Attacks/Breaches
News & Commentary
Dance Of The 'Next-Gen' CISO
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Security Pro File: Classical ballerina-turned hacker-turned CISO Justine Bone talks old-school hacking, biometric authentication, coding in stilettos, Kristin Wiig -- and finishing her kids' leftover mac and cheese.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/1/2015
Comment0 comments  |  Read  |  Post a Comment
30% Of Companies Would Pay Ransoms To Cybercriminals
Sara Peters, Senior Editor at Dark ReadingNews
Factor in under-reporting and the growing sophistication of ransomware -- like PacMan's social engineering scheme -- and the number might be higher.
By Sara Peters Senior Editor at Dark Reading, 3/31/2015
Comment1 Comment  |  Read  |  Post a Comment
Healthcare Is Ignoring Cyber Risk Intel, Academia Even Worse
Jason Polancich, Founder & Chief Architect, SurfWatchLabsCommentary
Healthcare and other sectors are indolently ignoring the process of gathering and using high-level intelligence to focus cyber defenses. Here’s proof.
By Jason Polancich Founder & Chief Architect, SurfWatchLabs, 3/31/2015
Comment0 comments  |  Read  |  Post a Comment
Lebanon Believed Behind Newly Uncovered Cyber Espionage Operation
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Middle East, US, and other targets hit in nearly three-year-old 'Volatile Cedar' cyber attack campaign.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/31/2015
Comment7 comments  |  Read  |  Post a Comment
British Airways The Latest Loyalty Program Breach Victim
Sara Peters, Senior Editor at Dark ReadingNews
Who needs to steal credit cards when you can get airfare and luxury items for free?
By Sara Peters Senior Editor at Dark Reading, 3/30/2015
Comment1 Comment  |  Read  |  Post a Comment
Study: Network Team's Security Role On The Rise
Dark Reading Staff, Quick Hits
New data shows how network engineers and other members of the network team are teaming up with their counterparts in security.
By Dark Reading Staff , 3/30/2015
Comment1 Comment  |  Read  |  Post a Comment
Hacking Back: Two Wrongs Don’t Make A Right
Anthony Di Bello, Director, Security Practice, Guidance SoftwareCommentary
Here’s the critical issue: Do you want to risk engaging your company in an ego-fueled war of revenge, or do you want to cut the bad guys off at the pass?
By Anthony Di Bello Director, Security Practice, Guidance Software, 3/30/2015
Comment0 comments  |  Read  |  Post a Comment
7 Bugs, Breaches, & Compromises To Rock 2015 (So Far)
Ericka Chickowski, Contributing Writer, Dark Reading
The year's started off with a bang; will we hear risk management pros whimper?
By Ericka Chickowski Contributing Writer, Dark Reading, 3/30/2015
Comment3 comments  |  Read  |  Post a Comment
Defending Cyber-Physical Systems from Attack Chains
Lorie Wigle, Vice President, General Manager IOT Security Solutions, Intel Security Group
A strong defense against compromise involves three layers: hardening devices, securing communications, and monitoring behavior.
By Lorie Wigle Vice President, General Manager IOT Security Solutions, Intel Security Group, 3/30/2015
Comment0 comments  |  Read  |  Post a Comment
Cyber Hunting: 5 Tips To Bag Your Prey
David J. Bianco, Security Architect, SqrrlCommentary
Knowing the lay of the land and where attackers hide is a key element in hunting, both in nature and in the cyber realm.
By David J. Bianco Security Architect, Sqrrl, 3/26/2015
Comment7 comments  |  Read  |  Post a Comment
SSL/TLS Suffers 'Bar Mitzvah Attack'
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researcher at Black Hat Asia shows how attackers could abuse a known-weak crypto algorithm to steal credentials and other data from encrypted communications.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/26/2015
Comment3 comments  |  Read  |  Post a Comment
Preparing for a Breach: The Charge of the Security Brigade
Ryan Allphin, Senior Vice President & General Manager, Security Management, McAfee
Automation is key to shorter response times and better containment.
By Ryan Allphin Senior Vice President & General Manager, Security Management, McAfee, 3/25/2015
Comment0 comments  |  Read  |  Post a Comment
Retailers Adopt Intel-Sharing Portal Used By Banks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Th Retail Cyber Intelligence Sharing Center (R-CISC) is working with the Financial Services ISAC (FS-ISAC) on its new threat intelligence-sharing platform.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/24/2015
Comment0 comments  |  Read  |  Post a Comment
Networked Healthcare: Connecting You, Your Devices, and Your Health Practitioners
Pat Calhoun, Senior Vice President & General Manager, Network Security at Intel Security
Technology developers and policy makers must work closer with the security sector to ensure that innovation leads to real enablement, not cybercrime.
By Pat Calhoun Senior Vice President & General Manager, Network Security at Intel Security, 3/24/2015
Comment0 comments  |  Read  |  Post a Comment
Will POSeidon Preempt BlackPOS?
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Research from Cisco Talos uncovers newly evolved POS malware with more sophistication than BlackPOS and similarities to Zeus for camouflage.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/23/2015
Comment1 Comment  |  Read  |  Post a Comment
When DDoS Isn't All About Massive Disruption
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New data shows prevalence of often-undetectable DDoS attacks aimed at quietly wreaking havoc on the network while performing data exfiltration and other attacks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/23/2015
Comment2 comments  |  Read  |  Post a Comment
Protect Your Web Applications
Rees Johnson, Sr. VP and GM the Content Security Business Unit, Intel Security
Reverse proxies are critical to shield Web apps from external attacks.
By Rees Johnson Sr. VP and GM the Content Security Business Unit, Intel Security, 3/23/2015
Comment0 comments  |  Read  |  Post a Comment
Rush To Release Resulting In Vulnerable Mobile Apps
Jai Vijayan, Freelance writerNews
IT organizations overlooking security in their haste to crank out mobile apps, Ponemon Institute report finds.
By Jai Vijayan Freelance writer, 3/20/2015
Comment1 Comment  |  Read  |  Post a Comment
Target To Settle Data Breach Lawsuit For $10 Million
Jai Vijayan, Freelance writerNews
Individuals who can prove financial damage can receive up to $10,000 under proposed deal.
By Jai Vijayan Freelance writer, 3/19/2015
Comment1 Comment  |  Read  |  Post a Comment
New Security Mindset: Focus On The Interior
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Chief privacy officer Jason Straight shares his insights on why organizations are struggling to stop the breach wave -- and manage the aftermath.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/18/2015
Comment7 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-2808
Published: 2015-04-01
The PRNG implementation in the DNS resolver in Bionic in Android before 4.1.1 incorrectly uses time and PID information during the generation of random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a rel...

CVE-2014-9713
Published: 2015-04-01
The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors.

CVE-2015-0259
Published: 2015-04-01
OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage.

CVE-2015-0800
Published: 2015-04-01
The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2...

CVE-2015-0801
Published: 2015-04-01
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.