Vulnerabilities / Threats
News & Commentary
Cloud Security By The Numbers
Ericka Chickowski, Contributing Writer, Dark Reading
Quantifying the perceptions around cloud security practices.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/21/2014
Comment1 Comment  |  Read  |  Post a Comment
The Week When Attackers Started Winning The War On Trust
Kevin Bocek, VP Security Strategy & Threat Intelligence, VenafiCommentary
The misuse of keys and certificates is not exotic or hypothetical. It’s a real threat that could undermine most, if not all, critical security controls, as recent headlines strongly show.
By Kevin Bocek VP Security Strategy & Threat Intelligence, Venafi, 11/21/2014
Comment0 comments  |  Read  |  Post a Comment
Russian Cyber Espionage Under The Microscope
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New report shows level of coordination and strategy by three main groups of cyberspies out of Russia.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/20/2014
Comment6 comments  |  Read  |  Post a Comment
New Citadel Attack Targets Password Managers
Jai Vijayan, Freelance writerNews
IBM researchers have found signs that the prolific data steal Trojan is now being used to attack widely used password managers.
By Jai Vijayan Freelance writer, 11/20/2014
Comment3 comments  |  Read  |  Post a Comment
Surveillance Cameras Next On The Insecure IoT List
Sara Peters, Senior Editor at Dark ReadingNews
Three buffer overflow vulnerabilities leave HikVision video recorders open to remote code execution.
By Sara Peters Senior Editor at Dark Reading, 11/20/2014
Comment2 comments  |  Read  |  Post a Comment
Internet Architecture Board Calls For Net Encryption By Default
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The Internet Architecture Board (IAB) urges encryption across the protocol stack to usher in an era where encrypted traffic is the norm. But there are possible security tradeoffs.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/19/2014
Comment9 comments  |  Read  |  Post a Comment
The Rise Of The Resilient Mobile Botnet
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New report on what researchers call one of the 'most sophisticated mobile botnets online' shows how profitable mobile malware has become.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/19/2014
Comment0 comments  |  Read  |  Post a Comment
Microsoft Issues Emergency Patch Amid Targeted Attacks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Windows Kerberos authentication bug "critical."
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/18/2014
Comment2 comments  |  Read  |  Post a Comment
Is Security Awareness Training Really Worth It?
Fahmida Y. Rashid, News
Experts weigh in on the value of end-user security training, and how to make education more effective.
By Fahmida Y. Rashid , 11/18/2014
Comment9 comments  |  Read  |  Post a Comment
Deconstructing the Cyber Kill Chain
Giora Engel, VP Product & Strategy, LightCyberCommentary
As sexy as it is, the Cyber Kill Chain model can actually be detrimental to network security because it reinforces old-school, perimeter-focused, malware-prevention thinking.
By Giora Engel VP Product & Strategy, LightCyber, 11/18/2014
Comment4 comments  |  Read  |  Post a Comment
Why Cyber Security Starts At Home
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
Even the grandmas on Facebook need to know and practice basic security hygiene, because what happens anywhere on the Internet can eventually affect us all.
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 11/17/2014
Comment13 comments  |  Read  |  Post a Comment
Microsoft Fixes Critical SChannel & OLE Bugs, But No Patches For XP
Sara Peters, Senior Editor at Dark ReadingNews
No patches released for the now-unsupported XP even though the 19-year-old OLE bug is critical and "Winshock" bug in Windows' SSL/TLS installation could be worse than Heartbleed.
By Sara Peters Senior Editor at Dark Reading, 11/14/2014
Comment20 comments  |  Read  |  Post a Comment
Rethinking Security With A System Of 'Checks & Balances'
Brian Foster, CTO, DamballaCommentary
For too long, enterprises have given power to one branch of security governance -- prevention -- at the expense of the other two: detection and response.
By Brian Foster CTO, Damballa, 11/14/2014
Comment7 comments  |  Read  |  Post a Comment
Time To Turn The Tables On Attackers
Amit Yoran, President, RSACommentary
As a security industry, we need to arm business with innovative technologies that provide visibility, analysis, and action to prevent inevitable breaches from causing irreparable damage.
By Amit Yoran President, RSA, 11/13/2014
Comment5 comments  |  Read  |  Post a Comment
The Enemy Who Is Us: DoD Puts Contractors On Notice For Insider Threats
Adam Firestone, President & GM, Kaspersky Government Security SolutionsCommentary
New rule requires US government contractors to gather and report information on insider threat activity on classified networks.
By Adam Firestone President & GM, Kaspersky Government Security Solutions, 11/13/2014
Comment5 comments  |  Read  |  Post a Comment
Expired Antivirus Software No. 1 Cause Of Unprotected Windows 8 PCs
Jai Vijayan, Freelance writerNews
New data from Microsoft shows that nearly 10% of Windows 8 users are running expired AV software on their systems, making them four times more likely to get infected.
By Jai Vijayan Freelance writer, 11/13/2014
Comment2 comments  |  Read  |  Post a Comment
Better Together: Why Cyber Security Vendors Are Teaming Up
Yoav Leitersdorf and Ofer Schreiber , Managing Partner & Partner, YL VentureCommentary
Alliances, mergers, and acquisitions are ushering in an era of unprecedented “co-opetition” among former rivals for your point solution business.
By Yoav Leitersdorf and Ofer Schreiber Managing Partner & Partner, YL Venture, 11/12/2014
Comment6 comments  |  Read  |  Post a Comment
POS Malware Continues To Evolve
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New report out today details three prevalent families.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/11/2014
Comment7 comments  |  Read  |  Post a Comment
Small-to-Midsized Businesses Targeted In More Invasive Cyberattacks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
How notorious remote access tools Predator Pain and Limitless have evolved into bargain-basement tools accessible to masses of cybercriminals.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/11/2014
Comment7 comments  |  Read  |  Post a Comment
How Enterprises Can Get The Most From Threat Intelligence
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Understanding the threats faced by your organization can improve your defenses. Here are some tips for choosing tools and services -- and maximizing their impact.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/11/2014
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-6477
Published: 2014-11-23
Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4...

CVE-2014-4807
Published: 2014-11-22
Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 9.3.0 before FP8 allows remote authenticated users to cause a denial of service (CPU consumption) via a '\0' character.

CVE-2014-6183
Published: 2014-11-22
IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before 5.1.1.0 FP8, 5.1.2 before 5.1.2.0 FP9, 5.1.2.1 before FP5, 5.2 before 5.2.0.0 FP5, and 5.3 before 5.3.0.0 FP1 on XGS devices allows remote authenticated users to execute arbitrary commands via unspecified vectors.

CVE-2014-8626
Published: 2014-11-22
Stack-based buffer overflow in the date_from_ISO8601 function in ext/xmlrpc/libxmlrpc/xmlrpc.c in PHP before 5.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by including a timezone field in a date, leading to improper XML-RPC encoding...

CVE-2014-8710
Published: 2014-11-22
The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the SigComp UDVM dissector in Wireshark 1.10.x before 1.10.11 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted packet.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?