss the latest trends attackers are using.