Attacks/Breaches
News & Commentary
Dark Reading News Desk Live At Black Hat 2015
Dark Reading Staff, News
Please join host Sara Peters and her guests for the first-ever Dark Reading News Desk show at Black Hat USA 2015, premiering Wednesday.
By Dark Reading Staff , 8/4/2015
Comment1 Comment  |  Read  |  Post a Comment
Terracotta VPN Piggybacks On Network Of Compromised Windows Servers
Fahmida Y. Rashid, Contributing Editor, Dark ReadingNews
APT groups use this VPN service to launch attacks against organizations around the world.
By Fahmida Y. Rashid Contributing Editor, Dark Reading, 8/4/2015
Comment2 comments  |  Read  |  Post a Comment
Lockheed Open Sources Its Secret Weapon In Cyber Threat Detection
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Internal tool at defense company is made available to security community at large.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/4/2015
Comment1 Comment  |  Read  |  Post a Comment
Web Attacks Employing Upgraded Crimeware Kit Hit 1.5 Million Users
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
RIG 3.0 used to infect millions of Internet Explorer (IE) users worldwide -- mostly via malvertising.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/3/2015
Comment1 Comment  |  Read  |  Post a Comment
Dark Reading News Desk Comes To You Live From Black Hat
Sara Peters, Senior Editor at Dark ReadingCommentary
Live video coverage from Las Vegas Wednesday and Thursday
By Sara Peters Senior Editor at Dark Reading, 8/3/2015
Comment3 comments  |  Read  |  Post a Comment
Breaking Honeypots For Fun And Profit
Gadi Evron,  CEO & founder, CymmetriaCommentary
As a concept, honeypots can be a powerful tool for detecting malware. But in the emerging field of cyber deception, they’re not up to the task of fooling attackers and getting our hands on their resources.
By By Gadi Evron, CEO & founder, Cymmetria , 8/3/2015
Comment3 comments  |  Read  |  Post a Comment
GM Vehicles Can Be Located, Unlocked, Started Remotely Via OnStar App
Jai Vijayan, Freelance writerNews
White Hat hacker Samy Kamkar’s OwnStart device latest to show up vulnerabilities in modern vehicles
By Jai Vijayan Freelance writer, 7/31/2015
Comment1 Comment  |  Read  |  Post a Comment
Study Reveals the Most Common Attack Methods of Data Thieves
Raja Patel, Vice President and General Manager of Network Security at Intel Security
Learning more about your attackers helps to improve your security profile and reduce the possibility of a breach.
By Raja Patel Vice President and General Manager of Network Security at Intel Security, 7/30/2015
Comment1 Comment  |  Read  |  Post a Comment
From Russia With Love: A Slew of New Hacker Capabilities and Services
Jai Vijayan, Freelance writerNews
A review of the Russian underground by Trend Micro reveals it to be the world’s most sophisticated.
By Jai Vijayan Freelance writer, 7/30/2015
Comment0 comments  |  Read  |  Post a Comment
Anthem Breach Linked To Black Vine Group & Beijing InfoSec Firm
Sara Peters, Senior Editor at Dark ReadingNews
Health insurer's breach of 80 million records attributed to 'well-resourced cyberespionage group' Black Vine. Could they also be behind breaches at OPM and United Airlines?
By Sara Peters Senior Editor at Dark Reading, 7/29/2015
Comment0 comments  |  Read  |  Post a Comment
Can't Touch This: 'Hammertoss' Russian Cyberspies Hide In Plain Sight
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
APT29 cyber espionage attackers operate under the cover of legitimate services including Twitter, Github, and cloud storage services.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/29/2015
Comment3 comments  |  Read  |  Post a Comment
Code Theft: Protecting IP At The Source
Anna Chiang, Technical Marketing Manager, Perforce SoftwareCommentary
Your corporate assets are at risk and every day that you avoid taking action shortens the time until your IP will be leaked. Here are six steps toward better data security.
By Anna Chiang Technical Marketing Manager, Perforce Software, 7/29/2015
Comment2 comments  |  Read  |  Post a Comment
Phishing Attacks Drive Spike In DNS Threat
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Nearly 75% jump in phishing helped propel DNS abuse in the second quarter of this year.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/27/2015
Comment0 comments  |  Read  |  Post a Comment
The First 24 Hours In The Wake Of A Data Breach
Stephen Treglia, JD, HCISPP, Legal Counsel & HIPAA Compliance Officer- Investigations, Absolute SoftwareCommentary
There is a direct correlation between how quickly an organization can identify and contain a data breach and the financial consequences that may result.
By Stephen Treglia JD, HCISPP, Legal Counsel & HIPAA Compliance Officer- Investigations, Absolute Software, 7/27/2015
Comment0 comments  |  Read  |  Post a Comment
Car Hacking Shifts Into High Gear
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers now have proven you can hack a car remotely, and at Black Hat USA will share most -- but not all -- of the details on how they did it.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/23/2015
Comment11 comments  |  Read  |  Post a Comment
Angler Climbing To Top Of Exploit Heap
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Exploit kit dominates the field, making up 82 percent of all exploit kits currently used.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/22/2015
Comment0 comments  |  Read  |  Post a Comment
Arrests Made In JPMorgan Hack, Securities Fraud Scheme
Dark Reading Staff, Quick Hits
Four individuals arrested in Israel and Florida, one more at large, according to report.
By Dark Reading Staff , 7/21/2015
Comment0 comments  |  Read  |  Post a Comment
Detection: A Balanced Approach For Mitigating Risk
Joshua Goldfarb, VP & CTO - Americas, FireEye.Commentary
Only detection and response can complete the security picture that begins with prevention.
By Joshua Goldfarb VP & CTO - Americas, FireEye., 7/21/2015
Comment0 comments  |  Read  |  Post a Comment
Time’s Running Out For The $76 Billion Detection Industry
Simon Crosby, Co-founder & CTO, BromiumCommentary
The one strategy that can deliver the needle to the security team without the haystack is prevention.
By Simon Crosby Co-founder & CTO, Bromium, 7/21/2015
Comment3 comments  |  Read  |  Post a Comment
6 Ex-Employees Questioned About Hacking Team Breach, Prior Leak
Sara Peters, Senior Editor at Dark ReadingNews
Japanese targets also getting hit with leaked Flash zero-day exploits, and Hacking Team reportedly worked on drone-based WiFi surveillance tools.
By Sara Peters Senior Editor at Dark Reading, 7/20/2015
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: good one 
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3439
Published: 2015-08-05
Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as demonst...

CVE-2001-1594
Published: 2015-08-04
GE Healthcare eNTEGRA P&R has a password of (1) entegra for the entegra user, (2) passme for the super user of the Polestar/Polestar-i Starlink 4 upgrade, (3) 0 for the entegra user of the Codonics printer FTP service, (4) eNTEGRA for the eNTEGRA P&R user account, (5) insite for the WinVNC Login, an...

CVE-2002-2445
Published: 2015-08-04
GE Healthcare Millennium MG, NC, and MyoSIGHT has a default password of (1) root.genie for the root user, (2) "service." for the service user, (3) admin.genie for the admin user, (4) reboot for the reboot user, and (5) shutdown for the shutdwon user, which has unspecified impact and attack vectors.

CVE-2002-2446
Published: 2015-08-04
GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite.genieacq for the insite account that cannot be changed without disabling product functionality for remote InSite support, which has unspecified impact and attack vectors.

CVE-2003-1603
Published: 2015-08-04
GE Healthcare Discovery VH has a default password of (1) interfile for the ftpclient user of the Interfile server or (2) "2" for the LOCAL user of the FTP server for the Codonics printer, which has unspecified impact and attack vectors.

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!