Vulnerabilities / Threats
News & Commentary
The Truth About Ransomware: You’re On Your Own
Andrew Hay, Sr. Security Research Lead & Evangelist, OpenDNSCommentary
What should enterprises do when faced with ransomware? The answer is, it depends.
By Andrew Hay Sr. Security Research Lead & Evangelist, OpenDNS, 9/22/2014
Comment1 Comment  |  Read  |  Post a Comment
An AppSec Report Card: Developers Barely Passing
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
A new study reveals that application developers are getting failing grades when it comes to their knowledge of critical security such as how to protect sensitive data, Web services, and threat modeling.
By Jeff Williams CTO, Aspect Security & Contrast Security, 9/19/2014
Comment10 comments  |  Read  |  Post a Comment
5 Ways To Monitor DNS Traffic For Security Threats
Dave Piscitello, VP Security, ICANNCommentary
Check out these examples of how to implement real-time or offline traffic monitoring using common commercial or open source security products.
By Dave Piscitello VP Security, ICANN, 9/18/2014
Comment4 comments  |  Read  |  Post a Comment
Federal Inaction Breeds ID Theft, Says Frank Abagnale
David F Carr, Editor, InformationWeek Government/HealthcareCommentary
Onetime "Catch Me If You Can" swindler turned anti-fraud consultant says identity theft is "4,000 times easier" than when he was living a life of crime.
By David F Carr Editor, InformationWeek Government/Healthcare, 9/18/2014
Comment1 Comment  |  Read  |  Post a Comment
Browser Vulnerability 'Privacy Disaster' For 3 Of 4 Android Users
Sara Peters, Senior Editor at Dark ReadingQuick Hits
An exploit of an unsupported Android browser bypasses the ever-important Same Origin Policy.
By Sara Peters Senior Editor at Dark Reading, 9/16/2014
Comment1 Comment  |  Read  |  Post a Comment
New CVE Naming Convention Could Break Vulnerability Management
Ericka Chickowski, Contributing Writer, Dark ReadingNews
MITRE sets deadline for releasing new CVEs with different ID format syntax, regardless of how many vulnerabilities we see in 2014.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/16/2014
Comment0 comments  |  Read  |  Post a Comment
In Defense Of Passwords
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
Long live the password (as long as you use it correctly along with something else).
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 9/16/2014
Comment12 comments  |  Read  |  Post a Comment
Worm Illuminates Potential NAS Nightmare
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
A researcher at Black Hat Europe hopes to demonstrate a homegrown, self-replicating worm to illustrate major threats to popular network-attached storage systems.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/15/2014
Comment6 comments  |  Read  |  Post a Comment
Internet Of Things Devices Are Doomed
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Security researchers hack Canon printer firmware to run the classic 90s video game Doom as well as to wreak havoc with other manipulations.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/15/2014
Comment9 comments  |  Read  |  Post a Comment
5 Myths: Why We Are All Data Security Risks
Lance Cottrell, Chief Scientist, NtrepidCommentary
I am absolutely sure that I could be tricked by a well-crafted spear phishing attack, and I am equally sure I could do the same to you.
By Lance Cottrell Chief Scientist, Ntrepid, 9/15/2014
Comment12 comments  |  Read  |  Post a Comment
Apple Pay: A Necessary Push To Transform Consumer Payments
Lucas Zaichkowsky, Enterprise Defense Architect, AccessDataCommentary
Apple Pay is a strategic move that will rival PayPal and other contenders in the mobile wallet marketplace. The big question is whether consumers and businesses are ready to ditch the plastic.
By Lucas Zaichkowsky Enterprise Defense Architect, AccessData, 9/11/2014
Comment16 comments  |  Read  |  Post a Comment
Startup Uncovers Flaws In Mobile Apps, Launches New Security Service
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Wandera says only one of seven US employees is given any guidance on mobile security by the employer.
By Tim Wilson Editor in Chief, Dark Reading, 9/11/2014
Comment3 comments  |  Read  |  Post a Comment
Study: 15 Million Devices Infected With Mobile Malware
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Sixty percent of the infected devices run Android.
By Sara Peters Senior Editor at Dark Reading, 9/9/2014
Comment0 comments  |  Read  |  Post a Comment
No End In Sight For Ransomware
Brian Foster, CTO, DamballaCommentary
The screenlocker Kovter, in particular, has shown sharp growth this year. It masquerades as a law enforcement authority and threatens police action if users don’t pay up.
By Brian Foster CTO, Damballa, 9/8/2014
Comment0 comments  |  Read  |  Post a Comment
HealthCare.gov Breach: The Ripple Effect
Alison Diana, Senior EditorCommentary
Hackers breached a HealthCare.gov test server, reportedly affecting no records, but the repercussions could spread across many medical organizations.
By Alison Diana Senior Editor, 9/6/2014
Comment18 comments  |  Read  |  Post a Comment
Poll: Significant Insecurity About Internet of Things
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Fewer than one percent of more than 800 Dark Reading community members are ready for the fast approaching security onslaught of the IoT.
By Marilyn Cohodas Community Editor, Dark Reading, 9/5/2014
Comment3 comments  |  Read  |  Post a Comment
Celeb Hack: Is Apple Telling All It Knows?
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Did Apple have a system-wide data breach? No. Was it complicit through an appalling security lapse by not defending against brute force attacks? You’re darn tootin'!
By Dave Kearns Analyst, Kuppinger-Cole, 9/3/2014
Comment14 comments  |  Read  |  Post a Comment
Secure The Core: Advice For Agencies Under Attack
Vijay Basani, CEO, EiQ NetworksCommentary
When facing state-sponsored attacks, perimeter security is never enough.
By Vijay Basani CEO, EiQ Networks, 9/3/2014
Comment2 comments  |  Read  |  Post a Comment
CryptoWall More Pervasive, Less Profitable Than CryptoLocker
Sara Peters, Senior Editor at Dark ReadingNews
The former CryptoLocker wannabe has netted 625,000 infected systems and more than $1 million in ransoms.
By Sara Peters Senior Editor at Dark Reading, 8/28/2014
Comment5 comments  |  Read  |  Post a Comment
Backoff, Dairy Queen, UPS & Retail's Growing PoS Security Problem
Sara Peters, Senior Editor at Dark ReadingNews
Retail brands are trying to pass the buck for data security to banks and franchisees, say some experts.
By Sara Peters Senior Editor at Dark Reading, 8/27/2014
Comment13 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
3 Places to Enable 2-Factor Authentication Now
3 Places to Enable 2-Factor Authentication Now
Two-factor authentication is a ubiquitous, mature technology. Whether or not you use it for your network, here are three external services for which you should immediately enable it.
Comment1 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5700
Published: 2014-09-22
Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.2f allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/index.php or the (2) username or (3) password parameter in blocks/loginbox/loginbox.template.php to index.php. NOTE: some o...

CVE-2014-0484
Published: 2014-09-22
The Debian acpi-support package before 0.140-5+deb7u3 allows local users to gain privileges via vectors related to the "user's environment."

CVE-2014-2942
Published: 2014-09-22
Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser code, and then leveraging physical access or terminal access to enter this code.

CVE-2014-3595
Published: 2014-09-22
Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network (RHN) Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging.

CVE-2014-3635
Published: 2014-09-22
Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows remote attackers to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one m...

Best of the Web
Dark Reading Radio