Vulnerabilities / Threats
News & Commentary
Which Apps Should You Secure First? Wrong Question.
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
Instead, develop security instrumentation capability and stop wasting time on '4 terrible tactics' that focus on the trivial.
By Jeff Williams CTO, Aspect Security & Contrast Security, 3/5/2015
Comment0 comments  |  Read  |  Post a Comment
Securing Our Electric Power Grid Is Critical
Lorie Wigle, Vice President, General Manager IOT Security Solutions, Intel Security Group
Highly complex infrastructure systems require protection against cyberattacks.
By Lorie Wigle Vice President, General Manager IOT Security Solutions, Intel Security Group, 3/4/2015
Comment0 comments  |  Read  |  Post a Comment
A ‘Building Code’ For Internet of Things Security, Privacy
Greg Shannon, Ph.D., chair, IEEE Cybersecurity Initiative & Chief Scientist, CERT Division, Carnegie Mellon University Software Engineering InstituteCommentary
In the fast-emerging IoT, medical device safety is reaching a critical juncture. Here are three challenges InfoSec professionals should begin to think about now.
By Greg Shannon Ph.D., chair, IEEE Cybersecurity Initiative & Chief Scientist, CERT Division, Carnegie Mellon University Software Engineering Institute, 3/4/2015
Comment2 comments  |  Read  |  Post a Comment
Enterprises Thirsting For Third-Party Threat Data
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New report shows enterprises more heavily weighing risks of data loss and cyber attacks in evaluation process.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/3/2015
Comment0 comments  |  Read  |  Post a Comment
FREAK Out: Yet Another New SSL/TLS Bug Found
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Old-school, export-grade crypto standard used until the 1990s can be triggered to downgrade security of client, servers, researchers find.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/3/2015
Comment2 comments  |  Read  |  Post a Comment
Compliance & Security: A Race To The Bottom?
Kevin E. Greene, Software Assurance Program Manager, Department of Homeland Security Science & Technology DirectorateCommentary
Compliance is meaningless if organizations don’t use it as a starting point to understand and mitigate risks within their environment.
By Kevin E. Greene Software Assurance Program Manager, Department of Homeland Security Science & Technology Directorate, 3/3/2015
Comment0 comments  |  Read  |  Post a Comment
What You Need To Know About Nation-State Hacked Hard Drives
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The nation-state Equation Group compromise of most popular hard drives won't be a widespread threat, but future disk security -- and forensic integrity -- remain unclear.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/2/2015
Comment16 comments  |  Read  |  Post a Comment
No Silver Bullets for Security
Lorie Wigle, Vice President, General Manager IOT Security Solutions, Intel Security Group
A quick-fix security solution for cyberphysical systems doesn’t exist.
By Lorie Wigle Vice President, General Manager IOT Security Solutions, Intel Security Group, 3/2/2015
Comment1 Comment  |  Read  |  Post a Comment
Why Security Awareness Alone Won’t Stop Hackers
Saryu Nayyar, CEO, GuruculCommentary
End-user training is a noble pursuit but it’s no defense against “low and slow” attacks that take months and years to carry out.
By Saryu Nayyar CEO, Gurucul, 3/2/2015
Comment5 comments  |  Read  |  Post a Comment
Dark Reading Offers Cyber Security Crash Course At Interop 2015
Tim Wilson, Editor in Chief, Dark ReadingCommentary
New, one-day event offers a way for IT pros to quickly catch up with the latest threats and defenses in information security.
By Tim Wilson Editor in Chief, Dark Reading, 3/2/2015
Comment1 Comment  |  Read  |  Post a Comment
Cyber Intelligence: Defining What You Know
Jason Polancich, Founder & Chief Architect, SurfWatchLabsCommentary
Too often management settles for security data about things that are assumed rather than things you can prove or that you know are definitely wrong.
By Jason Polancich Founder & Chief Architect, SurfWatchLabs, 2/27/2015
Comment1 Comment  |  Read  |  Post a Comment
Hits Keep On Coming For Both SSL & Its Abusers
Dark Reading Staff, Quick Hits
Hacktivist group Lizard Squad punishes Lenovo with a DNS hijack. Will Comodo be next?
By Dark Reading Staff , 2/26/2015
Comment4 comments  |  Read  |  Post a Comment
How to Strengthen Enterprise Defenses against Ransomware
Alexandra Gheorghe, Security Specialist, Bitdefender
Eight essential ways that companies can enforce their borders.
By Alexandra Gheorghe Security Specialist, Bitdefender, 2/26/2015
Comment3 comments  |  Read  |  Post a Comment
How To Reduce Spam & Phishing With DMARC
Daniel Ingevaldson, CTO, Easy SolutionsCommentary
Providers of more than 3 billion email boxes have taken up a new Internet protocol to help put trust back into electronic messaging.
By Daniel Ingevaldson CTO, Easy Solutions, 2/26/2015
Comment7 comments  |  Read  |  Post a Comment
Five Easiest Ways to Get Hacked – Part 2
Carric Dooley, WW VP of Foundstone Services, Intel Security
Continuing a conversation with principal security consultant Amit Bagree
By Carric Dooley WW VP of Foundstone Services, Intel Security, 2/25/2015
Comment2 comments  |  Read  |  Post a Comment
FBI Offers $3 Million Reward For Info On Whereabouts Of GameoverZeus Botnet Operator
Dark Reading Staff, Quick Hits
Evgeniy Mikhailovich Bogachev, who faces charges for his alleged role as an administrator of the GameOver Zeus botnet, is at large in Russia.
By Dark Reading Staff , 2/24/2015
Comment4 comments  |  Read  |  Post a Comment
From Hacking Systems To Hacking People
Larry Ponemon, Chairman & Founder, Ponemon InstituteCommentary
New low-tech attack methods like ‘visual hacking’ demand an information security environment that values data privacy and a self-policing culture.
By Larry Ponemon Chairman & Founder, Ponemon Institute, 2/24/2015
Comment8 comments  |  Read  |  Post a Comment
Blackhat, The Movie: Good, Bad & Ridiculous
Jeff Schmidt, Founder & CEO of JAS Global Advisors LLCCommentary
It didn’t take home an Oscar, but in some instances Blackhat was right on point. Still, a white-hat hacker with the skills to take out armed opponents?
By Jeff Schmidt Founder & CEO of JAS Global Advisors LLC, 2/23/2015
Comment2 comments  |  Read  |  Post a Comment
Who Cares Who’s Behind A Data Breach?
Kerstyn Clover, Attack & Defense Team ConsultantCommentary
Attribution takes a long time, a lot of work, and a healthy dose of luck. But is it worth the effort?
By Kerstyn Clover Attack & Defense Team Consultant, 2/20/2015
Comment27 comments  |  Read  |  Post a Comment
Lenovo Superfish Adware Excuses Are Lame
Thomas Claburn, Editor at Large, Enterprise MobilityCommentary
Lenovo is downplaying the installation of Superfish adware on its notebook PCs. Here's why we think business and consumer users deserve better.
By Thomas Claburn Editor at Large, Enterprise Mobility, 2/19/2015
Comment11 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8617
Published: 2015-03-04
Cross-site scripting (XSS) vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via the release parameter to module/re...

CVE-2015-0891
Published: 2015-03-04
Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Simple Board allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2015-0892
Published: 2015-03-04
Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Image Album allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2015-0893
Published: 2015-03-04
Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Relay Novel allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2015-2209
Published: 2015-03-04
DLGuard 4.5 allows remote attackers to obtain the installation path via the c parameter to index.php.

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.