Vulnerabilities / Threats
News & Commentary
New Google Search Poisoning Method Cloaks With PDF Docs
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Using PDF documents to keyword stuff is growing in popularity as it circumvents anti-cloaking mechanisms in Google's algorithms.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/7/2015
Comment0 comments  |  Read  |  Post a Comment
The Rise Of Social Media Botnets
James C. Foster, Founder & CEO, ZeroFOXCommentary
In the social Internet, building a legion of interconnected bots -- all accessible from a single computer -- is quicker and easier than ever before.
By James C. Foster Founder & CEO, ZeroFOX, 7/7/2015
Comment0 comments  |  Read  |  Post a Comment
Cloud & The Security Skills Gap
David Holmes, World-Wide Security Evangelist, F5CommentaryVideo
F5 Network security evangelist David Holmes tells how cloud outsourcing can help companies fill the talent gap in three critical areas of enterprise security.
By David Holmes World-Wide Security Evangelist, F5, 7/6/2015
Comment0 comments  |  Read  |  Post a Comment
FBI Offering $4.3 Million For Help Finding Cyber Most-Wanted
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Big prize still going to whomever can help find Gameover ZeuS mastermind.
By Sara Peters Senior Editor at Dark Reading, 7/2/2015
Comment3 comments  |  Read  |  Post a Comment
Smart Cities' 4 Biggest Security Challenges
Sara Peters, Senior Editor at Dark ReadingNews
The messiness of politics and the vulnerability of the Internet of Things in one big, unwieldy package.
By Sara Peters Senior Editor at Dark Reading, 7/1/2015
Comment4 comments  |  Read  |  Post a Comment
Why We Need In-depth SAP Security Training
Juan Pablo Perez-Etchegoyen, CTO, OnapsisCommentary
SAP and Oracle are releasing tons of patches every month, but are enterprises up to this complex task? I have my doubts.
By Juan Pablo Perez-Etchegoyen CTO, Onapsis, 7/1/2015
Comment2 comments  |  Read  |  Post a Comment
Gas Stations In the Bullseye
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
White hats at Black Hat USA will release free honeypot tool for monitoring attacks against gas tank monitoring systems.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/29/2015
Comment6 comments  |  Read  |  Post a Comment
Cyber Resilience And Spear Phishing
Mo Cashman, Director of the Enterprise Architecture team at Intel Security.
Balanced security capability, defense in depth, integrated countermeasures, and a threat-intelligence strategy are critical to defending your business from spear-phishing attacks.
By Mo Cashman Director of the Enterprise Architecture team at Intel Security. , 6/29/2015
Comment0 comments  |  Read  |  Post a Comment
Social Engineering & Black Hat: Do As I Do Not As I Say
Tal Klein, VP Strategy, Lakeside Software.Commentary
Yes, I will be at Black Hat, where people will yell at me about NOT giving my PII to anyone, especially if they ask me for it via email.
By Tal Klein VP Strategy, Lakeside Software., 6/29/2015
Comment3 comments  |  Read  |  Post a Comment
3 Simple Steps For Minimizing Ransomware Exposure
Michelle Drolet, Founder, TowerwallCommentary
If your data is important enough to pay a ransom, why wasn't it important enough to properly backup and protect in the first place?
By Michelle Drolet Founder, Towerwall, 6/26/2015
Comment0 comments  |  Read  |  Post a Comment
Stealthy Fobber Malware Takes Anti-Analysis To New Heights
Sara Peters, Senior Editor at Dark ReadingNews
Built off the Tinba banking Trojan and distributed through the elusive HanJuan exploit kit, Fobber info-stealer defies researchers with layers upon layers of encryption.
By Sara Peters Senior Editor at Dark Reading, 6/25/2015
Comment0 comments  |  Read  |  Post a Comment
FireEye Report Prompts Reported SEC Probe Of FIN4 Hacking Gang
Jai Vijayan, Freelance writerNews
Security vendor's report from last year had warned about group targeting insider data from illegal trading.
By Jai Vijayan Freelance writer, 6/25/2015
Comment0 comments  |  Read  |  Post a Comment
What Do You Mean My Security Tools Don’t Work on APIs?!!
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
SAST and DAST scanners haven’t advanced much in 15 years. But the bigger problem is that they were designed for web apps, not to test the security of an API.
By Jeff Williams CTO, Aspect Security & Contrast Security, 6/25/2015
Comment7 comments  |  Read  |  Post a Comment
Linux Foundation Funds Internet Security Advances
Charles Babcock, Editor at Large, CloudNews
The Linux Foundation's Core Infrastructure Initiative has selected three security-oriented projects to receive a total of $500,000 in funding.
By Charles Babcock Editor at Large, Cloud, 6/25/2015
Comment2 comments  |  Read  |  Post a Comment
Why China Wants Your Sensitive Data
Adam Meyers, VP of Intelligence, CrowdStrikeCommentary
Since May 2014, the Chinese government has been amassing a 'Facebook for human intelligence.' Here's what it's doing with the info.
By Adam Meyers VP of Intelligence, CrowdStrike, 6/24/2015
Comment17 comments  |  Read  |  Post a Comment
Child Exploitation & Assassins For Hire On The Deep Web
Sara Peters, Senior Editor at Dark ReadingNews
'Census report' of the unindexed parts of the Internet unearths everything from Bitcoin-laundering services to assassins for hire.
By Sara Peters Senior Editor at Dark Reading, 6/23/2015
Comment9 comments  |  Read  |  Post a Comment
Government, Healthcare Particularly Lackluster In Application Security
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Veracode's State of Software Security Report lays out industry-specific software security metrics.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/23/2015
Comment2 comments  |  Read  |  Post a Comment
The Dark Web: An Untapped Source For Threat Intelligence
Jason Polancich, Founder & Chief Architect, SurfWatchLabsCommentary
Most organizations already have the tools for starting a low-cost, high-return Dark Web cyber intelligence program within their existing IT and cybersecurity teams. Here’s how.
By Jason Polancich Founder & Chief Architect, SurfWatchLabs, 6/23/2015
Comment1 Comment  |  Read  |  Post a Comment
3 Clues That Collaboration And File Sharing Tools Are Cloud Security's Weak Link
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Cloud collaboration and file sharing applications continue to raise CISOs' blood pressure.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/23/2015
Comment1 Comment  |  Read  |  Post a Comment
Report: NSA, GCHQ Actively Targeted Kaspersky Lab, Other Security Vendors
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Snowden documents reveal government intelligence agencies were working to subvert security software. Kaspersky Lab calls nation-states' targeting of security companies 'extremely worrying.'
By Sara Peters Senior Editor at Dark Reading, 6/22/2015
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Blog Voyage
Current Conversations What an offer !
In reply to: Wow
Post Your Own Reply
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-2849
Published: 2015-07-07
SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter.

CVE-2015-2850
Published: 2015-07-07
Cross-site scripting (XSS) vulnerability in index-login.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

CVE-2015-3216
Published: 2015-07-07
Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establi...

CVE-2014-3653
Published: 2015-07-06
Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template.

CVE-2014-5406
Published: 2015-07-06
The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, ...

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report