Attacks/Breaches
News & Commentary
Keep Calm & Verify: How To Spot A Fake Online Data Dump
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Determining whether a data dump on Pastebin or elsewhere online is legit can be time-consuming and resource-intensive. Deloitte & Touche offers tips for how to weed out the fake hacks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/29/2014
Comment0 comments  |  Read  |  Post a Comment
Infographic: The Many Faces of Today’s Hackers
John Trobough, CEO, NarusCommentary
How many of these hacker personas are you dueling with in your organization?
By John Trobough CEO, Narus, 10/29/2014
Comment0 comments  |  Read  |  Post a Comment
White House Says Unclassified Network Hit In Cyberattack
Jai Vijayan, Freelance writerNews
Mitigation efforts have caused temporary outages and loss of connectivity for some staff, but no computers have been damaged, official says.
By Jai Vijayan Freelance writer, 10/29/2014
Comment1 Comment  |  Read  |  Post a Comment
Security Companies Team Up, Take Down Chinese Hacking Group
Sara Peters, Senior Editor at Dark ReadingNews
Novetta, Microsoft, and others form Operation SMN to eradicate Hikit malware and disrupt the cyber espionage gang Axiom's extensive information gathering.
By Sara Peters Senior Editor at Dark Reading, 10/28/2014
Comment4 comments  |  Read  |  Post a Comment
Retailers Facing Intensified Cyberthreat This Holiday Season
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
After the Year of the Retail Breach, retail's annual holiday shopping season "freeze" on new technology and some security patching is just around the corner.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/28/2014
Comment8 comments  |  Read  |  Post a Comment
What Scares Me About Healthcare & Electric Power Security
John B. Dickson, CISSP,  Principal, Denim GroupCommentary
Both industries share many of the same issues as enterprises. But they also have a risk profile that makes them singularly unprepared for sophisticated threats
By John B. Dickson CISSP, Principal, Denim Group, 10/28/2014
Comment12 comments  |  Read  |  Post a Comment
Researcher Shows Why Tor Anonymity Is No Guarantee Of Security
Jai Vijayan, Freelance writerNews
Tor exit node in Russia spotted downloading malicious code.
By Jai Vijayan Freelance writer, 10/27/2014
Comment1 Comment  |  Read  |  Post a Comment
A Simple Formula For Usable Risk Intelligence
Jason Polancich, Founder & Chief Architect, SurfWatchLabsCommentary
How infosec can cut through the noise and gain real value from cyberdata.
By Jason Polancich Founder & Chief Architect, SurfWatchLabs, 10/27/2014
Comment8 comments  |  Read  |  Post a Comment
Backoff PoS Malware Boomed In Q3
Brian Prince, Contributing Writer, Dark ReadingNews
The security firm Damballa detected a 57% increase in infections of the notorious Backoff malware from August to September.
By Brian Prince Contributing Writer, Dark Reading, 10/24/2014
Comment7 comments  |  Read  |  Post a Comment
Poll: Patching Is Primary Response to Shellshock
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
As potential threats mount, Dark Reading community members hone in on patching infrastructure but not devices, according to our latest poll.
By Marilyn Cohodas Community Editor, Dark Reading, 10/24/2014
Comment11 comments  |  Read  |  Post a Comment
US Military Officials, Defense Firms Targeted In 'Operation Pawn Storm'
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Cyber espionage attackers "did their homework" in an attack campaign that has intensified in the wake of US-Russian tensions.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/23/2014
Comment7 comments  |  Read  |  Post a Comment
Financial Services Ranks Cyberattacks Top Industry Worry
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Depository Trust & Clearing Corporation (DTCC) survey says cyberrisk is one of the top five concerns for financial services firms.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/23/2014
Comment3 comments  |  Read  |  Post a Comment
Attacks On Patched Sandworm Flaw Force Microsoft To Issue Fix It
Jai Vijayan, Freelance writerNews
More than a week after Microsoft fixed a flaw affecting almost all Windows versions, attackers are continuing to exploit it.
By Jai Vijayan Freelance writer, 10/23/2014
Comment0 comments  |  Read  |  Post a Comment
Incident Response: Is Your IR Plan A Glorified Phone Tree?
Kerstyn Clover, Attack & Defense Team ConsultantCommentary
Training internal security teams to be first responders can drastically improve an organization's effectiveness in the wake of a data breach. Here's why.
By Kerstyn Clover Attack & Defense Team Consultant, 10/23/2014
Comment4 comments  |  Read  |  Post a Comment
Enterprise Security: Why You Need a Digital Immune System
Mike Fey, EVP, GM of Corporate Products & CTO, Intel Security
I’ve often talked about “trial and error” hacking tactics and how organizations frequently build “rat maze” defenses in response to them. Each time they learn ...
By Mike Fey EVP, GM of Corporate Products & CTO, Intel Security, 10/23/2014
Comment3 comments  |  Read  |  Post a Comment
DHS Investigates Dozens Of Medical Device Cybersecurity Flaws
Jai Vijayan, Freelance writerCommentary
Department of Homeland Security reportedly investigating two-dozen products from major medical device manufacturers for security holes.
By Jai Vijayan Freelance writer, 10/23/2014
Comment3 comments  |  Read  |  Post a Comment
Pharmaceuticals, Not Energy, May Have Been True Target Of Dragonfly, Energetic Bear
Sara Peters, Senior Editor at Dark ReadingNews
New research says the compromised companies were suppliers for OEMs that served pharma and biotech.
By Sara Peters Senior Editor at Dark Reading, 10/22/2014
Comment0 comments  |  Read  |  Post a Comment
Cyber Threats: Information vs. Intelligence
Matt Hartley, VP Product Management, iSIGHT PartnersCommentary
Cyber threat intelligence or CTI is touted to be the next big thing in InfoSec. But does it narrow the security problem or compound it?
By Matt Hartley VP Product Management, iSIGHT Partners, 10/22/2014
Comment2 comments  |  Read  |  Post a Comment
Why Outlawing Encryption Is Wrong
Jonathan Feldman, CIO, City of Asheville, NCCommentary
Putting data encryption solely into the hands of government employees won't prevent bad things from happening -- and it might encourage wrongdoing.
By Jonathan Feldman CIO, City of Asheville, NC, 10/22/2014
Comment12 comments  |  Read  |  Post a Comment
Digital Security: Taking an Uncompromising Stand
Mike Fey, EVP, GM of Corporate Products & CTO, Intel Security
In my last post, I outlined the difference between relying on Indicators of Compromise versus Indicators of Attack for digital security. The emphasis here is not that these indicators are ...
By Mike Fey EVP, GM of Corporate Products & CTO, Intel Security, 10/21/2014
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3051
Published: 2014-10-29
The Internet Service Monitor (ISM) agent in IBM Tivoli Composite Application Manager (ITCAM) for Transactions 7.1 and 7.2 before 7.2.0.3 IF28, 7.3 before 7.3.0.1 IF30, and 7.4 before 7.4.0.0 IF18 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof s...

CVE-2014-3668
Published: 2014-10-29
Buffer overflow in the date_from_ISO8601 function in the mkgmtime implementation in libxmlrpc/xmlrpc.c in the XMLRPC extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) via (1) a crafted first argument t...

CVE-2014-3669
Published: 2014-10-29
Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function ...

CVE-2014-3670
Published: 2014-10-29
The exif_ifd_make_value function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly exec...

CVE-2014-3694
Published: 2014-10-29
The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL SSL/TLS plugin in libpurple in Pidgin before 2.10.10 do not properly consider the Basic Constraints extension during verification of X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and ob...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.