Vulnerabilities / Threats // Insider Threats
News & Commentary
Be Aware: 8 Tips for Security Awareness Training
Sara Peters, Senior Editor at Dark Reading
Hint: One giant security training session to rule them all is not the way to go.
By Sara Peters Senior Editor at Dark Reading, 9/29/2014
Comment0 comments  |  Read  |  Post a Comment
The Truth About Ransomware: Youíre On Your Own
Andrew Hay, Sr. Security Research Lead & Evangelist, OpenDNSCommentary
What should enterprises do when faced with ransomware? The answer is, it depends.
By Andrew Hay Sr. Security Research Lead & Evangelist, OpenDNS, 9/22/2014
Comment1 Comment  |  Read  |  Post a Comment
Secure The Core: Advice For Agencies Under Attack
Vijay Basani, CEO, EiQ NetworksCommentary
When facing state-sponsored attacks, perimeter security is never enough.
By Vijay Basani CEO, EiQ Networks, 9/3/2014
Comment2 comments  |  Read  |  Post a Comment
All In For The Coming World of 'Things'
Don Bailey, Founder & CEO, Lab Mouse SecurityCommentary
At a Black Hat round table, experts discuss the strategies necessary to lock down the Internet of Things, the most game-changing concept in Internet history.
By Don Bailey Founder & CEO, Lab Mouse Security, 8/25/2014
Comment6 comments  |  Read  |  Post a Comment
Hacker Or Military? Best Of Both In Cyber Security
John B. Dickson, CISSP,  Principal, Denim GroupCommentary
How radically different approaches play out across the security industry.
By John B. Dickson CISSP, Principal, Denim Group, 8/21/2014
Comment6 comments  |  Read  |  Post a Comment
Tech Insight: Hacking The Nest Thermostat
John H. Sawyer, Contributing Writer, Dark ReadingNews
Researchers at Black Hat USA demonstrated how they were able to compromise a popular smart thermostat.
By John H. Sawyer Contributing Writer, Dark Reading, 8/14/2014
Comment5 comments  |  Read  |  Post a Comment
The Illegitimate Millinerís Guide to Black Hat
Tal Klein, VP Strategy, AdallomCommentary
A less-than-honest "Abe" goes undercover to get a behind-the-scenes look at Black Hat and its infamous attendees.
By Tal Klein VP Strategy, Adallom, 8/6/2014
Comment9 comments  |  Read  |  Post a Comment
Is IT The New Boss Of Video Surveillance?
Fredrik Nilsson, General Manager, Axis Communications, North AmericaCommentary
ITís participation in the security of corporate video surveillance is growing, much to the chagrin of the physical security team. Hereís why corporate infosec needs to pay attention.
By Fredrik Nilsson General Manager, Axis Communications, North America, 8/4/2014
Comment4 comments  |  Read  |  Post a Comment
Government Security: Saying 'No' Doesn't Work
Steve Jones, Group Strategy Director, Big Data & Analytics, CapgeminiCommentary
It's time for government agencies to move beyond draconian security rules and adopt anomaly analytics.
By Steve Jones Group Strategy Director, Big Data & Analytics, Capgemini, 7/14/2014
Comment1 Comment  |  Read  |  Post a Comment
In Fog Of Cyberwar, US Tech Is Caught In Crossfire
Julian Waits, President & CEO, ThreatTrack SecurityCommentary
Distrust of the US intelligence community is eroding consumer confidence and hampering US technology firms on the global stage at a time when the sector should be showing unprecedented growth.
By Julian Waits President & CEO, ThreatTrack Security, 7/9/2014
Comment9 comments  |  Read  |  Post a Comment
P.F. Chang's Breach Went Undetected For Months
Lucas Zaichkowsky, Enterprise Defense Architect, AccessDataCommentary
Early reports indicate that the compromise involved a large number of restaurant locations and dates as far back as September 2013.
By Lucas Zaichkowsky Enterprise Defense Architect, AccessData, 6/23/2014
Comment4 comments  |  Read  |  Post a Comment
SMBs Ignoring Insider Threats
Henry Kenyon, Commentary
Many smaller organizations do not adequately protect against insider threats, CERT expert warns.
By Henry Kenyon , 6/23/2014
Comment7 comments  |  Read  |  Post a Comment
NIST Security Guidance Revision: Prepare Now
Vincent Berk, Commentary
NIST 800-53 Revision 5 will likely put more emphasis on continuous monitoring. Don't wait until it arrives to close your security gaps.
By Vincent Berk , 6/16/2014
Comment4 comments  |  Read  |  Post a Comment
Putter Panda: Tip Of The Iceberg
George Kurtz, President & CEO, CrowdStrikeCommentary
What CrowdStrike's outing of Putter Panda -- the second hacking group linked to China's spying on US defense and European satellite and aerospace industries -- means for the security industry.
By George Kurtz President & CEO, CrowdStrike, 6/10/2014
Comment3 comments  |  Read  |  Post a Comment
Researchers: Mobile Applications Pose Rapidly Growing Threat To Enterprises
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
The average user has about 200 apps running on his smartphone -- and they're not all safe, Mojave Networks study says.
By Tim Wilson Editor in Chief, Dark Reading, 6/3/2014
Comment0 comments  |  Read  |  Post a Comment
Dissecting Dendroid: An In-Depth Look Inside An Android RAT Kit
Felix Leder, Senior Malware Researcher, Blue Coat Systems NorwayCommentary
Dendroid is full of surprises to assist it in subverting traditional security tactics through company-issued Android phones or BYOD.
By Felix Leder Senior Malware Researcher, Blue Coat Systems Norway, 5/28/2014
Comment4 comments  |  Read  |  Post a Comment
Privileged Use Also a State of Mind, Report Finds
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Government Hiring Practices Hamper Cybersecurity Efforts
Patience Wait, Commentary
Federal agencies find it difficult to hire unconventional but well-qualified talent to battle cyberattacks, experts say.
By Patience Wait , 5/20/2014
Comment4 comments  |  Read  |  Post a Comment
6 Tips For Securing Social Media In The Workplace
John W. Pirc, Research Vice President, NSS LabsCommentary
Empower employees by training them to be aware and secure, and in how to avoid becoming a statistic.
By John W. Pirc Research Vice President, NSS Labs, 5/20/2014
Comment11 comments  |  Read  |  Post a Comment
Money, Skills, And Hired Guns: 2014 Strategic Security Survey
Michael A. Davis, Contributing EditorCommentary
Tight budgets. A manpower crunch. More -- and more sophisticated -- threats. Are you sure you're up to this?
By Michael A. Davis Contributing Editor, 5/12/2014
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5619
Published: 2014-09-29
The Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) file system entries in FAT file systems and other file systems for which . is not a reserved name, which allows local users to hide activities it more difficult to conduct forensics activities, as demonstrated by Flame.

CVE-2012-5621
Published: 2014-09-29
lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a denial of service (crash) via an OPAL connection with a party name that contains invalid UTF-8 strings.

CVE-2012-6107
Published: 2014-09-29
Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CVE-2012-6110
Published: 2014-09-29
bcron-exec in bcron before 0.10 does not close file descriptors associated with temporary files when running a cron job, which allows local users to modify job files and send spam messages by accessing an open file descriptor.

CVE-2013-1874
Published: 2014-09-29
Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
In our next Dark Reading Radio broadcast, weíll take a close look at some of the latest research and practices in application security.