Analytics // Threat Intelligence
News & Commentary
Dark Reading Offers Cyber Security Crash Course At Interop 2015
Tim Wilson, Editor in Chief, Dark ReadingCommentary
New, one-day event offers a way for IT pros to quickly catch up with the latest threats and defenses in information security
By Tim Wilson Editor in Chief, Dark Reading, 3/2/2015
Comment0 comments  |  Read  |  Post a Comment
Cyber Intelligence: Defining What You Know
Jason Polancich, Founder & Chief Architect, SurfWatchLabsCommentary
Too often management settles for security data about things that are assumed rather than things you can prove or that you know are definitely wrong.
By Jason Polancich Founder & Chief Architect, SurfWatchLabs, 2/27/2015
Comment0 comments  |  Read  |  Post a Comment
Cybercrime, Cyber Espionage Tactics Converge
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Real-world cyberattack investigations by incident response firm Mandiant highlight how hackers are adapting to better achieve their goals.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/24/2015
Comment3 comments  |  Read  |  Post a Comment
DOJ R&D Agency Awards Grants For Speedier Digital Forensics
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The US Department of Justice's National Institute of Justice is funding new incident response technology to assist law enforcement.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/23/2015
Comment0 comments  |  Read  |  Post a Comment
NSA, GCHQ Theft Of SIM Crypto Keys Raises Fresh Security Concerns
Jai Vijayan, Freelance writerNews
Pilfered SIM card encryption keys also could allow the spy agencies to deploy malicious Java applets or to send rogue SMS messages from fake cell towers, experts say.
By Jai Vijayan Freelance writer, 2/20/2015
Comment1 Comment  |  Read  |  Post a Comment
Who Cares Who’s Behind A Data Breach?
Kerstyn Clover, Attack & Defense Team ConsultantCommentary
Attribution takes a long time, a lot of work, and a healthy dose of luck. But is it worth the effort?
By Kerstyn Clover Attack & Defense Team Consultant, 2/20/2015
Comment27 comments  |  Read  |  Post a Comment
Our Governments Are Making Us More Vulnerable
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
Stuxnet opened Pandora’s box and today state-sponsored cyber security policies continue to put us at risk. Here are three reasons why.
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 2/19/2015
Comment11 comments  |  Read  |  Post a Comment
Newly Discovered 'Master' Cyber Espionage Group Trumps Stuxnet
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The so-called Equation Group epitomizes the goal of persistence in cyber spying--reprogramming hard drives and hacking other targets such as air-gapped computers--and points to possible US connection.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/16/2015
Comment13 comments  |  Read  |  Post a Comment
Obama, Tim Cook, Others Debate Sharing Cyber Security Data
Thomas Claburn, Editor-at-LargeNews
The Obama White House wants more effective sharing of cyber security data between the public and private sectors. Despite some snubs, Apple's Tim Cook spoke at a special summit on the issue.
By Thomas Claburn Editor-at-Large, 2/14/2015
Comment6 comments  |  Read  |  Post a Comment
Obama Signs New Executive Order For Sharing Cyberthreat Information
Dark Reading Staff, Quick Hits
EO comes on the heels of massive breaches at Sony, Anthem.
By Dark Reading Staff , 2/13/2015
Comment0 comments  |  Read  |  Post a Comment
How Anthem Shared Key Markers Of Its Cyberattack
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Insurer shared the MD5 malware hashes, IP addresses, and email addresses used by its attackers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/12/2015
Comment1 Comment  |  Read  |  Post a Comment
Obama Launches Cyberthreat Intel-Sharing Center
Dark Reading Staff, Quick Hits
Long-awaited central repository for cyber threat information and intelligence created by The White House.
By Dark Reading Staff , 2/11/2015
Comment3 comments  |  Read  |  Post a Comment
How Malware Bypasses Our Most Advanced Security Measures
Alon Nafta, Senior Security Researcher, SentinelOneCommentary
We unpack three common attack vectors and five evasion detection techniques.
By Alon Nafta Senior Security Researcher, SentinelOne, 2/10/2015
Comment8 comments  |  Read  |  Post a Comment
Nation-State Cyber Espionage, Targeted Attacks Becoming Global Norm
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New report shows 2014 as the year of China's renewed resiliency in cyber espionage--with Hurricane Panda storming its targets--while Russia, Iran, and North Korea, emerging as major players in hacking for political, nationalistic, and competitive gain.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/10/2015
Comment2 comments  |  Read  |  Post a Comment
Report: Russian Hacker Broke Into Sony & Is Still There
Sara Peters, Senior Editor at Dark ReadingNews
But can we trust the words of black hat hackers with unclear motives for candor? Either way, report supports credible theory of multiple attackers hitting Sony.
By Sara Peters Senior Editor at Dark Reading, 2/4/2015
Comment2 comments  |  Read  |  Post a Comment
Shifting Paradigms: The Case for Cyber Counter-Intelligence
Adam Firestone, President & GM, Kaspersky Government Security SolutionsCommentary
Cyber Counter-Intelligence and traditional information security share many aspects. But CCI picks up where infosec ends -- with an emphasis on governance, automation, timeliness, and reporting.
By Adam Firestone President & GM, Kaspersky Government Security Solutions, 2/4/2015
Comment2 comments  |  Read  |  Post a Comment
How The Skills Shortage Is Killing Defense in Depth
David Holmes, World-Wide Security Evangelist, F5Commentary
It used to be easy to sell specialized security gizmos but these days when a point product gets pitched to a CSO, the response is likely “looks nifty, but I don’t have the staff to deploy it.”
By David Holmes World-Wide Security Evangelist, F5, 1/30/2015
Comment12 comments  |  Read  |  Post a Comment
Could The Sony Attacks Happen Again? Join The Conversation
Tim Wilson, Editor in Chief, Dark ReadingCommentary
Check out Dark Reading Radio's interview and live chat with CrowdStrike founder and CEO George Kurtz and Shape Security executive Neal Mueller.
By Tim Wilson Editor in Chief, Dark Reading, 1/21/2015
Comment13 comments  |  Read  |  Post a Comment
New Technology Detects Cyberattacks By Their Power Consumption
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Startup's "power fingerprinting" approach catches stealthy malware within milliseconds in DOE test.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/20/2015
Comment2 comments  |  Read  |  Post a Comment
Why North Korea Hacks
Mike Walls, Managing Director Security Operations & Analysis, EdgeWaveCommentary
The motivation behind Democratic People’s Republic of Korea hacking is rooted in a mix of retribution, paranoia, and the immature behavior of an erratic leader.
By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 1/15/2015
Comment10 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7421
Published: 2015-03-02
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.

CVE-2014-8160
Published: 2015-03-02
net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disall...

CVE-2014-9644
Published: 2015-03-02
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-201...

CVE-2015-0239
Published: 2015-03-02
The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYS...

CVE-2014-8921
Published: 2015-03-01
The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the automatic configuration option, which makes it easier for remote attackers to capture credentials by c...

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.