Perimeter
News & Commentary
Inside the 4 Most Common Threat Actor Tools
 Dr. Chase Cunningham, Head of Threat Intelligence, FireHostCommentary
How do you prevent your environment from becoming the next target? Turn the tables on your attackers.
By Dr. Chase Cunningham Head of Threat Intelligence, FireHost, 4/17/2015
Comment0 comments  |  Read  |  Post a Comment
Better Together: Network Operations & Infosec
Steve Riley, Technical Leader, Office of the CTO, Riverbed TechnologyCommentary
Getting networking and information security teams together in the same room is a critical step for companies that want to build a continuous information security culture.
By Steve Riley Technical Leader, Office of the CTO, Riverbed Technology, 4/13/2015
Comment0 comments  |  Read  |  Post a Comment
Russian Hackers Breached White House Via US State Department
Sara Peters, Senior Editor at Dark ReadingNews
Attackers who recently breached the US State Department compromised an unclassified White House system by sending spearphishing messages from a hijacked State Department email account, officials say.
By Sara Peters Senior Editor at Dark Reading, 4/8/2015
Comment3 comments  |  Read  |  Post a Comment
Study: Network Team's Security Role On The Rise
Dark Reading Staff, Quick Hits
New data shows how network engineers and other members of the network team are teaming up with their counterparts in security.
By Dark Reading Staff , 3/30/2015
Comment2 comments  |  Read  |  Post a Comment
Hacking Back: Two Wrongs Don’t Make A Right
Anthony Di Bello, Director, Security Practice, Guidance SoftwareCommentary
Here’s the critical issue: Do you want to risk engaging your company in an ego-fueled war of revenge, or do you want to cut the bad guys off at the pass?
By Anthony Di Bello Director, Security Practice, Guidance Software, 3/30/2015
Comment0 comments  |  Read  |  Post a Comment
Hotel Router Vulnerability A Reminder Of Untrusted WiFi Risks
Jai Vijayan, Freelance writerNews
A flaw in a popular router product may have exposed millions of hotel guests, researchers from Cylance say.
By Jai Vijayan Freelance writer, 3/27/2015
Comment2 comments  |  Read  |  Post a Comment
SDN Shows Promise For Security
Marcia Savage, Managing Editor, Network ComputingNews
Improved security is emerging as a major reason for adopting software-defined networking, but concerns about potential SDN risks persist.
By Marcia Savage Managing Editor, Network Computing, 3/26/2015
Comment0 comments  |  Read  |  Post a Comment
Researchers Use Heat To Breach Air-Gapped Systems
Jai Vijayan, Freelance writerNews
BitWhisper project is part of ongoing air gap security research at Israel's Ben-Gurion University.
By Jai Vijayan Freelance writer, 3/25/2015
Comment1 Comment  |  Read  |  Post a Comment
When DDoS Isn't All About Massive Disruption
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New data shows prevalence of often-undetectable DDoS attacks aimed at quietly wreaking havoc on the network while performing data exfiltration and other attacks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/23/2015
Comment2 comments  |  Read  |  Post a Comment
The Bot Threat For the Rest of Us: Application-Layer Attacks
Rami Essaid, CEO and co-founder, Distil NetworksCommentary
Bots are getting craftier by the day so you may not even know you have a problem.
By Rami Essaid CEO and co-founder, Distil Networks, 3/18/2015
Comment0 comments  |  Read  |  Post a Comment
The 7 Best Social Engineering Attacks Ever
Sara Peters, Senior Editor at Dark Reading
Seven reminders of why technology alone isn't enough to keep you secure.
By Sara Peters Senior Editor at Dark Reading, 3/17/2015
Comment4 comments  |  Read  |  Post a Comment
6 Ways The Sony Hack Changes Everything
John B. Dickson, CISSP,  Principal, Denim GroupCommentary
Security in a post-Sony world means that a company's very survival in the wake of a cyber attack is more of a concern than ever before.
By John B. Dickson CISSP, Principal, Denim Group, 3/11/2015
Comment5 comments  |  Read  |  Post a Comment
Second Look: Data Security In A Hybrid Cloud
Bill Kleyman, Director of Strategy & Innovation, MTM TechnologiesCommentary
Today’s big cloud providers were built around an architecture for hosting and securing data. They will continue to thrive, only by keeping your workloads safe.
By Bill Kleyman Director of Strategy & Innovation, MTM Technologies, 3/9/2015
Comment12 comments  |  Read  |  Post a Comment
Dark Reading Offers Cyber Security Crash Course At Interop 2015
Tim Wilson, Editor in Chief, Dark ReadingCommentary
New, one-day event offers a way for IT pros to quickly catch up with the latest threats and defenses in information security.
By Tim Wilson Editor in Chief, Dark Reading, 3/2/2015
Comment1 Comment  |  Read  |  Post a Comment
How We Can Prevent Another Anthem Breach
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Two things could have mitigated the damage and maybe even prevented any loss at all: behavioral analysis and context-aware access control.
By Dave Kearns Analyst, Kuppinger-Cole, 2/18/2015
Comment20 comments  |  Read  |  Post a Comment
Sony Hack: Poster Child For A New Era Of Cyber Attacks
Dmitri Alperovitch, Co-Founder & CTO, CrowdStrikeCommentary
What made the Sony breach unique is the combination of four common tactics into a single orchestrated campaign designed to bend a victim to the will of the attackers.
By Dmitri Alperovitch Co-Founder & CTO, CrowdStrike, 2/13/2015
Comment4 comments  |  Read  |  Post a Comment
How Malware Bypasses Our Most Advanced Security Measures
Alon Nafta, Senior Security Researcher, SentinelOneCommentary
We unpack three common attack vectors and five evasion detection techniques.
By Alon Nafta Senior Security Researcher, SentinelOne, 2/10/2015
Comment8 comments  |  Read  |  Post a Comment
Why Israel Hacks
Mike Walls, Managing Director Security Operations & Analysis, EdgeWaveCommentary
Israel's tenuous position in the world drives its leaders to stay ahead of its cyber adversaries, chief among them the Islamic Republic of Iran.
By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 2/5/2015
Comment3 comments  |  Read  |  Post a Comment
How The Skills Shortage Is Killing Defense in Depth
David Holmes, World-Wide Security Evangelist, F5Commentary
It used to be easy to sell specialized security gizmos but these days when a point product gets pitched to a CSO, the response is likely “looks nifty, but I don’t have the staff to deploy it.”
By David Holmes World-Wide Security Evangelist, F5, 1/30/2015
Comment12 comments  |  Read  |  Post a Comment
Why Iran Hacks
Mike Walls, Managing Director Security Operations & Analysis, EdgeWaveCommentary
Iran is using its increasingly sophisticated cyber capabilities to minimize Western influence and establish itself as the dominant power in the Middle East.
By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 1/29/2015
Comment7 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by mithoon
Current Conversations great post
In reply to: Re: name required
Post Your Own Reply
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-4403
Published: 2015-04-24
Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote attackers to hijack the authentication of administrators for requests that (1) delete a product via a delete_product_confirm action to product.php or (2) disable a product via a setflag action to categories.ph...

CVE-2012-2930
Published: 2015-04-24
Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code injection attacks in .htusers...

CVE-2012-2932
Published: 2015-04-24
Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the (1) selitems[] parameter in a copy, (2) chmod, or (3) arch action to admin/index.php or (4) searchitem parameter in a search action to admin/...

CVE-2012-5451
Published: 2015-04-24
Multiple stack-based buffer overflows in HttpUtils.dll in TVMOBiLi before 2.1.0.3974 allow remote attackers to cause a denial of service (tvMobiliService service crash) via a long string in a (1) GET or (2) HEAD request to TCP port 30888.

CVE-2015-0297
Published: 2015-04-24
Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methos via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.