Analytics
News & Commentary
The Rise of Counterintelligence in Malware Investigations
John Bambenek , Senior Threat Researcher at Fidelis Cybersecurity Solutions
The key to operationalizing cybersecurity threat intelligence rests in the critical thinking that establishes that a given indicator is, in fact, malicious.
By John Bambenek Senior Threat Researcher at Fidelis Cybersecurity Solutions, 4/22/2015
Comment1 Comment  |  Read  |  Post a Comment
RSA: Follow Keynote Sessions on Dark Reading
Sara Peters, Senior Editor at Dark ReadingNews
From the Cryptographer's Panel to the RSA CEO's advice for the security industry, here's how the conference kicked off in San Francisco Tuesday.
By Sara Peters Senior Editor at Dark Reading, 4/21/2015
Comment2 comments  |  Read  |  Post a Comment
Inside the 4 Most Common Threat Actor Tools
 Dr. Chase Cunningham, Head of Threat Intelligence, FireHostCommentary
How do you prevent your environment from becoming the next target? Turn the tables on your attackers.
By Dr. Chase Cunningham Head of Threat Intelligence, FireHost, 4/17/2015
Comment0 comments  |  Read  |  Post a Comment
Harnessing The Power Of Cyber Threat Intelligence
Stu Solomon,  VP, General Counsel & Chief Risk Officer, iSIGHT PartnersCommentary
Here are six real-world examples of how changing your modus operandi from reactive to proactive can drive rapid response to the threats that matter.
By Stu Solomon VP, General Counsel & Chief Risk Officer, iSIGHT Partners, 4/16/2015
Comment2 comments  |  Read  |  Post a Comment
Predictive Analytics: The Future Is Now
Vincent Weafer, Senior Vice President, Intel Security
Enhanced analytical capabilities will help organizations better understand how attacks will unfold, and how to stop them in their earliest stages.
By Vincent Weafer Senior Vice President, Intel Security, 4/15/2015
Comment0 comments  |  Read  |  Post a Comment
Why Standardized Threat Data Will Help Stop the Next Big Breach
Bill Nelson, President & CEO, Financial Services Information Sharing and Analysis Center (FS-ISAC) and CEO, SoltraCommentary
Adopting industry standards for threat intelligence will reduce a lot of the heavy lifting and free cyber security first responders to focus on what they do best.
By Bill Nelson President & CEO, Financial Services Information Sharing and Analysis Center (FS-ISAC) and CEO, Soltra, 4/15/2015
Comment0 comments  |  Read  |  Post a Comment
Solving the Right Problem: Stop Adversaries, Not Just Their Tools
Dmitri Alperovitch, Co-Founder & CTO, CrowdStrikeCommentary
A malware-centric strategy is mere child’s play against today’s sophisticated adversaries. Here’s why.
By Dmitri Alperovitch Co-Founder & CTO, CrowdStrike, 4/9/2015
Comment0 comments  |  Read  |  Post a Comment
Obama’s War On Hackers
Jeremiah Grossman, Commentary
Cybersecurity legislation, for the most part, is a good idea. But not without protections for bug bounty programs and other vital, proactive security research.
By Jeremiah Grossman , 4/6/2015
Comment2 comments  |  Read  |  Post a Comment
Principles of Malware Sinkholing
John Bambenek , Senior Threat Researcher at Fidelis Cybersecurity Solutions
The process of sinkholing is an important tool to have in your arsenal when dealing with emerging threats.
By John Bambenek Senior Threat Researcher at Fidelis Cybersecurity Solutions, 4/6/2015
Comment0 comments  |  Read  |  Post a Comment
8 Identity & Access Metrics To Manage Breach Risks
Ericka Chickowski, Contributing Writer, Dark Reading
Measurables for improving security posture around access controls.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/2/2015
Comment0 comments  |  Read  |  Post a Comment
Healthcare Is Ignoring Cyber Risk Intel, Academia Even Worse
Jason Polancich, Founder & Chief Architect, SurfWatchLabsCommentary
Healthcare and other sectors are indolently ignoring the process of gathering and using high-level intelligence to focus cyber defenses. Here’s proof.
By Jason Polancich Founder & Chief Architect, SurfWatchLabs, 3/31/2015
Comment5 comments  |  Read  |  Post a Comment
Cyber Hunting: 5 Tips To Bag Your Prey
David J. Bianco, Security Architect, SqrrlCommentary
Knowing the lay of the land and where attackers hide is a key element in hunting, both in nature and in the cyber realm.
By David J. Bianco Security Architect, Sqrrl, 3/26/2015
Comment8 comments  |  Read  |  Post a Comment
FBI Threat Intelligence Cyber-Analysts Still Marginalized In Agency
Sara Peters, Senior Editor at Dark ReadingNews
Despite good progress, 9/11 Review Commission says that analysts could have a greater impact on FBI counter-terrorism activities if they had more domain awareness, forensics capabilities, and were more empowered to question agents.
By Sara Peters Senior Editor at Dark Reading, 3/25/2015
Comment1 Comment  |  Read  |  Post a Comment
Retailers Adopt Intel-Sharing Portal Used By Banks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Th Retail Cyber Intelligence Sharing Center (R-CISC) is working with the Financial Services ISAC (FS-ISAC) on its new threat intelligence-sharing platform.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/24/2015
Comment0 comments  |  Read  |  Post a Comment
Context: Finding The Story Inside Your Security Operations Program
Joshua Goldfarb, VP & CTO - Americas, FireEye.Commentary
What’s missing in today’s chaotic, alert-driven incident response queue is the idea of a narrative that provides a detailed understanding of how an attack actually unfolds.
By Joshua Goldfarb VP & CTO - Americas, FireEye., 3/23/2015
Comment6 comments  |  Read  |  Post a Comment
Dark Reading Threat Intelligence Survey
InformationWeek Staff,
Threat intelligence is the best way to stay ahead of new and complex attacks, say survey respondents. How analytics influences their IT security strategies varies.
By InformationWeek Staff , 3/20/2015
Comment0 comments  |  Read  |  Post a Comment
10 Ways To Measure IT Security Program Effectiveness
Ericka Chickowski, Contributing Writer, Dark Reading
The right metrics can make or break a security program (or a budget meeting).
By Ericka Chickowski Contributing Writer, Dark Reading, 3/16/2015
Comment1 Comment  |  Read  |  Post a Comment
7 Deadly Sins Of Security Policy Change Management
Nimmy Reichenberg, VP of Strategy, AlgoSecCommentary
Mitigating these deadly sins requires process, visibility and automation. It’s an effort that will improve security and increase business agility.
By Nimmy Reichenberg VP of Strategy, AlgoSec, 3/16/2015
Comment1 Comment  |  Read  |  Post a Comment
Has Security Ops Outlived Its Purpose?
Tal Klein, VP Strategy, AdallomCommentary
CISOs will need more than higher headcounts and better automation tools to solve today's security problems.
By Tal Klein VP Strategy, Adallom, 3/13/2015
Comment15 comments  |  Read  |  Post a Comment
ISACs Demystified
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
How some intelligence-sharing organizations operate in the face of today's threat landscape.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/12/2015
Comment8 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-4403
Published: 2015-04-24
Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote attackers to hijack the authentication of administrators for requests that (1) delete a product via a delete_product_confirm action to product.php or (2) disable a product via a setflag action to categories.ph...

CVE-2012-2930
Published: 2015-04-24
Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code injection attacks in .htusers...

CVE-2012-2932
Published: 2015-04-24
Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the (1) selitems[] parameter in a copy, (2) chmod, or (3) arch action to admin/index.php or (4) searchitem parameter in a search action to admin/...

CVE-2012-5451
Published: 2015-04-24
Multiple stack-based buffer overflows in HttpUtils.dll in TVMOBiLi before 2.1.0.3974 allow remote attackers to cause a denial of service (tvMobiliService service crash) via a long string in a (1) GET or (2) HEAD request to TCP port 30888.

CVE-2015-0297
Published: 2015-04-24
Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methos via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.