Vulnerabilities / Threats // Insider Threats
News & Commentary
Majority Of Users Have Not Received Security Awareness Training, Study Says
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Many users fail to follow policies on mobile, cloud security, EMA Research study says.
By Tim Wilson Editor in Chief, Dark Reading, 4/10/2014
Comment11 comments  |  Read  |  Post a Comment
Social Engineering Grows Up
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Fifth annual DEF CON Social Engineering Capture the Flag Contest kicks off today with new "tag team" rules to reflect realities of the threat.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/7/2014
Comment9 comments  |  Read  |  Post a Comment
Colleagues In Cuffs: When Employees Steal Patient Records
Alison Diana, Senior EditorCommentary
The Queens County DA recently arrested two Jamaica Hospital employees for stealing patient data, a lucrative crime occurring at hospitals across the nation.
By Alison Diana Senior Editor, 4/7/2014
Comment11 comments  |  Read  |  Post a Comment
NSAís Big Surprise: Govít Agency Is Actually Doing Its Job
Ira Winkler, Commentary
When people claimed after 9/11 that the NSA was ill equipped to deal with a changing world, I wonder what they expected to happen.
By Ira Winkler , 4/4/2014
Comment14 comments  |  Read  |  Post a Comment
'Thingularity' Triggers Security Warnings
Mathew J. Schwartz, News
The Internet of Things is creating 50 billion Internet-connected devices. Who is going to keep them updated and secure?
By Mathew J. Schwartz , 3/28/2014
Comment0 comments  |  Read  |  Post a Comment
A Cyber History Of The Ukraine Conflict
John Bumgarner, Chief Technology Officer for the U.S. Cyber Consequences UnitCommentary
The CTO for the US Cyber Consequences Unit offers a brief lesson in Russian geopolitics and related cyber flare-ups, and explains why we should be concerned.
By John Bumgarner Chief Technology Officer for the U.S. Cyber Consequences Unit, 3/27/2014
Comment5 comments  |  Read  |  Post a Comment
March Madness: Online Privacy Edition
Mark Weinstein, Founder & CEO, SgrouplesCommentary
Say hello to the privacy revolution where an emerging backlash is being spurred by NSA spying, mass data collection and plain old common sense.
By Mark Weinstein Founder & CEO, Sgrouples, 3/26/2014
Comment1 Comment  |  Read  |  Post a Comment
7 Behaviors That Could Indicate A Security Breach
Becca Lipman, News
Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.
By Becca Lipman , 3/14/2014
Comment1 Comment  |  Read  |  Post a Comment
Snowden: I'd Do It Again
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
NSA whistleblower fields questions via live video feed at South by Southwest, calls encryption "defense against the dark arts."
By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/10/2014
Comment10 comments  |  Read  |  Post a Comment
The Snowden Effect: Who Controls My Data?
Brad Garlinghouse, CEO, Hightail Commentary
In todayís post-NSA-spying world, the key to providing trustworthy digital services to customers is control coupled with transparency.
By Brad Garlinghouse CEO, Hightail , 2/14/2014
Comment8 comments  |  Read  |  Post a Comment
Data Security Dos & Doníts From The Target Breach
Bala Venkat, CMO, CenzicCommentary
The holidays brought attacks on the retail industry. If you arenít in retail, your industry could be next.
By Bala Venkat CMO, Cenzic, 2/13/2014
Comment7 comments  |  Read  |  Post a Comment
Behavior Analysis: New Weapon To Fight Hackers
Michael Fitzgerald, News
Israeli startup Cybereason says it breaks new security ground by spotting deviations in employee behavior and telling companies what to do next.
By Michael Fitzgerald , 2/12/2014
Comment1 Comment  |  Read  |  Post a Comment
Target Breach: HVAC Contractor Systems Investigated
Mathew J. Schwartz, News
Hackers may have used access credentials stolen from refrigeration and HVAC system contractor Fazio Mechanical Services to gain remote access to Target's network.
By Mathew J. Schwartz , 2/6/2014
Comment10 comments  |  Read  |  Post a Comment
Target Hackers Tapped Vendor Credentials
Mathew J. Schwartz, News
Investigators suspect that BMC software, Microsoft configuration management tools, and SQL injection were used as hacking tools and techniques in Target's massive data breach.
By Mathew J. Schwartz , 1/30/2014
Comment7 comments  |  Read  |  Post a Comment
The Scariest End-User Security Question: What Changed?
Bob Covello, Security Tech VeteranCommentary
Hitting employees over the head with fear, uncertainty, and doubt does little to help protect them from security threats. Is multi-factor authentication "by force" a better approach?
By Bob Covello Security Tech Veteran, 1/29/2014
Comment11 comments  |  Read  |  Post a Comment
Feds Arrest Bitcoin Celebrity In Money Laundering Case
Mathew J. Schwartz, News
Bitcoin Foundation vice chair Charlie Shrem accused of changing $1 million into bitcoins for users of Silk Road marketplace.
By Mathew J. Schwartz , 1/28/2014
Comment0 comments  |  Read  |  Post a Comment
Malware: More Hype Than Reality
Andrew Froehlich, President & Lead Network Architect, West Gate NetworksCommentary
Sure, malware exists, but is it really as bad as the news suggests?
By Andrew Froehlich President & Lead Network Architect, West Gate Networks, 1/17/2014
Comment18 comments  |  Read  |  Post a Comment
Name That Toon: Contest Winners Named
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
We enjoyed all the laughs on the road to choosing the winner of our first cartoon caption contest. Check out the funniest entries.
By Marilyn Cohodas Community Editor, Dark Reading, 1/6/2014
Comment4 comments  |  Read  |  Post a Comment
RSA Denies Trading Security For NSA Payout
Mathew J. Schwartz, News
EMC security subsidiary accused of accepting $10 million from the NSA to purposefully use encryption for which the intelligence agency enjoyed backdoor access.
By Mathew J. Schwartz , 12/23/2013
Comment13 comments  |  Read  |  Post a Comment
Target Breach: 10 Facts
Mathew J. Schwartz, News
Experts advise consumers not to panic as suspicion falls on point-of-sale terminals used to scan credit cards.
By Mathew J. Schwartz , 12/21/2013
Comment23 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-5704
Published: 2014-04-15
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."

CVE-2013-5705
Published: 2014-04-15
apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.

CVE-2014-0341
Published: 2014-04-15
Multiple cross-site scripting (XSS) vulnerabilities in PivotX before 2.3.9 allow remote authenticated users to inject arbitrary web script or HTML via the title field to (1) templates_internal/pages.tpl, (2) templates_internal/home.tpl, or (3) templates_internal/entries.tpl; (4) an event field to ob...

CVE-2014-0342
Published: 2014-04-15
Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .php# extension, and then accessing it via unspecified vectors.

CVE-2014-0348
Published: 2014-04-15
The Artiva Agency Single Sign-On (SSO) implementation in Artiva Workstation 1.3.x before 1.3.9, Artiva Rm 3.1 MR7, Artiva Healthcare 5.2 MR5, and Artiva Architect 3.2 MR5, when the domain-name option is enabled, allows remote attackers to login to arbitrary domain accounts by using the corresponding...

Best of the Web