Attacks/Breaches
News & Commentary
'Energetic' Bear Under The Microscope
Kelly Jackson Higgins, Senior Editor, Dark ReadingQuick Hits
Kaspersky Lab report finds more industries hit by the infamous cyber espionage campaign -- and evidence pointing to French and Swedish-speaking attackers as well as Eastern European ones.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/31/2014
Comment6 comments  |  Read  |  Post a Comment
USB Hardware Easily Subverted, Researchers Claim
Thomas Claburn, Editor-at-LargeCommentary
Security researchers say they can reprogram USB controller chips to hijack USB devices and connected computers.
By Thomas Claburn Editor-at-Large, 7/31/2014
Comment10 comments  |  Read  |  Post a Comment
InfoSecís Holy Grail: Data Sharing & Collaboration
Levi Gundert, Technical Lead, Cisco Threat Research, Analysis, and Communications (TRAC)Commentary
Despite all the best intentions, cooperation around Internet security is still a work in progress. Case in point: Microsoftís unilateral action against No-IP.
By Levi Gundert Technical Lead, Cisco Threat Research, Analysis, and Communications (TRAC), 7/31/2014
Comment0 comments  |  Read  |  Post a Comment
Phishing: What Once Was Old Is New Again
Dave Kearns, Analyst, Kuppinger-ColeCommentary
I used to think the heyday of phishing had passed. But as Symantec notes in its 2014 Internet Security Threat Report, I was wrong!
By Dave Kearns Analyst, Kuppinger-Cole, 7/30/2014
Comment11 comments  |  Read  |  Post a Comment
The Perfect InfoSec Mindset: Paranoia + Skepticism
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
A little skeptical paranoia will ensure that you have the impulse to react quickly to new threats while retaining the logic to separate fact from fiction.
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 7/29/2014
Comment6 comments  |  Read  |  Post a Comment
Internet of Things: 4 Security Tips From The Military
Michael K. Daly, CTO, Cybersecurity & Special Missions, Raytheon Intelligence, Information & ServicesCommentary
The military has been connecting mobile command posts, unmanned vehicles, and wearable computers for decades. Itís time to take a page from their battle plan.
By Michael K. Daly CTO, Cybersecurity & Special Missions, Raytheon Intelligence, Information & Services, 7/25/2014
Comment13 comments  |  Read  |  Post a Comment
Cyber Attacks Happen: Build Resilient Systems
Rutrell Yasin, Freelance WriterCommentary
You can't stop all attacks or build the perfect defense system. The higher-level objective is resilience.
By Rutrell Yasin , 7/25/2014
Comment9 comments  |  Read  |  Post a Comment
Travel Agency Fined £150,000 For Violating Data Protection Act
Sara Peters, News
That'll teach them not to retain credit card data in perpetuity.
By Sara Peters , 7/24/2014
Comment1 Comment  |  Read  |  Post a Comment
Passwords Be Gone! Removing 4 Barriers To Strong Authentication
Phillip M. Dunkelberger, President & CEO, Nok Nok LabsCommentary
As biometric factors become more prevalent on mobile devices, FIDO Alliance standards will gain traction as an industry-wide authentication solution.
By Phillip M. Dunkelberger President & CEO, Nok Nok Labs, 7/24/2014
Comment9 comments  |  Read  |  Post a Comment
7 Arrested, 3 More Indicted For Roles In Cyber Fraud Ring That Stung StubHub
Sara Peters, News
Arrests made in New York state, London, Toronto, and Spain for money laundering, grand larceny, and using StubHub customers' credit cards to buy and sell 3,500 e-tickets to prime events.
By Sara Peters , 7/23/2014
Comment3 comments  |  Read  |  Post a Comment
RAM Scraper Malware: Why PCI DSS Can't Fix Retail
Brian Riley, Technical Director, Government Programs, Green Hills SoftwareCommentary
There is a gaping hole in the pre-eminent industry security standard aimed at protecting customers, credit card and personal data
By Brian Riley Technical Director, Government Programs, Green Hills Software, 7/23/2014
Comment8 comments  |  Read  |  Post a Comment
Dark Reading Radio: The Winners & Losers of Botnet Takedowns
Sara Peters, Commentary
Our guests are Cheri McGuire, VP of global government affairs and cyber security policy for Symantec, and Craig D. Spiezle, executive director and founder of the Online Trust Alliance.
By Sara Peters , 7/23/2014
Comment0 comments  |  Read  |  Post a Comment
Nigerian 419 Scammers Evolving Into Malware Pushers (But Not Very Good Ones)
Sara Peters, Quick Hits
"Silver Spaniel" attacks use commodity malware to damage others' security, but they aren't very good at protecting their own.
By Sara Peters , 7/22/2014
Comment10 comments  |  Read  |  Post a Comment
Hidden iOS Services Bypass Security
Thomas Claburn, Editor-at-LargeCommentary
A computer researcher asks why Apple allows undocumented services to bypass encryption and access user data.
By Thomas Claburn Editor-at-Large, 7/21/2014
Comment13 comments  |  Read  |  Post a Comment
Don't Overestimate EMV Protections, Underestimate Card Thief Sophistication
Ericka Chickowski, Contributing Writer, Dark ReadingNews
At Black Hat, an AccessData researcher will offer up a crash course in card payment tech and protections to root out security community misconceptions
By Ericka Chickowski Contributing Writer, Dark Reading, 7/21/2014
Comment2 comments  |  Read  |  Post a Comment
Internet of Things: Security For A World Of Ubiquitous Computing
Candace Worley, SVP & GM, Endpoint Security, McAfeeCommentary
Endpoint security is hardly dead, and claiming that it is oversimplifies the challenges corporations face now and in the not-very-distant future.
By Candace Worley SVP & GM, Endpoint Security, McAfee, 7/21/2014
Comment5 comments  |  Read  |  Post a Comment
CEO Report Card: Low Grades for Risk Management
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Dark Reading's latest community poll shows a stunning lack of confidence in chief execs' commitment to cyber security.
By Marilyn Cohodas Community Editor, Dark Reading, 7/18/2014
Comment12 comments  |  Read  |  Post a Comment
Government-Grade Stealth Malware In Hands Of Criminals
Sara Peters, News
"Gyges" can be bolted onto other malware to hide it from anti-virus, intrusion detection systems, and other security tools.
By Sara Peters , 7/17/2014
Comment13 comments  |  Read  |  Post a Comment
Website Hacks Dropped During World Cup Final
Kelly Jackson Higgins, Senior Editor, Dark ReadingQuick Hits
Hackers apparently took time off to watch the Germany-Argentina title match of the 2014 FIFA World Cup.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/17/2014
Comment15 comments  |  Read  |  Post a Comment
A New Age in Cyber Security: Public Cyberhealth
Brian Foster, CTO, DamballaCommentary
The cleanup aimed at disrupting GameOver Zeus and CryptoLocker offers an instructive template for managing mass cyber infections.
By Brian Foster CTO, Damballa, 7/17/2014
Comment5 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
Microsoft, No-IP, And The Need For Clarity
Microsoft, No-IP, And The Need For Clarity
The Microsoft vs. No-IP case highlights the need for clear standards of abuse handling and transparency on which service providers measure up.
Comment0 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0972
Published: 2014-08-01
The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to IOMMU context registers, which allows local users to select a custom page table, and consequently write ...

CVE-2014-2627
Published: 2014-08-01
Unspecified vulnerability in HP NonStop NetBatch G06.14 through G06.32.01, H06 through H06.28, and J06 through J06.17.01 allows remote authenticated users to gain privileges for NetBatch job execution via unknown vectors.

CVE-2014-3009
Published: 2014-08-01
The GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.0 through 11.0 and InfoSphere Master Data Management Server for Product Information Management 9.0 and 9.1 does not properly handle FRAME elements, which makes it easier for remote authenticated users to conduct ph...

CVE-2014-3302
Published: 2014-08-01
user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does not properly implement the token timer for authenticated encryption, which allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCuj81708.

CVE-2014-3534
Published: 2014-08-01
arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a c...

Best of the Web
Dark Reading Radio