Vulnerabilities / Threats
News & Commentary
Healthcare Is Ignoring Cyber Risk Intel, Academia Even Worse
Jason Polancich, Founder & Chief Architect, SurfWatchLabsCommentary
Healthcare and other sectors are indolently ignoring the process of gathering and using high-level intelligence to focus cyber defenses. Here’s proof.
By Jason Polancich Founder & Chief Architect, SurfWatchLabs, 3/31/2015
Comment0 comments  |  Read  |  Post a Comment
Lebanon Believed Behind Newly Uncovered Cyber Espionage Operation
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Middle East, US, and other targets hit in nearly three-year-old 'Volatile Cedar' cyber attack campaign.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/31/2015
Comment7 comments  |  Read  |  Post a Comment
Hacking Back: Two Wrongs Don’t Make A Right
Anthony Di Bello, Director, Security Practice, Guidance SoftwareCommentary
Here’s the critical issue: Do you want to risk engaging your company in an ego-fueled war of revenge, or do you want to cut the bad guys off at the pass?
By Anthony Di Bello Director, Security Practice, Guidance Software, 3/30/2015
Comment0 comments  |  Read  |  Post a Comment
Hotel Router Vulnerability A Reminder Of Untrusted WiFi Risks
Jai Vijayan, Freelance writerNews
A flaw in a popular router product may have exposed millions of hotel guests, researchers from Cylance say.
By Jai Vijayan Freelance writer, 3/27/2015
Comment2 comments  |  Read  |  Post a Comment
Cyber Hunting: 5 Tips To Bag Your Prey
David J. Bianco, Security Architect, SqrrlCommentary
Knowing the lay of the land and where attackers hide is a key element in hunting, both in nature and in the cyber realm.
By David J. Bianco Security Architect, Sqrrl, 3/26/2015
Comment7 comments  |  Read  |  Post a Comment
SSL/TLS Suffers 'Bar Mitzvah Attack'
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researcher at Black Hat Asia shows how attackers could abuse a known-weak crypto algorithm to steal credentials and other data from encrypted communications.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/26/2015
Comment3 comments  |  Read  |  Post a Comment
Researchers Use Heat To Breach Air-Gapped Systems
Jai Vijayan, Freelance writerNews
BitWhisper project is part of ongoing air gap security research at Israel's Ben-Gurion University.
By Jai Vijayan Freelance writer, 3/25/2015
Comment1 Comment  |  Read  |  Post a Comment
Typical Users Know Less About Mobile Privacy Than They Think
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New Mobile Privacy IQ survey shows a disconnect between perception and practice.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/24/2015
Comment0 comments  |  Read  |  Post a Comment
Retailers Adopt Intel-Sharing Portal Used By Banks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Th Retail Cyber Intelligence Sharing Center (R-CISC) is working with the Financial Services ISAC (FS-ISAC) on its new threat intelligence-sharing platform.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/24/2015
Comment0 comments  |  Read  |  Post a Comment
Will POSeidon Preempt BlackPOS?
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Research from Cisco Talos uncovers newly evolved POS malware with more sophistication than BlackPOS and similarities to Zeus for camouflage.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/23/2015
Comment1 Comment  |  Read  |  Post a Comment
Context: Finding The Story Inside Your Security Operations Program
Joshua Goldfarb, VP & CTO - Americas, FireEye.Commentary
What’s missing in today’s chaotic, alert-driven incident response queue is the idea of a narrative that provides a detailed understanding of how an attack actually unfolds.
By Joshua Goldfarb VP & CTO - Americas, FireEye., 3/23/2015
Comment6 comments  |  Read  |  Post a Comment
Rush To Release Resulting In Vulnerable Mobile Apps
Jai Vijayan, Freelance writerNews
IT organizations overlooking security in their haste to crank out mobile apps, Ponemon Institute report finds.
By Jai Vijayan Freelance writer, 3/20/2015
Comment1 Comment  |  Read  |  Post a Comment
Dark Reading Threat Intelligence Survey
InformationWeek Staff,
Threat intelligence is the best way to stay ahead of new and complex attacks, say survey respondents. How analytics influences their IT security strategies varies.
By InformationWeek Staff , 3/20/2015
Comment0 comments  |  Read  |  Post a Comment
Risky Business: Why Monitoring Vulnerability Data Is Never Enough
Bill Ledingham, CTO & Executive VP of Engineering, Black Duck SoftwareCommentary
Keeping tabs on open source code used in your organization’s applications and infrastructure is daunting, especially if you are relying solely on manual methods.
By Bill Ledingham CTO & Executive VP of Engineering, Black Duck Software, 3/19/2015
Comment4 comments  |  Read  |  Post a Comment
Healthcare Breaches Like Premera First Stage Of Bigger Attacks?
Dark Reading Staff, News
With three new healthcare breaches announced this week, but no reported misuse of stolen data, what plans might attackers have for the identity records they pilfered from CHS, Anthem, Premera and others?
By Dark Reading Staff , 3/18/2015
Comment0 comments  |  Read  |  Post a Comment
The Bot Threat For the Rest of Us: Application-Layer Attacks
Rami Essaid, CEO and co-founder, Distil NetworksCommentary
Bots are getting craftier by the day so you may not even know you have a problem.
By Rami Essaid CEO and co-founder, Distil Networks, 3/18/2015
Comment0 comments  |  Read  |  Post a Comment
The Anatomy of Advanced Persistent Threats
Liviu Arsene, Senior E-threat Analyst, Bitdefender
The only way to keep intruders away is to use multiple security mechanisms.
By Liviu Arsene Senior E-threat Analyst, Bitdefender, 3/18/2015
Comment0 comments  |  Read  |  Post a Comment
The 7 Best Social Engineering Attacks Ever
Sara Peters, Senior Editor at Dark Reading
Seven reminders of why technology alone isn't enough to keep you secure.
By Sara Peters Senior Editor at Dark Reading, 3/17/2015
Comment4 comments  |  Read  |  Post a Comment
Microsoft Warns Of Phony Windows Live Digital Certificate
Dark Reading Staff, Quick Hits
Unauathorized SSL certificate for 'live.fi' could be used for man-in-the-middle, phishing attacks, Microsoft says.
By Dark Reading Staff , 3/17/2015
Comment0 comments  |  Read  |  Post a Comment
Endpoints, Gateways, and Networks: Teamwork Is Better Than Lone Rangers
Bradon Rogers, Senior Vice President, Worldwide Product and Solution Marketing, Intel Security
Security vendors have a common goal when it comes to protecting their customers from danger. What’s missing is a common language and protocols for how and what to share.
By Bradon Rogers Senior Vice President, Worldwide Product and Solution Marketing, Intel Security, 3/16/2015
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2027
Published: 2015-03-31
eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the (1) addr_fields or (2) trans parameter to addressbook/csv_import.php, (3) cal_fields or (4) trans parameter to calendar/csv_import.p...

CVE-2014-2830
Published: 2015-03-31
Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils before 6.4, as used in pam_cifscreds, allows remote attackers to have unspecified impact via unknown vectors.

CVE-2014-7876
Published: 2015-03-31
Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27 and 4 before 2.03 and iLO Chassis Management (CM) firmware before 1.30 allows remote attackers to gain privileges, execute arbitrary code, or cause a denial of service via unknown vectors.

CVE-2014-9462
Published: 2015-03-31
The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone command.

CVE-2014-9706
Published: 2015-03-31
The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.