Attacks/Breaches
News & Commentary
Twitter Chat: How To Prepare For A Cyberattack
Kelly Jackson Higgins, Executive Editor at Dark ReadingCommentary
Join the GTEC and Dark Reading Twitter chat, "Is It Possible to Prepare for a Cyber Attack?" on Wednesday, July 8 from 2-3pm EST, using the #GTECCHAT hashtag.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/7/2015
Comment0 comments  |  Read  |  Post a Comment
The Rise Of Social Media Botnets
James C. Foster, Founder & CEO, ZeroFOXCommentary
In the social Internet, building a legion of interconnected bots -- all accessible from a single computer -- is quicker and easier than ever before.
By James C. Foster Founder & CEO, ZeroFOX, 7/7/2015
Comment0 comments  |  Read  |  Post a Comment
Italian Surveillance Software Maker Falls Victim To Doxing Attack
Sara Peters, Senior Editor at Dark ReadingNews
Milan-based Hacking Team tells customers to stop using its products after leaked documents reveal the product's source code and the company's history of selling to governments with records of human rights abuses.
By Sara Peters Senior Editor at Dark Reading, 7/6/2015
Comment1 Comment  |  Read  |  Post a Comment
IoT Flaw Discoveries Not Impactful--Yet
Ericka Chickowski, Contributing Writer, Dark ReadingNews
As flaws announced at Black Hat USA and elsewhere highlight IoT weaknesses, the impact of these vulns still remains low in the face of vast distribution. But that could change with market consolidation.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/6/2015
Comment1 Comment  |  Read  |  Post a Comment
In The Cyber Realm, Letís Be Knights Not Blacksmiths
Jeff Schilling, CSO, FirehostCommentary
Why the Internet of Things is our chance to finally get information security right.
By Jeff Schilling CSO, Firehost, 7/2/2015
Comment3 comments  |  Read  |  Post a Comment
Franchising Ransomware
Vincent Weafer, Senior Vice President, Intel Security
Ransomware-as-a-service is fueling cyberattacks. Is your organization prepared?
By Vincent Weafer Senior Vice President, Intel Security, 7/1/2015
Comment2 comments  |  Read  |  Post a Comment
Securing Critical Infrastructure
Lorie Wigle, Vice President, General Manager IOT Security Solutions, Intel Security Group
Protecting the Industrial Internet of Things from cyberthreats is a national priority.
By Lorie Wigle Vice President, General Manager IOT Security Solutions, Intel Security Group, 6/30/2015
Comment1 Comment  |  Read  |  Post a Comment
Clever CryptoWall Spreading Via New Attacks
Sara Peters, Senior Editor at Dark ReadingNews
Top ransomware doesn't waste time jumping on the latest Flash zero-day, and hops rides on click fraud campaigns, too.
By Sara Peters Senior Editor at Dark Reading, 6/29/2015
Comment4 comments  |  Read  |  Post a Comment
Social Engineering & Black Hat: Do As I Do Not As I Say
Tal Klein, VP Strategy, Lakeside Software.Commentary
Yes, I will be at Black Hat, where people will yell at me about NOT giving my PII to anyone, especially if they ask me for it via email.
By Tal Klein VP Strategy, Lakeside Software., 6/29/2015
Comment3 comments  |  Read  |  Post a Comment
3 Simple Steps For Minimizing Ransomware Exposure
Michelle Drolet, Founder, TowerwallCommentary
If your data is important enough to pay a ransom, why wasn't it important enough to properly backup and protect in the first place?
By Michelle Drolet Founder, Towerwall, 6/26/2015
Comment0 comments  |  Read  |  Post a Comment
Stealthy Fobber Malware Takes Anti-Analysis To New Heights
Sara Peters, Senior Editor at Dark ReadingNews
Built off the Tinba banking Trojan and distributed through the elusive HanJuan exploit kit, Fobber info-stealer defies researchers with layers upon layers of encryption.
By Sara Peters Senior Editor at Dark Reading, 6/25/2015
Comment0 comments  |  Read  |  Post a Comment
FireEye Report Prompts Reported SEC Probe Of FIN4 Hacking Gang
Jai Vijayan, Freelance writerNews
Security vendor's report from last year had warned about group targeting insider data from illegal trading.
By Jai Vijayan Freelance writer, 6/25/2015
Comment0 comments  |  Read  |  Post a Comment
Linux Foundation Funds Internet Security Advances
Charles Babcock, Editor at Large, CloudNews
The Linux Foundation's Core Infrastructure Initiative has selected three security-oriented projects to receive a total of $500,000 in funding.
By Charles Babcock Editor at Large, Cloud, 6/25/2015
Comment2 comments  |  Read  |  Post a Comment
Breach Defense Playbook: Cybersecurity Governance
Ryan Vela  , Regional Director, Fidelis Cybersecurity
Time to leave the island: Integrate cybersecurity into your risk management strategy.
By Ryan Vela Regional Director, Fidelis Cybersecurity, 6/25/2015
Comment1 Comment  |  Read  |  Post a Comment
Breach Defense Playbook: Incident Response Readiness (Part 2)
Ryan Vela  , Regional Director, Fidelis Cybersecurity
Will your incident response plan work when a real-world situation occurs?
By Ryan Vela Regional Director, Fidelis Cybersecurity, 6/24/2015
Comment0 comments  |  Read  |  Post a Comment
User Monitoring Not Keeping Up With Risk Managers' Needs
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Biggest concern is negligence, but monitoring capabilities can't detect this type of activity within most applications.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/24/2015
Comment0 comments  |  Read  |  Post a Comment
FBI: CryptoWall Ransomware Cost US Users $18 Million
Sara Peters, Senior Editor at Dark ReadingNews
Increasing pace of ransomware innovation likely to keep that number going up.
By Sara Peters Senior Editor at Dark Reading, 6/24/2015
Comment0 comments  |  Read  |  Post a Comment
The Secret Of War Lies In The Communications --Napoleon
Torry Campbell, Chief Technical Officer of Endpoint and Management at Intel Security
DXL helps organizations keep an eye on external and internal threats using relevant information in real time.
By Torry Campbell Chief Technical Officer of Endpoint and Management at Intel Security, 6/24/2015
Comment0 comments  |  Read  |  Post a Comment
Why China Wants Your Sensitive Data
Adam Meyers, VP of Intelligence, CrowdStrikeCommentary
Since May 2014, the Chinese government has been amassing a 'Facebook for human intelligence.' Here's what it's doing with the info.
By Adam Meyers VP of Intelligence, CrowdStrike, 6/24/2015
Comment17 comments  |  Read  |  Post a Comment
Banks Targeted By Hackers Three Times More Than Other Sectors
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Active targeted attacks on financial services firms in quest for lucrative data -- and of course, money.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/23/2015
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-2849
Published: 2015-07-07
SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter.

CVE-2015-2850
Published: 2015-07-07
Cross-site scripting (XSS) vulnerability in index-login.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

CVE-2015-3216
Published: 2015-07-07
Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establi...

CVE-2014-3653
Published: 2015-07-06
Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template.

CVE-2014-5406
Published: 2015-07-06
The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, ...

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report