Attacks/Breaches
News & Commentary
Cyber Hunting: 5 Tips To Bag Your Prey
David J. Bianco, Security Architect, SqrrlCommentary
Knowing the lay of the land and where attackers hide is a key element in hunting, both in nature and in the cyber realm.
By David J. Bianco Security Architect, Sqrrl, 3/26/2015
Comment5 comments  |  Read  |  Post a Comment
SSL/TLS Suffers 'Bar Mitzvah Attack'
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researcher at Black Hat Asia shows how attackers could abuse a known-weak crypto algorithm to steal credentials and other data from encrypted communications.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/26/2015
Comment0 comments  |  Read  |  Post a Comment
Preparing for a Breach: The Charge of the Security Brigade
Ryan Allphin, Senior Vice President & General Manager, Security Management, McAfee
Automation is key to shorter response times and better containment.
By Ryan Allphin Senior Vice President & General Manager, Security Management, McAfee, 3/25/2015
Comment0 comments  |  Read  |  Post a Comment
Retailers Adopt Intel-Sharing Portal Used By Banks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Th Retail Cyber Intelligence Sharing Center (R-CISC) is working with the Financial Services ISAC (FS-ISAC) on its new threat intelligence-sharing platform.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/24/2015
Comment0 comments  |  Read  |  Post a Comment
Networked Healthcare: Connecting You, Your Devices, and Your Health Practitioners
Pat Calhoun, Senior Vice President & General Manager, Network Security at Intel Security
Technology developers and policy makers must work closer with the security sector to ensure that innovation leads to real enablement, not cybercrime.
By Pat Calhoun Senior Vice President & General Manager, Network Security at Intel Security, 3/24/2015
Comment0 comments  |  Read  |  Post a Comment
Will POSeidon Preempt BlackPOS?
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Research from Cisco Talos uncovers newly evolved POS malware with more sophistication than BlackPOS and similarities to Zeus for camouflage.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/23/2015
Comment1 Comment  |  Read  |  Post a Comment
When DDoS Isn't All About Massive Disruption
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New data shows prevalence of often-undetectable DDoS attacks aimed at quietly wreaking havoc on the network while performing data exfiltration and other attacks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/23/2015
Comment2 comments  |  Read  |  Post a Comment
Protect Your Web Applications
Rees Johnson, Sr. VP and GM the Content Security Business Unit, Intel Security
Reverse proxies are critical to shield Web apps from external attacks.
By Rees Johnson Sr. VP and GM the Content Security Business Unit, Intel Security, 3/23/2015
Comment0 comments  |  Read  |  Post a Comment
Rush To Release Resulting In Vulnerable Mobile Apps
Jai Vijayan, Freelance writerNews
IT organizations overlooking security in their haste to crank out mobile apps, Ponemon Institute report finds.
By Jai Vijayan Freelance writer, 3/20/2015
Comment1 Comment  |  Read  |  Post a Comment
Target To Settle Data Breach Lawsuit For $10 Million
Jai Vijayan, Freelance writerNews
Individuals who can prove financial damage can receive up to $10,000 under proposed deal.
By Jai Vijayan Freelance writer, 3/19/2015
Comment1 Comment  |  Read  |  Post a Comment
New Security Mindset: Focus On The Interior
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Chief privacy officer Jason Straight shares his insights on why organizations are struggling to stop the breach wave -- and manage the aftermath.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/18/2015
Comment7 comments  |  Read  |  Post a Comment
The Bot Threat For the Rest of Us: Application-Layer Attacks
Rami Essaid, CEO and co-founder, Distil NetworksCommentary
Bots are getting craftier by the day so you may not even know you have a problem.
By Rami Essaid CEO and co-founder, Distil Networks, 3/18/2015
Comment0 comments  |  Read  |  Post a Comment
Two More Health Insurers Report Data Breach
Dark Reading Staff, Quick Hits
Premera Blue Cross and LifeWise say 11.25 million customers' records might have been exposed.
By Dark Reading Staff , 3/17/2015
Comment4 comments  |  Read  |  Post a Comment
Microsoft Warns Of Phony Windows Live Digital Certificate
Dark Reading Staff, Quick Hits
Unauathorized SSL certificate for 'live.fi' could be used for man-in-the-middle, phishing attacks, Microsoft says.
By Dark Reading Staff , 3/17/2015
Comment0 comments  |  Read  |  Post a Comment
Most Companies Expect To Be Hacked In The Next 12 Months
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Security spending increases, while confidence in stopping cyber attacks decreases, new report shows.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/16/2015
Comment16 comments  |  Read  |  Post a Comment
Hackers Breaking New Ground With Ransomware
Jai Vijayan, Freelance writerNews
The tools and tactics being used to go after victims reveal growing sophistication, and gamers need to look out, security researchers say.
By Jai Vijayan Freelance writer, 3/13/2015
Comment2 comments  |  Read  |  Post a Comment
Has Security Ops Outlived Its Purpose?
Tal Klein, VP Strategy, AdallomCommentary
CISOs will need more than higher headcounts and better automation tools to solve today's security problems.
By Tal Klein VP Strategy, Adallom, 3/13/2015
Comment15 comments  |  Read  |  Post a Comment
Deconstructing Threat Models: 3 Tips
Peleus Uhley, Lead Security Strategist, AdobeCommentary
There is no one-size-fits-all approach for creating cyber threat models. Just be flexible and keep your eye on the who, what, why, how and when.
By Peleus Uhley Lead Security Strategist, Adobe, 3/12/2015
Comment0 comments  |  Read  |  Post a Comment
Study: Enterprises Losing Faith In Digital Certificates, Crytographic Keys
Tim Wilson, Editor in Chief, Dark ReadingNews
On the heels of Heartbleed and other vulnerabilities, many enterprises are not confident in the ability of digital certificates to protect their data, Ponemon report says
By Tim Wilson Editor in Chief, Dark Reading, 3/12/2015
Comment2 comments  |  Read  |  Post a Comment
6 Ways The Sony Hack Changes Everything
John B. Dickson, CISSP,  Principal, Denim GroupCommentary
Security in a post-Sony world means that a company's very survival in the wake of a cyber attack is more of a concern than ever before.
By John B. Dickson CISSP, Principal, Denim Group, 3/11/2015
Comment5 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Marilyn Cohodas
Current Conversations Great point. Touche'
In reply to: Re: Data science
Post Your Own Reply
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0279
Published: 2015-03-26
JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.

CVE-2015-0635
Published: 2015-03-26
The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Autonomic Networking Registration Authority (ANRA) responses, and consequently bypass intended device an...

CVE-2015-0636
Published: 2015-03-26
The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (disrupted domain access) via spoofed AN messages that reset a finite state machine,...

CVE-2015-0637
Published: 2015-03-26
The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a denial of service (device reload) via spoofed AN messages, aka Bug ID CSCup62315.

CVE-2015-0638
Published: 2015-03-26
Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge) via crafted ICMPv4 packets, aka Bug ID CSCsi02145.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.