Vulnerabilities / Threats // Insider Threats
News & Commentary
Hacker Or Military? Best Of Both In Cyber Security
John B. Dickson, CISSP,  Principal, Denim GroupCommentary
How radically different approaches play out across the security industry.
By John B. Dickson CISSP, Principal, Denim Group, 8/21/2014
Comment4 comments  |  Read  |  Post a Comment
Tech Insight: Hacking The Nest Thermostat
John H. Sawyer, Contributing Writer, Dark ReadingNews
Researchers at Black Hat USA demonstrated how they were able to compromise a popular smart thermostat.
By John H. Sawyer Contributing Writer, Dark Reading, 8/14/2014
Comment5 comments  |  Read  |  Post a Comment
The Illegitimate Millinerís Guide to Black Hat
Tal Klein, VP Strategy, AdallomCommentary
A less-than-honest "Abe" goes undercover to get a behind-the-scenes look at Black Hat and its infamous attendees.
By Tal Klein VP Strategy, Adallom, 8/6/2014
Comment9 comments  |  Read  |  Post a Comment
Is IT The New Boss Of Video Surveillance?
Fredrik Nilsson, General Manager, Axis Communications, North AmericaCommentary
ITís participation in the security of corporate video surveillance is growing, much to the chagrin of the physical security team. Hereís why corporate infosec needs to pay attention.
By Fredrik Nilsson General Manager, Axis Communications, North America, 8/4/2014
Comment4 comments  |  Read  |  Post a Comment
Government Security: Saying 'No' Doesn't Work
Steve Jones, Group Strategy Director, Big Data & Analytics, CapgeminiCommentary
It's time for government agencies to move beyond draconian security rules and adopt anomaly analytics.
By Steve Jones Group Strategy Director, Big Data & Analytics, Capgemini, 7/14/2014
Comment1 Comment  |  Read  |  Post a Comment
In Fog Of Cyberwar, US Tech Is Caught In Crossfire
Julian Waits, President & CEO, ThreatTrack SecurityCommentary
Distrust of the US intelligence community is eroding consumer confidence and hampering US technology firms on the global stage at a time when the sector should be showing unprecedented growth.
By Julian Waits President & CEO, ThreatTrack Security, 7/9/2014
Comment9 comments  |  Read  |  Post a Comment
P.F. Chang's Breach Went Undetected For Months
Lucas Zaichkowsky, Enterprise Defense Architect, AccessDataCommentary
Early reports indicate that the compromise involved a large number of restaurant locations and dates as far back as September 2013.
By Lucas Zaichkowsky Enterprise Defense Architect, AccessData, 6/23/2014
Comment4 comments  |  Read  |  Post a Comment
SMBs Ignoring Insider Threats
Henry Kenyon, Commentary
Many smaller organizations do not adequately protect against insider threats, CERT expert warns.
By Henry Kenyon , 6/23/2014
Comment7 comments  |  Read  |  Post a Comment
NIST Security Guidance Revision: Prepare Now
Vincent Berk, Commentary
NIST 800-53 Revision 5 will likely put more emphasis on continuous monitoring. Don't wait until it arrives to close your security gaps.
By Vincent Berk , 6/16/2014
Comment4 comments  |  Read  |  Post a Comment
Putter Panda: Tip Of The Iceberg
George Kurtz, President & CEO, CrowdStrikeCommentary
What CrowdStrike's outing of Putter Panda -- the second hacking group linked to China's spying on US defense and European satellite and aerospace industries -- means for the security industry.
By George Kurtz President & CEO, CrowdStrike, 6/10/2014
Comment3 comments  |  Read  |  Post a Comment
Researchers: Mobile Applications Pose Rapidly Growing Threat To Enterprises
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
The average user has about 200 apps running on his smartphone -- and they're not all safe, Mojave Networks study says.
By Tim Wilson Editor in Chief, Dark Reading, 6/3/2014
Comment0 comments  |  Read  |  Post a Comment
Dissecting Dendroid: An In-Depth Look Inside An Android RAT Kit
Felix Leder, Senior Malware Researcher, Blue Coat Systems NorwayCommentary
Dendroid is full of surprises to assist it in subverting traditional security tactics through company-issued Android phones or BYOD.
By Felix Leder Senior Malware Researcher, Blue Coat Systems Norway, 5/28/2014
Comment4 comments  |  Read  |  Post a Comment
Privileged Use Also a State of Mind, Report Finds
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Government Hiring Practices Hamper Cybersecurity Efforts
Patience Wait, Commentary
Federal agencies find it difficult to hire unconventional but well-qualified talent to battle cyberattacks, experts say.
By Patience Wait , 5/20/2014
Comment4 comments  |  Read  |  Post a Comment
6 Tips For Securing Social Media In The Workplace
John W. Pirc, Research Vice President, NSS LabsCommentary
Empower employees by training them to be aware and secure, and in how to avoid becoming a statistic.
By John W. Pirc Research Vice President, NSS Labs, 5/20/2014
Comment10 comments  |  Read  |  Post a Comment
Money, Skills, And Hired Guns: 2014 Strategic Security Survey
Michael A. Davis, Contributing EditorCommentary
Tight budgets. A manpower crunch. More -- and more sophisticated -- threats. Are you sure you're up to this?
By Michael A. Davis Contributing Editor, 5/12/2014
Comment2 comments  |  Read  |  Post a Comment
Report: Nearly 200 Million Records Compromised In Q1
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
More than 250 breaches were disclosed in Q1 2014, SafeNet report says.
By Tim Wilson Editor in Chief, Dark Reading, 5/1/2014
Comment4 comments  |  Read  |  Post a Comment
Organized Crime Group Scams US Companies Out Of Millions
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Social engineering attack tricks companies into large wire transfers.
By Tim Wilson Editor in Chief, Dark Reading, 4/28/2014
Comment3 comments  |  Read  |  Post a Comment
11 Heartbleed Facts: Vulnerability Discovery, Mitigation Continue
Mathew J. Schwartz, News
Millions of websites, applications from Cisco and VMware, Google Play apps, as well as millions of Android devices are vulnerable -- and the list keeps growing.
By Mathew J. Schwartz , 4/17/2014
Comment2 comments  |  Read  |  Post a Comment
Majority Of Users Have Not Received Security Awareness Training, Study Says
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Many users fail to follow policies on mobile, cloud security, EMA Research study says.
By Tim Wilson Editor in Chief, Dark Reading, 4/10/2014
Comment12 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2009-5142
Published: 2014-08-21
Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb 1.09 and earlier, as used in Mimbo Pro 2.3.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the src parameter.

CVE-2010-5302
Published: 2014-08-21
Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb before 1.15 as of 20100908 (r88), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING.

CVE-2010-5303
Published: 2014-08-21
Cross-site scripting (XSS) vulnerability in the displayError function in timthumb.php in TimThumb before 1.15 (r85), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to $errorString.

CVE-2014-3562
Published: 2014-08-21
Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory.

CVE-2014-3577
Published: 2014-08-21
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.