Attacks/Breaches
News & Commentary
Data Management Vs. Data Loss Prevention: Vive La Différence!
Todd Feinman,  President & CEO, Identity FinderCommentary
A sensitive data management strategy can include the use of DLP technology, but it also involves a comprehensive understanding of where your data is and what specifically is at risk.
By Todd Feinman President & CEO, Identity Finder, 11/25/2014
Comment4 comments  |  Read  |  Post a Comment
Newly Revealed Cyber Espionage Attack 'More Complex' Than Stuxnet, Flame
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
"Regin" cyber spying platform is reportedly behind cyber spying against a Belgian telecommunications provider, which was revealed in leaked NSA documents.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/24/2014
Comment7 comments  |  Read  |  Post a Comment
Cyber Security Needs Its Ralph Nader
Tsion Gonen , Chief Strategy Officer, SafeNetCommentary
It took thousands of unnecessary traffic fatalities to create an environment for radical transformation of the auto industry. What will it take for a similar change to occur in data security?
By Tsion Gonen Chief Strategy Officer, SafeNet, 11/24/2014
Comment11 comments  |  Read  |  Post a Comment
USPS Played Cat And Mouse With Cyber Attacker
Jai Vijayan, Freelance writerNews
Postal Service takes restrained, methodical approach to cyberattack. Was this the right strategy?
By Jai Vijayan Freelance writer, 11/24/2014
Comment4 comments  |  Read  |  Post a Comment
Privacy Groups Release 'Detekt' Tool to Spot Spyware
Brian Prince, Contributing Writer, Dark ReadingNews
Privacy advocates have joined together to release a tool for identifying cyber espionage malware.
By Brian Prince Contributing Writer, Dark Reading, 11/21/2014
Comment0 comments  |  Read  |  Post a Comment
The Week When Attackers Started Winning The War On Trust
Kevin Bocek, VP Security Strategy & Threat Intelligence, VenafiCommentary
The misuse of keys and certificates is not exotic or hypothetical. It’s a real threat that could undermine most, if not all, critical security controls, as recent headlines strongly show.
By Kevin Bocek VP Security Strategy & Threat Intelligence, Venafi, 11/21/2014
Comment1 Comment  |  Read  |  Post a Comment
Video: Tech Hygiene Bad Habits, 3D Stock Portfolios
Andrew Conry Murray, Director of Content & Community, InteropCommentary
This Week In 60 Seconds looks at bad tech hygiene habits, using Oculus Rift for 3D stock portfolios, security risks during the holiday shopping season, and more.
By Andrew Conry Murray Director of Content & Community, Interop, 11/21/2014
Comment2 comments  |  Read  |  Post a Comment
New Citadel Attack Targets Password Managers
Jai Vijayan, Freelance writerNews
IBM researchers have found signs that the prolific data steal Trojan is now being used to attack widely used password managers.
By Jai Vijayan Freelance writer, 11/20/2014
Comment3 comments  |  Read  |  Post a Comment
Killing Passwords: Don’t Get A-Twitter Over ‘Digits’
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Twitter’s new service that eliminates passwords for authentication actually makes your mobile device less secure.
By Dave Kearns Analyst, Kuppinger-Cole, 11/19/2014
Comment5 comments  |  Read  |  Post a Comment
The Rise Of The Resilient Mobile Botnet
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New report on what researchers call one of the 'most sophisticated mobile botnets online' shows how profitable mobile malware has become.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/19/2014
Comment0 comments  |  Read  |  Post a Comment
'Misdial Trap' Phone Scam Hits Financial Services
Sara Peters, Senior Editor at Dark ReadingQuick Hits
One in six financial institutions victimized by this new scam.
By Sara Peters Senior Editor at Dark Reading, 11/18/2014
Comment2 comments  |  Read  |  Post a Comment
State Dept. Breach Heightens Concerns Over Resilience Of Government Networks
Jai Vijayan, Freelance writerNews
The department is the fourth federal entity in recent weeks to disclose a data breach.
By Jai Vijayan Freelance writer, 11/18/2014
Comment6 comments  |  Read  |  Post a Comment
Deconstructing the Cyber Kill Chain
Giora Engel, VP Product & Strategy, LightCyberCommentary
As sexy as it is, the Cyber Kill Chain model can actually be detrimental to network security because it reinforces old-school, perimeter-focused, malware-prevention thinking.
By Giora Engel VP Product & Strategy, LightCyber, 11/18/2014
Comment4 comments  |  Read  |  Post a Comment
The Year Of The Retailer Data Breach
Kelly Jackson Higgins, Executive Editor at Dark Reading
This year's wave of attacks was more dramatic in its widespread scope and seemingly constant battering of more than a dozen big box chains.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/17/2014
Comment4 comments  |  Read  |  Post a Comment
Why Cyber Security Starts At Home
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
Even the grandmas on Facebook need to know and practice basic security hygiene, because what happens anywhere on the Internet can eventually affect us all.
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 11/17/2014
Comment13 comments  |  Read  |  Post a Comment
'Bashlite' Malware Leverages ShellShock In BusyBox Attack
Brian Prince, Contributing Writer, Dark ReadingNews
A new version of Bashlite aims to get control of devices running on BusyBox, such as routers.
By Brian Prince Contributing Writer, Dark Reading, 11/14/2014
Comment4 comments  |  Read  |  Post a Comment
NOAA Blames China In Hack, Breaks Disclosure Rules
Sara Peters, Senior Editor at Dark ReadingNews
The National Oceanic and Atmospheric Administration finally confirms that four websites were attacked and taken down in September, but details are sketchy and officials want answers.
By Sara Peters Senior Editor at Dark Reading, 11/13/2014
Comment2 comments  |  Read  |  Post a Comment
Time To Turn The Tables On Attackers
Amit Yoran, President, RSACommentary
As a security industry, we need to arm business with innovative technologies that provide visibility, analysis, and action to prevent inevitable breaches from causing irreparable damage.
By Amit Yoran President, RSA, 11/13/2014
Comment5 comments  |  Read  |  Post a Comment
Retail Hacking: What To Expect This Holiday Season
Kelly Jackson Higgins, Executive Editor at Dark ReadingCommentary
Find out what retailers are doing (and not doing) to keep customers and transactions safe on Dark Reading Radio with guests with Nick Pelletier of Mandiant, and Arthur Tisi, CIO, Natural Markets Food Group.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/13/2014
Comment4 comments  |  Read  |  Post a Comment
The Enemy Who Is Us: DoD Puts Contractors On Notice For Insider Threats
Adam Firestone, President & GM, Kaspersky Government Security SolutionsCommentary
New rule requires US government contractors to gather and report information on insider threat activity on classified networks.
By Adam Firestone President & GM, Kaspersky Government Security Solutions, 11/13/2014
Comment5 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2037
Published: 2014-11-26
Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466.

CVE-2014-6609
Published: 2014-11-26
The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.

CVE-2014-6610
Published: 2014-11-26
Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dia...

CVE-2014-7141
Published: 2014-11-26
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.

CVE-2014-7142
Published: 2014-11-26
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?