Attacks/Breaches
News & Commentary
Study Reveals the Most Common Attack Methods of Data Thieves
Raja Patel, Vice President and General Manager of Network Security at Intel Security
Learning more about your attackers helps to improve your security profile and reduce the possibility of a breach.
By Raja Patel Vice President and General Manager of Network Security at Intel Security, 7/30/2015
Comment0 comments  |  Read  |  Post a Comment
From Russia With Love: A Slew of New Hacker Capabilities and Services
Jai Vijayan, Freelance writerNews
A review of the Russian underground by Trend Micro reveals it to be the world’s most sophisticated.
By Jai Vijayan Freelance writer, 7/30/2015
Comment0 comments  |  Read  |  Post a Comment
Anthem Breach Linked To Black Vine Group & Beijing InfoSec Firm
Sara Peters, Senior Editor at Dark ReadingNews
Health insurer's breach of 80 million records attributed to 'well-resourced cyberespionage group' Black Vine. Could they also be behind breaches at OPM and United Airlines?
By Sara Peters Senior Editor at Dark Reading, 7/29/2015
Comment0 comments  |  Read  |  Post a Comment
Can't Touch This: 'Hammertoss' Russian Cyberspies Hide In Plain Sight
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
APT29 cyber espionage attackers operate under the cover of legitimate services including Twitter, Github, and cloud storage services.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/29/2015
Comment3 comments  |  Read  |  Post a Comment
Code Theft: Protecting IP At The Source
Anna Chiang, Technical Marketing Manager, Perforce SoftwareCommentary
Your corporate assets are at risk and every day that you avoid taking action shortens the time until your IP will be leaked. Here are six steps toward better data security.
By Anna Chiang Technical Marketing Manager, Perforce Software, 7/29/2015
Comment2 comments  |  Read  |  Post a Comment
Phishing Attacks Drive Spike In DNS Threat
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Nearly 75% jump in phishing helped propel DNS abuse in the second quarter of this year.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/27/2015
Comment0 comments  |  Read  |  Post a Comment
The First 24 Hours In The Wake Of A Data Breach
Stephen Treglia, JD, HCISPP, Legal Counsel & HIPAA Compliance Officer- Investigations, Absolute SoftwareCommentary
There is a direct correlation between how quickly an organization can identify and contain a data breach and the financial consequences that may result.
By Stephen Treglia JD, HCISPP, Legal Counsel & HIPAA Compliance Officer- Investigations, Absolute Software, 7/27/2015
Comment0 comments  |  Read  |  Post a Comment
Car Hacking Shifts Into High Gear
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers now have proven you can hack a car remotely, and at Black Hat USA will share most -- but not all -- of the details on how they did it.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/23/2015
Comment11 comments  |  Read  |  Post a Comment
Angler Climbing To Top Of Exploit Heap
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Exploit kit dominates the field, making up 82 percent of all exploit kits currently used.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/22/2015
Comment0 comments  |  Read  |  Post a Comment
Arrests Made In JPMorgan Hack, Securities Fraud Scheme
Dark Reading Staff, Quick Hits
Four individuals arrested in Israel and Florida, one more at large, according to report.
By Dark Reading Staff , 7/21/2015
Comment0 comments  |  Read  |  Post a Comment
Detection: A Balanced Approach For Mitigating Risk
Joshua Goldfarb, VP & CTO - Americas, FireEye.Commentary
Only detection and response can complete the security picture that begins with prevention.
By Joshua Goldfarb VP & CTO - Americas, FireEye., 7/21/2015
Comment0 comments  |  Read  |  Post a Comment
Time’s Running Out For The $76 Billion Detection Industry
Simon Crosby, Co-founder & CTO, BromiumCommentary
The one strategy that can deliver the needle to the security team without the haystack is prevention.
By Simon Crosby Co-founder & CTO, Bromium, 7/21/2015
Comment2 comments  |  Read  |  Post a Comment
6 Ex-Employees Questioned About Hacking Team Breach, Prior Leak
Sara Peters, Senior Editor at Dark ReadingNews
Japanese targets also getting hit with leaked Flash zero-day exploits, and Hacking Team reportedly worked on drone-based WiFi surveillance tools.
By Sara Peters Senior Editor at Dark Reading, 7/20/2015
Comment0 comments  |  Read  |  Post a Comment
How I Learned To Love Active Defense
John Strand, SANS Senior Instructor & Owner, Black Hills Information SecurityCommentary
Yes, traditional cyber defenses can be effective. They just need to be a little more active.
By John Strand SANS Senior Instructor & Owner, Black Hills Information Security, 7/20/2015
Comment1 Comment  |  Read  |  Post a Comment
Spam Hits 12-Year Low, Symantec Report Finds
Larry Loeb, Blogger, InformationweekCommentary
While cyber-attacks grab all the headlines, the amount of spam hitting the in-boxes of the corporate world is actually at its lowest level in 12 years, according to Symantec.
By Larry Loeb Blogger, Informationweek, 7/18/2015
Comment4 comments  |  Read  |  Post a Comment
The Insiders: A Rogues Gallery
Mike Tierney, COO, SpectorSoftCommentary
You can defend against an insider threat if you know where to look.
By Mike Tierney COO, SpectorSoft, 7/16/2015
Comment0 comments  |  Read  |  Post a Comment
4 Lasting Impacts Of The Hacking Team Leaks
Sara Peters, Senior Editor at Dark ReadingNews
Doxing attack against Italian surveillance company put some nasty tools in the hands of attackers and might be the final nail in the coffin for Adobe Flash.
By Sara Peters Senior Editor at Dark Reading, 7/15/2015
Comment7 comments  |  Read  |  Post a Comment
Notorious Cybercrime Underground Forum Infiltrated By FBI And Shut Down
Dark Reading Staff, Quick Hits
International law enforcement operation shutters Darkode underground cybercrime forum, leads to charges, arrests, searches of 70 members worldwide.
By Dark Reading Staff , 7/15/2015
Comment0 comments  |  Read  |  Post a Comment
The End Of Whac-A-Mole: From Incident Response To Strategic Intelligence
Rick Howard, CSO, Palo Alto NetworksCommentary
In the face of mounting cybercrime, hacktivism, and espionage, network defenders need to transform their tactical IR groups into full-scale cyber intelligence teams.
By Rick Howard CSO, Palo Alto Networks, 7/15/2015
Comment1 Comment  |  Read  |  Post a Comment
Are Criminals Quicker Than The Flash?
Rees Johnson, Sr. VP and GM the Content Security Business Unit, Intel Security
Using the right technology, we can defeat the malicious exploitation of Flash and return it to its full superhero status.
By Rees Johnson Sr. VP and GM the Content Security Business Unit, Intel Security, 7/14/2015
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4293
Published: 2015-07-30
The packet-reassembly implementation in Cisco IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (CPU consumption or packet loss) via fragmented (1) IPv4 or (2) IPv6 packets that trigger ATTN-3-SYNC_TIMEOUT errors after reassembly failures, aka Bug ID CSCuo37957.

CVE-2014-7912
Published: 2015-07-29
The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and other products, does not validate the relationship between length fields and the amount of data, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory c...

CVE-2014-7913
Published: 2015-07-29
The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corru...

CVE-2015-2977
Published: 2015-07-29
Webservice-DIC yoyaku_v41 allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via unspecified vectors.

CVE-2015-2978
Published: 2015-07-29
Webservice-DIC yoyaku_v41 allows remote attackers to bypass authentication and complete a conference-room reservation via unspecified vectors, as demonstrated by an "unintentional reservation."

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!