Vulnerabilities / Threats // Vulnerability Management
News & Commentary
A New Age in Cyber Security: Public Cyberhealth
Brian Foster, CTO, DamballaCommentary
The cleanup aimed at disrupting GameOver Zeus and CryptoLocker offers an instructive template for managing mass cyber infections.
By Brian Foster CTO, Damballa, 7/17/2014
Comment5 comments  |  Read  |  Post a Comment
Government Security: Saying 'No' Doesn't Work
Steve Jones, Group Strategy Director, Big Data & Analytics, CapgeminiCommentary
It's time for government agencies to move beyond draconian security rules and adopt anomaly analytics.
By Steve Jones Group Strategy Director, Big Data & Analytics, Capgemini, 7/14/2014
Comment0 comments  |  Read  |  Post a Comment
In Fog Of Cyberwar, US Tech Is Caught In Crossfire
Julian Waits, President & CEO, ThreatTrack SecurityCommentary
Distrust of the US intelligence community is eroding consumer confidence and hampering US technology firms on the global stage at a time when the sector should be showing unprecedented growth.
By Julian Waits President & CEO, ThreatTrack Security, 7/9/2014
Comment6 comments  |  Read  |  Post a Comment
Retro Macro Viruses: They're Baaack
Kevin Casey, Commentary
Malicious Virtual Basic for Applications (VBA) macros are back, this time using social engineering to trick users into opening infected attachments, says Sophos.
By Kevin Casey , 7/9/2014
Comment2 comments  |  Read  |  Post a Comment
Black Hat USA 2014: Third-Party Vulns Spread Like Diseases
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Understanding the impact of vulnerabilities in libraries and other components
By Ericka Chickowski Contributing Writer, Dark Reading, 7/7/2014
Comment2 comments  |  Read  |  Post a Comment
Dell Focuses On Security
Michael Endler, Associate Editor, InformationWeek.comCommentary
Dell made a flurry of security-minded announcements this week, highlighted by improvements to its Dropbox for Business integration.
By Michael Endler Associate Editor, InformationWeek.com, 6/26/2014
Comment5 comments  |  Read  |  Post a Comment
Sensitive Data Protection Bedevils IT Security Pros
William Welsh, Contributing WriterCommentary
Most organizations don't know where their sensitive structured or unstructured data resides, says new Ponemon study.
By William Welsh Contributing Writer, 6/24/2014
Comment3 comments  |  Read  |  Post a Comment
Crowdsourcing & Cyber Security: Who Do You Trust?
Robert R. Ackerman Jr., Founder & Managing Director, Allegis CapitalCommentary
A collective security defense can definitely tip the balance in favor of the good guys. But challenges remain.
By Robert R. Ackerman Jr. Founder & Managing Director, Allegis Capital, 6/24/2014
Comment3 comments  |  Read  |  Post a Comment
P.F. Chang's Breach Went Undetected For Months
Lucas Zaichkowsky, Enterprise Defense Architect, AccessDataCommentary
Early reports indicate that the compromise involved a large number of restaurant locations and dates as far back as September 2013.
By Lucas Zaichkowsky Enterprise Defense Architect, AccessData, 6/23/2014
Comment4 comments  |  Read  |  Post a Comment
Cyber Attackers Target Small, Midsized Businesses
Henry Kenyon, Commentary
As large companies beef up security, attackers seek out weak links and use social tactics to hit smaller enterprises.
By Henry Kenyon , 6/18/2014
Comment1 Comment  |  Read  |  Post a Comment
IoT: Get Security Right The First Time
Patrick Oliver Graf, GM, Americas, NCP EngineeringCommentary
Let's start building security into the Internet of Things now, before everything becomes connected -- and hackable.
By Patrick Oliver Graf GM, Americas, NCP Engineering, 6/17/2014
Comment6 comments  |  Read  |  Post a Comment
NIST Security Guidance Revision: Prepare Now
Vincent Berk, Commentary
NIST 800-53 Revision 5 will likely put more emphasis on continuous monitoring. Don't wait until it arrives to close your security gaps.
By Vincent Berk , 6/16/2014
Comment4 comments  |  Read  |  Post a Comment
XSS Flaw In TweetDeck Leads To Spread Of Potential Exploits
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Twitter unit fixes cross-site scripting problem, but not before many users spread vulnerable scripts with their tweets.
By Tim Wilson Editor in Chief, Dark Reading, 6/12/2014
Comment5 comments  |  Read  |  Post a Comment
Putter Panda: Tip Of The Iceberg
George Kurtz, President & CEO, CrowdStrikeCommentary
What CrowdStrike's outing of Putter Panda -- the second hacking group linked to China's spying on US defense and European satellite and aerospace industries -- means for the security industry.
By George Kurtz President & CEO, CrowdStrike, 6/10/2014
Comment3 comments  |  Read  |  Post a Comment
BYOD: Build A Policy That Works
Ericka Chickowski, Contributing Writer, Dark ReadingCommentary
To secure employee-owned smartphones and tablets, it takes a practical, enforceable set of guidelines.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/9/2014
Comment1 Comment  |  Read  |  Post a Comment
Government Advances Continuous Security Monitoring
Henry Kenyon, Commentary
DOD, DHS expect smart technologies will defend networks against common attacks, free IT personnel to deal with more dangerous threats.
By Henry Kenyon , 6/6/2014
Comment3 comments  |  Read  |  Post a Comment
Microsoft: Ignore Unofficial XP Update Workaround
Sara Peters, News
A small change to the Windows XP Registry allows users to receive security updates for another five years. Yet the tweak could create other security and functionality issues for XP holdouts.
By Sara Peters , 5/28/2014
Comment8 comments  |  Read  |  Post a Comment
Dissecting Dendroid: An In-Depth Look Inside An Android RAT Kit
Felix Leder, Senior Malware Researcher, Blue Coat Systems NorwayCommentary
Dendroid is full of surprises to assist it in subverting traditional security tactics through company-issued Android phones or BYOD.
By Felix Leder Senior Malware Researcher, Blue Coat Systems Norway, 5/28/2014
Comment4 comments  |  Read  |  Post a Comment
New Vulnerability In IE8 Remains Unpatched
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Security vulnerability in Microsoft's Internet Explorer 8 browser is disclosed by Zero-Day Initiative after software giant fails to patch during 180-day window
By Tim Wilson Editor in Chief, Dark Reading, 5/26/2014
Comment5 comments  |  Read  |  Post a Comment
Dark Reading To Launch Weekly Internet Radio Show
Tim Wilson, Editor in Chief, Dark ReadingCommentary
DR Radio will take place every Wednesday at 1:00 p.m. ET and will feature live chat; first topic will be "A Day in the Life of a Penetration Tester."
By Tim Wilson Editor in Chief, Dark Reading, 5/20/2014
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4725
Published: 2014-07-27
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.

CVE-2014-4726
Published: 2014-07-27
Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors.

CVE-2014-2363
Published: 2014-07-26
Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request.

CVE-2014-2625
Published: 2014-07-26
Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input, aka ZDI-CAN-2023.

CVE-2014-2626
Published: 2014-07-26
Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.