Vulnerabilities / Threats
News & Commentary
APT Group 'Pawn Storm' Ratchets Up Attacks
Jai Vijayan, Freelance writerNews
Threat actors have set up several new C&C servers and dozens of new malicious URLs -- and now targeting White House staffers, Trend Micro says.
By Jai Vijayan Freelance writer, 4/17/2015
Comment0 comments  |  Read  |  Post a Comment
Inside the 4 Most Common Threat Actor Tools
 Dr. Chase Cunningham, Head of Threat Intelligence, FireHostCommentary
How do you prevent your environment from becoming the next target? Turn the tables on your attackers.
By Dr. Chase Cunningham Head of Threat Intelligence, FireHost, 4/17/2015
Comment0 comments  |  Read  |  Post a Comment
Popular Home Automation System Backdoored Via Unpatched Flaw
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Malicious firmware update could lead to device, full home network 0wnage, researcher will show next week at the RSA Conference.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/16/2015
Comment2 comments  |  Read  |  Post a Comment
Microsoft Zero-Day Bug Being Exploited In The Wild
Sara Peters, Senior Editor at Dark ReadingNews
As attacks mount, and over 70 million websites remain vulnerable, advice is "fix now."
By Sara Peters Senior Editor at Dark Reading, 4/16/2015
Comment0 comments  |  Read  |  Post a Comment
Harnessing The Power Of Cyber Threat Intelligence
Stu Solomon,  VP, General Counsel & Chief Risk Officer, iSIGHT PartnersCommentary
Here are six real-world examples of how changing your modus operandi from reactive to proactive can drive rapid response to the threats that matter.
By Stu Solomon VP, General Counsel & Chief Risk Officer, iSIGHT Partners, 4/16/2015
Comment1 Comment  |  Read  |  Post a Comment
HackerOne Now Offers Bounties For New Bug Discovery Tools And Techniques
Jai Vijayan, Freelance writerNews
Tools are a more cost-efficient option for finding bugs in mature products, new research shows.
By Jai Vijayan Freelance writer, 4/15/2015
Comment1 Comment  |  Read  |  Post a Comment
Why Standardized Threat Data Will Help Stop the Next Big Breach
Bill Nelson, President & CEO, Financial Services Information Sharing and Analysis Center (FS-ISAC) and CEO, SoltraCommentary
Adopting industry standards for threat intelligence will reduce a lot of the heavy lifting and free cyber security first responders to focus on what they do best.
By Bill Nelson President & CEO, Financial Services Information Sharing and Analysis Center (FS-ISAC) and CEO, Soltra, 4/15/2015
Comment0 comments  |  Read  |  Post a Comment
Threat Intelligence Is a Two-Way Street
Emilio Iasiello, Senior Cyber Intelligence Analyst at Fidelis Cybersecurity Solutions
Intelligence analysis should be looked upon as less of a service and more of a partnership.
By Emilio Iasiello Senior Cyber Intelligence Analyst at Fidelis Cybersecurity Solutions, 4/14/2015
Comment0 comments  |  Read  |  Post a Comment
Authorities Take Down Malware-Distributing Simda Botnet
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Fourteen C&Cs dismantled to take out nerve center of a botnet that spanned 190 countries.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/14/2015
Comment3 comments  |  Read  |  Post a Comment
Botnet to Cybersecurity: Catch Me If You Can
Raj Samani , Chief Technology Officer of Intel Security’s Europe, Middle East and Africa division
Tracking and disrupting the crime ring behind a polymorphic botnet.
By Raj Samani Chief Technology Officer of Intel Security’s Europe, Middle East and Africa division, 4/14/2015
Comment0 comments  |  Read  |  Post a Comment
Verizon DBIR: Mobile Devices Not A Factor In Real-World Attacks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New annual Verizon Data Breach Investigations Report shows most attacks affect a secondary victim, the average cost of a data breach is just 58 cents per stolen record -- and attackers are not going after mobile en masse.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/14/2015
Comment2 comments  |  Read  |  Post a Comment
Chinese Nation-State Hackers Give Up Attack Campaign
Sara Peters, Senior Editor at Dark ReadingNews
It worked on Hurricane Panda. Can APT30 and other organized cyberespionage groups also be convinced that an attack campaign isn't worth the trouble?
By Sara Peters Senior Editor at Dark Reading, 4/13/2015
Comment2 comments  |  Read  |  Post a Comment
Majority Of Organizations Unprepared For Insider Attacks
Ericka Chickowski, Contributing Writer, Dark ReadingNews
SANS report shows gaps in insider detection and response.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/13/2015
Comment1 Comment  |  Read  |  Post a Comment
Better Together: Network Operations & Infosec
Steve Riley, Technical Leader, Office of the CTO, Riverbed TechnologyCommentary
Getting networking and information security teams together in the same room is a critical step for companies that want to build a continuous information security culture.
By Steve Riley Technical Leader, Office of the CTO, Riverbed Technology, 4/13/2015
Comment0 comments  |  Read  |  Post a Comment
Insider Threats: Focus On The User, Not The Data
Daniel Velez, Insider Threat Operations, Raytheon Cyber ProductsCommentary
Global cybersecurity spending will hit almost $77 billion in 2015, so why are there more high-profile leaks than ever?
By Daniel Velez Insider Threat Operations, Raytheon Cyber Products, 4/10/2015
Comment1 Comment  |  Read  |  Post a Comment
Utilities And Education The Most Bot-Infested Sectors
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The more bots in-house, the more a company is likely to have reported a data breach, BitSight report finds.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/9/2015
Comment13 comments  |  Read  |  Post a Comment
Solving the Right Problem: Stop Adversaries, Not Just Their Tools
Dmitri Alperovitch, Co-Founder & CTO, CrowdStrikeCommentary
A malware-centric strategy is mere child’s play against today’s sophisticated adversaries. Here’s why.
By Dmitri Alperovitch Co-Founder & CTO, CrowdStrike, 4/9/2015
Comment0 comments  |  Read  |  Post a Comment
AlienSpy A More Sophisticated Version Of The Same Old RATs
Jai Vijayan, Freelance writerNews
The AlienSpy remote access Trojan bears a resemblance to Frutas, Adwind, and Unrecom, say researchers at Fidelis.
By Jai Vijayan Freelance writer, 4/8/2015
Comment0 comments  |  Read  |  Post a Comment
5 Reasons You 'Better Call Saul' To Protect Corporate Data
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
These pop-culture lessons from the entertaining Breaking Bad spinoff will make security awareness training both fun and effective.
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 4/8/2015
Comment3 comments  |  Read  |  Post a Comment
So, You 'Don’t Believe In' Security Education?
Joe Ferrara,  President & CEO, Wombat Security TechnologiesCommentary
You're in the minority for a reason. Here's why.
By Joe Ferrara President & CEO, Wombat Security Technologies, 4/7/2015
Comment9 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: nice one
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0845
Published: 2015-04-17
Format string vulnerability in Movable Type Pro, Open Source, and Advanced before 5.2.13 and Pro and Advanced 6.0.x before 6.0.8 allows remote attackers to execute arbitrary code via vectors related to localization of templates.

CVE-2015-0967
Published: 2015-04-17
Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via (1) the search field in plugin/index.html or (2) the title field in the Create Featured Result form in admin/main.jsp.

CVE-2015-0968
Published: 2015-04-17
Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 8.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and the image/jpeg content type, a different vulnerability than CVE-2013-3590.

CVE-2015-0969
Published: 2015-04-17
SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI.

CVE-2015-0970
Published: 2015-04-17
Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.