Vulnerabilities / Threats // Vulnerability Management
News & Commentary
White House Details Zero-Day Bug Policy
Mathew J. Schwartz, News
NSA denies prior knowledge of the Heartbleed vulnerability, but the White House reserves the right to withhold zero-day exploit information is some cases involving security or law enforcement.
By Mathew J. Schwartz , 4/15/2014
Comment2 comments  |  Read  |  Post a Comment
Heartbleed Will Go On Even After The Updates
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
What's next now that the mindset is 'assume the worst has already occurred?'
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/10/2014
Comment6 comments  |  Read  |  Post a Comment
Heartbleed: Making The Case For SDN
Lori MacVittie, Commentary
Software-defined networking technology could help protect against vulnerabilities like Heartbleed. It's time to develop a more mature SDN option.
By Lori MacVittie , 4/10/2014
Comment3 comments  |  Read  |  Post a Comment
More Than A Half-Million Servers Exposed To Heartbleed Flaw
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
What the newly exposed SSL/TLS threat really means for enterprises and end-users.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/9/2014
Comment15 comments  |  Read  |  Post a Comment
Social Engineering Grows Up
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Fifth annual DEF CON Social Engineering Capture the Flag Contest kicks off today with new "tag team" rules to reflect realities of the threat.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/7/2014
Comment9 comments  |  Read  |  Post a Comment
Nominum: 24 Million Home Routers Exposing ISPs to DDoS Attacks
Brian Prince, Contributing Writer, Dark ReadingNews
Even Internet service providers that go to great lengths to protect their networks are vulnerable.
By Brian Prince Contributing Writer, Dark Reading, 4/4/2014
Comment7 comments  |  Read  |  Post a Comment
API-First: 3 Steps For Building Secure Cloud Apps
Ravi Ithal, Chief Architect, NetskopeCommentary
When it comes to protecting data traveling to and from the cloud, today's choices are daunting. Here are three steps for making the application programming interface your new best friend.
By Ravi Ithal Chief Architect, Netskope, 4/3/2014
Comment4 comments  |  Read  |  Post a Comment
Bit Errors & the Internet of Things
Jaeson Schultz, Threat Research Engineer, Cisco TRAC TeamCommentary
Internet traffic, misdirected to malicious bitsquatted domains, has plagued computer security for years. The consequences will be even worse for the IoT.
By Jaeson Schultz Threat Research Engineer, Cisco TRAC Team, 3/31/2014
Comment7 comments  |  Read  |  Post a Comment
'Thingularity' Triggers Security Warnings
Mathew J. Schwartz, News
The Internet of Things is creating 50 billion Internet-connected devices. Who is going to keep them updated and secure?
By Mathew J. Schwartz , 3/28/2014
Comment0 comments  |  Read  |  Post a Comment
Flying Naked: Why Most Web Apps Leave You Defenseless
Jeff Williams, CTO, Contrast SecurityCommentary
Even the best-funded and "mature" corporate AppSec programs aren't testing all their web applications and services. That leaves many applications with no real security in place.
By Jeff Williams CTO, Contrast Security, 3/28/2014
Comment13 comments  |  Read  |  Post a Comment
A Cyber History Of The Ukraine Conflict
John Bumgarner, Chief Technology Officer for the U.S. Cyber Consequences UnitCommentary
The CTO for the US Cyber Consequences Unit offers a brief lesson in Russian geopolitics and related cyber flare-ups, and explains why we should be concerned.
By John Bumgarner Chief Technology Officer for the U.S. Cyber Consequences Unit, 3/27/2014
Comment5 comments  |  Read  |  Post a Comment
Facebook Builds Its Own Threat Modeling System
Kelly Jackson Higgins, Senior Editor, Dark ReadingQuick Hits
The tool helps the social network gather, store, analyze, and react to the latest threats against it.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/26/2014
Comment4 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-5704
Published: 2014-04-15
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."

CVE-2013-5705
Published: 2014-04-15
apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.

CVE-2014-0341
Published: 2014-04-15
Multiple cross-site scripting (XSS) vulnerabilities in PivotX before 2.3.9 allow remote authenticated users to inject arbitrary web script or HTML via the title field to (1) templates_internal/pages.tpl, (2) templates_internal/home.tpl, or (3) templates_internal/entries.tpl; (4) an event field to ob...

CVE-2014-0342
Published: 2014-04-15
Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .php# extension, and then accessing it via unspecified vectors.

CVE-2014-0348
Published: 2014-04-15
The Artiva Agency Single Sign-On (SSO) implementation in Artiva Workstation 1.3.x before 1.3.9, Artiva Rm 3.1 MR7, Artiva Healthcare 5.2 MR5, and Artiva Architect 3.2 MR5, when the domain-name option is enabled, allows remote attackers to login to arbitrary domain accounts by using the corresponding...

Best of the Web