Attacks/Breaches
News & Commentary
Ashley Madison CEO Resigns
Dark Reading Staff, Quick Hits
Once again, a security breach claims an executive's job, but the business plans to continue operating.
By Dark Reading Staff , 8/28/2015
Comment0 comments  |  Read  |  Post a Comment
FBI Sounds Alarm Again On Business Email Compromise Threat
Jai Vijayan, Freelance writerNews
Over 7,000 US business have been victimized by so-called BEC fraud between October 2013 and August 2015 alone, the FBI said in an alert this week.
By Jai Vijayan Freelance writer, 8/28/2015
Comment0 comments  |  Read  |  Post a Comment
The 7 ‘Most Common’ RATS In Use Today
Udi Shamir, Chief Security Officer, SentinelOneCommentary
Sniffing out RATS -- remote access Trojans -- is a challenge for even the most hardened cyber defender. Here’s a guide to help you in the hunt.
By Udi Shamir Chief Security Officer, SentinelOne, 8/28/2015
Comment1 Comment  |  Read  |  Post a Comment
Valasek Not Done With Car Hacking Just Yet
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Security Pro File: Chris Valasek chats up the daunting challenge of topping the Jeep Cherokee hack, '80s Adidas tracksuits, his loathing of coding, and his love for Windows -- and Hall & Oates.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/28/2015
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Under FTC Authority: What Does it Mean?
Tom Kellermann, Chief Cybersecurity Office, Trend MicroCommentary
Consumers can now expect the same level of security and privacy in the digital realm as they do in the physical.
By Tom Kellermann Chief Cybersecurity Office, Trend Micro, 8/27/2015
Comment2 comments  |  Read  |  Post a Comment
What Would You Do Differently If You Knew You Were Going To Be Robbed?
Michael Sentonas, Vice President, Chief Technology Officer, Security Connected at Intel Security
Neither prevention nor detection alone is sufficient in today’s cybercrime environment.
By Michael Sentonas Vice President, Chief Technology Officer, Security Connected at Intel Security, 8/25/2015
Comment0 comments  |  Read  |  Post a Comment
Ouch! Feeling The Pain Of Cybersecurity In Healthcare
Marilyn Cohodas, Community Editor, Dark Reading
There are lots of reasons why medical data is so vulnerable but the sheer numbers at risk speak volumes about the scale of the problem.
By Marilyn Cohodas Community Editor, Dark Reading, 8/25/2015
Comment9 comments  |  Read  |  Post a Comment
Security Stands As Top Factor In Digital Brand Confidence
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Security ranked alongside marketing and IT ops concerns as important indicators of trust in online sites.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/25/2015
Comment0 comments  |  Read  |  Post a Comment
Paul Vixie On DNS Security & Botnet Takedowns
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Internet pioneer and CEO of Farsight Security joins the Dark Reading News Desk at Black Hat.
By Sara Peters Senior Editor at Dark Reading, 8/24/2015
Comment2 comments  |  Read  |  Post a Comment
AlienSpy RAT Resurfaces In Case Of Real-Life Political Intrigue
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Mysterious death of Argentinian politician potentially tied to his phone's infection with popular remote access tool.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/21/2015
Comment0 comments  |  Read  |  Post a Comment
Spiderbot, Spiderbot, Does Whatever A Hacker Thought
Steve Grobman , Chief Technology Officer at Intel Security
Virtual machine, she ignores, owns the bot, then controls yours.
By Steve Grobman Chief Technology Officer at Intel Security, 8/20/2015
Comment0 comments  |  Read  |  Post a Comment
ID Thieves, Blackmailers Have Lots To Gain In Ashley Madison Breach
Sara Peters, Senior Editor at Dark ReadingNews
Breach highlights need for greater anonymity controls in identity and payment mechanisms.
By Sara Peters Senior Editor at Dark Reading, 8/19/2015
Comment5 comments  |  Read  |  Post a Comment
Vulnerable From Below: Attacking Hypervisors Using Firmware And Hardware
Jim Walter, Director of Advanced Threat Research, Intel Security
Malicious attacks with firmware privileges can compromise an entire system, so it is especially important to apply measures to reduce the risks.
By Jim Walter Director of Advanced Threat Research, Intel Security, 8/19/2015
Comment0 comments  |  Read  |  Post a Comment
Applying the 80/20 Rule to Cyber Security Practices
Mark Clancy, CEO, SoltraCommentary
How to look holistically across technology and processes and focus resources on threats that create the greatest damage.
By Mark Clancy CEO, Soltra, 8/19/2015
Comment1 Comment  |  Read  |  Post a Comment
IE Bug Exploited In Wild After Microsoft Releases Out-Of-Band Patch
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Remote code execution vulnerability in Internet Explorer versions 7 through 11 being used to drop PlugX RAT.
By Sara Peters Senior Editor at Dark Reading, 8/19/2015
Comment0 comments  |  Read  |  Post a Comment
IRS Get Transcript Breach Triples In Scope
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Breach reported in May much larger than initially thought
By Ericka Chickowski Contributing Writer, Dark Reading, 8/19/2015
Comment0 comments  |  Read  |  Post a Comment
Hackers Dump Ashley Madison User Database... Where Most People Won't Find It
Dark Reading Staff, Quick Hits
Attackers make good on doxing threat, but post database to dark web.
By Dark Reading Staff , 8/18/2015
Comment2 comments  |  Read  |  Post a Comment
Re-evaluating Ransomware, Without The Hype
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Engin Kirda, chief architect of LastLine, joins the Dark Reading News Desk at Black Hat Aug. 5 to explain why most ransomware isn't as scary as we think.
By Sara Peters Senior Editor at Dark Reading, 8/18/2015
Comment2 comments  |  Read  |  Post a Comment
RASP: A False Sense of Security For Apps & Data
Mark Carrizosa, VP of Security, Soha SystemsCommentary
Betting on a single runtime tool like RASP is not the solution for eliminating application security risk.
By Mark Carrizosa VP of Security, Soha Systems, 8/17/2015
Comment7 comments  |  Read  |  Post a Comment
Black Hat, Data Science, Machine Learning, and… YOU!
Jeremiah Grossman, Commentary
The time has come for security pros to start honing in on their machine learning skills. Here’s why.
By Jeremiah Grossman , 8/14/2015
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-9651
Published: 2015-08-28
Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, and before 5.0 allows attackers to have unspecified impact via a positive START argument to the "substring-index[-ci] procedures."

CVE-2015-1171
Published: 2015-08-28
Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file.

CVE-2015-2987
Published: 2015-08-28
Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attackers to obtain plaintext data via differential cryptanalysis of a file with an original length smaller than 128 bits.

CVE-2015-6266
Published: 2015-08-28
The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045.

CVE-2015-5367
Published: 2015-08-27
The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows local users to gain privileges via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
Another Black Hat is in the books and Dark Reading was there. Join the editors as they share their top stories, biggest lessons, and best conversations from the premier security conference.