Attacks/Breaches
News & Commentary
3 Flavors of Machine Learning: Who, What & Where
Giora Engel, VP Product & Strategy, LightCyberCommentary
To get beyond the jargon of ML, you have to consider who (or what) performs the actual work of detecting advanced attacks: vendor, product or end-user.
By Giora Engel VP Product & Strategy, LightCyber, 2/11/2016
Comment0 comments  |  Read  |  Post a Comment
5 Big Incident Response Mistakes
Jai Vijayan, Freelance writerNews
Failing to have a formal incident response plan is just one of the mistakes organizations make.
By Jai Vijayan Freelance writer, 2/11/2016
Comment0 comments  |  Read  |  Post a Comment
The Phishie Awards: (Dis)Honoring The Best Of The Worst Phishing Attacks
Sara Peters, Senior Editor at Dark Reading
From the costly to the clever to the just plain creepy, here are the recent phishing campaigns that have earned our reluctant recognition.
By Sara Peters Senior Editor at Dark Reading, 2/10/2016
Comment3 comments  |  Read  |  Post a Comment
Over 100,000 E-File PINs Fraudulently Accessed In Automated Attack On IRS App
Jai Vijayan, Freelance writerNews
Personal data stolen from other sources was used in attack agency says
By Jai Vijayan Freelance writer, 2/10/2016
Comment0 comments  |  Read  |  Post a Comment
Simplifying Application Security: 4 Steps
Chris Wysopal, CTO, CISO and co-founder, VeracodeCommentary
Itís time to leave behind the misconceptions about the cost and effort required by effective application security. Hereís how.
By Chris Wysopal CTO, CISO and co-founder, Veracode, 2/10/2016
Comment0 comments  |  Read  |  Post a Comment
As Dyre Goes Quiet, Focus Turns On Other Banking Trojans
Jai Vijayan, Freelance writerNews
Dridex, Gozi, and Shifu are just three of the many malware tools that could replace Dyre, security researchers say.
By Jai Vijayan Freelance writer, 2/9/2016
Comment0 comments  |  Read  |  Post a Comment
Chinese Cyberspies Pivot To Russia In Wake Of Obama-Xi Pact
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Kaspersky Lab has identified a massive uptick in cyber espionage in Russia by 'Chinese-speaking' APTs.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/9/2016
Comment0 comments  |  Read  |  Post a Comment
Brazilian Cyberspies In Suits Shake Down Victims With Stolen Company Secrets
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
'Poseidon Group' puts a new spin on cyber-extortion, and operates across land and sea.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/9/2016
Comment1 Comment  |  Read  |  Post a Comment
Monday Morning Quarterbacking Super Bowl 50: Infosec Edition
Tim Helming, Director of Product Management, DomainToolsCommentary
How to coach your team to victory in the battle to protect corporate data and intellectual property. After all, thereís a lot riding on your game, too.
By Tim Helming Director of Product Management, DomainTools, 2/8/2016
Comment1 Comment  |  Read  |  Post a Comment
US DOJ, DHS Yet To Confirm Breach, Leak
Dark Reading Staff, Quick Hits
Apparent names, job titles, contact information of 9,000 Department of Homeland Security employees posted on Twitter.
By Dark Reading Staff , 2/8/2016
Comment1 Comment  |  Read  |  Post a Comment
A Case Of Mistaken Identity?
Christiaan Beek, Threat Intelligence Research, Office of the CTO,Intel Security
The role of BlackEnergy in Ukrainian power grid disruption.
By Christiaan Beek Threat Intelligence Research, Office of the CTO,Intel Security, 2/5/2016
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Smackdown: What Side Are You On?
Dark Reading Staff, Commentary
Analytics vs. Encryption. Prevention vs. Detection. Machine Learning: Promise or Hype? The Firewall: Dead or Still Breathing? The sharpest minds in the security industry debate some of the industry's most contentious issues.
By Dark Reading Staff , 2/4/2016
Comment4 comments  |  Read  |  Post a Comment
Lights Out: Not So Fast
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Author and famed broadcast journalist Ted Koppel's new bestseller warns of a 'likely' nationwide and devastating blackout of the US grid at the hands of hackers, but some government and utility industry officials disagree.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/3/2016
Comment3 comments  |  Read  |  Post a Comment
Encryption Has Its Place But It Isnít Foolproof
Doug Clare, Vice President of Product Management, FICOCommentary
Most encrypted data is unencrypted at some point in its lifecycle -- and the bad guys are pretty good at finding the one window left open.
By Doug Clare Vice President of Product Management, FICO, 2/2/2016
Comment2 comments  |  Read  |  Post a Comment
As Good As They're Getting, Analytics Don't Inherently Protect Data
Scott Petry , Co-Founder & CEO of Authentic8Commentary
It is only a matter of time before your system is breached, and when your data is lost, analytics won't help you.
By Scott Petry Co-Founder & CEO of Authentic8, 2/2/2016
Comment0 comments  |  Read  |  Post a Comment
First Hacker Arrested for CyberTerror Charges Arrives In American Court
Dark Reading Staff, Quick Hits
Kosovo citizen faces a maximum sentence of 35 years in prison for hacking and providing material support to ISIS.
By Dark Reading Staff , 2/1/2016
Comment0 comments  |  Read  |  Post a Comment
IEEE Anti-Malware Support Service Goes Live
Mark Kennedy, Chair, IEEE Industry Connections Security Group, Chair, IEEE Malware Working GroupCommentary
Through the collaborative effort of major players in the computer security industry, organizations now have two new tools for better malware detection.
By Mark Kennedy Chair, IEEE Industry Connections Security Group, Chair, IEEE Malware Working Group, 2/1/2016
Comment0 comments  |  Read  |  Post a Comment
Wendy's Could Become Test Case For New EMV Liability Rules
Jai Vijayan, Freelance writerNews
The fast food giant confirms it is investigating fraudulent activity involving payment cards used at some of its 6,500 locations.
By Jai Vijayan Freelance writer, 1/29/2016
Comment4 comments  |  Read  |  Post a Comment
New Version Of CenterPOS Malware Taps Rush To Attack Retail Systems
Jai Vijayan, Freelance writerNews
EMV will make it much harder for criminals to steal payment card data, so thereís a rush to do it while they can
By Jai Vijayan Freelance writer, 1/28/2016
Comment3 comments  |  Read  |  Post a Comment
Big Week For Ransomware
Sara Peters, Senior Editor at Dark ReadingNews
Inventive new variants and damaging attacks swept through the headlines this week.
By Sara Peters Senior Editor at Dark Reading, 1/28/2016
Comment5 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: nice one good
Current Issue
E-Commerce Security: What Every Enterprise Needs to Know
The mainstream use of EMV smartcards in the US has experts predicting an increase in online fraud. Organizations will need to look at new tools and processes for building better breach detection and response capabilities.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join Dark Reading community editor Marilyn Cohodas in a thought-provoking discussion about the evolving role of the CISO.