Attacks/Breaches
News & Commentary
Michaels Data Breach Response: 7 Facts
Mathew J. Schwartz, News
Could the retailer have done more to spot the eight-month intrusion in the first place?
By Mathew J. Schwartz , 4/22/2014
Comment2 comments  |  Read  |  Post a Comment
7 Tips To Improve 'Signal-to-Noise' In The SOC
Joshua Goldfarb, CSO, nPulse TechnologiesCommentary
When security analysts are desensitized to alerts because of sheer volume, they miss the true positives that can prevent a large-scale data breach. Here's how to up your game.
By Joshua Goldfarb CSO, nPulse Technologies, 4/22/2014
Comment2 comments  |  Read  |  Post a Comment
Cyber Espionage Incidents Triple: Verizon Report
William Jackson, Technology WriterCommentary
As cyber espionage grows quickly, government agencies become the No. 1 target, finds 2014 Data Breach Investigations Report.
By William Jackson Technology Writer, 4/22/2014
Comment4 comments  |  Read  |  Post a Comment
Stolen Passwords Used In Most Data Breaches
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
New Verizon 2014 Data Breach Investigations Report identifies nine types of attack patterns that accounted for 93 percent of security incidents in the past decade.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/22/2014
Comment8 comments  |  Read  |  Post a Comment
FAQ: Understanding The True Price of Encryption
Sol Cates, CSO, VormetricCommentary
In the wake of recent events like Heartbleed, the search for cost-effective, easy, and scalable encryption solutions has never been more important.
By Sol Cates CSO, Vormetric, 4/21/2014
Comment5 comments  |  Read  |  Post a Comment
Heartbleed Attack Targeted Enterprise VPN
Mathew J. Schwartz, News
Attack spotted using the OpenSSL Heartbleed bug to steal session tokens and bypass two-factor authentication.
By Mathew J. Schwartz , 4/21/2014
Comment2 comments  |  Read  |  Post a Comment
Michaels Retail Chain Reveals Details Of Breach: Nearly 3M Affected
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Attack on point-of-sale systems went on for more than six months, officials say.
By Tim Wilson Editor in Chief, Dark Reading, 4/18/2014
Comment4 comments  |  Read  |  Post a Comment
Poll: Dark Reading Community Acts On Heartbleed
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Roughly 60 percent of respondents to our flash poll have installed the Heartbeat fix or are in the process of doing so.
By Marilyn Cohodas Community Editor, Dark Reading, 4/18/2014
Comment2 comments  |  Read  |  Post a Comment
Phishers Recruit Home PCs
Brian Prince, Contributing Writer, Dark ReadingNews
Residential broadband machines spotted hosting phishing attacks.
By Brian Prince Contributing Writer, Dark Reading, 4/18/2014
Comment5 comments  |  Read  |  Post a Comment
How A Little Obscurity Can Bolster Security
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
Most security professionals deride the idea of "security by obscurity." Is it time to re-evaluate the conventional wisdom?
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 4/17/2014
Comment18 comments  |  Read  |  Post a Comment
White House Details Zero-Day Bug Policy
Mathew J. Schwartz, News
NSA denies prior knowledge of the Heartbleed vulnerability, but the White House reserves the right to withhold zero-day exploit information in some cases involving security or law enforcement.
By Mathew J. Schwartz , 4/15/2014
Comment3 comments  |  Read  |  Post a Comment
CIO Vs. CSO: Allies Or Enemies?
Eric Cole, Founder & Chief Scientist, Secure Anchor ConsultingCommentary
In the wake of the Target breach it's clear that the CIO and CSO must have clear boundaries of responsibility and equal representation in the board room.
By Eric Cole Founder & Chief Scientist, Secure Anchor Consulting, 4/14/2014
Comment15 comments  |  Read  |  Post a Comment
'Baby Teeth' In Infrastructure Cyber Security Framework
Dave Frymier, Chief Information Security Officer, UnisysCommentary
NIST’s modest effort to improve lax security around IT infrastructure in airports, utilities, and other critical areas now heads to Congress. Don't hold your breath.
By Dave Frymier Chief Information Security Officer, Unisys, 4/14/2014
Comment6 comments  |  Read  |  Post a Comment
Iranian-Based Cyberattack Activity On The Rise, Mandiant Report Says
Brian Prince, Contributing Writer, Dark ReadingNews
New report details the rise of suspected Iranian and Syrian-based cyber-attacks.
By Brian Prince Contributing Writer, Dark Reading, 4/11/2014
Comment2 comments  |  Read  |  Post a Comment
Flash Poll: Broken Heartbeat
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
What steps do you plan to take in response to the Heartbleed bug? Take our poll and share your reasons in the comments.
By Marilyn Cohodas Community Editor, Dark Reading, 4/10/2014
Comment0 comments  |  Read  |  Post a Comment
Heartbleed: Examining The Impact
Tim Sapio, Security Analyst, Bishop FoxCommentary
With Heartbleed, there’s little hope of knowing if an asset was breached, if a breach can be identified, or what, if any, data was leaked. Here’s how to defend against future attacks.
By Tim Sapio Security Analyst, Bishop Fox, 4/10/2014
Comment5 comments  |  Read  |  Post a Comment
What’s Worse: Credit Card Or Identity Theft?
Kerstyn Clover, Attack & Defense Team ConsultantCommentary
When it comes to data loss, it’s time for the conversation to shift from credit cards to personal information like Social Security numbers, home addresses, and your favorite flavor of ice cream.
By Kerstyn Clover Attack & Defense Team Consultant, 4/9/2014
Comment17 comments  |  Read  |  Post a Comment
One Year Later: The APT1 Report
Nick Selby, CEO, StreetCred Software, IncCommentary
One of the most positive impacts of APT1 is the undeniable rise in the stature of the threat intelligence industry. "Threat Intelligence" is the SIEM, the NAC of 2014.
By Nick Selby CEO, StreetCred Software, Inc, 4/8/2014
Comment2 comments  |  Read  |  Post a Comment
Operation Stop the Exfiltration
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Determined cybercriminals and cyberspies will find their way to the data they want, but there are ways to trip them up as they try to make their way out.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/7/2014
Comment0 comments  |  Read  |  Post a Comment
If Mother Nature Were A CISO
TK Keanini, CTO, LancopeCommentary
There are many defensive patterns in nature that also apply to information security. Here's how to defeat your predators in the high-stakes game of corporate survival and resiliency.
By TK Keanini CTO, Lancope, 4/7/2014
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-1421
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php.

CVE-2013-2105
Published: 2014-04-22
The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html.

CVE-2013-2187
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page.

CVE-2013-4116
Published: 2014-04-22
lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.

CVE-2013-4472
Published: 2014-04-22
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

Best of the Web