Vulnerabilities / Threats // Vulnerability Management
News & Commentary
Satellite Communications Wide Open To Hackers
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Satellite terminals widely used in transportation, military, and industrial plants contain backdoors, hardcoded credentials, weak encryption algorithms, and other design flaws, a new report says.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/17/2014
Comment2 comments  |  Read  |  Post a Comment
11 Heartbleed Facts: Vulnerability Discovery, Mitigation Continue
Mathew J. Schwartz, News
Millions of websites, applications from Cisco and VMware, Google Play apps, as well as millions of Android devices are vulnerable -- and the list keeps growing.
By Mathew J. Schwartz , 4/17/2014
Comment1 Comment  |  Read  |  Post a Comment
Smartphone Kill Switches Coming, But Critics Cry Foul
Thomas Claburn, Editor-at-LargeCommentary
Smartphone makers and carriers agree to add optional kill switches to smartphones, but law enforcement officials say the anti-theft effort doesn't go far enough.
By Thomas Claburn Editor-at-Large, 4/16/2014
Comment18 comments  |  Read  |  Post a Comment
White House Details Zero-Day Bug Policy
Mathew J. Schwartz, News
NSA denies prior knowledge of the Heartbleed vulnerability, but the White House reserves the right to withhold zero-day exploit information in some cases involving security or law enforcement.
By Mathew J. Schwartz , 4/15/2014
Comment3 comments  |  Read  |  Post a Comment
Heartbleed Will Go On Even After The Updates
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
What's next now that the mindset is 'assume the worst has already occurred?'
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/10/2014
Comment7 comments  |  Read  |  Post a Comment
Heartbleed: Making The Case For SDN
Lori MacVittie, Commentary
Software-defined networking technology could help protect against vulnerabilities like Heartbleed. It's time to develop a more mature SDN option.
By Lori MacVittie , 4/10/2014
Comment3 comments  |  Read  |  Post a Comment
More Than A Half-Million Servers Exposed To Heartbleed Flaw
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
What the newly exposed SSL/TLS threat really means for enterprises and end-users.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/9/2014
Comment15 comments  |  Read  |  Post a Comment
Social Engineering Grows Up
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Fifth annual DEF CON Social Engineering Capture the Flag Contest kicks off today with new "tag team" rules to reflect realities of the threat.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/7/2014
Comment9 comments  |  Read  |  Post a Comment
Nominum: 24 Million Home Routers Exposing ISPs to DDoS Attacks
Brian Prince, Contributing Writer, Dark ReadingNews
Even Internet service providers that go to great lengths to protect their networks are vulnerable.
By Brian Prince Contributing Writer, Dark Reading, 4/4/2014
Comment7 comments  |  Read  |  Post a Comment
API-First: 3 Steps For Building Secure Cloud Apps
Ravi Ithal, Chief Architect, NetskopeCommentary
When it comes to protecting data traveling to and from the cloud, today's choices are daunting. Here are three steps for making the application programming interface your new best friend.
By Ravi Ithal Chief Architect, Netskope, 4/3/2014
Comment4 comments  |  Read  |  Post a Comment
Bit Errors & the Internet of Things
Jaeson Schultz, Threat Research Engineer, Cisco TRAC TeamCommentary
Internet traffic, misdirected to malicious bitsquatted domains, has plagued computer security for years. The consequences will be even worse for the IoT.
By Jaeson Schultz Threat Research Engineer, Cisco TRAC Team, 3/31/2014
Comment7 comments  |  Read  |  Post a Comment
'Thingularity' Triggers Security Warnings
Mathew J. Schwartz, News
The Internet of Things is creating 50 billion Internet-connected devices. Who is going to keep them updated and secure?
By Mathew J. Schwartz , 3/28/2014
Comment0 comments  |  Read  |  Post a Comment
Flying Naked: Why Most Web Apps Leave You Defenseless
Jeff Williams, CTO, Contrast SecurityCommentary
Even the best-funded and "mature" corporate AppSec programs aren't testing all their web applications and services. That leaves many applications with no real security in place.
By Jeff Williams CTO, Contrast Security, 3/28/2014
Comment13 comments  |  Read  |  Post a Comment
A Cyber History Of The Ukraine Conflict
John Bumgarner, Chief Technology Officer for the U.S. Cyber Consequences UnitCommentary
The CTO for the US Cyber Consequences Unit offers a brief lesson in Russian geopolitics and related cyber flare-ups, and explains why we should be concerned.
By John Bumgarner Chief Technology Officer for the U.S. Cyber Consequences Unit, 3/27/2014
Comment5 comments  |  Read  |  Post a Comment
Facebook Builds Its Own Threat Modeling System
Kelly Jackson Higgins, Senior Editor, Dark ReadingQuick Hits
The tool helps the social network gather, store, analyze, and react to the latest threats against it.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 3/26/2014
Comment4 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-3154
Published: 2014-04-17
DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file conte...

CVE-2013-2143
Published: 2014-04-17
The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.

CVE-2014-0036
Published: 2014-04-17
The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.

CVE-2014-0054
Published: 2014-04-17
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External ...

CVE-2014-0071
Published: 2014-04-17
PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections.

Best of the Web