Vulnerabilities / Threats
News & Commentary
Cyber Threat Analysis: A Call for Clarity
Michael McMahon, Director, Cyber Strategy & Analysis, Innovative Analytics & Training, LLCCommentary
The general public deserves less hyperbole and more straight talk
By Michael McMahon Director, Cyber Strategy & Analysis, Innovative Analytics & Training, LLC, 5/22/2015
Comment1 Comment  |  Read  |  Post a Comment
Hacking Virginia State Trooper Cruisers
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Working group of federal agencies and private industry launched by the state of Virginia is studying car vulnerabilities and building tools to detect and protect against vehicle hacking and tampering.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/22/2015
Comment1 Comment  |  Read  |  Post a Comment
Half Of Retail, Healthcare Sites 'Always Vulnerable'
Sara Peters, Senior Editor at Dark ReadingNews
Finding vulnerabilities in custom web applications isn't the major problem; fixing them in a timely fashion is, a new report from WhiteHat Security finds.
By Sara Peters Senior Editor at Dark Reading, 5/21/2015
Comment0 comments  |  Read  |  Post a Comment
Logjam Encryption Flaw Threatens Secure Communications On Web
Jai Vijayan, Freelance writerNews
Most major browsers, websites that support export ciphers impacted
By Jai Vijayan Freelance writer, 5/20/2015
Comment1 Comment  |  Read  |  Post a Comment
Planes, Tweets & Possible Hacks From Seats
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
There are conflicting reports over whether security researcher Chris Roberts hacked into flight controls and manipulated a plane.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/20/2015
Comment3 comments  |  Read  |  Post a Comment
5 Signs Credentials In Your Network Are Being Compromised
Idan Tendler, CEO, FortscaleCommentary
Where should you start to keep ahead of attackers using insiders to steal corporate secrets or personal identifiable information? Check out these common scenarios.
By Idan Tendler CEO, Fortscale, 5/20/2015
Comment1 Comment  |  Read  |  Post a Comment
Hacking Airplanes: No One Benefits When Lives Are Risked To Prove A Point
Don Bailey, Founder & CEO, Lab Mouse SecurityCommentary
In the brave new world of self-driving cars and Wifi-enabled pacemakers, everything we do as information security professionals, everything we hack, every joke we make on Twitter, has real, quantifiable consequences.
By Don Bailey Founder & CEO, Lab Mouse Security, 5/19/2015
Comment7 comments  |  Read  |  Post a Comment
Every 4 Seconds New Malware Is Born
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New report shows rate of new malware strains discovered increased by 77 percent in 2014.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/18/2015
Comment2 comments  |  Read  |  Post a Comment
Why We Can't Afford To Give Up On Cybersecurity Defense
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
There is no quick fix, but organizations can massively reduce the complexity of building secure applications by empowering developers with four basic practices.
By Jeff Williams CTO, Aspect Security & Contrast Security, 5/18/2015
Comment2 comments  |  Read  |  Post a Comment
Polish Security Firm Discloses Unpatched Security Flaws in Google App Engine
Jai Vijayan, Freelance writerNews
Google was given enough time to respond researcher says.
By Jai Vijayan Freelance writer, 5/15/2015
Comment0 comments  |  Read  |  Post a Comment
The Cybercrime Carnival in Brazil: Loose Cyberlaws Make for Loose Cybercriminals
Limor S Kessem, Sr. Cybersecurity Evangelist, IBM SecurityCommentary
Brazil loses over $8 billion a year to Internet crime, making it the second-largest cybercrime generator in the world.
By Limor S Kessem Sr. Cybersecurity Evangelist, IBM Security, 5/15/2015
Comment8 comments  |  Read  |  Post a Comment
Experts' Opinions Mixed On VENOM Vulnerability
Sara Peters, Senior Editor at Dark ReadingNews
Some say the virtualization vuln could be worse than Heartbleed, while others advise to patch, but don't panic.
By Sara Peters Senior Editor at Dark Reading, 5/14/2015
Comment2 comments  |  Read  |  Post a Comment
Taking A Security Program From Zero To Hero
Joshua Goldfarb, VP & CTO - Americas, FireEye.Commentary
Breaking the enigma of InfoSec into smaller bites is a proven method for building up an organizationís security capabilities. Here are six steps to get you started.
By Joshua Goldfarb VP & CTO - Americas, FireEye., 5/13/2015
Comment2 comments  |  Read  |  Post a Comment
Microsoft Edge Browser Gets Security Boost
Kelly Sheridan, Associate Editor, InformationWeekNews
The new Windows 10 browser, Microsoft Edge, is fortified with security measures to keep users safe.
By Kelly Sheridan Associate Editor, InformationWeek, 5/13/2015
Comment7 comments  |  Read  |  Post a Comment
VENOM Zero-Day May Affect Thousands Of Cloud, Virtualization Products
Sara Peters, Senior Editor at Dark ReadingNews
Critical vulnerability in the open-source QEMU hypervisor lets attackers break out of a virtual machine, execute code on a host machine and access all the other VMs on the host.
By Sara Peters Senior Editor at Dark Reading, 5/13/2015
Comment6 comments  |  Read  |  Post a Comment
Vulnerability Disclosure Deja Vu: Prosecute Crime Not Research
Katie Moussouris, Chief Policy Officer, HackerOneCommentary
There is a lesson to be learned from a locksmith living 150 years ago: Attackers and criminals are the only parties who benefit when security researchers fear the consequences for reporting issues.
By Katie Moussouris Chief Policy Officer, HackerOne, 5/12/2015
Comment10 comments  |  Read  |  Post a Comment
First Example Of SAP Breach Surfaces
Ericka Chickowski, Contributing Writer, Dark ReadingNews
USIS attack in 2013 stealing background check information about government personnel with classified clearance came by way of an SAP exploit.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/12/2015
Comment0 comments  |  Read  |  Post a Comment
PHP Hash Comparison Weakness A Threat To Websites, Researcher Says
Jai Vijayan, Freelance writerNews
Flaw could allow attackers to compromise user accounts, WhiteHat Security's Robert Hansen -- aka "RSnake" -- says in new finding on 'Magic Hash' vulnerability.
By Jai Vijayan Freelance writer, 5/9/2015
Comment2 comments  |  Read  |  Post a Comment
Beginning Of The End For Patch Tuesday
Sara Peters, Senior Editor at Dark ReadingNews
Starting with Windows 10, Microsoft will introduce Windows Update for Business, issuing patches as they're available, instead of once a month.
By Sara Peters Senior Editor at Dark Reading, 5/7/2015
Comment6 comments  |  Read  |  Post a Comment
3 Ways Attackers Will Own Your SAP
Ericka Chickowski, Contributing Writer, Dark ReadingNews
SAP vulnerabilities that have been highlighted for years are now becoming attackers' favorite means of breaking into enterprises.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/5/2015
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0750
Published: 2015-05-22
The administrative web interface in Cisco Hosted Collaboration Solution (HCS) 10.6(1) and earlier allows remote authenticated users to execute arbitrary commands via crafted input to unspecified fields, aka Bug ID CSCut02786.

CVE-2012-1978
Published: 2015-05-21
Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Agenda 2.2.8 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via a request to auth/process.php, (2) delete an administrator via a request to auth/admi...

CVE-2015-0741
Published: 2015-05-21
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut04596.

CVE-2015-0742
Published: 2015-05-21
The Protocol Independent Multicast (PIM) application in Cisco Adaptive Security Appliance (ASA) Software 9.2(0.0), 9.2(0.104), 9.2(3.1), 9.2(3.4), 9.3(1.105), 9.3(2.100), 9.4(0.115), 100.13(0.21), 100.13(20.3), 100.13(21.9), and 100.14(1.1) does not properly implement multicast-forwarding registrati...

CVE-2015-0746
Published: 2015-05-21
The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.