Attacks/Breaches
News & Commentary
Stealing Data By “Living Off The Land”
Rutrell Yasin, Business Technology Writer, Tech Writers BureauNews
Hackers latest tactic involves a malware-free attack using a company’s own system credentials and admin tools to gain access.
By Rutrell Yasin Business Technology Writer, Tech Writers Bureau, 9/3/2015
Comment0 comments  |  Read  |  Post a Comment
China's Great Cannon: The Great Firewall's More Aggressive Partner
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Crowdstrike researchers visit Dark Reading News Desk at Black Hat to describe how China went on the offensive and extended its Internet censorship efforts beyond Chinese borders.
By Sara Peters Senior Editor at Dark Reading, 9/3/2015
Comment0 comments  |  Read  |  Post a Comment
Malware Author Stamped Code 'For Targeted Attacks Only'
Sara Peters, Senior Editor at Dark ReadingNews
When the Microsoft Word Intruder Office malware creation kit got too high-profile, the developer changed terms of service, Sophos report says.
By Sara Peters Senior Editor at Dark Reading, 9/2/2015
Comment0 comments  |  Read  |  Post a Comment
We Can Allow Cybersecurity Research Without Stifling Innovation
Gavin Reid, Vice President, Threat Intelligence, Lancope IncCommentary
The U.S. government is in a unique position to become a global leader in cybersecurity. But only if it retains the open spirit of the Internet that kick-started the Information Age.
By Gavin Reid Vice President, Threat Intelligence, Lancope Inc, 9/1/2015
Comment0 comments  |  Read  |  Post a Comment
Biggest Apple Account Theft Ever Hits Only JailBroken iOS Devices
Sara Peters, Senior Editor at Dark ReadingNews
KeyRaider stole 225,000 legitimate Apple accounts and slammed devices with ransomware and phony purchases, but only jailbroken gear, mostly in China, is affected.
By Sara Peters Senior Editor at Dark Reading, 8/31/2015
Comment2 comments  |  Read  |  Post a Comment
Ashley Madison CEO Resigns
Dark Reading Staff, Quick Hits
Once again, a security breach claims an executive's job, but the business plans to continue operating.
By Dark Reading Staff , 8/28/2015
Comment6 comments  |  Read  |  Post a Comment
FBI Sounds Alarm Again On Business Email Compromise Threat
Jai Vijayan, Freelance writerNews
Over 7,000 US business have been victimized by so-called BEC fraud between October 2013 and August 2015 alone, the FBI said in an alert this week.
By Jai Vijayan Freelance writer, 8/28/2015
Comment2 comments  |  Read  |  Post a Comment
The 7 ‘Most Common’ RATS In Use Today
Udi Shamir, Chief Security Officer, SentinelOneCommentary
Sniffing out RATS -- remote access Trojans -- is a challenge for even the most hardened cyber defender. Here’s a guide to help you in the hunt.
By Udi Shamir Chief Security Officer, SentinelOne, 8/28/2015
Comment3 comments  |  Read  |  Post a Comment
Valasek Not Done With Car Hacking Just Yet
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Security Pro File: Chris Valasek chats up the daunting challenge of topping the Jeep Cherokee hack, '80s Adidas tracksuits, his loathing of coding, and his love for Windows -- and Hall & Oates.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/28/2015
Comment10 comments  |  Read  |  Post a Comment
Cybersecurity Under FTC Authority: What Does it Mean?
Tom Kellermann, Chief Cybersecurity Office, Trend MicroCommentary
Consumers can now expect the same level of security and privacy in the digital realm as they do in the physical.
By Tom Kellermann Chief Cybersecurity Office, Trend Micro, 8/27/2015
Comment8 comments  |  Read  |  Post a Comment
What Would You Do Differently If You Knew You Were Going To Be Robbed?
Michael Sentonas, Vice President, Chief Technology Officer, Security Connected at Intel Security
Neither prevention nor detection alone is sufficient in today’s cybercrime environment.
By Michael Sentonas Vice President, Chief Technology Officer, Security Connected at Intel Security, 8/25/2015
Comment0 comments  |  Read  |  Post a Comment
Ouch! Feeling The Pain Of Cybersecurity In Healthcare
Marilyn Cohodas, Community Editor, Dark Reading
There are lots of reasons why medical data is so vulnerable but the sheer numbers at risk speak volumes about the scale of the problem.
By Marilyn Cohodas Community Editor, Dark Reading, 8/25/2015
Comment11 comments  |  Read  |  Post a Comment
Security Stands As Top Factor In Digital Brand Confidence
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Security ranked alongside marketing and IT ops concerns as important indicators of trust in online sites.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/25/2015
Comment0 comments  |  Read  |  Post a Comment
Paul Vixie On DNS Security & Botnet Takedowns
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Internet pioneer and CEO of Farsight Security joins the Dark Reading News Desk at Black Hat.
By Sara Peters Senior Editor at Dark Reading, 8/24/2015
Comment3 comments  |  Read  |  Post a Comment
AlienSpy RAT Resurfaces In Case Of Real-Life Political Intrigue
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Mysterious death of Argentinian politician potentially tied to his phone's infection with popular remote access tool.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/21/2015
Comment0 comments  |  Read  |  Post a Comment
Spiderbot, Spiderbot, Does Whatever A Hacker Thought
Steve Grobman , Chief Technology Officer at Intel Security
Virtual machine, she ignores, owns the bot, then controls yours.
By Steve Grobman Chief Technology Officer at Intel Security, 8/20/2015
Comment0 comments  |  Read  |  Post a Comment
ID Thieves, Blackmailers Have Lots To Gain In Ashley Madison Breach
Sara Peters, Senior Editor at Dark ReadingNews
Breach highlights need for greater anonymity controls in identity and payment mechanisms.
By Sara Peters Senior Editor at Dark Reading, 8/19/2015
Comment5 comments  |  Read  |  Post a Comment
Vulnerable From Below: Attacking Hypervisors Using Firmware And Hardware
Jim Walter, Director of Advanced Threat Research, Intel Security
Malicious attacks with firmware privileges can compromise an entire system, so it is especially important to apply measures to reduce the risks.
By Jim Walter Director of Advanced Threat Research, Intel Security, 8/19/2015
Comment0 comments  |  Read  |  Post a Comment
Applying the 80/20 Rule to Cyber Security Practices
Mark Clancy, CEO, SoltraCommentary
How to look holistically across technology and processes and focus resources on threats that create the greatest damage.
By Mark Clancy CEO, Soltra, 8/19/2015
Comment1 Comment  |  Read  |  Post a Comment
IE Bug Exploited In Wild After Microsoft Releases Out-Of-Band Patch
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Remote code execution vulnerability in Internet Explorer versions 7 through 11 being used to drop PlugX RAT.
By Sara Peters Senior Editor at Dark Reading, 8/19/2015
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-1516
Published: 2015-09-03
Cross-site scripting (XSS) vulnerability in Polycom RealPresence CloudAXIS Suite before 1.7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVE-2015-4077
Published: 2015-09-03
The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allows local users to read arbitrary kernel memory via a 0x22608C ioctl call.

CVE-2015-4552
Published: 2015-09-03
Cross-site scripting (XSS) vulnerability in the quick edit function in xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the content of a post.

CVE-2015-5189
Published: 2015-09-03
Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated.

CVE-2015-5190
Published: 2015-09-03
The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL.

Dark Reading Radio
Archived Dark Reading Radio
Another Black Hat is in the books and Dark Reading was there. Join the editors as they share their top stories, biggest lessons, and best conversations from the premier security conference.