Perimeter
News & Commentary
DDoS Attackers Exploiting '80s-Era Routing Protocol
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Latest wave of DDoS attacks abuses small office-home routers via the 27-year-old, outdated Routing Information Protocol Version 1 (RIPv1).
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/1/2015
Comment0 comments  |  Read  |  Post a Comment
Gas Stations In the Bullseye
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
White hats at Black Hat USA will release free honeypot tool for monitoring attacks against gas tank monitoring systems.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/29/2015
Comment6 comments  |  Read  |  Post a Comment
Few Skills Needed to Build DDoS Infrastructure, Honeypot Project Shows
Jai Vijayan, Freelance writerNews
Novetta's analysis of the tactics used by attackers to exploit a flaw in Elasticsearch shows script kiddies can build DDoS attacks.
By Jai Vijayan Freelance writer, 6/11/2015
Comment0 comments  |  Read  |  Post a Comment
Smart Cities, Finance Security Hot Topics At London Technology Week
Sara Peters, Senior Editor at Dark ReadingNews
IFSEC, Interop, Black Hat, DarkReading's Crash Course, and over 100 other tech events descend upon London next week.
By Sara Peters Senior Editor at Dark Reading, 6/11/2015
Comment1 Comment  |  Read  |  Post a Comment
Firewalls Sustain Foundation of Sound Security
Jody Brazil, Founder and CEO of FireMonCommentary
Simply put, organizations that cannot maintain rigid firewall enforcement are more likely to be compromised.
By Jody Brazil Founder and CEO of FireMon, 6/10/2015
Comment1 Comment  |  Read  |  Post a Comment
Why the Firewall is Increasingly Irrelevant
Asaf Cidon, CEO & Co-founder, SookasaCommentary
It will take a dramatic reimagining of security to dedicate focus to the areas where company data actually resides. It starts with tearing down the firewall.
By Asaf Cidon CEO & Co-founder, Sookasa, 6/10/2015
Comment4 comments  |  Read  |  Post a Comment
How The Hacker Economy Impacts Your Network & The Cloud
Bill Kleyman, VP of Strategy and InnovationCommentary
To protect data against growing threats, networks must now act as both sensor and enforcer around traffic that passes through users and data centers to the cloud.
By Bill Kleyman VP of Strategy and Innovation, 6/4/2015
Comment4 comments  |  Read  |  Post a Comment
Moose Malware Uses Linux Routers For Social Network Fraud
Sara Peters, Senior Editor at Dark ReadingNews
Linux/Moose is sophisticated enough to do DNS hijacks, DDoSes, and deep network penetration...so why is it wasting its time on Instagram?
By Sara Peters Senior Editor at Dark Reading, 5/27/2015
Comment13 comments  |  Read  |  Post a Comment
5 Signs Credentials In Your Network Are Being Compromised
Idan Tendler, CEO, FortscaleCommentary
Where should you start to keep ahead of attackers using insiders to steal corporate secrets or personal identifiable information? Check out these common scenarios.
By Idan Tendler CEO, Fortscale, 5/20/2015
Comment1 Comment  |  Read  |  Post a Comment
Cloud Security Alliance, Waverley Labs Collaborate On Open-Source Software-Defined Perimeter Spec
Jai Vijayan, Freelance writerNews
SDPs offer enterprises an alternative to traditional perimeter tools for protecting network assets, says CSA, Waverley
By Jai Vijayan Freelance writer, 5/13/2015
Comment0 comments  |  Read  |  Post a Comment
Dyre Trojan Adds New Sandbox-Evasion Feature
Jai Vijayan, Freelance writerNews
New tactic makes it that much harder to detect, says Seculert.
By Jai Vijayan Freelance writer, 5/1/2015
Comment1 Comment  |  Read  |  Post a Comment
Wi-Fi Woes Continue To Plague Infosec
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Several pieces of research coincide to send the message that hotspot connectivity is probably always going to be a sore spot for security.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/30/2015
Comment8 comments  |  Read  |  Post a Comment
IRC Botnets Are Not Quite Dead Yet
Jai Vijayan, Freelance writerNews
The handful that still operate are more sophisticated and resilient than before, Zscaler says.
By Jai Vijayan Freelance writer, 4/29/2015
Comment2 comments  |  Read  |  Post a Comment
Inside the 4 Most Common Threat Actor Tools
 Dr. Chase Cunningham, Head of Threat Intelligence, FireHostCommentary
How do you prevent your environment from becoming the next target? Turn the tables on your attackers.
By Dr. Chase Cunningham Head of Threat Intelligence, FireHost, 4/17/2015
Comment0 comments  |  Read  |  Post a Comment
Better Together: Network Operations & Infosec
Steve Riley, Technical Leader, Office of the CTO, Riverbed TechnologyCommentary
Getting networking and information security teams together in the same room is a critical step for companies that want to build a continuous information security culture.
By Steve Riley Technical Leader, Office of the CTO, Riverbed Technology, 4/13/2015
Comment0 comments  |  Read  |  Post a Comment
Russian Hackers Breached White House Via US State Department
Sara Peters, Senior Editor at Dark ReadingNews
Attackers who recently breached the US State Department compromised an unclassified White House system by sending spearphishing messages from a hijacked State Department email account, officials say.
By Sara Peters Senior Editor at Dark Reading, 4/8/2015
Comment3 comments  |  Read  |  Post a Comment
Study: Network Team's Security Role On The Rise
Dark Reading Staff, Quick Hits
New data shows how network engineers and other members of the network team are teaming up with their counterparts in security.
By Dark Reading Staff , 3/30/2015
Comment2 comments  |  Read  |  Post a Comment
Hacking Back: Two Wrongs Don’t Make A Right
Anthony Di Bello, Director, Security Practice, Guidance SoftwareCommentary
Here’s the critical issue: Do you want to risk engaging your company in an ego-fueled war of revenge, or do you want to cut the bad guys off at the pass?
By Anthony Di Bello Director, Security Practice, Guidance Software, 3/30/2015
Comment0 comments  |  Read  |  Post a Comment
Hotel Router Vulnerability A Reminder Of Untrusted WiFi Risks
Jai Vijayan, Freelance writerNews
A flaw in a popular router product may have exposed millions of hotel guests, researchers from Cylance say.
By Jai Vijayan Freelance writer, 3/27/2015
Comment2 comments  |  Read  |  Post a Comment
SDN Shows Promise For Security
Marcia Savage, Managing Editor, Network ComputingNews
Improved security is emerging as a major reason for adopting software-defined networking, but concerns about potential SDN risks persist.
By Marcia Savage Managing Editor, Network Computing, 3/26/2015
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: nice post
Current Issue
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1750
Published: 2015-07-01
Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps & Places plugin 1.6.6 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the href parameter to page/place.html. NOTE: this was originally reported as cross-sit...

CVE-2014-1836
Published: 2015-07-01
Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.

CVE-2015-0848
Published: 2015-07-01
Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image.

CVE-2015-1330
Published: 2015-07-01
unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vecto...

CVE-2015-1950
Published: 2015-07-01
IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain PowerVC credentials and bypass intended access restrictions via unspecified Python code.

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report