Analytics // Threat Intelligence
News & Commentary
Don't Blame It On The Web Programming Platform
Kelly Jackson Higgins, Senior Editor, Dark ReadingQuick Hits
New data shows no one Web development platform generates more vulnerabilities than another -- and website security is still a problem.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/15/2014
Comment2 comments  |  Read  |  Post a Comment
White House Details Zero-Day Bug Policy
Mathew J. Schwartz, News
NSA denies prior knowledge of the Heartbleed vulnerability, but the White House reserves the right to withhold zero-day exploit information is some cases involving security or law enforcement.
By Mathew J. Schwartz , 4/15/2014
Comment3 comments  |  Read  |  Post a Comment
Heartbleed's Intranet & VPN Connection
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
How the game-changing crypto bug affects internal servers, clients, and VPN networks -- and what to do about it.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/14/2014
Comment2 comments  |  Read  |  Post a Comment
One Year Later: The APT1 Report
Nick Selby, CEO, StreetCred Software, IncCommentary
One of the most positive impacts of APT1 is the undeniable rise in the stature of the threat intelligence industry. "Threat Intelligence" is the SIEM, the NAC of 2014.
By Nick Selby CEO, StreetCred Software, Inc, 4/8/2014
Comment2 comments  |  Read  |  Post a Comment
Advanced Attacks Are The New Norm, Study Says
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
According to the Websense 2014 Threat Report, most malicious exploits now are advanced and targeted.
By Tim Wilson Editor in Chief, Dark Reading, 4/4/2014
Comment5 comments  |  Read  |  Post a Comment
Facebook Builds Its Own Threat Modeling System
Kelly Jackson Higgins, Senior Editor, Dark ReadingQuick Hits
The tool helps the social network gather, store, analyze, and react to the latest threats against it.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/26/2014
Comment4 comments  |  Read  |  Post a Comment
Startup Confer Launches Cyberthreat Prevention Network
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
New company Confer takes on endpoint security problem with sensors that feed into threat intelligence network
By Tim Wilson Editor in Chief, Dark Reading, 1/30/2014
Comment0 comments  |  Read  |  Post a Comment
Machine Resiliency as a Defense
Tom Quillin, Director of Cyber Security Technology & Initiatives, Intel CorporationCommentary
If you follow news on cyber security, you might be led to think PCs and endpoints have become increasingly vulnerable.
By Tom Quillin Director of Cyber Security Technology & Initiatives, Intel Corporation, 1/21/2014
Comment1 Comment  |  Read  |  Post a Comment
Knowing Your Cyber Enemy: New Services Open Up Possibilities, But Experts Differ On Techniques, Value
Tim Wilson, Editor in Chief, Dark ReadingNews
As commercial capabilities for identifying online attackers improve, experts, service providers debate methods, costs
By Tim Wilson Editor in Chief, Dark Reading, 1/13/2014
Comment0 comments  |  Read  |  Post a Comment
Threat Intel To Deliver Some Benefits To Cyberinsurance
Robert Lemos, Technology JournalistNews
About a third of large companies have a cyberinsurance policy, but the industry still has issues measuring risks and gauging threats
By Robert Lemos Technology Journalist, 11/22/2013
Comment0 comments  |  Read  |  Post a Comment
From Event Gatherers To Network Hunters
Robert Lemos, Technology JournalistNews
Passive, wait-for-an-event defenses are no longer enough -- companies need to move to a more proactive strategy of hunting down the bad actors in their network, say experts
By Robert Lemos Technology Journalist, 11/8/2013
Comment0 comments  |  Read  |  Post a Comment
To Determine Threat Level, Context Matters
Robert Lemos, Technology JournalistNews
Computers communicating with the Amazon cloud, users logging in after hours, and the risk posed by Java; without context, evaluating threats is nearly impossible
By Robert Lemos Technology Journalist, 10/24/2013
Comment0 comments  |  Read  |  Post a Comment
Security Ratings Proliferate As Firms Seek Better Intel
Robert Lemos, Technology JournalistNews
Scoring services seek to measure the security of almost every step of the business supply chain, from suppliers and transactions to applications and services
By Robert Lemos Technology Journalist, 10/10/2013
Comment0 comments  |  Read  |  Post a Comment
Threat-Intel Sharing Services Emerge, But Challenges Remain
Robert Lemos, Technology JournalistNews
A number of services to help companies analyze threats and share intelligence have popped up, but the services have to solve some key problems
By Robert Lemos Technology Journalist, 9/26/2013
Comment0 comments  |  Read  |  Post a Comment
Countering Attacks Hiding In Denial-Of-Service Smokescreens
Robert Lemos, Technology JournalistNews
Noisy attacks are increasingly camouflaging more subtle exploits, but a well-structured incident response plan and third-party providers can help limit the noise
By Robert Lemos Technology Journalist, 9/13/2013
Comment1 Comment  |  Read  |  Post a Comment
IPv6 To Complicate Threat-Intelligence Landscape
Robert Lemos, Technology JournalistNews
Reputation-based blacklists could face exponential growth when the number of possible Internet addresses becomes, for all practical purposes, infinite
By Robert Lemos Technology Journalist, 8/30/2013
Comment0 comments  |  Read  |  Post a Comment
Researchers Seek Better Ways To Track Malware's Family Tree
Robert Lemos, Technology JournalistNews
Following a program's evolution back to the author may not yet be a reality, but computer scientists are searching for more accurate measures of the relationships between software versions
By Robert Lemos Technology Journalist, 8/15/2013
Comment0 comments  |  Read  |  Post a Comment
Maltego Gets More 'Teeth'
Robert Lemos, Technology JournalistNews
New features in Maltego, an open-source intelligence tool for defenders, allow penetration testers and attackers to gather data on vulnerable systems and manage botnets
By Robert Lemos Technology Journalist, 8/9/2013
Comment0 comments  |  Read  |  Post a Comment
Firms Far From Taming The Tower Of APT Babel
Robert Lemos, Technology JournalistNews
Threat intelligence firms continue to have individual lexicons for advanced persistent threats, making information sharing more difficult
By Robert Lemos Technology Journalist, 7/25/2013
Comment0 comments  |  Read  |  Post a Comment
How Attackers Thwart Malware Investigation
Robert Lemos, Technology JournalistNews
A researcher at Black Hat USA this month will dissect a recent attack, showing off attackers' techniques for making malware analysis harder and intelligence gathering more time consuming
By Robert Lemos Technology Journalist, 7/11/2013
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Current Issue
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2008-3277
Published: 2014-04-15
Untrusted search path vulnerability in a certain Red Hat build script for the ibmssh executable in ibutils packages before ibutils-1.5.7-2.el6 in Red Hat Enterprise Linux (RHEL) 6 and ibutils-1.2-11.2.el5 in Red Hat Enterprise Linux (RHEL) 5 allows local users to gain privileges via a Trojan Horse p...

CVE-2010-2236
Published: 2014-04-15
The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, rela...

CVE-2011-3628
Published: 2014-04-15
Untrusted search path vulnerability in pam_motd (aka the MOTD module) in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.0...

CVE-2012-0214
Published: 2014-04-15
The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user fro...

CVE-2013-4768
Published: 2014-04-15
The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote attackers to cause a denial of service via vectors related to the "network connection clean up code" and (1) Cloud Controller (CLC), (2) Walrus, (3) Storage Controller (SC), and (4) VMware Broker (VB).

Best of the Web