Attacks/Breaches
News & Commentary
What You Need To Know About Nation-State Hacked Hard Drives
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The nation-state Equation Group compromise of most popular hard drives won't be a widespread threat, but future disk security -- and forensic integrity -- remain unclear.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/2/2015
Comment2 comments  |  Read  |  Post a Comment
Uber Takes Over 5 Months To Issue Breach Notification
Dark Reading Staff, Quick Hits
50,000 Uber drives just being told now that their names and license numbers were exposed.
By Dark Reading Staff , 3/2/2015
Comment0 comments  |  Read  |  Post a Comment
Why Security Awareness Alone Won’t Stop Hackers
Saryu Nayyar, CEO, GuruculCommentary
End-user training is a noble pursuit but it’s no defense against “low and slow” attacks that take months and years to carry out.
By Saryu Nayyar CEO, Gurucul, 3/2/2015
Comment1 Comment  |  Read  |  Post a Comment
Dark Reading Offers Cyber Security Crash Course At Interop 2015
Tim Wilson, Editor in Chief, Dark ReadingCommentary
New, one-day event offers a way for IT pros to quickly catch up with the latest threats and defenses in information security.
By Tim Wilson Editor in Chief, Dark Reading, 3/2/2015
Comment0 comments  |  Read  |  Post a Comment
Cyber Intelligence: Defining What You Know
Jason Polancich, Founder & Chief Architect, SurfWatchLabsCommentary
Too often management settles for security data about things that are assumed rather than things you can prove or that you know are definitely wrong.
By Jason Polancich Founder & Chief Architect, SurfWatchLabs, 2/27/2015
Comment1 Comment  |  Read  |  Post a Comment
Hits Keep On Coming For Both SSL & Its Abusers
Dark Reading Staff, Quick Hits
Hacktivist group Lizard Squad punishes Lenovo with a DNS hijack. Will Comodo be next?
By Dark Reading Staff , 2/26/2015
Comment4 comments  |  Read  |  Post a Comment
'Shadow' Cloud Services Rampant In Government Networks
Jai Vijayan, Freelance writerNews
Survey finds public sector employees use unmanaged cloud services just as much as private employees.
By Jai Vijayan Freelance writer, 2/26/2015
Comment4 comments  |  Read  |  Post a Comment
How To Reduce Spam & Phishing With DMARC
Daniel Ingevaldson, CTO, Easy SolutionsCommentary
Providers of more than 3 billion email boxes have taken up a new Internet protocol to help put trust back into electronic messaging.
By Daniel Ingevaldson CTO, Easy Solutions, 2/26/2015
Comment6 comments  |  Read  |  Post a Comment
Millions Of Non-Anthem Customers Also Hit By Anthem Breach
Dark Reading Staff, Quick Hits
Blue Cross Blue Shield customers -- as many as 8.8 to 18.8 million of them -- might have also had their data compromised.
By Dark Reading Staff , 2/25/2015
Comment4 comments  |  Read  |  Post a Comment
Ramnit Botnet Disrupted By International Public-Private Collaboration
Sara Peters, Senior Editor at Dark ReadingNews
Europol leads the effort to bring down the bank credential-stealing botnet that infected 3.2 million computers across the globe.
By Sara Peters Senior Editor at Dark Reading, 2/25/2015
Comment0 comments  |  Read  |  Post a Comment
Gemalto: NSA, GCHQ May Have Been Behind Breaches It Suffered In 2010 And 2011
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
But the 'sophisticated' attacks hit only Gemalto office networks--not 'massive theft' of SIM crypto keys, vendor says, and such an attack, if waged, would only affect 2G networks, not 3G or 4G.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/25/2015
Comment3 comments  |  Read  |  Post a Comment
Customers Aren’t the Only Victims: 5 Stages Of Data Breach Grief
Ricky Link, Managing Director, Coalfire Systems, Southwest RegionCommentary
What can we learn from organizations that have experienced a data beach? For one thing, infosec teams on the front lines of cyber security are also victims.
By Ricky Link Managing Director, Coalfire Systems, Southwest Region, 2/25/2015
Comment3 comments  |  Read  |  Post a Comment
Medical Identity Theft Costs Victims $13,450 Apiece
Sara Peters, Senior Editor at Dark ReadingNews
New study shows not only is medical identity fraud costly for individuals, it's happening a lot more often.
By Sara Peters Senior Editor at Dark Reading, 2/24/2015
Comment8 comments  |  Read  |  Post a Comment
7 Things You Should Know About Secure Payment Technology
Sara Peters, Senior Editor at Dark Reading
Despite the existence of EMV and Apple Pay, we're a long way from true payment security, especially in the US.
By Sara Peters Senior Editor at Dark Reading, 2/24/2015
Comment14 comments  |  Read  |  Post a Comment
Cybercrime, Cyber Espionage Tactics Converge
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Real-world cyberattack investigations by incident response firm Mandiant highlight how hackers are adapting to better achieve their goals.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/24/2015
Comment3 comments  |  Read  |  Post a Comment
From Hacking Systems To Hacking People
Larry Ponemon, Chairman & Founder, Ponemon InstituteCommentary
New low-tech attack methods like ‘visual hacking’ demand an information security environment that values data privacy and a self-policing culture.
By Larry Ponemon Chairman & Founder, Ponemon Institute, 2/24/2015
Comment8 comments  |  Read  |  Post a Comment
DOJ R&D Agency Awards Grants For Speedier Digital Forensics
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The US Department of Justice's National Institute of Justice is funding new incident response technology to assist law enforcement.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/23/2015
Comment0 comments  |  Read  |  Post a Comment
Blackhat, The Movie: Good, Bad & Ridiculous
Jeff Schmidt, Founder & CEO of JAS Global Advisors LLCCommentary
It didn’t take home an Oscar, but in some instances Blackhat was right on point. Still, a white-hat hacker with the skills to take out armed opponents?
By Jeff Schmidt Founder & CEO of JAS Global Advisors LLC, 2/23/2015
Comment2 comments  |  Read  |  Post a Comment
NSA, GCHQ Theft Of SIM Crypto Keys Raises Fresh Security Concerns
Jai Vijayan, Freelance writerNews
Pilfered SIM card encryption keys also could allow the spy agencies to deploy malicious Java applets or to send rogue SMS messages from fake cell towers, experts say.
By Jai Vijayan Freelance writer, 2/20/2015
Comment1 Comment  |  Read  |  Post a Comment
Video: Millennial Stereotypes, Bank Hacks & Drone Deliveries
Andrew Conry Murray, Director of Content & Community, InteropCommentary
This Week In 60 Seconds looks at unfair perceptions of Millennial Generation workers, billion-dollar bank heists, and why we want drones to make deliveries.
By Andrew Conry Murray Director of Content & Community, Interop, 2/20/2015
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7421
Published: 2015-03-02
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.

CVE-2014-8160
Published: 2015-03-02
net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disall...

CVE-2014-9644
Published: 2015-03-02
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-201...

CVE-2015-0239
Published: 2015-03-02
The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYS...

CVE-2014-8921
Published: 2015-03-01
The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the automatic configuration option, which makes it easier for remote attackers to capture credentials by c...

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.