Attacks/Breaches
News & Commentary
The Internet's Winter Of Discontent
Paul Vixie, Chairman & CEO, Farsight Security, Inc.Commentary
The new great cybersecurity challenge in trying to sum up the most dangerous weaknesses in the worldís connected economy is that the hits just keep on coming.
By Paul Vixie Chairman & CEO, Farsight Security, Inc., 12/19/2014
Comment0 comments  |  Read  |  Post a Comment
Obama: U.S. Will Respond 'Proportionately' to Sony Cyber Attack
Brian Prince, Contributing Writer, Dark ReadingNews
President Obama says the United States will take action against North Korea in response to the cyber-attack on Sony.
By Brian Prince Contributing Writer, Dark Reading, 12/19/2014
Comment1 Comment  |  Read  |  Post a Comment
Vawtrak: Crimeware Made-To-Order
Sara Peters, Senior Editor at Dark ReadingQuick Hits
A compartmentalized botnet with a wide selection of specialized web injects makes it easier to attack bank accounts across the globe.
By Sara Peters Senior Editor at Dark Reading, 12/18/2014
Comment0 comments  |  Read  |  Post a Comment
5 Pitfalls to Avoid When Running Your SOC
Jeff Schilling, CSO, FirehostCommentary
The former head of the US Army Cyber Command SOC shares his wisdom and battle scars about playing offense not defense against attackers.
By Jeff Schilling CSO, Firehost, 12/18/2014
Comment2 comments  |  Read  |  Post a Comment
Sony Cancels Movie, US Confirms North Korea Involvement, But Were Bomb Threats Empty?
Sara Peters, Senior Editor at Dark ReadingNews
After the Sony hackers issue threats of physical violence and 9/11-style attacks, The Interview is being killed before it even premieres. But would the attackers have really blown up theaters?
By Sara Peters Senior Editor at Dark Reading, 12/17/2014
Comment8 comments  |  Read  |  Post a Comment
Millions Of Android Phones In China Have Backdoor
Jai Vijayan, Freelance writerNews
An Android backdoor is the topic of one of two advisories this week on mobile threats.
By Jai Vijayan Freelance writer, 12/17/2014
Comment0 comments  |  Read  |  Post a Comment
The New Target for State-Sponsored Cyber Attacks: Applications
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
Skilled hackers are now using simple web application vulnerabilities like SQL Injection to take over database servers. Are you prepared to defend against this new type of threat actor?
By Jeff Williams CTO, Aspect Security & Contrast Security, 12/17/2014
Comment1 Comment  |  Read  |  Post a Comment
2014's Top Malware: Less Money, Mo' Problems
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Here are the five most active malware packages to give attackers a huge ROI on a small investment.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/16/2014
Comment0 comments  |  Read  |  Post a Comment
Sony Warns Media About Disclosure, Staff About Fraud, 'Bond' Fans About Spoilers
Sara Peters, Senior Editor at Dark ReadingQuick Hits
A wrapup of the latest Sony attack fallout.
By Sara Peters Senior Editor at Dark Reading, 12/16/2014
Comment1 Comment  |  Read  |  Post a Comment
2014: The Year of Privilege Vulnerabilities
Marc Maiffret, CTO, BeyondTrustCommentary
Of the 30 critical-rated Microsoft Security Bulletins this year, 24 involved vulnerabilities where the age-old best practice of "least privilege" could limit the impact of malware and raise the bar of difficulty for attackers.
By Marc Maiffret CTO, BeyondTrust, 12/16/2014
Comment0 comments  |  Read  |  Post a Comment
Price Tag Rises For Stolen Identities Sold In The Underground
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
What cybercriminals now charge for stolen identities, counterfeit identities, hacking tutorials, DDoS, and other services.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/15/2014
Comment4 comments  |  Read  |  Post a Comment
Ekoparty Isnít The Next Defcon (& It Doesnít Want To Be)
Andrew Ford, Developer, BugcrowdCommentary
Unlike American security conferences that offer a buffet of merchandise, meals, and drinks, Ekoparty, in Buenos Aires, is every bit as functional -- with a little less fluff.
By Andrew Ford Developer, Bugcrowd, 12/15/2014
Comment0 comments  |  Read  |  Post a Comment
Attackers Turn Focus To PoS Vendors
Brian Prince, Contributing Writer, Dark ReadingNews
The recently reported attack on Charge Anywhere puts the payment solutions provider on a list of PoS vendors attacked this year.
By Brian Prince Contributing Writer, Dark Reading, 12/12/2014
Comment1 Comment  |  Read  |  Post a Comment
Cyber Security Practices Insurance Underwriters Demand
Natalie Lehr, Co-Founder & VP Analytics, TSC AdvantageCommentary
Insurance underwriters arenít looking for companies impervious to risk. They want clients that understand the threat landscape and have demonstrated abilities to mitigate attacks.
By Natalie Lehr Co-Founder & VP Analytics, TSC Advantage, 12/11/2014
Comment2 comments  |  Read  |  Post a Comment
4 Worst Government Data Breaches Of 2014
Jai Vijayan, Freelance writerNews
Government agency breaches pale in comparison to private sector companies' problems, but government did get hacked in 2014. Look at the four biggest incidents.
By Jai Vijayan Freelance writer, 12/11/2014
Comment0 comments  |  Read  |  Post a Comment
Smartphones Get Headlines, But Lax USB Security Is Just As Risky
Cam Roberson, Director Reseller Channel, Beachhead SolutionsCommentary
Most companies use no software to detect or secure sensitive data when it is moved to a USB flash drive, or even check USB drives for viruses or malware.
By Cam Roberson Director Reseller Channel, Beachhead Solutions, 12/10/2014
Comment7 comments  |  Read  |  Post a Comment
Healthcare Security In 2015: 9 Hotspots
Alison Diana, Senior Editor
With data breaches growing, 2015 promises to be the healthcare industry's most challenging security year yet. These nine areas demand attention in 2015.
By Alison Diana Senior Editor, 12/10/2014
Comment4 comments  |  Read  |  Post a Comment
Internet Of Things: 3 Holiday Gifts That Will Keep CISOs Up At Night
Chris Rouland, Founder & CEO, BastilleCommentary
If you think BYOD policies will protect your infrastructure from the January influx of mobile hotspots, fitness trackers, and Bluetooth, think again.
By Chris Rouland Founder & CEO, Bastille, 12/9/2014
Comment7 comments  |  Read  |  Post a Comment
3 Steps To Solidifying Air-Gap Security
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Your isolated systems may not be as secure from exfiltration or external control as you think.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/8/2014
Comment0 comments  |  Read  |  Post a Comment
Open Source Encryption Must Get Smarter
Matt Little, VP Product Development, PKWARECommentary
When it comes to cryptography, there are quite a few myths in the age-old debate about proprietary versus open source application security.
By Matt Little VP Product Development, PKWARE, 12/8/2014
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8142
Published: 2014-12-20
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys w...

CVE-2013-4440
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

CVE-2013-4442
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

CVE-2013-7401
Published: 2014-12-19
The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method.

CVE-2014-2026
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.