Vulnerabilities / Threats // Insider Threats
News & Commentary
11 Heartbleed Facts: Vulnerability Discovery, Mitigation Continue
Mathew J. Schwartz, News
Millions of websites, applications from Cisco and VMware, Google Play apps, as well as millions of Android devices are vulnerable -- and the list keeps growing.
By Mathew J. Schwartz , 4/17/2014
Comment2 comments  |  Read  |  Post a Comment
Majority Of Users Have Not Received Security Awareness Training, Study Says
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Many users fail to follow policies on mobile, cloud security, EMA Research study says.
By Tim Wilson Editor in Chief, Dark Reading, 4/10/2014
Comment12 comments  |  Read  |  Post a Comment
Social Engineering Grows Up
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Fifth annual DEF CON Social Engineering Capture the Flag Contest kicks off today with new "tag team" rules to reflect realities of the threat.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/7/2014
Comment9 comments  |  Read  |  Post a Comment
Colleagues In Cuffs: When Employees Steal Patient Records
Alison Diana, Senior EditorCommentary
The Queens County DA recently arrested two Jamaica Hospital employees for stealing patient data, a lucrative crime occurring at hospitals across the nation.
By Alison Diana Senior Editor, 4/7/2014
Comment16 comments  |  Read  |  Post a Comment
NSAís Big Surprise: Govít Agency Is Actually Doing Its Job
Ira Winkler, Commentary
When people claimed after 9/11 that the NSA was ill equipped to deal with a changing world, I wonder what they expected to happen.
By Ira Winkler , 4/4/2014
Comment14 comments  |  Read  |  Post a Comment
'Thingularity' Triggers Security Warnings
Mathew J. Schwartz, News
The Internet of Things is creating 50 billion Internet-connected devices. Who is going to keep them updated and secure?
By Mathew J. Schwartz , 3/28/2014
Comment0 comments  |  Read  |  Post a Comment
A Cyber History Of The Ukraine Conflict
John Bumgarner, Chief Technology Officer for the U.S. Cyber Consequences UnitCommentary
The CTO for the US Cyber Consequences Unit offers a brief lesson in Russian geopolitics and related cyber flare-ups, and explains why we should be concerned.
By John Bumgarner Chief Technology Officer for the U.S. Cyber Consequences Unit, 3/27/2014
Comment5 comments  |  Read  |  Post a Comment
March Madness: Online Privacy Edition
Mark Weinstein, Founder & CEO, SgrouplesCommentary
Say hello to the privacy revolution where an emerging backlash is being spurred by NSA spying, mass data collection and plain old common sense.
By Mark Weinstein Founder & CEO, Sgrouples, 3/26/2014
Comment1 Comment  |  Read  |  Post a Comment
7 Behaviors That Could Indicate A Security Breach
Becca Lipman, News
Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.
By Becca Lipman , 3/14/2014
Comment1 Comment  |  Read  |  Post a Comment
Snowden: I'd Do It Again
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
NSA whistleblower fields questions via live video feed at South by Southwest, calls encryption "defense against the dark arts."
By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/10/2014
Comment10 comments  |  Read  |  Post a Comment
The Snowden Effect: Who Controls My Data?
Brad Garlinghouse, CEO, Hightail Commentary
In todayís post-NSA-spying world, the key to providing trustworthy digital services to customers is control coupled with transparency.
By Brad Garlinghouse CEO, Hightail , 2/14/2014
Comment8 comments  |  Read  |  Post a Comment
Data Security Dos & Doníts From The Target Breach
Bala Venkat, CMO, CenzicCommentary
The holidays brought attacks on the retail industry. If you arenít in retail, your industry could be next.
By Bala Venkat CMO, Cenzic, 2/13/2014
Comment7 comments  |  Read  |  Post a Comment
Behavior Analysis: New Weapon To Fight Hackers
Michael Fitzgerald, News
Israeli startup Cybereason says it breaks new security ground by spotting deviations in employee behavior and telling companies what to do next.
By Michael Fitzgerald , 2/12/2014
Comment1 Comment  |  Read  |  Post a Comment
Target Breach: HVAC Contractor Systems Investigated
Mathew J. Schwartz, News
Hackers may have used access credentials stolen from refrigeration and HVAC system contractor Fazio Mechanical Services to gain remote access to Target's network.
By Mathew J. Schwartz , 2/6/2014
Comment10 comments  |  Read  |  Post a Comment
Target Hackers Tapped Vendor Credentials
Mathew J. Schwartz, News
Investigators suspect that BMC software, Microsoft configuration management tools, and SQL injection were used as hacking tools and techniques in Target's massive data breach.
By Mathew J. Schwartz , 1/30/2014
Comment7 comments  |  Read  |  Post a Comment
The Scariest End-User Security Question: What Changed?
Bob Covello, Security Tech VeteranCommentary
Hitting employees over the head with fear, uncertainty, and doubt does little to help protect them from security threats. Is multi-factor authentication "by force" a better approach?
By Bob Covello Security Tech Veteran, 1/29/2014
Comment11 comments  |  Read  |  Post a Comment
Feds Arrest Bitcoin Celebrity In Money Laundering Case
Mathew J. Schwartz, News
Bitcoin Foundation vice chair Charlie Shrem accused of changing $1 million into bitcoins for users of Silk Road marketplace.
By Mathew J. Schwartz , 1/28/2014
Comment0 comments  |  Read  |  Post a Comment
Malware: More Hype Than Reality
Andrew Froehlich, President & Lead Network Architect, West Gate NetworksCommentary
Sure, malware exists, but is it really as bad as the news suggests?
By Andrew Froehlich President & Lead Network Architect, West Gate Networks, 1/17/2014
Comment18 comments  |  Read  |  Post a Comment
Name That Toon: Contest Winners Named
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
We enjoyed all the laughs on the road to choosing the winner of our first cartoon caption contest. Check out the funniest entries.
By Marilyn Cohodas Community Editor, Dark Reading, 1/6/2014
Comment4 comments  |  Read  |  Post a Comment
RSA Denies Trading Security For NSA Payout
Mathew J. Schwartz, News
EMC security subsidiary accused of accepting $10 million from the NSA to purposefully use encryption for which the intelligence agency enjoyed backdoor access.
By Mathew J. Schwartz , 12/23/2013
Comment13 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Marilyn Cohodas
Current Conversations LOL.
In reply to: Check out our new cartoon
Post Your Own Reply
More Conversations
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

CVE-2014-2392
Published: 2014-04-24
The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer log...

Best of the Web