Analytics // Threat Intelligence
News & Commentary
Could The Sony Attacks Happen Again? Join The Conversation
Tim Wilson, Editor in Chief, Dark ReadingCommentary
Check out Dark Reading Radio's interview and live chat with CrowdStrike founder and CEO George Kurtz and Shape Security executive Neal Mueller.
By Tim Wilson Editor in Chief, Dark Reading, 1/21/2015
Comment13 comments  |  Read  |  Post a Comment
New Technology Detects Cyberattacks By Their Power Consumption
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Startup's "power fingerprinting" approach catches stealthy malware within milliseconds in DOE test.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/20/2015
Comment2 comments  |  Read  |  Post a Comment
Why North Korea Hacks
Mike Walls, Managing Director Security Operations & Analysis, EdgeWaveCommentary
The motivation behind Democratic People’s Republic of Korea hacking is rooted in a mix of retribution, paranoia, and the immature behavior of an erratic leader.
By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 1/15/2015
Comment10 comments  |  Read  |  Post a Comment
Nation-State Cyberthreats: Why They Hack
Mike Walls, Managing Director Security Operations & Analysis, EdgeWaveCommentary
All nations are not created equal and, like individual hackers, each has a different motivation and capability.
By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 1/8/2015
Comment10 comments  |  Read  |  Post a Comment
Using Free Tools To Detect Attacks On ICS/SCADA Networks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
ICS/SCADA experts say open-source network security monitoring software is a simple and cheap way to catch hackers targeting plant operations.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/8/2015
Comment0 comments  |  Read  |  Post a Comment
Cybercrime Dipped During Holiday Shopping Season
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The number of businesses breached dropped by half from years past, but attackers got more bang for their buck in terms of stolen records, a new IBM report reveals.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/5/2015
Comment7 comments  |  Read  |  Post a Comment
Why Digital Forensics In Incident Response Matters More Now
Craig Carpenter, President & COO, Resolution1 SecurityCommentary
By understanding what happened, when, how, and why, security teams can prevent similar breaches from occurring in the future.
By Craig Carpenter President & COO, Resolution1 Security, 12/24/2014
Comment6 comments  |  Read  |  Post a Comment
JPMorgan Hack: 2FA MIA In Breached Server
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Sources close to the breach investigation say a network server missing two-factor authentication let attackers make their way into JPMorgan's servers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/24/2014
Comment17 comments  |  Read  |  Post a Comment
FBI Calls For Law Facilitating Security Information Sharing
Sara Peters, Senior Editor at Dark ReadingNews
Uniform breach notification laws and amendments to the Computer Fraud and Abuse Act are also on the list.
By Sara Peters Senior Editor at Dark Reading, 12/11/2014
Comment2 comments  |  Read  |  Post a Comment
Ex-NSA Agents' Security Startup Lands $8 Million In Funding
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Area 1 Security, launched in May, uses behavioral data to stop early-stage attacks from going further.
By Sara Peters Senior Editor at Dark Reading, 12/10/2014
Comment4 comments  |  Read  |  Post a Comment
Online Ad Fraud Exposed: Advertisers Losing $6.3 Billion To $10 Billion Per Year
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
A new study conducted by the Association of National Advertisers (ANA) and the security firm White Ops tracked online ad traffic patterns for 36 major companies and discovered epic levels of abuse.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/9/2014
Comment2 comments  |  Read  |  Post a Comment
Why ‘Regin’ Malware Changes Threatscape Economics
Adam Firestone, President & GM, Kaspersky Government Security SolutionsCommentary
Never before have attackers been able to deploy a common malware platform and configure it as necessary with low-cost, quick-turnaround business logic apps.
By Adam Firestone President & GM, Kaspersky Government Security Solutions, 12/4/2014
Comment3 comments  |  Read  |  Post a Comment
Breaking the Code: The Role of Visualization in Security Research
Thibault Reuille, Security Researcher, OpenDNSCommentary
In today’s interconnected, data rich IT environments, passive inspection of information is not enough.
By Thibault Reuille Security Researcher, OpenDNS, 12/1/2014
Comment1 Comment  |  Read  |  Post a Comment
Data Management Vs. Data Loss Prevention: Vive La Différence!
Todd Feinman,  President & CEO, Identity FinderCommentary
A sensitive data management strategy can include the use of DLP technology, but it also involves a comprehensive understanding of where your data is and what specifically is at risk.
By Todd Feinman President & CEO, Identity Finder, 11/25/2014
Comment4 comments  |  Read  |  Post a Comment
Deconstructing The Cyber Kill Chain
Giora Engel, VP Product & Strategy, LightCyberCommentary
As sexy as it is, the Cyber Kill Chain model can actually be detrimental to network security because it reinforces old-school, perimeter-focused, malware-prevention thinking.
By Giora Engel VP Product & Strategy, LightCyber, 11/18/2014
Comment4 comments  |  Read  |  Post a Comment
Rethinking Security With A System Of 'Checks & Balances'
Brian Foster, CTO, DamballaCommentary
For too long, enterprises have given power to one branch of security governance -- prevention -- at the expense of the other two: detection and response.
By Brian Foster CTO, Damballa, 11/14/2014
Comment7 comments  |  Read  |  Post a Comment
Time To Turn The Tables On Attackers
Amit Yoran, President, RSACommentary
As a security industry, we need to arm business with innovative technologies that provide visibility, analysis, and action to prevent inevitable breaches from causing irreparable damage.
By Amit Yoran President, RSA, 11/13/2014
Comment5 comments  |  Read  |  Post a Comment
Better Together: Why Cyber Security Vendors Are Teaming Up
Yoav Leitersdorf and Ofer Schreiber , Managing Partner & Partner, YL VenturesCommentary
Alliances, mergers, and acquisitions are ushering in an era of unprecedented “co-opetition” among former rivals for your point solution business.
By Yoav Leitersdorf and Ofer Schreiber Managing Partner & Partner, YL Ventures, 11/12/2014
Comment6 comments  |  Read  |  Post a Comment
How Enterprises Can Get The Most From Threat Intelligence
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Understanding the threats faced by your organization can improve your defenses. Here are some tips for choosing tools and services -- and maximizing their impact.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/11/2014
Comment2 comments  |  Read  |  Post a Comment
Preparing For A Data Breach: Think ‘Stop, Drop & Roll’
Phil Smith, SVP Security Solutions, TrustwaveCommentary
Breaches are going to happen, which is why we need to treat incident response readiness like fire drills, practicing time and time again until the response is practically instinctive.
By Phil Smith SVP Security Solutions, Trustwave, 11/3/2014
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4467
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site.

CVE-2014-4476
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulner...

CVE-2014-4477
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulner...

CVE-2014-4479
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulner...

CVE-2014-4480
Published: 2015-01-30
Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.