Analytics // Threat Intelligence
News & Commentary
Why China Wants Your Sensitive Data
Adam Meyers, VP of Intelligence, CrowdStrikeCommentary
Since May 2014, the Chinese government has been amassing a 'Facebook for human intelligence.' Here's what it's doing with the info.
By Adam Meyers VP of Intelligence, CrowdStrike, 6/24/2015
Comment17 comments  |  Read  |  Post a Comment
Child Exploitation & Assassins For Hire On The Deep Web
Sara Peters, Senior Editor at Dark ReadingNews
'Census report' of the unindexed parts of the Internet unearths everything from Bitcoin-laundering services to assassins for hire.
By Sara Peters Senior Editor at Dark Reading, 6/23/2015
Comment9 comments  |  Read  |  Post a Comment
The Dark Web: An Untapped Source For Threat Intelligence
Jason Polancich, Founder & Chief Architect, SurfWatchLabsCommentary
Most organizations already have the tools for starting a low-cost, high-return Dark Web cyber intelligence program within their existing IT and cybersecurity teams. Hereís how.
By Jason Polancich Founder & Chief Architect, SurfWatchLabs, 6/23/2015
Comment1 Comment  |  Read  |  Post a Comment
Cybercrime Can Give Attackers 1,425% Return on Investment
Sara Peters, Senior Editor at Dark ReadingNews
Going rates on the black market show ransomware and carding attack campaign managers have plenty to gain.
By Sara Peters Senior Editor at Dark Reading, 6/9/2015
Comment1 Comment  |  Read  |  Post a Comment
Chinese ISP: China Is Victim Of Foreign State-Backed APT Group
Sara Peters, Senior Editor at Dark ReadingNews
Qihoo 360 says that OceanLotus has been stealing information from Chinese government agencies and maritime institutions since 2012.
By Sara Peters Senior Editor at Dark Reading, 6/4/2015
Comment0 comments  |  Read  |  Post a Comment
'Adversary Intelligence' Finds Criminals Not As Smart As Their Code
Sara Peters, Senior Editor at Dark ReadingNews
The adversary using the stealthy Rombertik malware wasn't nearly as stealthy.
By Sara Peters Senior Editor at Dark Reading, 6/3/2015
Comment2 comments  |  Read  |  Post a Comment
Profile Of A Cybercrime Petty Thief
Sara Peters, Senior Editor at Dark ReadingNews
Trend Micro provides peek at methods of amateur, lone-wolf carder.
By Sara Peters Senior Editor at Dark Reading, 5/26/2015
Comment0 comments  |  Read  |  Post a Comment
A Threat Intelligence-Sharing Reality-Check
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Many organizations employ sharing one-way (gathering) and mainly for 'CYA,' experts say.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/26/2015
Comment1 Comment  |  Read  |  Post a Comment
Cyber Threat Analysis: A Call for Clarity
Michael McMahon, Director, Cyber Strategy & Analysis, Innovative Analytics & Training, LLCCommentary
The general public deserves less hyperbole and more straight talk
By Michael McMahon Director, Cyber Strategy & Analysis, Innovative Analytics & Training, LLC, 5/22/2015
Comment12 comments  |  Read  |  Post a Comment
Retailers Take 197 Days To Detect Advanced Threat, Study Says
Sara Peters, Senior Editor at Dark ReadingNews
Most common method of identifying them as advanced threats is a "gut feeling."
By Sara Peters Senior Editor at Dark Reading, 5/19/2015
Comment1 Comment  |  Read  |  Post a Comment
Experts Urge InfoSec Info Sharing At Columbia-GCIG Conference
Sara Peters, Senior Editor at Dark ReadingNews
'It all starts at the bar with a beer.'
By Sara Peters Senior Editor at Dark Reading, 5/18/2015
Comment1 Comment  |  Read  |  Post a Comment
Drinking from the Malware Fire Hose
John Bambenek , Senior Threat Researcher, Fidelis Cybersecurity
Take a staged approach to processing malware in bulk so that scarce and time-limited resources can be prioritized for only those threats that truly require them.
By John Bambenek Senior Threat Researcher, Fidelis Cybersecurity, 5/15/2015
Comment0 comments  |  Read  |  Post a Comment
What Does China-Russia 'No Hack' Pact Mean For US?
Sara Peters, Senior Editor at Dark ReadingNews
It could be an Internet governance issue or a response to the U.S. DoD's new cyber strategy, but one thing is certain: it doesn't really mean China and Russia aren't spying on one another anymore.
By Sara Peters Senior Editor at Dark Reading, 5/11/2015
Comment2 comments  |  Read  |  Post a Comment
Big Data & The Security Skills Shortage
Peter Schlampp, VP of Products, PlatforaCommentary
Finding a security analyst with the data discovery experience to combat modern threats is like searching for the mythical unicorn. The person does not exist
By Peter Schlampp VP of Products, Platfora, 4/29/2015
Comment4 comments  |  Read  |  Post a Comment
Note To Vendors: CISOs Donít Want Your Analytical Tools
Rick Gordon, Managing Partner, Mach37 Cyber AcceleratorCommentary
What they need are solutions that deliver prioritized recommendations and confidence in the analytical rigor behind those recommendations to take meaningful action.
By Rick Gordon Managing Partner, Mach37 Cyber Accelerator, 4/28/2015
Comment6 comments  |  Read  |  Post a Comment
The Rise of Counterintelligence in Malware Investigations
John Bambenek , Senior Threat Researcher, Fidelis Cybersecurity
The key to operationalizing cybersecurity threat intelligence rests in the critical thinking that establishes that a given indicator is, in fact, malicious.
By John Bambenek Senior Threat Researcher, Fidelis Cybersecurity, 4/22/2015
Comment1 Comment  |  Read  |  Post a Comment
White House's Daniel 'Intrigued' By UL-Type Model For IoT Security
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Michael Daniel, the national cybersecurity coordinator and assistant to the President, talks Internet of Things security and recent Executive Orders on intel-sharing and sanctions.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/20/2015
Comment1 Comment  |  Read  |  Post a Comment
Inside the 4 Most Common Threat Actor Tools
 Dr. Chase Cunningham, Head of Threat Intelligence, FireHostCommentary
How do you prevent your environment from becoming the next target? Turn the tables on your attackers.
By Dr. Chase Cunningham Head of Threat Intelligence, FireHost, 4/17/2015
Comment0 comments  |  Read  |  Post a Comment
Harnessing The Power Of Cyber Threat Intelligence
Stu Solomon,  VP, General Counsel & Chief Risk Officer, iSIGHT PartnersCommentary
Here are six real-world examples of how changing your modus operandi from reactive to proactive can drive rapid response to the threats that matter.
By Stu Solomon VP, General Counsel & Chief Risk Officer, iSIGHT Partners, 4/16/2015
Comment2 comments  |  Read  |  Post a Comment
Why Standardized Threat Data Will Help Stop the Next Big Breach
Bill Nelson, President & CEO, Financial Services Information Sharing and Analysis Center (FS-ISAC) and CEO, SoltraCommentary
Adopting industry standards for threat intelligence will reduce a lot of the heavy lifting and free cyber security first responders to focus on what they do best.
By Bill Nelson President & CEO, Financial Services Information Sharing and Analysis Center (FS-ISAC) and CEO, Soltra, 4/15/2015
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0543
Published: 2015-07-05
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2015-0544
Published: 2015-07-05
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by predicting a value.

CVE-2015-4129
Published: 2015-07-05
SQL injection vulnerability in Subrion CMS before 3.3.3 allows remote authenticated users to execute arbitrary SQL commands via modified serialized data in a salt cookie.

CVE-2015-0547
Published: 2015-07-04
The D2CenterstageService.getComments service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.

CVE-2015-0548
Published: 2015-07-04
The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report