Vulnerabilities / Threats // Insider Threats
News & Commentary
Ashley Madison CEO Resigns
Dark Reading Staff, Quick Hits
Once again, a security breach claims an executive's job, but the business plans to continue operating.
By Dark Reading Staff , 8/28/2015
Comment2 comments  |  Read  |  Post a Comment
The 7 ‘Most Common’ RATS In Use Today
Udi Shamir, Chief Security Officer, SentinelOneCommentary
Sniffing out RATS -- remote access Trojans -- is a challenge for even the most hardened cyber defender. Here’s a guide to help you in the hunt.
By Udi Shamir Chief Security Officer, SentinelOne, 8/28/2015
Comment1 Comment  |  Read  |  Post a Comment
Getting To Yes, Cooperatively
Lysa Myers, Security Researcher, ESETCommentary
As security advocates, determining what “beneficial” means to a particular audience should be our first step in developing recommendations.
By Lysa Myers Security Researcher, ESET, 8/26/2015
Comment1 Comment  |  Read  |  Post a Comment
From The Black Hat Keynote Stage: Jennifer Granick
Marilyn Cohodas, Community Editor, Dark ReadingNews
World famous defender of hackers, privacy, and civil liberties exhorts attendees to preserve the dream of an open Internet.
By Marilyn Cohodas Community Editor, Dark Reading, 8/5/2015
Comment1 Comment  |  Read  |  Post a Comment
Code Theft: Protecting IP At The Source
Anna Chiang, Technical Marketing Manager, Perforce SoftwareCommentary
Your corporate assets are at risk and every day that you avoid taking action shortens the time until your IP will be leaked. Here are six steps toward better data security.
By Anna Chiang Technical Marketing Manager, Perforce Software, 7/29/2015
Comment2 comments  |  Read  |  Post a Comment
Lockheed Martin-Led Consortium Builds Secure 'System Of Systems'
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Multilevel Security (MLS) group says this policy-based architecture could apply to sensitive commercial networks as well as government agencies.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/28/2015
Comment11 comments  |  Read  |  Post a Comment
New Phishing Campaign Leverages Google Drive
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Researchers believe technique is geared to take over Google SSO accounts.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/28/2015
Comment2 comments  |  Read  |  Post a Comment
6 Ex-Employees Questioned About Hacking Team Breach, Prior Leak
Sara Peters, Senior Editor at Dark ReadingNews
Japanese targets also getting hit with leaked Flash zero-day exploits, and Hacking Team reportedly worked on drone-based WiFi surveillance tools.
By Sara Peters Senior Editor at Dark Reading, 7/20/2015
Comment0 comments  |  Read  |  Post a Comment
The Insiders: A Rogues Gallery
Mike Tierney, COO, SpectorSoftCommentary
You can defend against an insider threat if you know where to look.
By Mike Tierney COO, SpectorSoft, 7/16/2015
Comment0 comments  |  Read  |  Post a Comment
Shared Passwords And No Accountability Plague Privileged Account Use
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Even IT decision-makers guilty of poor account hygiene.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/14/2015
Comment1 Comment  |  Read  |  Post a Comment
Social Engineering & Black Hat: Do As I Do Not As I Say
Tal Klein, VP Strategy, Lakeside Software.Commentary
Yes, I will be at Black Hat, where people will yell at me about NOT giving my PII to anyone, especially if they ask me for it via email.
By Tal Klein VP Strategy, Lakeside Software., 6/29/2015
Comment4 comments  |  Read  |  Post a Comment
4 Ways Cloud Usage Is Putting Health Data At Risk
Jai Vijayan, Freelance writerNews
A huge shadow IT problem is just one of the risks of uncontrolled cloud usage in healthcare organizations, new study shows.
By Jai Vijayan Freelance writer, 6/26/2015
Comment3 comments  |  Read  |  Post a Comment
Why China Wants Your Sensitive Data
Adam Meyers, VP of Intelligence, CrowdStrikeCommentary
Since May 2014, the Chinese government has been amassing a 'Facebook for human intelligence.' Here's what it's doing with the info.
By Adam Meyers VP of Intelligence, CrowdStrike, 6/24/2015
Comment17 comments  |  Read  |  Post a Comment
Cybersecurity Advice From A Former White House CIO
Theresa Payton, Former White House CIO, CEO of Fortalice Solutions, LLCCommentary
Today's playbook demands 'human-centered' user education that assumes people will share passwords, forget them, and do unsafe things to get their jobs done.
By Theresa Payton Former White House CIO, CEO of Fortalice Solutions, LLC, 6/18/2015
Comment4 comments  |  Read  |  Post a Comment
Long Cons: The Next Age of Cyber Attacks
Ben Johnson, Chief Security Strategist, Bit9 + Carbon BlackCommentary
When hackers know that a big payday is coming they don’t mind waiting for months for the best moment to strike.
By Ben Johnson Chief Security Strategist, Bit9 + Carbon Black, 6/5/2015
Comment5 comments  |  Read  |  Post a Comment
IoT Devices Hosted On Vulnerable Clouds In 'Bad Neighborhoods'
Sara Peters, Senior Editor at Dark ReadingNews
OpenDNS report finds that organizations may be more susceptible to Internet of Things devices than they realize.
By Sara Peters Senior Editor at Dark Reading, 6/2/2015
Comment1 Comment  |  Read  |  Post a Comment
Today’s Requirements To Defend Against Tomorrow’s Insider Threats
Scott Weber, Managing Director, Stroz FriedbergCommentary
At its most basic, a consistent and meaningful insider threat detection program has two components: data and people. Here’s how to put them together.
By Scott Weber Managing Director, Stroz Friedberg, 6/1/2015
Comment0 comments  |  Read  |  Post a Comment
State-Sponsored Cybercrime: A Growing Business Threat
David Venable,  Director, Professional Services, Masergy CommunicationsCommentary
You don’t have to be the size of Sony -- or even mock North Korea -- to be a target.
By David Venable Director, Professional Services, Masergy Communications, 5/26/2015
Comment3 comments  |  Read  |  Post a Comment
Vulnerability Disclosure Deja Vu: Prosecute Crime Not Research
Katie Moussouris, Chief Policy Officer, HackerOneCommentary
There is a lesson to be learned from a locksmith living 150 years ago: Attackers and criminals are the only parties who benefit when security researchers fear the consequences for reporting issues.
By Katie Moussouris Chief Policy Officer, HackerOne, 5/12/2015
Comment10 comments  |  Read  |  Post a Comment
Big Data & The Security Skills Shortage
Peter Schlampp, VP of Products, PlatforaCommentary
Finding a security analyst with the data discovery experience to combat modern threats is like searching for the mythical unicorn. The person does not exist
By Peter Schlampp VP of Products, Platfora, 4/29/2015
Comment4 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3966
Published: 2015-08-30
The IPsec SA establishment process on Innominate mGuard devices with firmware 8.x before 8.1.7 allows remote authenticated users to cause a denial of service (VPN service restart) by leveraging a peer relationship to send a crafted configuration with compression.

CVE-2015-4555
Published: 2015-08-30
Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vect...

CVE-2015-5698
Published: 2015-08-30
Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVE-2015-4497
Published: 2015-08-29
Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets (CSS) token...

CVE-2015-4498
Published: 2015-08-29
The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early point i...

Dark Reading Radio
Archived Dark Reading Radio
Another Black Hat is in the books and Dark Reading was there. Join the editors as they share their top stories, biggest lessons, and best conversations from the premier security conference.