Attacks/Breaches
News & Commentary
Killing Passwords: Don’t Get A-Twitter Over ‘Digits’
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Twitter’s new service that eliminates passwords for authentication actually makes your mobile device less secure.
By Dave Kearns Analyst, Kuppinger-Cole, 11/19/2014
Comment3 comments  |  Read  |  Post a Comment
The Rise Of The Resilient Mobile Botnet
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New report on what researchers call one of the 'most sophisticated mobile botnets online' shows how profitable mobile malware has become.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/19/2014
Comment0 comments  |  Read  |  Post a Comment
'Misdial Trap' Phone Scam Hits Financial Services
Sara Peters, Senior Editor at Dark ReadingQuick Hits
One in six financial institutions victimized by this new scam.
By Sara Peters Senior Editor at Dark Reading, 11/18/2014
Comment2 comments  |  Read  |  Post a Comment
State Dept. Breach Heightens Concerns Over Resilience Of Government Networks
Jai Vijayan, Freelance writerNews
The department is the fourth federal entity in recent weeks to disclose a data breach.
By Jai Vijayan Freelance writer, 11/18/2014
Comment6 comments  |  Read  |  Post a Comment
Deconstructing the Cyber Kill Chain
Giora Engel, VP Product & Strategy, LightCyberCommentary
As sexy as it is, the Cyber Kill Chain model can actually be detrimental to network security because it reinforces old-school, perimeter-focused, malware-prevention thinking.
By Giora Engel VP Product & Strategy, LightCyber, 11/18/2014
Comment4 comments  |  Read  |  Post a Comment
The Year Of The Retailer Data Breach
Kelly Jackson Higgins, Executive Editor at Dark Reading
This year's wave of attacks was more dramatic in its widespread scope and seemingly constant battering of more than a dozen big box chains.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/17/2014
Comment3 comments  |  Read  |  Post a Comment
Why Cyber Security Starts At Home
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
Even the grandmas on Facebook need to know and practice basic security hygiene, because what happens anywhere on the Internet can eventually affect us all.
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 11/17/2014
Comment13 comments  |  Read  |  Post a Comment
'Bashlite' Malware Leverages ShellShock In BusyBox Attack
Brian Prince, Contributing Writer, Dark ReadingNews
A new version of Bashlite aims to get control of devices running on BusyBox, such as routers.
By Brian Prince Contributing Writer, Dark Reading, 11/14/2014
Comment4 comments  |  Read  |  Post a Comment
NOAA Blames China In Hack, Breaks Disclosure Rules
Sara Peters, Senior Editor at Dark ReadingNews
The National Oceanic and Atmospheric Administration finally confirms that four websites were attacked and taken down in September, but details are sketchy and officials want answers.
By Sara Peters Senior Editor at Dark Reading, 11/13/2014
Comment2 comments  |  Read  |  Post a Comment
Time To Turn The Tables On Attackers
Amit Yoran, President, RSACommentary
As a security industry, we need to arm business with innovative technologies that provide visibility, analysis, and action to prevent inevitable breaches from causing irreparable damage.
By Amit Yoran President, RSA, 11/13/2014
Comment5 comments  |  Read  |  Post a Comment
Retail Hacking: What To Expect This Holiday Season
Kelly Jackson Higgins, Executive Editor at Dark ReadingCommentary
The next Dark Reading Radio episode on Nov. 19 at 1PM ET (10AM PT) features retail security experts from Mandiant and the retail industry.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/13/2014
Comment3 comments  |  Read  |  Post a Comment
The Enemy Who Is Us: DoD Puts Contractors On Notice For Insider Threats
Adam Firestone, President & GM, Kaspersky Government Security SolutionsCommentary
New rule requires US government contractors to gather and report information on insider threat activity on classified networks.
By Adam Firestone President & GM, Kaspersky Government Security Solutions, 11/13/2014
Comment5 comments  |  Read  |  Post a Comment
Expired Antivirus Software No. 1 Cause Of Unprotected Windows 8 PCs
Jai Vijayan, Freelance writerNews
New data from Microsoft shows that nearly 10% of Windows 8 users are running expired AV software on their systems, making them four times more likely to get infected.
By Jai Vijayan Freelance writer, 11/13/2014
Comment2 comments  |  Read  |  Post a Comment
POS Malware Continues To Evolve
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New report out today details three prevalent families.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/11/2014
Comment7 comments  |  Read  |  Post a Comment
Stuxnet 'Patient Zero' Attack Targets Revealed
Sara Peters, Senior Editor at Dark ReadingNews
Researchers name five Iranian industrial control systems companies attacked in 2009-2010, and they question whether USB sticks were really the method of infection.
By Sara Peters Senior Editor at Dark Reading, 11/11/2014
Comment5 comments  |  Read  |  Post a Comment
US Postal Service Suspends Telecommuting Following Massive Data Breach
Jai Vijayan, Freelance writerNews
Employee VPN taken down -- will not be restored until more secure version can be installed, Postal Service says after breach exposes data on 800,000 employees and 2.9 million customers.
By Jai Vijayan Freelance writer, 11/11/2014
Comment4 comments  |  Read  |  Post a Comment
‘Walk & Stalk’: A New Twist In Cyberstalking
Ken Munro,  Partner & Founder, Pen Test Partners LLPCommentary
How hackers can turn Wifi signals from smartphones and tablets into a homing beacon that captures users' online credentials and follows them, undetected, throughout the course of the day.
By Ken Munro Partner & Founder, Pen Test Partners LLP, 11/11/2014
Comment4 comments  |  Read  |  Post a Comment
The Staggering Complexity of Application Security
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
During the past few decades of high-speed coding we have automated our businesses so fast that we are now incapable of securing what we have built.
By Jeff Williams CTO, Aspect Security & Contrast Security, 11/10/2014
Comment6 comments  |  Read  |  Post a Comment
Disaster Recovery In The APT Age
Michael Cobb, Founder, Cobweb ApplicationsNews
Does your resiliency plan take into account both natural disasters and man-made mayhem? If the CISO hasn't signed off, assume the answer is no.
By Michael Cobb , 11/7/2014
Comment0 comments  |  Read  |  Post a Comment
New Details Of Home Depot Attack Reminiscent Of Target's Breach
Jai Vijayan, Freelance writerNews
A massive payment card breach this year resulted when hackers gained access to its network using a third-party vendor's login, the retailer says, and 53 million email accounts were exposed.
By Jai Vijayan Freelance writer, 11/7/2014
Comment4 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2382
Published: 2014-11-20
The DfDiskLo.sys driver in Faronics Deep Freeze Standard and Enterprise 8.10 and earlier allows local administrators to cause a denial of service (crash) and execute arbitrary code via a crafted IOCTL request that writes to arbitrary memory locations, related to the IofCallDriver function.

CVE-2014-3625
Published: 2014-11-20
Directory traversal vulnerability in Pivitol Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.

CVE-2014-8387
Published: 2014-11-20
cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi.

CVE-2014-8493
Published: 2014-11-20
ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1.

CVE-2014-8767
Published: 2014-11-20
Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?