Vulnerabilities / Threats // Insider Threats
News & Commentary
How To Reduce Spam & Phishing With DMARC
Daniel Ingevaldson, CTO, Easy SolutionsCommentary
Providers of more than 3 billion email boxes have taken up a new Internet protocol to help put trust back into electronic messaging.
By Daniel Ingevaldson CTO, Easy Solutions, 2/26/2015
Comment0 comments  |  Read  |  Post a Comment
From Hacking Systems To Hacking People
Larry Ponemon, Chairman & Founder, Ponemon InstituteCommentary
New low-tech attack methods like ‘visual hacking’ demand an information security environment that values data privacy and a self-policing culture.
By Larry Ponemon Chairman & Founder, Ponemon Institute, 2/24/2015
Comment6 comments  |  Read  |  Post a Comment
Our Governments Are Making Us More Vulnerable
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
Stuxnet opened Pandora’s box and today state-sponsored cyber security policies continue to put us at risk. Here are three reasons why.
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 2/19/2015
Comment11 comments  |  Read  |  Post a Comment
How We Can Prevent Another Anthem Breach
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Two things could have mitigated the damage and maybe even prevented any loss at all: behavioral analysis and context-aware access control.
By Dave Kearns Analyst, Kuppinger-Cole, 2/18/2015
Comment18 comments  |  Read  |  Post a Comment
Gas Stations Urged To Secure Internet-Exposed Fuel Tank Devices
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers find more than 5,000 US gas stations' automated tank gauges unprotected on the public Internet and open to hackers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/26/2015
Comment11 comments  |  Read  |  Post a Comment
4 Mega-Vulnerabilities Hiding in Plain Sight
Giora Engel, VP Product & Strategy, LightCyberCommentary
How four recently discovered, high-impact vulnerabilities provided “god mode” access to 90% of the Internet for 15 years, and what that means for the future.
By Giora Engel VP Product & Strategy, LightCyber, 1/14/2015
Comment1 Comment  |  Read  |  Post a Comment
Insider Threats in the Cloud: 6 Harrowing Tales
Kaushik Narayan, Co-Founder and CTO at Skyhigh NetworksCommentary
The cloud has vastly expanded the scope of rogue insiders. Read on to discover the latest threat actors and scenarios.
By Kaushik Narayan Co-Founder and CTO at Skyhigh Networks, 1/13/2015
Comment5 comments  |  Read  |  Post a Comment
2015: The Year Of The Security Startup – Or Letdown
Tim Wilson, Editor in Chief, Dark ReadingCommentary
While stealth startup Ionic and other newcomers promise to change the cyber security game, ISC8 may be the first of many to head for the showers.
By Tim Wilson Editor in Chief, Dark Reading, 1/13/2015
Comment5 comments  |  Read  |  Post a Comment
Insider Threat, Shadow IT Concerns Spur Cloud Security
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Surveys show cloud tops 2015 priorities.
By Ericka Chickowski Contributing Writer, Dark Reading, 1/12/2015
Comment3 comments  |  Read  |  Post a Comment
How NOT To Be The Next Sony: Defending Against Destructive Attacks
Sara Peters, Senior Editor at Dark ReadingNews
When an attacker wants nothing more than to bring ruin upon your business, you can't treat them like just any other criminal.
By Sara Peters Senior Editor at Dark Reading, 1/8/2015
Comment12 comments  |  Read  |  Post a Comment
Nation-State Cyberthreats: Why They Hack
Mike Walls, Managing Director Security Operations & Analysis, EdgeWaveCommentary
All nations are not created equal and, like individual hackers, each has a different motivation and capability.
By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 1/8/2015
Comment10 comments  |  Read  |  Post a Comment
Morgan Stanley Insider Case Offers New Year Insider Reminders
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Employee accesses 10% of customer files in investment database, exposes hundreds on Pastebin.
By Ericka Chickowski Contributing Writer, Dark Reading, 1/6/2015
Comment4 comments  |  Read  |  Post a Comment
Dear Cyber Criminals: We’re Not Letting Our Guard Down in 2015
Sergio Galindo, GM, GFI SoftwareCommentary
Next year, you’ll keep exploiting vulnerabilities, and we’ll make sure our systems are patched, our antivirus is up to date, and our people are too smart to click the links you send them.
By Sergio Galindo GM, GFI Software, 12/31/2014
Comment5 comments  |  Read  |  Post a Comment
5 Pitfalls to Avoid When Running Your SOC
Jeff Schilling, CSO, FirehostCommentary
The former head of the US Army Cyber Command SOC shares his wisdom and battle scars about playing offense not defense against attackers.
By Jeff Schilling CSO, Firehost, 12/18/2014
Comment6 comments  |  Read  |  Post a Comment
Sony Cancels Movie, US Confirms North Korea Involvement, But Were Bomb Threats Empty?
Sara Peters, Senior Editor at Dark ReadingNews
After the Sony hackers issue threats of physical violence and 9/11-style attacks, The Interview is being killed before it even premieres. But would the attackers have really blown up theaters?
By Sara Peters Senior Editor at Dark Reading, 12/17/2014
Comment8 comments  |  Read  |  Post a Comment
Ekoparty Isn’t The Next Defcon (& It Doesn’t Want To Be)
Andrew Ford, Developer, BugcrowdCommentary
Unlike American security conferences that offer a buffet of merchandise, meals, and drinks, Ekoparty, in Buenos Aires, is every bit as functional -- with a little less fluff.
By Andrew Ford Developer, Bugcrowd, 12/15/2014
Comment0 comments  |  Read  |  Post a Comment
Hiring Hackers To Secure The Internet Of Things
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
How some white hat hackers are changing career paths to help fix security weaknesses in consumer devices and business systems.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/11/2014
Comment3 comments  |  Read  |  Post a Comment
Employees Still Get More Access Than They Need
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Two surveys show how little enterprises enforce and track least-privilege policies.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/9/2014
Comment1 Comment  |  Read  |  Post a Comment
6 Million+ Email Accounts Worldwide Exposed In Past 3 Months
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Spike in number of stolen accounts likely due to uptick in major data breaches, researchers say.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/25/2014
Comment4 comments  |  Read  |  Post a Comment
Is Security Awareness Training Really Worth It?
Fahmida Y. Rashid, News
Experts weigh in on the value of end-user security training, and how to make education more effective.
By Fahmida Y. Rashid , 11/18/2014
Comment9 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-2086
Published: 2015-02-26
Cross-site scripting (XSS) vulnerability in the live preview in the Panopoly Magic module before 7.x-1.17 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a pane title.

CVE-2015-2087
Published: 2015-02-26
Unrestricted file upload vulnerability in the Avatar Uploader module before 6.x-1.3 for Drupal allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via unspecified vectors.

CVE-2015-2088
Published: 2015-02-26
Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Term Queue module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CVE-2015-2089
Published: 2015-02-26
Multiple cross-site request forgery (CSRF) vulnerabilities in the CrossSlide jQuery (crossslide-jquery-plugin-for-wordpress) plugin 2.0.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (...

CVE-2015-2090
Published: 2015-02-26
SQL injection vulnerability in the ajax_survey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for Wordpress allows remote attackers to execute arbitrary SQL commands via the survey_id parameter in an ajax_survey action to wp-admin/admin-ajax.php.

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.