Attacks/Breaches
News & Commentary
Hits Keep On Coming For Both SSL & Its Abusers
Dark Reading Staff, Quick Hits
Hacktivist group Lizard Squad punishes Lenovo with a DNS hijack. Will Comodo be next?
By Dark Reading Staff , 2/26/2015
Comment0 comments  |  Read  |  Post a Comment
'Shadow' Cloud Services Rampant In Government Networks
Jai Vijayan, Freelance writerNews
Survey finds public sector employees use unmanaged cloud services just as much as private employees.
By Jai Vijayan Freelance writer, 2/26/2015
Comment1 Comment  |  Read  |  Post a Comment
How To Reduce Spam & Phishing With DMARC
Daniel Ingevaldson, CTO, Easy SolutionsCommentary
Providers of more than 3 billion email boxes have taken up a new Internet protocol to help put trust back into electronic messaging.
By Daniel Ingevaldson CTO, Easy Solutions, 2/26/2015
Comment0 comments  |  Read  |  Post a Comment
Millions Of Non-Anthem Customers Also Hit By Anthem Breach
Dark Reading Staff, Quick Hits
Blue Cross Blue Shield customers -- as many as 8.8 to 18.8 million of them -- might have also had their data compromised.
By Dark Reading Staff , 2/25/2015
Comment3 comments  |  Read  |  Post a Comment
Ramnit Botnet Disrupted By International Public-Private Collaboration
Sara Peters, Senior Editor at Dark ReadingNews
Europol leads the effort to bring down the bank credential-stealing botnet that infected 3.2 million computers across the globe.
By Sara Peters Senior Editor at Dark Reading, 2/25/2015
Comment0 comments  |  Read  |  Post a Comment
Gemalto: NSA, GCHQ May Have Been Behind Breaches It Suffered In 2010 And 2011
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
But the 'sophisticated' attacks hit only Gemalto office networks--not 'massive theft' of SIM crypto keys, vendor says, and such an attack, if waged, would only affect 2G networks, not 3G or 4G.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/25/2015
Comment3 comments  |  Read  |  Post a Comment
Customers Aren’t the Only Victims: 5 Stages Of Data Breach Grief
Ricky Link, Managing Director, Coalfire Systems, Southwest RegionCommentary
What can we learn from organizations that have experienced a data beach? For one thing, infosec teams on the front lines of cyber security are also victims.
By Ricky Link Managing Director, Coalfire Systems, Southwest Region, 2/25/2015
Comment2 comments  |  Read  |  Post a Comment
Medical Identity Theft Costs Victims $13,450 Apiece
Sara Peters, Senior Editor at Dark ReadingNews
New study shows not only is medical identity fraud costly for individuals, it's happening a lot more often.
By Sara Peters Senior Editor at Dark Reading, 2/24/2015
Comment6 comments  |  Read  |  Post a Comment
7 Things You Should Know About Secure Payment Technology
Sara Peters, Senior Editor at Dark Reading
Despite the existence of EMV and Apple Pay, we're a long way from true payment security, especially in the US.
By Sara Peters Senior Editor at Dark Reading, 2/24/2015
Comment13 comments  |  Read  |  Post a Comment
Cybercrime, Cyber Espionage Tactics Converge
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Real-world cyberattack investigations by incident response firm Mandiant highlight how hackers are adapting to better achieve their goals.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/24/2015
Comment3 comments  |  Read  |  Post a Comment
From Hacking Systems To Hacking People
Larry Ponemon, Chairman & Founder, Ponemon InstituteCommentary
New low-tech attack methods like ‘visual hacking’ demand an information security environment that values data privacy and a self-policing culture.
By Larry Ponemon Chairman & Founder, Ponemon Institute, 2/24/2015
Comment6 comments  |  Read  |  Post a Comment
DOJ R&D Agency Awards Grants For Speedier Digital Forensics
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The US Department of Justice's National Institute of Justice is funding new incident response technology to assist law enforcement.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/23/2015
Comment0 comments  |  Read  |  Post a Comment
Blackhat, The Movie: Good, Bad & Ridiculous
Jeff Schmidt, Founder & CEO of JAS Global Advisors LLCCommentary
It didn’t take home an Oscar, but in some instances Blackhat was right on point. Still, a white-hat hacker with the skills to take out armed opponents?
By Jeff Schmidt Founder & CEO of JAS Global Advisors LLC, 2/23/2015
Comment2 comments  |  Read  |  Post a Comment
NSA, GCHQ Theft Of SIM Crypto Keys Raises Fresh Security Concerns
Jai Vijayan, Freelance writerNews
Pilfered SIM card encryption keys also could allow the spy agencies to deploy malicious Java applets or to send rogue SMS messages from fake cell towers, experts say.
By Jai Vijayan Freelance writer, 2/20/2015
Comment1 Comment  |  Read  |  Post a Comment
Video: Millennial Stereotypes, Bank Hacks & Drone Deliveries
Andrew Conry Murray, Director of Content & Community, InteropCommentary
This Week In 60 Seconds looks at unfair perceptions of Millennial Generation workers, billion-dollar bank heists, and why we want drones to make deliveries.
By Andrew Conry Murray Director of Content & Community, Interop, 2/20/2015
Comment1 Comment  |  Read  |  Post a Comment
Who Cares Who’s Behind A Data Breach?
Kerstyn Clover, Attack & Defense Team ConsultantCommentary
Attribution takes a long time, a lot of work, and a healthy dose of luck. But is it worth the effort?
By Kerstyn Clover Attack & Defense Team Consultant, 2/20/2015
Comment27 comments  |  Read  |  Post a Comment
Our Governments Are Making Us More Vulnerable
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
Stuxnet opened Pandora’s box and today state-sponsored cyber security policies continue to put us at risk. Here are three reasons why.
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 2/19/2015
Comment11 comments  |  Read  |  Post a Comment
Five Easiest Ways to Get Hacked – Part 1
Carric Dooley, WW VP of Foundstone Services, Intel Security
A conversation with principal security consultant Amit Bagree.
By Carric Dooley WW VP of Foundstone Services, Intel Security, 2/18/2015
Comment0 comments  |  Read  |  Post a Comment
Russian Hacker Who Hit Heartland, NASDAQ, Extradited To US
Sara Peters, Senior Editor at Dark ReadingNews
Vladimir Drinkman, cohort of Albert Gonzalez, appears before US federal court after arrest and extradition by Dutch authorities.
By Sara Peters Senior Editor at Dark Reading, 2/18/2015
Comment2 comments  |  Read  |  Post a Comment
How We Can Prevent Another Anthem Breach
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Two things could have mitigated the damage and maybe even prevented any loss at all: behavioral analysis and context-aware access control.
By Dave Kearns Analyst, Kuppinger-Cole, 2/18/2015
Comment18 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-2086
Published: 2015-02-26
Cross-site scripting (XSS) vulnerability in the live preview in the Panopoly Magic module before 7.x-1.17 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a pane title.

CVE-2015-2087
Published: 2015-02-26
Unrestricted file upload vulnerability in the Avatar Uploader module before 6.x-1.3 for Drupal allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via unspecified vectors.

CVE-2015-2088
Published: 2015-02-26
Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Term Queue module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CVE-2015-2089
Published: 2015-02-26
Multiple cross-site request forgery (CSRF) vulnerabilities in the CrossSlide jQuery (crossslide-jquery-plugin-for-wordpress) plugin 2.0.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (...

CVE-2015-2090
Published: 2015-02-26
SQL injection vulnerability in the ajax_survey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for Wordpress allows remote attackers to execute arbitrary SQL commands via the survey_id parameter in an ajax_survey action to wp-admin/admin-ajax.php.

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.