Analytics // Threat Intelligence
News & Commentary
Automobile Industry Accelerates Into Security
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Industry looking at intelligence-sharing platform or an Auto-ISAC in anticipation of more automated, connected -- and vulnerable -- vehicles.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/15/2014
Comment13 comments  |  Read  |  Post a Comment
While Brazilians Watch World Cup, Bank Fraudsters Are At Work
Sara Peters, News
Passive biometrics allow BioCatch to tell the difference between busy fraudsters and distraught soccer fans.
By Sara Peters , 7/11/2014
Comment8 comments  |  Read  |  Post a Comment
6 Tips for Using Big Data to Hunt Cyberthreats
Timber Wolfe, Principal Security Engineer, TrainACECommentary
You need to be smart about harnessing big data to defend against today’s security threats, data breaches, and attacks.
By Timber Wolfe Principal Security Engineer, TrainACE, 7/8/2014
Comment10 comments  |  Read  |  Post a Comment
Oil & Natural Gas Industry Forms ISAC
Kelly Jackson Higgins, Senior Editor, Dark ReadingQuick Hits
New ONG-ISAC joins existing Information Sharing and Analysis Centers for electricity, water, and other critical infrastructure sectors.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 6/26/2014
Comment2 comments  |  Read  |  Post a Comment
Crowdsourcing & Cyber Security: Who Do You Trust?
Robert R. Ackerman Jr., Founder & Managing Director, Allegis CapitalCommentary
A collective security defense can definitely tip the balance in favor of the good guys. But challenges remain.
By Robert R. Ackerman Jr. Founder & Managing Director, Allegis Capital, 6/24/2014
Comment3 comments  |  Read  |  Post a Comment
Microsoft Unveils New Intelligence-Sharing Platform
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Azure cloud-based system for incident responders and Microsoft Active Protections Program (MAPP) partners automate swapping of threat and attack intel.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 6/23/2014
Comment4 comments  |  Read  |  Post a Comment
Phishing Scam Targeted 75 US Airports
William Welsh, Contributing WriterCommentary
Major cyberattack carried out in 2013 by an undisclosed nation-state sought to breach US commercial aviation networks, says Center for Internet Security report.
By William Welsh Contributing Writer, 6/23/2014
Comment0 comments  |  Read  |  Post a Comment
SMBs Ignoring Insider Threats
Henry Kenyon, Commentary
Many smaller organizations do not adequately protect against insider threats, CERT expert warns.
By Henry Kenyon , 6/23/2014
Comment7 comments  |  Read  |  Post a Comment
Open-Source Tool Aimed At Propelling Honeypots Into the Mainstream
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Free software automates the setup, management of honeypots for enterprises.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 6/19/2014
Comment9 comments  |  Read  |  Post a Comment
Putter Panda: Tip Of The Iceberg
George Kurtz, President & CEO, CrowdStrikeCommentary
What CrowdStrike's outing of Putter Panda -- the second hacking group linked to China's spying on US defense and European satellite and aerospace industries -- means for the security industry.
By George Kurtz President & CEO, CrowdStrike, 6/10/2014
Comment3 comments  |  Read  |  Post a Comment
Government Advances Continuous Security Monitoring
Henry Kenyon, Commentary
DOD, DHS expect smart technologies will defend networks against common attacks, free IT personnel to deal with more dangerous threats.
By Henry Kenyon , 6/6/2014
Comment3 comments  |  Read  |  Post a Comment
FireEye: Malware Traffic to Ukraine, Russia Spiked During Peak of Conflict
Sara Peters, News
A FireEye researcher posits that a significant spike in malware traffic to Russia and the Ukraine at the height of the conflict between the two countries could be part of a trend -- and could improve threat intelligence.
By Sara Peters , 5/29/2014
Comment2 comments  |  Read  |  Post a Comment
Data Pros' Salary Showdown
Doug Henschen, Executive Editor, InformationWeekCommentary
Our 2014 Salary Survey shows the typical analytics expert's salary is just keeping up with inflation, even while they're working harder on more diverse teams. What gives?
By Doug Henschen Executive Editor, InformationWeek, 5/22/2014
Comment1 Comment  |  Read  |  Post a Comment
Government Hiring Practices Hamper Cybersecurity Efforts
Patience Wait, Commentary
Federal agencies find it difficult to hire unconventional but well-qualified talent to battle cyberattacks, experts say.
By Patience Wait , 5/20/2014
Comment4 comments  |  Read  |  Post a Comment
Researchers: Recent Zero-Day Attacks Linked Via Common Exploit Package
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Elderwood Platform, a two-year-old package of exploits, has been used to create multiple zero-day threats, Symantec researchers said
By Tim Wilson Editor in Chief, Dark Reading, 5/19/2014
Comment0 comments  |  Read  |  Post a Comment
Dual Retail Cyberthreat Intelligence-Sharing Efforts Emerge
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
The Retail Industry Leaders Association (RILA) rolls out a retail ISAC following the National Retail Federation's (NRF) announcement last month of an intel-sharing platform planned for June.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 5/15/2014
Comment3 comments  |  Read  |  Post a Comment
Beware Cognitive Bias
Levi Gundert, Technical Lead, Cisco Threat Research, Analysis, and Communications (TRAC)Commentary
Cognitive bias can compromise any profession. But when cognitive bias goes unrecognized in cyber security, far-reaching and serious consequences follow.
By Levi Gundert Technical Lead, Cisco Threat Research, Analysis, and Communications (TRAC), 5/15/2014
Comment9 comments  |  Read  |  Post a Comment
On The Trail of An Iranian Hacking Operation
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
The Iranian Ajax Security Team of hackers went from high-profile hacktivists posturing on Facebook to cyberspies encrypting stolen information from defense contractors.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 5/14/2014
Comment2 comments  |  Read  |  Post a Comment
Dispelling The Myths Of Cyber Security
Mark Goldstein & Arun Sood, Principal, SafeSecurePrivate / PhD, Founder & CEO, SCIT LabsCommentary
Perfect security that focuses on eliminating threats is too expensive and impossible to achieve. Better to think about consequence management.
By Mark Goldstein & Arun Sood Principal, SafeSecurePrivate / PhD, Founder & CEO, SCIT Labs, 5/14/2014
Comment3 comments  |  Read  |  Post a Comment
Government Surveillance Criticism Heats Up
Thomas Claburn, Editor-at-LargeCommentary
As book on Snowden affair debuts, several organizations take steps to restrain the mass online surveillance that Snowden investigation exposed.
By Thomas Claburn Editor-at-Large, 5/14/2014
Comment5 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Current Issue
Cartoon
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7392
Published: 2014-07-22
Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/.

CVE-2014-2385
Published: 2014-07-22
Multiple cross-site scripting (XSS) vulnerabilities in the web UI in Sophos Anti-Virus for Linux before 9.6.1 allow local users to inject arbitrary web script or HTML via the (1) newListList:ExcludeFileOnExpression, (2) newListList:ExcludeFilesystems, or (3) newListList:ExcludeMountPaths parameter t...

CVE-2014-4326
Published: 2014-07-22
Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/.

CVE-2014-4511
Published: 2014-07-22
Gitlist before 0.5.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name in the URI of a request for a (1) blame, (2) file, or (3) stats page, as demonstrated by requests to blame/master/, master/, and stats/master/.

CVE-2014-4911
Published: 2014-07-22
The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersuites, as demonstrated using the Codenomicon Defensics toolkit.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Where do information security startups come from? More important, how can I tell a good one from a flash in the pan? Learn how to separate ITSec wheat from chaff in this episode.