Attacks/Breaches
News & Commentary
5 Ways To Monitor DNS Traffic For Security Threats
Dave Piscitello, VP Security, ICANNCommentary
Check out these examples of how to implement real-time or offline traffic monitoring using common commercial or open source security products.
By Dave Piscitello VP Security, ICANN, 9/18/2014
Comment0 comments  |  Read  |  Post a Comment
US Military In The Dark On Cyberattacks Against Contractors
Brian Prince, Contributing Writer, Dark ReadingNews
A lack of communication between military contractors and government agencies about Chinese cyber espionage attacks is revealed in a new Senate report.
By Brian Prince Contributing Writer, Dark Reading, 9/18/2014
Comment1 Comment  |  Read  |  Post a Comment
Cyberspies Resuscitate Citadel Trojan For Petrochemical Attacks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The Citadel Trojan is a rare and odd choice of malware for cyber espionage purposes, experts say.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/17/2014
Comment5 comments  |  Read  |  Post a Comment
New CVE Naming Convention Could Break Vulnerability Management
Ericka Chickowski, Contributing Writer, Dark ReadingNews
MITRE sets deadline for releasing new CVEs with different ID format syntax, regardless of how many vulnerabilities we see in 2014.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/16/2014
Comment0 comments  |  Read  |  Post a Comment
DR Radio: A Grown-Up Conversation About Passwords
Sara Peters, Senior Editor at Dark ReadingCommentary
Cormac Herley of Microsoft Research will challenge everything you think you know about password management.
By Sara Peters Senior Editor at Dark Reading, 9/16/2014
Comment4 comments  |  Read  |  Post a Comment
In Defense Of Passwords
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
Long live the password (as long as you use it correctly along with something else).
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 9/16/2014
Comment12 comments  |  Read  |  Post a Comment
5 Myths: Why We Are All Data Security Risks
Lance Cottrell, Chief Scientist, NtrepidCommentary
I am absolutely sure that I could be tricked by a well-crafted spear phishing attack, and I am equally sure I could do the same to you.
By Lance Cottrell Chief Scientist, Ntrepid, 9/15/2014
Comment12 comments  |  Read  |  Post a Comment
Security Ops Confidence Levels Drop
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Survey shows most organizations unable to keep up with new and emerging threats from state-sponsored attackers.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/12/2014
Comment5 comments  |  Read  |  Post a Comment
Home Depot Breach May Not Be Related To BlackPOS, Target
Sara Peters, Senior Editor at Dark ReadingNews
New analysis of the malware earlier identified as a BlackPOS variant leads some researchers to believe that they are two different malware families entirely.
By Sara Peters Senior Editor at Dark Reading, 9/11/2014
Comment5 comments  |  Read  |  Post a Comment
Apple Pay: A Necessary Push To Transform Consumer Payments
Lucas Zaichkowsky, Enterprise Defense Architect, AccessDataCommentary
Apple Pay is a strategic move that will rival PayPal and other contenders in the mobile wallet marketplace. The big question is whether consumers and businesses are ready to ditch the plastic.
By Lucas Zaichkowsky Enterprise Defense Architect, AccessData, 9/11/2014
Comment16 comments  |  Read  |  Post a Comment
Apple Pay Ups Payment Security But PoS Threats Remain
Sara Peters, Senior Editor at Dark ReadingNews
Apple's new contactless payment tech will not stop point-of-sale breaches like Home Depot and UPS, but it could make those breaches less valuable to attackers.
By Sara Peters Senior Editor at Dark Reading, 9/10/2014
Comment21 comments  |  Read  |  Post a Comment
Attack Steals Online Banking Credentials From SMBs
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The "Peter Pan" phish employs Dridex malware, experts say.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/10/2014
Comment1 Comment  |  Read  |  Post a Comment
Salesforce Passwords At Risk From Dyre
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Bank credential-stealing malware evolves into targeting SaaS users.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/9/2014
Comment5 comments  |  Read  |  Post a Comment
Dark Reading Radio: CISO James Christiansen Shares Experiences
Tim Wilson, Editor in Chief, Dark ReadingCommentary
Former CISO at GM, Visa, and Experian answers questions about building security programs in large enterprises.
By Tim Wilson Editor in Chief, Dark Reading, 9/9/2014
Comment1 Comment  |  Read  |  Post a Comment
'Kyle & Stan' Parks Malvertising On Amazon, YouTube
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Windows and Macs alike are at risk to sophisticated mutating malware.
By Sara Peters Senior Editor at Dark Reading, 9/8/2014
Comment7 comments  |  Read  |  Post a Comment
UPDATE: Home Depot Confirms Breach; BlackPOS Implicated
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Home Depot confirms there was indeed a breach. Presence of BlackPOS hints that the perpetrators could be the same ones who breached Target.
By Sara Peters Senior Editor at Dark Reading, 9/8/2014
Comment2 comments  |  Read  |  Post a Comment
No End In Sight For Ransomware
Brian Foster, CTO, DamballaCommentary
The screenlocker Kovter, in particular, has shown sharp growth this year. It masquerades as a law enforcement authority and threatens police action if users donít pay up.
By Brian Foster CTO, Damballa, 9/8/2014
Comment0 comments  |  Read  |  Post a Comment
HealthCare.gov Breach: The Ripple Effect
Alison Diana, Senior EditorCommentary
Hackers breached a HealthCare.gov test server, reportedly affecting no records, but the repercussions could spread across many medical organizations.
By Alison Diana Senior Editor, 9/6/2014
Comment18 comments  |  Read  |  Post a Comment
Attacker Infects Healthcare.gov Test Server
Brian Prince, Contributing Writer, Dark ReadingNews
Federal officials say no consumer data was impacted and second open enrollment period on HealthCare.gov will not be affected.
By Brian Prince Contributing Writer, Dark Reading, 9/5/2014
Comment7 comments  |  Read  |  Post a Comment
BackOff Not To Blame For GoodWill Breach
Sara Peters, Senior Editor at Dark ReadingNews
Rawpos, a "very low risk" infostealer, is responsible for the compromise of roughly 868,000 credit cards.
By Sara Peters Senior Editor at Dark Reading, 9/4/2014
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
3 Places to Enable 2-Factor Authentication Now
3 Places to Enable 2-Factor Authentication Now
Two-factor authentication is a ubiquitous, mature technology. Whether or not you use it for your network, here are three external services for which you should immediately enable it.
Comment1 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2886
Published: 2014-09-18
GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during ins...

CVE-2014-4352
Published: 2014-09-18
Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID.

CVE-2014-4353
Published: 2014-09-18
Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS.

CVE-2014-4354
Published: 2014-09-18
Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session.

CVE-2014-4356
Published: 2014-09-18
Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen.

Best of the Web
Dark Reading Radio