Vulnerabilities / Threats
News & Commentary
Hotel Router Vulnerability A Reminder Of Untrusted WiFi Risks
Jai Vijayan, Freelance writerNews
A flaw in a popular router product may have exposed millions of hotel guests, says Cylance
By Jai Vijayan Freelance writer, 3/27/2015
Comment0 comments  |  Read  |  Post a Comment
Cyber Hunting: 5 Tips To Bag Your Prey
David J. Bianco, Security Architect, SqrrlCommentary
Knowing the lay of the land and where attackers hide is a key element in hunting, both in nature and in the cyber realm.
By David J. Bianco Security Architect, Sqrrl, 3/26/2015
Comment5 comments  |  Read  |  Post a Comment
SSL/TLS Suffers 'Bar Mitzvah Attack'
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researcher at Black Hat Asia shows how attackers could abuse a known-weak crypto algorithm to steal credentials and other data from encrypted communications.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/26/2015
Comment2 comments  |  Read  |  Post a Comment
Researchers Use Heat To Breach Air-Gapped Systems
Jai Vijayan, Freelance writerNews
BitWhisper project is part of ongoing air gap security research at Israel's Ben-Gurion University.
By Jai Vijayan Freelance writer, 3/25/2015
Comment1 Comment  |  Read  |  Post a Comment
Typical Users Know Less About Mobile Privacy Than They Think
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New Mobile Privacy IQ survey shows a disconnect between perception and practice.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/24/2015
Comment0 comments  |  Read  |  Post a Comment
Retailers Adopt Intel-Sharing Portal Used By Banks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Th Retail Cyber Intelligence Sharing Center (R-CISC) is working with the Financial Services ISAC (FS-ISAC) on its new threat intelligence-sharing platform.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/24/2015
Comment0 comments  |  Read  |  Post a Comment
Will POSeidon Preempt BlackPOS?
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Research from Cisco Talos uncovers newly evolved POS malware with more sophistication than BlackPOS and similarities to Zeus for camouflage.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/23/2015
Comment1 Comment  |  Read  |  Post a Comment
Context: Finding The Story Inside Your Security Operations Program
Joshua Goldfarb, VP & CTO - Americas, FireEye.Commentary
Whatís missing in todayís chaotic, alert-driven incident response queue is the idea of a narrative that provides a detailed understanding of how an attack actually unfolds.
By Joshua Goldfarb VP & CTO - Americas, FireEye., 3/23/2015
Comment6 comments  |  Read  |  Post a Comment
Rush To Release Resulting In Vulnerable Mobile Apps
Jai Vijayan, Freelance writerNews
IT organizations overlooking security in their haste to crank out mobile apps, Ponemon Institute report finds.
By Jai Vijayan Freelance writer, 3/20/2015
Comment1 Comment  |  Read  |  Post a Comment
Dark Reading Threat Intelligence Survey
InformationWeek Staff,
Threat intelligence is the best way to stay ahead of new and complex attacks, say survey respondents. How analytics influences their IT security strategies varies.
By InformationWeek Staff , 3/20/2015
Comment0 comments  |  Read  |  Post a Comment
Risky Business: Why Monitoring Vulnerability Data Is Never Enough
Bill Ledingham, CTO & Executive VP of Engineering, Black Duck SoftwareCommentary
Keeping tabs on open source code used in your organizationís applications and infrastructure is daunting, especially if you are relying solely on manual methods.
By Bill Ledingham CTO & Executive VP of Engineering, Black Duck Software, 3/19/2015
Comment4 comments  |  Read  |  Post a Comment
Healthcare Breaches Like Premera First Stage Of Bigger Attacks?
Dark Reading Staff, News
With three new healthcare breaches announced this week, but no reported misuse of stolen data, what plans might attackers have for the identity records they pilfered from CHS, Anthem, Premera and others?
By Dark Reading Staff , 3/18/2015
Comment0 comments  |  Read  |  Post a Comment
The Bot Threat For the Rest of Us: Application-Layer Attacks
Rami Essaid, CEO and co-founder, Distil NetworksCommentary
Bots are getting craftier by the day so you may not even know you have a problem.
By Rami Essaid CEO and co-founder, Distil Networks, 3/18/2015
Comment0 comments  |  Read  |  Post a Comment
The Anatomy of Advanced Persistent Threats
Liviu Arsene, Senior E-threat Analyst, Bitdefender
The only way to keep intruders away is to use multiple security mechanisms.
By Liviu Arsene Senior E-threat Analyst, Bitdefender, 3/18/2015
Comment0 comments  |  Read  |  Post a Comment
The 7 Best Social Engineering Attacks Ever
Sara Peters, Senior Editor at Dark Reading
Seven reminders of why technology alone isn't enough to keep you secure.
By Sara Peters Senior Editor at Dark Reading, 3/17/2015
Comment4 comments  |  Read  |  Post a Comment
Microsoft Warns Of Phony Windows Live Digital Certificate
Dark Reading Staff, Quick Hits
Unauathorized SSL certificate for 'live.fi' could be used for man-in-the-middle, phishing attacks, Microsoft says.
By Dark Reading Staff , 3/17/2015
Comment0 comments  |  Read  |  Post a Comment
Endpoints, Gateways, and Networks: Teamwork Is Better Than Lone Rangers
Bradon Rogers, Senior Vice President, Worldwide Product and Solution Marketing, Intel Security
Security vendors have a common goal when it comes to protecting their customers from danger. Whatís missing is a common language and protocols for how and what to share.
By Bradon Rogers Senior Vice President, Worldwide Product and Solution Marketing, Intel Security, 3/16/2015
Comment0 comments  |  Read  |  Post a Comment
7 Deadly Sins Of Security Policy Change Management
Nimmy Reichenberg, VP of Strategy, AlgoSecCommentary
Mitigating these deadly sins requires process, visibility and automation. Itís an effort that will improve security and increase business agility.
By Nimmy Reichenberg VP of Strategy, AlgoSec, 3/16/2015
Comment1 Comment  |  Read  |  Post a Comment
Has Security Ops Outlived Its Purpose?
Tal Klein, VP Strategy, AdallomCommentary
CISOs will need more than higher headcounts and better automation tools to solve today's security problems.
By Tal Klein VP Strategy, Adallom, 3/13/2015
Comment15 comments  |  Read  |  Post a Comment
ISACs Demystified
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
How some intelligence-sharing organizations operate in the face of today's threat landscape.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/12/2015
Comment8 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Marilyn Cohodas
Current Conversations Great point. Touche'
In reply to: Re: Data science
Post Your Own Reply
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5427
Published: 2015-03-29
Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to read pa...

CVE-2014-5428
Published: 2015-03-29
Unrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integratio...

CVE-2014-9205
Published: 2015-03-29
Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data.

CVE-2015-0528
Published: 2015-03-29
The RPC daemon in EMC Isilon OneFS 6.5.x and 7.0.x before 7.0.2.13, 7.1.0 before 7.1.0.6, 7.1.1 before 7.1.1.2, and 7.2.0 before 7.2.0.1 allows local users to gain privileges by leveraging an ability to modify system files.

CVE-2015-0996
Published: 2015-03-29
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive info...

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.