Attacks/Breaches
News & Commentary
Malware Author Stamped Code 'For Targeted Attacks Only'
Sara Peters, Senior Editor at Dark ReadingNews
When the Microsoft Word Intruder Office malware creation kit got too high-profile, the developer changed terms of service, Sophos report says.
By Sara Peters Senior Editor at Dark Reading, 9/2/2015
Comment0 comments  |  Read  |  Post a Comment
We Can Allow Cybersecurity Research Without Stifling Innovation
Gavin Reid, Vice President, Threat Intelligence, Lancope IncCommentary
The U.S. government is in a unique position to become a global leader in cybersecurity. But only if it retains the open spirit of the Internet that kick-started the Information Age.
By Gavin Reid Vice President, Threat Intelligence, Lancope Inc, 9/1/2015
Comment0 comments  |  Read  |  Post a Comment
Biggest Apple Account Theft Ever Hits Only JailBroken iOS Devices
Sara Peters, Senior Editor at Dark ReadingNews
KeyRaider stole 225,000 legitimate Apple accounts and slammed devices with ransomware and phony purchases, but only jailbroken gear, mostly in China, is affected.
By Sara Peters Senior Editor at Dark Reading, 8/31/2015
Comment2 comments  |  Read  |  Post a Comment
Ashley Madison CEO Resigns
Dark Reading Staff, Quick Hits
Once again, a security breach claims an executive's job, but the business plans to continue operating.
By Dark Reading Staff , 8/28/2015
Comment6 comments  |  Read  |  Post a Comment
FBI Sounds Alarm Again On Business Email Compromise Threat
Jai Vijayan, Freelance writerNews
Over 7,000 US business have been victimized by so-called BEC fraud between October 2013 and August 2015 alone, the FBI said in an alert this week.
By Jai Vijayan Freelance writer, 8/28/2015
Comment2 comments  |  Read  |  Post a Comment
The 7 ‘Most Common’ RATS In Use Today
Udi Shamir, Chief Security Officer, SentinelOneCommentary
Sniffing out RATS -- remote access Trojans -- is a challenge for even the most hardened cyber defender. Here’s a guide to help you in the hunt.
By Udi Shamir Chief Security Officer, SentinelOne, 8/28/2015
Comment3 comments  |  Read  |  Post a Comment
Valasek Not Done With Car Hacking Just Yet
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Security Pro File: Chris Valasek chats up the daunting challenge of topping the Jeep Cherokee hack, '80s Adidas tracksuits, his loathing of coding, and his love for Windows -- and Hall & Oates.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/28/2015
Comment10 comments  |  Read  |  Post a Comment
Cybersecurity Under FTC Authority: What Does it Mean?
Tom Kellermann, Chief Cybersecurity Office, Trend MicroCommentary
Consumers can now expect the same level of security and privacy in the digital realm as they do in the physical.
By Tom Kellermann Chief Cybersecurity Office, Trend Micro, 8/27/2015
Comment8 comments  |  Read  |  Post a Comment
What Would You Do Differently If You Knew You Were Going To Be Robbed?
Michael Sentonas, Vice President, Chief Technology Officer, Security Connected at Intel Security
Neither prevention nor detection alone is sufficient in today’s cybercrime environment.
By Michael Sentonas Vice President, Chief Technology Officer, Security Connected at Intel Security, 8/25/2015
Comment0 comments  |  Read  |  Post a Comment
Ouch! Feeling The Pain Of Cybersecurity In Healthcare
Marilyn Cohodas, Community Editor, Dark Reading
There are lots of reasons why medical data is so vulnerable but the sheer numbers at risk speak volumes about the scale of the problem.
By Marilyn Cohodas Community Editor, Dark Reading, 8/25/2015
Comment11 comments  |  Read  |  Post a Comment
Security Stands As Top Factor In Digital Brand Confidence
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Security ranked alongside marketing and IT ops concerns as important indicators of trust in online sites.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/25/2015
Comment0 comments  |  Read  |  Post a Comment
Paul Vixie On DNS Security & Botnet Takedowns
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Internet pioneer and CEO of Farsight Security joins the Dark Reading News Desk at Black Hat.
By Sara Peters Senior Editor at Dark Reading, 8/24/2015
Comment3 comments  |  Read  |  Post a Comment
AlienSpy RAT Resurfaces In Case Of Real-Life Political Intrigue
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Mysterious death of Argentinian politician potentially tied to his phone's infection with popular remote access tool.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/21/2015
Comment0 comments  |  Read  |  Post a Comment
Spiderbot, Spiderbot, Does Whatever A Hacker Thought
Steve Grobman , Chief Technology Officer at Intel Security
Virtual machine, she ignores, owns the bot, then controls yours.
By Steve Grobman Chief Technology Officer at Intel Security, 8/20/2015
Comment0 comments  |  Read  |  Post a Comment
ID Thieves, Blackmailers Have Lots To Gain In Ashley Madison Breach
Sara Peters, Senior Editor at Dark ReadingNews
Breach highlights need for greater anonymity controls in identity and payment mechanisms.
By Sara Peters Senior Editor at Dark Reading, 8/19/2015
Comment5 comments  |  Read  |  Post a Comment
Vulnerable From Below: Attacking Hypervisors Using Firmware And Hardware
Jim Walter, Director of Advanced Threat Research, Intel Security
Malicious attacks with firmware privileges can compromise an entire system, so it is especially important to apply measures to reduce the risks.
By Jim Walter Director of Advanced Threat Research, Intel Security, 8/19/2015
Comment0 comments  |  Read  |  Post a Comment
Applying the 80/20 Rule to Cyber Security Practices
Mark Clancy, CEO, SoltraCommentary
How to look holistically across technology and processes and focus resources on threats that create the greatest damage.
By Mark Clancy CEO, Soltra, 8/19/2015
Comment1 Comment  |  Read  |  Post a Comment
IE Bug Exploited In Wild After Microsoft Releases Out-Of-Band Patch
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Remote code execution vulnerability in Internet Explorer versions 7 through 11 being used to drop PlugX RAT.
By Sara Peters Senior Editor at Dark Reading, 8/19/2015
Comment0 comments  |  Read  |  Post a Comment
IRS Get Transcript Breach Triples In Scope
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Breach reported in May much larger than initially thought
By Ericka Chickowski Contributing Writer, Dark Reading, 8/19/2015
Comment0 comments  |  Read  |  Post a Comment
Hackers Dump Ashley Madison User Database... Where Most People Won't Find It
Dark Reading Staff, Quick Hits
Attackers make good on doxing threat, but post database to dark web.
By Dark Reading Staff , 8/18/2015
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3308
Published: 2015-09-02
Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.

CVE-2015-4330
Published: 2015-09-02
A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556.

CVE-2015-6274
Published: 2015-09-02
The IPv4 implementation on Cisco ASR 1000 devices with software 15.5(3)S allows remote attackers to cause a denial of service (ESP QFP CPU consumption) by triggering packet fragmentation and reassembly, aka Bug ID CSCuv71273.

CVE-2015-6277
Published: 2015-09-02
The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and MDS 9000 devices 7.0(0)HSK(0.353) and SAN-OS NX-OS on MDS 9000 devices 7.0(0)HSK(0.353) allows remote...

CVE-2015-6587
Published: 2015-09-02
The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC.

Dark Reading Radio
Archived Dark Reading Radio
Another Black Hat is in the books and Dark Reading was there. Join the editors as they share their top stories, biggest lessons, and best conversations from the premier security conference.