Attacks/Breaches
News & Commentary
Phishing Attacks Drive Spike In DNS Threat
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Nearly 75% jump in phishing helped propel DNS abuse in the second quarter of this year.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/27/2015
Comment0 comments  |  Read  |  Post a Comment
The First 24 Hours In The Wake Of A Data Breach
Stephen Treglia, JD, HCISPP, Legal Counsel & HIPAA Compliance Officer- Investigations, Absolute SoftwareCommentary
There is a direct correlation between how quickly an organization can identify and contain a data breach and the financial consequences that may result.
By Stephen Treglia JD, HCISPP, Legal Counsel & HIPAA Compliance Officer- Investigations, Absolute Software, 7/27/2015
Comment0 comments  |  Read  |  Post a Comment
Car Hacking Shifts Into High Gear
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers now have proven you can hack a car remotely, and at Black Hat USA will share most -- but not all -- of the details on how they did it.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/23/2015
Comment11 comments  |  Read  |  Post a Comment
Angler Climbing To Top Of Exploit Heap
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Exploit kit dominates the field, making up 82 percent of all exploit kits currently used.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/22/2015
Comment0 comments  |  Read  |  Post a Comment
Arrests Made In JPMorgan Hack, Securities Fraud Scheme
Dark Reading Staff, Quick Hits
Four individuals arrested in Israel and Florida, one more at large, according to report.
By Dark Reading Staff , 7/21/2015
Comment0 comments  |  Read  |  Post a Comment
Detection: A Balanced Approach For Mitigating Risk
Joshua Goldfarb, VP & CTO - Americas, FireEye.Commentary
Only detection and response can complete the security picture that begins with prevention.
By Joshua Goldfarb VP & CTO - Americas, FireEye., 7/21/2015
Comment0 comments  |  Read  |  Post a Comment
Time’s Running Out For The $76 Billion Detection Industry
Simon Crosby, Co-founder & CTO, BromiumCommentary
The one strategy that can deliver the needle to the security team without the haystack is prevention.
By Simon Crosby Co-founder & CTO, Bromium, 7/21/2015
Comment2 comments  |  Read  |  Post a Comment
6 Ex-Employees Questioned About Hacking Team Breach, Prior Leak
Sara Peters, Senior Editor at Dark ReadingNews
Japanese targets also getting hit with leaked Flash zero-day exploits, and Hacking Team reportedly worked on drone-based WiFi surveillance tools.
By Sara Peters Senior Editor at Dark Reading, 7/20/2015
Comment0 comments  |  Read  |  Post a Comment
How I Learned To Love Active Defense
John Strand, SANS Senior Instructor & Owner, Black Hills Information SecurityCommentary
Yes, traditional cyber defenses can be effective. They just need to be a little more active.
By John Strand SANS Senior Instructor & Owner, Black Hills Information Security, 7/20/2015
Comment1 Comment  |  Read  |  Post a Comment
Spam Hits 12-Year Low, Symantec Report Finds
Larry Loeb, Blogger, InformationweekCommentary
While cyber-attacks grab all the headlines, the amount of spam hitting the in-boxes of the corporate world is actually at its lowest level in 12 years, according to Symantec.
By Larry Loeb Blogger, Informationweek, 7/18/2015
Comment4 comments  |  Read  |  Post a Comment
The Insiders: A Rogues Gallery
Mike Tierney, COO, SpectorSoftCommentary
You can defend against an insider threat if you know where to look.
By Mike Tierney COO, SpectorSoft, 7/16/2015
Comment0 comments  |  Read  |  Post a Comment
4 Lasting Impacts Of The Hacking Team Leaks
Sara Peters, Senior Editor at Dark ReadingNews
Doxing attack against Italian surveillance company put some nasty tools in the hands of attackers and might be the final nail in the coffin for Adobe Flash.
By Sara Peters Senior Editor at Dark Reading, 7/15/2015
Comment7 comments  |  Read  |  Post a Comment
Notorious Cybercrime Underground Forum Infiltrated By FBI And Shut Down
Dark Reading Staff, Quick Hits
International law enforcement operation shutters Darkode underground cybercrime forum, leads to charges, arrests, searches of 70 members worldwide.
By Dark Reading Staff , 7/15/2015
Comment0 comments  |  Read  |  Post a Comment
The End Of Whac-A-Mole: From Incident Response To Strategic Intelligence
Rick Howard, CSO, Palo Alto NetworksCommentary
In the face of mounting cybercrime, hacktivism, and espionage, network defenders need to transform their tactical IR groups into full-scale cyber intelligence teams.
By Rick Howard CSO, Palo Alto Networks, 7/15/2015
Comment1 Comment  |  Read  |  Post a Comment
Are Criminals Quicker Than The Flash?
Rees Johnson, Sr. VP and GM the Content Security Business Unit, Intel Security
Using the right technology, we can defeat the malicious exploitation of Flash and return it to its full superhero status.
By Rees Johnson Sr. VP and GM the Content Security Business Unit, Intel Security, 7/14/2015
Comment0 comments  |  Read  |  Post a Comment
Inside A Vicious DDoS Attack
Anthony Lye, President & CEO Chief Executive Officer, HotSchedulesCommentary
What it's really like to fend off a relentless distributed denial-of-service attack.
By Anthony Lye President & CEO Chief Executive Officer, HotSchedules, 7/14/2015
Comment0 comments  |  Read  |  Post a Comment
What Morpho Means: Why Hackers Target Intellectual Property And Business-Confidential Information
Raj Samani , Chief Technology Officer of Intel Security’s Europe, Middle East and Africa division
A quiet, professional cyberespionage group steals what every company wants to keep secret: valuable information that drives business. Welcome to the new normal.
By Raj Samani Chief Technology Officer of Intel Security’s Europe, Middle East and Africa division, 7/13/2015
Comment1 Comment  |  Read  |  Post a Comment
OPM: Personal Info On 21.5 Million People Exposed In Hack
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
The Office of Personnel Management today confirmed the final body count of victims affected by its massive data breach, which also exposed some 1.1 million fingerprints stored in the background-check database.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/9/2015
Comment13 comments  |  Read  |  Post a Comment
Creating Your Own Threat Intel Through ‘Hunting’ & Visualization
Raffael Marty, Founder & CEO, pixlcloudCommentary
How security analysts armed with a visual interface can use data science to find hidden attacks and the ‘unknown unknowns.’
By Raffael Marty Founder & CEO, pixlcloud, 7/9/2015
Comment0 comments  |  Read  |  Post a Comment
Hacking Team 0-Day Shows Widespread Dangers Of All Offense, No Defense
Sara Peters, Senior Editor at Dark ReadingNews
While the Italian surveillance company sells government agencies high-end zero-day proof-of-concept exploits, it secures root systems with the password 'P4ssword.' What's vulnerability commoditization got to do with it?
By Sara Peters Senior Editor at Dark Reading, 7/8/2015
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4692
Published: 2015-07-27
The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call.

CVE-2015-1840
Published: 2015-07-26
jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space cha...

CVE-2015-1872
Published: 2015-07-26
The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via craft...

CVE-2015-2847
Published: 2015-07-26
Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream.

CVE-2015-2848
Published: 2015-07-26
Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command.

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!