What Data Breaches Now Cost And Why
Moose Malware Uses Linux Routers For Social Network Fraud
Escalating Cyberattacks Threaten US Healthcare Systems
Data Encryption In The Cloud: Square Pegs In Round Holes
DR Radio: Incident Response War-Gaming
News & Commentary
Home Routers Being Targeted in DNS Hijacking Attack, Trend Micro Says
Jai Vijayan, Freelance writerNews
Attackers attempting to steal sensitive data by diverting home router traffic to malicious domains, security firm says.
By Jai Vijayan Freelance writer, 5/29/2015
Comment2 comments  |  Read  |  Post a Comment
How I Would Secure The Internet With $4 Billion
Jim Manico, OWASP Global Board MemberCommentary
In an open letter to President Obama, a member of the Open Web Application Security Project tells why pending legislation on threat-intel sharing doesn’t go far enough.
By Jim Manico OWASP Global Board Member, 5/29/2015
Comment4 comments  |  Read  |  Post a Comment
UN Report Warns Encryption Backdoors Violate Human Rights
Sara Peters, Senior Editor at Dark ReadingNews
Report says States should be promoting strong encryption and anonymity tools, not restricting them.
By Sara Peters Senior Editor at Dark Reading, 5/28/2015
Comment2 comments  |  Read  |  Post a Comment
IRS Attack Demonstrates How Breaches Beget More Breaches
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Weak authentication validation assumed only taxpayers would know their Social Security Numbers and other information that criminals have been stealing for years.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/28/2015
Comment7 comments  |  Read  |  Post a Comment
Small-to Mid-sized Organizations Targeted By 'Grabit' Cyberspies
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Rare SMB-focused cyber espionage campaign hitting small firms worldwide.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/28/2015
Comment2 comments  |  Read  |  Post a Comment
'Tox' Offers Ransomware As A Service
Jai Vijayan, Freelance writerNews
The ransomware is free to use but site retains 20 percent of any ransom that is collected, McAfee researcher says.
By Jai Vijayan Freelance writer, 5/28/2015
Comment0 comments  |  Read  |  Post a Comment
What Are You Doing During The Golden Hour After An Attack?
Torry Campbell, Chief Technical Officer of Endpoint and Management at Intel Security
Take the time to detect the attack, isolate the infected machines, and restore them to a known state.
By Torry Campbell Chief Technical Officer of Endpoint and Management at Intel Security, 5/28/2015
Comment0 comments  |  Read  |  Post a Comment
FUD Watch: The Marketing Of Security Vulnerabilities
Bill Brenner, Information Security BloggerCommentary
I’m all for raising awareness, but making designer vulnerabilities, catchy logos and content part of the disclosure process is a step in the wrong direction.
By Bill Brenner Information Security Blogger, 5/28/2015
Comment1 Comment  |  Read  |  Post a Comment
Data Theft The Goal Of BlackEnergy Attacks On Industrial Control Systems, Researchers Say
Jai Vijayan, Freelance writerNews
CyberX analysis of BlackEnergy module reveals most likely motive behind sophisticated multi-year attack campaign.
By Jai Vijayan Freelance writer, 5/28/2015
Comment0 comments  |  Read  |  Post a Comment
Oracle PeopleSoft In The Crosshairs
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Presenter at Hack In The Box says PeopleSoft is in worse security shape than SAP was five years ago.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/27/2015
Comment4 comments  |  Read  |  Post a Comment
Moose Malware Uses Linux Routers For Social Network Fraud
Sara Peters, Senior Editor at Dark ReadingNews
Linux/Moose is sophisticated enough to do DNS hijacks, DDoSes, and deep network penetration...so why is it wasting its time on Instagram?
By Sara Peters Senior Editor at Dark Reading, 5/27/2015
Comment10 comments  |  Read  |  Post a Comment
Escalating Cyberattacks Threaten US Healthcare Systems
Rick Kam and Larry Ponemon, Rick Kam, President & Co-founder, ID Experts & Larry Ponemon, Chairman & Founder, Ponemon InstituteCommentary
Electronic health records are prime targets because healthcare organizations lack the resources, processes, and technologies to protect them. And it’s only going to get worse.
By Rick Kam and Larry Ponemon Rick Kam, President & Co-founder, ID Experts & Larry Ponemon, Chairman & Founder, Ponemon Institute, 5/27/2015
Comment0 comments  |  Read  |  Post a Comment
Iris Scans: Security Breakthrough Or Privacy Invasion?
David Wagner, Executive Editor, Community & IT LifeNews
New technology allows irises to be scanned from 40 feet away. Is this a wonder weapon against crime and terrorism or a way for governments to invade our privacy and track our movements?
By David Wagner Executive Editor, Community & IT Life, 5/27/2015
Comment3 comments  |  Read  |  Post a Comment
What Data Breaches Now Cost And Why
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New Ponemon report says the cost of a data breach has increased by 23% and healthcare and education breaches are the most pricey.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/27/2015
Comment1 Comment  |  Read  |  Post a Comment
IRS Breach Exposes 100,000 Taxpayers' Tax Returns, Other Data
Dark Reading Staff, Quick Hits
Online 'Get Transcript' service accessed from February to mid-May.
By Dark Reading Staff , 5/26/2015
Comment6 comments  |  Read  |  Post a Comment
Profile Of A Cybercrime Petty Thief
Sara Peters, Senior Editor at Dark ReadingNews
Trend Micro provides peek at methods of amateur, lone-wolf carder.
By Sara Peters Senior Editor at Dark Reading, 5/26/2015
Comment0 comments  |  Read  |  Post a Comment
A Threat Intelligence-Sharing Reality-Check
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Many organizations employ sharing one-way (gathering) and mainly for 'CYA,' experts say.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/26/2015
Comment1 Comment  |  Read  |  Post a Comment
State-Sponsored Cybercrime: A Growing Business Threat
David Venable,  Director, Professional Services, Masergy CommunicationsCommentary
You don’t have to be the size of Sony -- or even mock North Korea -- to be a target.
By David Venable Director, Professional Services, Masergy Communications, 5/26/2015
Comment1 Comment  |  Read  |  Post a Comment
Android Factory Reset Leaves Your Data Exposed: Study
Nathan Eddy, Freelance WriterNews
Flaws in Google’s Android operating system mean the factory-reset option is unlikely to permanently wipe all your data -- or master token -- from the device.
By Nathan Eddy Freelance Writer, 5/25/2015
Comment3 comments  |  Read  |  Post a Comment
DR Radio: Incident Response War-Gaming
Sara Peters, Senior Editor at Dark ReadingCommentary
Learn how to practice the post-breach panicking.
By Sara Peters Senior Editor at Dark Reading, 5/25/2015
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Moose Malware Uses Linux Routers For Social Network Fraud
Sara Peters, Senior Editor at Dark Reading,  5/27/2015
IRS Attack Demonstrates How Breaches Beget More Breaches
Ericka Chickowski, Contributing Writer, Dark Reading,  5/28/2015
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Drinking from the Malware Fire Hose
Take a staged approach to processing malware in bulk so that scarce and time-limited resources can be prioritized for only those threats that truly require them. Read >>
Cartoon
Dark Reading Radio
Archived Dark Reading Radio
After a serious cybersecurity incident, everyone will be looking to you for answers -- but you’ll never have complete information and you’ll never have enough time. So in those heated moments, when a business is on the brink of collapse, how will you and the rest of the board room executives respond?
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0121
Published: 2015-05-30
IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through 4.0.7 and Rational DOORS Next Generation (RDNG) 4.0 through 4.0.7 and 5.0 through 5.0.2, when LTPA single sign on is used with WebSphere Application Server, do not terminate a Requirements Management (RM) session upon LTPA token ...

CVE-2015-0191
Published: 2015-05-30
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0191. Reason: This candidate is a duplicate of CVE-2014-0191. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-0191 instead of this candidate. All references and descriptions in this candid...

CVE-2015-0193
Published: 2015-05-30
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

CVE-2015-0733
Published: 2015-05-30
CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in Cisco Headend System Release allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks, via a crafted request, aka Bug ID ...

CVE-2015-0743
Published: 2015-05-30
Cisco Headend System Release allows remote attackers to cause a denial of service (DHCP and TFTP outage) via a flood of crafted UDP traffic, aka Bug ID CSCus04097.

10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed