Attacks/Breaches
News & Commentary
Insider Threats: Breaching The Human Barrier
Christopher Hadnagy, Founder & CEO, Social-Engineer, Inc.Commentary
A company can spend all the money it has on technical solutions to protect the perimeter and still not prevent the attack that comes from within.
By Christopher Hadnagy Founder & CEO, Social-Engineer, Inc., 10/20/2014
Comment0 comments  |  Read  |  Post a Comment
Why You Shouldn't Count On General Liability To Cover Cyber Risk
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Travelers Insurance's legal spat with P.F. Chang's over who'll pay breach costs will likely illustrate why enterprises shouldn't think of their general liability policies as backstops for cyber risk.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/20/2014
Comment5 comments  |  Read  |  Post a Comment
Sophisticated Malvertising Campaign Targets US Defense Industry
Brian Prince, Contributing Writer, Dark ReadingNews
Dubbed Operation DeathClick, the campaign puts a new twist on an old method of infecting users.
By Brian Prince Contributing Writer, Dark Reading, 10/17/2014
Comment0 comments  |  Read  |  Post a Comment
Facebook Automates Fight Against Hackers
Kristin Burnham, Senior Editor, InformationWeek.comCommentary
Here's a sneak peek into the system Facebook uses to secure your account when other websites are hacked.
By Kristin Burnham Senior Editor, InformationWeek.com, 10/17/2014
Comment12 comments  |  Read  |  Post a Comment
In Plain Sight: How Cyber Criminals Exfiltrate Data Via Video
Kaushik Narayan, CTO, Skyhigh NetworksCommentary
Just like Fortune 500 companies, attackers are investing in sophisticated measures that let them fly beneath the radar of conventional security.
By Kaushik Narayan CTO, Skyhigh Networks, 10/17/2014
Comment6 comments  |  Read  |  Post a Comment
Facebook Doubles Bug Bounties For Ad-Related Flaws
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Is it a sign that online brands are treating malvertising more seriously?
By Ericka Chickowski Contributing Writer, Dark Reading, 10/16/2014
Comment0 comments  |  Read  |  Post a Comment
The Internet of Things: 7 Scary Security Scenarios
Marilyn Cohodas, Community Editor, Dark Reading
The IoT can be frightening when viewed from the vantage point of information security.
By Marilyn Cohodas Community Editor, Dark Reading, 10/16/2014
Comment5 comments  |  Read  |  Post a Comment
'Hurricane Panda' Cyberspies Used Windows Zero-Day For Months
Brian Prince, Contributing Writer, Dark ReadingNews
The vulnerability is one of multiple issues patched this week by Microsoft that have been targeted by attackers.
By Brian Prince Contributing Writer, Dark Reading, 10/15/2014
Comment3 comments  |  Read  |  Post a Comment
Russian Hackers Made $2.5B Over The Last 12 Months
Sara Peters, Senior Editor at Dark ReadingNews
The big bucks are in selling credit card data -- not using it for fraud -- and PoS and ATM attacks are on the rise.
By Sara Peters Senior Editor at Dark Reading, 10/15/2014
Comment13 comments  |  Read  |  Post a Comment
'POODLE' Attacks, Kills Off SSL 3.0
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
A newly discovered design flaw in an older version of SSL encryption protocol could be used for man-in-the-middle attacks -- leading some browser vendors to remove SSL 3.0 for good.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/15/2014
Comment9 comments  |  Read  |  Post a Comment
CMS Plug-Ins Put Sites At Risk
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Content management systems are increasingly in attackers' crosshairs, with plug-ins, extensions, and themes broadening the attack surfaces for these platforms.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/15/2014
Comment0 comments  |  Read  |  Post a Comment
Cost Of A Data Breach Jumps By 23%
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Cleanup and resolution after a breach take an average of one month to complete, a new Ponemon Institute report finds.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/14/2014
Comment18 comments  |  Read  |  Post a Comment
Hundreds Of DropBox Logins For Sale On Pastebin
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Trader says he's got 7 million more where those came from, but Dropbox says the accounts were expired.
By Sara Peters Senior Editor at Dark Reading, 10/14/2014
Comment0 comments  |  Read  |  Post a Comment
Russian Cyberspies Hit Ukrainian, US Targets With Windows Zero-Day Attack
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The Sandworm cyber espionage gang out of Russia intensifies its attacks in the wake of the Ukrainian conflict and sanctions against Russia with classic zero-day -- plus a popular cybercrime toolkit.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/14/2014
Comment7 comments  |  Read  |  Post a Comment
Shellshock Mayhem Marks The Start Of Malware Mess
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Existing Mayhem botnet malware kit now includes Shellshock exploit -- and experts say that'll be the model for more enterprising criminals.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/13/2014
Comment3 comments  |  Read  |  Post a Comment
In AppSec, ‘Fast’ Is Everything
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
The world has shifted. The SAST and DAST tools that were invented over a decade ago are no longer viable approaches to application security.
By Jeff Williams CTO, Aspect Security & Contrast Security, 10/13/2014
Comment5 comments  |  Read  |  Post a Comment
Don’t Get Caught in a Compromising Position
Mike Fey, Director of Cyber Security for Technologies and Initiatives, Intel Corp
Your personal photos have been stolen, sold, and published. The media have picked up the story, and your reputation is taking a beating. Once it’s released, you cannot get the ...
By Mike Fey Director of Cyber Security for Technologies and Initiatives, Intel Corp, 10/13/2014
Comment1 Comment  |  Read  |  Post a Comment
Dairy Queen Breach Shines Light On Impact Of 3rd-Party Breaches
Brian Prince, Contributing Writer, Dark ReadingNews
Yet another retail chain confirms a data breach of customer payment information via a third-party vendor, and Kmart tosses its hat into the breached ring today.
By Brian Prince Contributing Writer, Dark Reading, 10/10/2014
Comment5 comments  |  Read  |  Post a Comment
Security Education K Through Life
W. Hord Tipton, Commentary
InfoSec professionals of the future need access to the right education and tools early on and throughout their entire work life.
By W. Hord Tipton , 10/10/2014
Comment11 comments  |  Read  |  Post a Comment
How To Be A 'Compromise-Ready' Organization
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Incident response pros share tips on how to have all your ducks in a row before the inevitable breach.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/9/2014
Comment5 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4884
Published: 2014-10-21
The Conrad Hotel (aka com.wConradHotel) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-4885
Published: 2014-10-21
The CPWORLD Close Protection World (aka com.tapatalk.closeprotectionworldcom) application 3.4.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-4887
Published: 2014-10-21
The Joint Radio Blues (aka com.nobexinc.wls_69685189.rc) application 3.2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-4888
Published: 2014-10-21
The BattleFriends at Sea GOLD (aka com.tequilamobile.warshipslivegold) application 1.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-4889
Published: 2014-10-21
The Diabetic Diet Guide (aka com.wDiabeticDietGuide) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.