Attacks/Breaches
News & Commentary
IoT Flaw Discoveries Not Impactful--Yet
Ericka Chickowski, Contributing Writer, Dark ReadingNews
As flaws announced at Black Hat USA and elsewhere highlight IoT weaknesses, the impact of these vulns still remains low in the face of vast distribution. But that could change with market consolidation.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/6/2015
Comment0 comments  |  Read  |  Post a Comment
In The Cyber Realm, Letís Be Knights Not Blacksmiths
Jeff Schilling, CSO, FirehostCommentary
Why the Internet of Things is our chance to finally get information security right.
By Jeff Schilling CSO, Firehost, 7/2/2015
Comment2 comments  |  Read  |  Post a Comment
Franchising Ransomware
Vincent Weafer, Senior Vice President, Intel Security
Ransomware-as-a-service is fueling cyberattacks. Is your organization prepared?
By Vincent Weafer Senior Vice President, Intel Security, 7/1/2015
Comment2 comments  |  Read  |  Post a Comment
Securing Critical Infrastructure
Lorie Wigle, Vice President, General Manager IOT Security Solutions, Intel Security Group
Protecting the Industrial Internet of Things from cyberthreats is a national priority.
By Lorie Wigle Vice President, General Manager IOT Security Solutions, Intel Security Group, 6/30/2015
Comment1 Comment  |  Read  |  Post a Comment
Clever CryptoWall Spreading Via New Attacks
Sara Peters, Senior Editor at Dark ReadingNews
Top ransomware doesn't waste time jumping on the latest Flash zero-day, and hops rides on click fraud campaigns, too.
By Sara Peters Senior Editor at Dark Reading, 6/29/2015
Comment4 comments  |  Read  |  Post a Comment
Social Engineering & Black Hat: Do As I Do Not As I Say
Tal Klein, VP Strategy, Lakeside Software.Commentary
Yes, I will be at Black Hat, where people will yell at me about NOT giving my PII to anyone, especially if they ask me for it via email.
By Tal Klein VP Strategy, Lakeside Software., 6/29/2015
Comment3 comments  |  Read  |  Post a Comment
3 Simple Steps For Minimizing Ransomware Exposure
Michelle Drolet, Founder, TowerwallCommentary
If your data is important enough to pay a ransom, why wasn't it important enough to properly backup and protect in the first place?
By Michelle Drolet Founder, Towerwall, 6/26/2015
Comment0 comments  |  Read  |  Post a Comment
Stealthy Fobber Malware Takes Anti-Analysis To New Heights
Sara Peters, Senior Editor at Dark ReadingNews
Built off the Tinba banking Trojan and distributed through the elusive HanJuan exploit kit, Fobber info-stealer defies researchers with layers upon layers of encryption.
By Sara Peters Senior Editor at Dark Reading, 6/25/2015
Comment0 comments  |  Read  |  Post a Comment
FireEye Report Prompts Reported SEC Probe Of FIN4 Hacking Gang
Jai Vijayan, Freelance writerNews
Security vendor's report from last year had warned about group targeting insider data from illegal trading.
By Jai Vijayan Freelance writer, 6/25/2015
Comment0 comments  |  Read  |  Post a Comment
Linux Foundation Funds Internet Security Advances
Charles Babcock, Editor at Large, CloudNews
The Linux Foundation's Core Infrastructure Initiative has selected three security-oriented projects to receive a total of $500,000 in funding.
By Charles Babcock Editor at Large, Cloud, 6/25/2015
Comment2 comments  |  Read  |  Post a Comment
Breach Defense Playbook: Cybersecurity Governance
Ryan Vela  , Regional Director, Fidelis Cybersecurity
Time to leave the island: Integrate cybersecurity into your risk management strategy.
By Ryan Vela Regional Director, Fidelis Cybersecurity, 6/25/2015
Comment1 Comment  |  Read  |  Post a Comment
Breach Defense Playbook: Incident Response Readiness (Part 2)
Ryan Vela  , Regional Director, Fidelis Cybersecurity
Will your incident response plan work when a real-world situation occurs?
By Ryan Vela Regional Director, Fidelis Cybersecurity, 6/24/2015
Comment0 comments  |  Read  |  Post a Comment
User Monitoring Not Keeping Up With Risk Managers' Needs
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Biggest concern is negligence, but monitoring capabilities can't detect this type of activity within most applications.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/24/2015
Comment0 comments  |  Read  |  Post a Comment
FBI: CryptoWall Ransomware Cost US Users $18 Million
Sara Peters, Senior Editor at Dark ReadingNews
Increasing pace of ransomware innovation likely to keep that number going up.
By Sara Peters Senior Editor at Dark Reading, 6/24/2015
Comment0 comments  |  Read  |  Post a Comment
The Secret Of War Lies In The Communications --Napoleon
Torry Campbell, Chief Technical Officer of Endpoint and Management at Intel Security
DXL helps organizations keep an eye on external and internal threats using relevant information in real time.
By Torry Campbell Chief Technical Officer of Endpoint and Management at Intel Security, 6/24/2015
Comment0 comments  |  Read  |  Post a Comment
Why China Wants Your Sensitive Data
Adam Meyers, VP of Intelligence, CrowdStrikeCommentary
Since May 2014, the Chinese government has been amassing a 'Facebook for human intelligence.' Here's what it's doing with the info.
By Adam Meyers VP of Intelligence, CrowdStrike, 6/24/2015
Comment17 comments  |  Read  |  Post a Comment
Banks Targeted By Hackers Three Times More Than Other Sectors
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Active targeted attacks on financial services firms in quest for lucrative data -- and of course, money.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/23/2015
Comment3 comments  |  Read  |  Post a Comment
Breach Defense Playbook: Incident Response Readiness (Part 1)
Ryan Vela  , Regional Director, Fidelis Cybersecurity
Will your incident response plan work when a real-world situation occurs?
By Ryan Vela Regional Director, Fidelis Cybersecurity, 6/23/2015
Comment0 comments  |  Read  |  Post a Comment
Report: NSA, GCHQ Actively Targeted Kaspersky Lab, Other Security Vendors
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Snowden documents reveal government intelligence agencies were working to subvert security software. Kaspersky Lab calls nation-states' targeting of security companies 'extremely worrying.'
By Sara Peters Senior Editor at Dark Reading, 6/22/2015
Comment0 comments  |  Read  |  Post a Comment
What You Probably Missed In Verizon's Latest DBIR
Kelly Jackson Higgins, Executive Editor at Dark ReadingCommentary
Tune in to Dark Reading Radio at 1pm ET/11am Pacific on Wednesday, June 24, when Verizon Data Breach Investigations Report co-author Marc Spitler discusses some of the possibly lesser-noticed nuggets in the industry's popular report on real-world attacks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/22/2015
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3653
Published: 2015-07-06
Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template.

CVE-2014-9737
Published: 2015-07-06
Open redirect vulnerability in the Language Switcher Dropdown module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a block.

CVE-2014-9738
Published: 2015-07-06
Multiple cross-site scripting (XSS) vulnerabilities in the Tournament module 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via an (1) account username, a (2) node title, or a (3) team entity title.

CVE-2014-9739
Published: 2015-07-06
Cross-site scripting (XSS) vulnerability in the Node Field module 7.x-2.x before 7.x-2.45 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors involving internal fields.

CVE-2014-9740
Published: 2015-07-06
Cross-site scripting (XSS) vulnerability in the Rules Link module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer rules links" permission to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in the (1) question and (2...

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report