Analytics // Security Monitoring
News & Commentary
Be Careful Beating Up Target
Craig Carpenter, Chief Cybersecurity Strategist, AccessDataCommentary
Target was actually better prepared than most retailers. The real problem lies with the current state of industry threat intelligence and IR practices.
By Craig Carpenter Chief Cybersecurity Strategist, AccessData, 4/1/2014
Comment13 comments  |  Read  |  Post a Comment
Incident Response Now Shaping Security Operations
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
How an organization reacts to hackers infiltrating its network is becoming the key to damage control for data -- and the corporate image.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/28/2014
Comment4 comments  |  Read  |  Post a Comment
Attacks Rise On Network 'Blind' Spot
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Interop speaker says DDoS attacks are not the only forms of abuse on the Domain Name Server.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/27/2014
Comment4 comments  |  Read  |  Post a Comment
Symantec Fires CEO In Surprise Move
Mathew J. Schwartz, News
Analysts question security and storage giant's turnaround after the board fires its second CEO in two years.
By Mathew J. Schwartz , 3/21/2014
Comment10 comments  |  Read  |  Post a Comment
Will Target Face FTC Probe?
Mathew J. Schwartz, News
Retailer's security practices remain under scrutiny as regulators ponder FTC investigation. Meanwhile, Sony options rights to Hollywood cyber-thriller based on breach story.
By Mathew J. Schwartz , 3/20/2014
Comment9 comments  |  Read  |  Post a Comment
Many Businesses Fail To Disclose Data Breaches
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Only about 35% of businesses worldwide say they share attack and threat information with others in their industry, even though 77% admit to suffering from a cyberattack.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/19/2014
Comment2 comments  |  Read  |  Post a Comment
Linux Takeover Artists Fling 35M Spam Messages Daily
Mathew J. Schwartz, News
"Operation Windigo" server takeover campaign controls 10,000 hacked servers, launches millions of spam, malware, and drive-by exploit kit attacks per day.
By Mathew J. Schwartz , 3/19/2014
Comment0 comments  |  Read  |  Post a Comment
Attackers Hit Clearinghouse Selling Stolen Target Data
Mathew J. Schwartz, News
Hackers interrupt and deface sites of black-market forums selling credit card data stolen from Target and other retailers.
By Mathew J. Schwartz , 3/18/2014
Comment4 comments  |  Read  |  Post a Comment
7 Behaviors That Could Indicate A Security Breach
Becca Lipman, News
Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.
By Becca Lipman , 3/14/2014
Comment1 Comment  |  Read  |  Post a Comment
Target Ignored Data Breach Alarms
Mathew J. Schwartz, News
Target's security team reviewed -- and ignored -- urgent warnings from threat-detection tool about unknown malware spotted on the network.
By Mathew J. Schwartz , 3/14/2014
Comment21 comments  |  Read  |  Post a Comment
Retail Industry May Pool Intel To Stop Breaches
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Target and other shopper-data breaches turn up the heat on retail industry to establish a cyberthreat Information-Sharing and Analysis Center.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/12/2014
Comment2 comments  |  Read  |  Post a Comment
Can We Control Our Digital Identities?
Mark Bregman, Senior Vice President & Chief Technology Officer, NeustarCommentary
The web and cloud need an identity layer for people to give us more control over our sprawling digital identities.
By Mark Bregman Senior Vice President & Chief Technology Officer, Neustar, 3/11/2014
Comment4 comments  |  Read  |  Post a Comment
Target CIO's Resignation: 7 Questions
Mathew J. Schwartz, News
After the data breach, why didn't the buck stop with PCI assessors or CEO? Search for accountability reveals flawed system, much finger-pointing.
By Mathew J. Schwartz , 3/6/2014
Comment10 comments  |  Read  |  Post a Comment
Target Starts Security, Compliance Makeover
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
With CIO departing, security and compliance get a higher profile at the beleaguered retailer in the wake of its massive data breach.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/6/2014
Comment0 comments  |  Read  |  Post a Comment
Data Breach: ‘Persistence’ Gives Hackers the Upper Hand
Martin Lee, Technical Lead, Threat Research, Analysis & Communications, CiscoCommentary
Hackers are winning on speed and determination. But we can stack the odds in our favor by shifting the time frames of an attack. Here's how.
By Martin Lee Technical Lead, Threat Research, Analysis & Communications, Cisco, 3/5/2014
Comment2 comments  |  Read  |  Post a Comment
Fresh Target Breach Cards Hitting Black Market
Mathew J. Schwartz, News
A Bitcoin-powered marketplace is selling stolen card data in small batches, offering card validity guarantees, an RSA presentation reveals.
By Mathew J. Schwartz , 2/28/2014
Comment15 comments  |  Read  |  Post a Comment
DDoS Attack! Is Regulation The Answer?
Dave Piscitello, VP Security, ICANNCommentary
Four security experts weigh in on why there’s been little progress in combating DDoS attacks and how companies can start fighting back.
By Dave Piscitello VP Security, ICANN, 2/28/2014
Comment9 comments  |  Read  |  Post a Comment
IBM Software Vulnerabilities Spiked In 2013
Mathew J. Schwartz, News
Most code flaws still involve non-Microsoft products, and overall patching speed has improved, study presented at RSA conference finds.
By Mathew J. Schwartz , 2/27/2014
Comment3 comments  |  Read  |  Post a Comment
RSA Chairman: NSA Work Is 'Public Record'
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Art Coviello calls for global intelligence community reforms, says RSA's work with NSA was never secret.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 2/26/2014
Comment0 comments  |  Read  |  Post a Comment
Windows Crash Reports Reveal New APT, POS Attacks
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Researchers discover zero-day attacks after studying the contents of various "Dr. Watson" error reports.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 2/20/2014
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2008-3277
Published: 2014-04-15
Untrusted search path vulnerability in a certain Red Hat build script for the ibmssh executable in ibutils packages before ibutils-1.5.7-2.el6 in Red Hat Enterprise Linux (RHEL) 6 and ibutils-1.2-11.2.el5 in Red Hat Enterprise Linux (RHEL) 5 allows local users to gain privileges via a Trojan Horse p...

CVE-2010-2236
Published: 2014-04-15
The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, rela...

CVE-2011-3628
Published: 2014-04-15
Untrusted search path vulnerability in pam_motd (aka the MOTD module) in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.0...

CVE-2012-0214
Published: 2014-04-15
The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user fro...

CVE-2013-4768
Published: 2014-04-15
The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote attackers to cause a denial of service via vectors related to the "network connection clean up code" and (1) Cloud Controller (CLC), (2) Walrus, (3) Storage Controller (SC), and (4) VMware Broker (VB).

Best of the Web