Vulnerabilities / Threats // Insider Threats
News & Commentary
Gas Stations Urged To Secure Internet-Exposed Fuel Tank Devices
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers find more than 5,000 US gas stations' automated tank gauges unprotected on the public Internet and open to hackers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/26/2015
Comment7 comments  |  Read  |  Post a Comment
4 Mega-Vulnerabilities Hiding in Plain Sight
Giora Engel, VP Product & Strategy, LightCyberCommentary
How four recently discovered, high-impact vulnerabilities provided “god mode” access to 90% of the Internet for 15 years, and what that means for the future.
By Giora Engel VP Product & Strategy, LightCyber, 1/14/2015
Comment1 Comment  |  Read  |  Post a Comment
Insider Threats in the Cloud: 6 Harrowing Tales
Kaushik Narayan, Co-Founder and CTO at Skyhigh NetworksCommentary
The cloud has vastly expanded the scope of rogue insiders. Read on to discover the latest threat actors and scenarios.
By Kaushik Narayan Co-Founder and CTO at Skyhigh Networks, 1/13/2015
Comment5 comments  |  Read  |  Post a Comment
2015: The Year Of The Security Startup – Or Letdown
Tim Wilson, Editor in Chief, Dark ReadingCommentary
While stealth startup Ionic and other newcomers promise to change the cyber security game, ISC8 may be the first of many to head for the showers.
By Tim Wilson Editor in Chief, Dark Reading, 1/13/2015
Comment5 comments  |  Read  |  Post a Comment
Insider Threat, Shadow IT Concerns Spur Cloud Security
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Surveys show cloud tops 2015 priorities.
By Ericka Chickowski Contributing Writer, Dark Reading, 1/12/2015
Comment3 comments  |  Read  |  Post a Comment
How NOT To Be The Next Sony: Defending Against Destructive Attacks
Sara Peters, Senior Editor at Dark ReadingNews
When an attacker wants nothing more than to bring ruin upon your business, you can't treat them like just any other criminal.
By Sara Peters Senior Editor at Dark Reading, 1/8/2015
Comment12 comments  |  Read  |  Post a Comment
Nation-State Cyberthreats: Why They Hack
Mike Walls, Managing Director Security Operations & Analysis, EdgeWaveCommentary
All nations are not created equal and, like individual hackers, each has a different motivation and capability.
By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 1/8/2015
Comment10 comments  |  Read  |  Post a Comment
Morgan Stanley Insider Case Offers New Year Insider Reminders
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Employee accesses 10% of customer files in investment database, exposes hundreds on Pastebin.
By Ericka Chickowski Contributing Writer, Dark Reading, 1/6/2015
Comment4 comments  |  Read  |  Post a Comment
Dear Cyber Criminals: We’re Not Letting Our Guard Down in 2015
Sergio Galindo, GM, GFI SoftwareCommentary
Next year, you’ll keep exploiting vulnerabilities, and we’ll make sure our systems are patched, our antivirus is up to date, and our people are too smart to click the links you send them.
By Sergio Galindo GM, GFI Software, 12/31/2014
Comment5 comments  |  Read  |  Post a Comment
5 Pitfalls to Avoid When Running Your SOC
Jeff Schilling, CSO, FirehostCommentary
The former head of the US Army Cyber Command SOC shares his wisdom and battle scars about playing offense not defense against attackers.
By Jeff Schilling CSO, Firehost, 12/18/2014
Comment6 comments  |  Read  |  Post a Comment
Sony Cancels Movie, US Confirms North Korea Involvement, But Were Bomb Threats Empty?
Sara Peters, Senior Editor at Dark ReadingNews
After the Sony hackers issue threats of physical violence and 9/11-style attacks, The Interview is being killed before it even premieres. But would the attackers have really blown up theaters?
By Sara Peters Senior Editor at Dark Reading, 12/17/2014
Comment8 comments  |  Read  |  Post a Comment
Ekoparty Isn’t The Next Defcon (& It Doesn’t Want To Be)
Andrew Ford, Developer, BugcrowdCommentary
Unlike American security conferences that offer a buffet of merchandise, meals, and drinks, Ekoparty, in Buenos Aires, is every bit as functional -- with a little less fluff.
By Andrew Ford Developer, Bugcrowd, 12/15/2014
Comment0 comments  |  Read  |  Post a Comment
Hiring Hackers To Secure The Internet Of Things
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
How some white hat hackers are changing career paths to help fix security weaknesses in consumer devices and business systems.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/11/2014
Comment3 comments  |  Read  |  Post a Comment
Employees Still Get More Access Than They Need
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Two surveys show how little enterprises enforce and track least-privilege policies.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/9/2014
Comment1 Comment  |  Read  |  Post a Comment
6 Million+ Email Accounts Worldwide Exposed In Past 3 Months
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Spike in number of stolen accounts likely due to uptick in major data breaches, researchers say.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/25/2014
Comment4 comments  |  Read  |  Post a Comment
Is Security Awareness Training Really Worth It?
Fahmida Y. Rashid, News
Experts weigh in on the value of end-user security training, and how to make education more effective.
By Fahmida Y. Rashid , 11/18/2014
Comment9 comments  |  Read  |  Post a Comment
Deconstructing The Cyber Kill Chain
Giora Engel, VP Product & Strategy, LightCyberCommentary
As sexy as it is, the Cyber Kill Chain model can actually be detrimental to network security because it reinforces old-school, perimeter-focused, malware-prevention thinking.
By Giora Engel VP Product & Strategy, LightCyber, 11/18/2014
Comment4 comments  |  Read  |  Post a Comment
Time To Turn The Tables On Attackers
Amit Yoran, President, RSACommentary
As a security industry, we need to arm business with innovative technologies that provide visibility, analysis, and action to prevent inevitable breaches from causing irreparable damage.
By Amit Yoran President, RSA, 11/13/2014
Comment5 comments  |  Read  |  Post a Comment
The Enemy Who Is Us: DoD Puts Contractors On Notice For Insider Threats
Adam Firestone, President & GM, Kaspersky Government Security SolutionsCommentary
New rule requires US government contractors to gather and report information on insider threat activity on classified networks.
By Adam Firestone President & GM, Kaspersky Government Security Solutions, 11/13/2014
Comment5 comments  |  Read  |  Post a Comment
‘Walk & Stalk’: A New Twist In Cyberstalking
Ken Munro,  Partner & Founder, Pen Test Partners LLPCommentary
How hackers can turn Wifi signals from smartphones and tablets into a homing beacon that captures users' online credentials and follows them, undetected, throughout the course of the day.
By Ken Munro Partner & Founder, Pen Test Partners LLP, 11/11/2014
Comment5 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5211
Published: 2015-01-27
Stack-based buffer overflow in the Attachmate Reflection FTP Client before 14.1.433 allows remote FTP servers to execute arbitrary code via a large PWD response.

CVE-2014-8154
Published: 2015-01-27
The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overf...

CVE-2014-9197
Published: 2015-01-27
The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request.

CVE-2014-9198
Published: 2015-01-27
The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session.

CVE-2014-9646
Published: 2015-01-27
Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperations function in installer/util/google_chrome_distribution.cc in the uninstall-survey feature in Google Chrome before 40.0.2214.91 allows local users to gain privileges via a Trojan horse program in the ...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.