Commentary

Content posted in October 2006
Anatomy Of A Phishing Scam
Commentary  |  10/26/2006  | 
The invention of the phishing scam marked the first time in the history of computer viruses and malware that people could make serious money off of security attacks. Think it's easy to launch a phishing scam? It's not. But there's a big-time payoff for those who can successfully navigate through the following steps, as laid out by Andrew Klein, Everdream's director of product marketing.
Poll: Metasploit--Help Or Menace?
Commentary  |  10/20/2006  | 
Metasploit publishes tools to automate developing exploits that take advantage of security holes in software products. Is that right? Take our poll and let us know, and leave your $0.02 below.
Spam Bot Rivals Commercial Software
Commentary  |  10/19/2006  | 
Joe Stewart, senior security researcher at SecureWorks, has posted an analysis of a Trojan program called SpamThru on his company's Web site. As far as malware goes, it's a marvel.
Bots Bad, People Worse
Commentary  |  10/6/2006  | 
Less than 24 hours since InformationWeek went live with its exclusive pointing to evidence of bot infiltration within computers of federal and state government agencies, the reaction has been strong. Based on feedback to my colleague Tom Claburn's blog posting and through
The Bot Invasion
Commentary  |  10/4/2006  | 
October is Cyber Security Awareness Month, which perhaps explains the generally poor state of computer security. We'd be far better off with Cyber Security Awareness Year, observed annually, all day, every day between January 1st and December 31st. The problem is bots, malicious code that ta


White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
What's Cooking With Caleb Sima
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/12/2018
Mueller Probe Yields Hacking Indictments for 12 Russian Military Officers
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/13/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0243
PUBLISHED: 2018-07-19
Check_MK through 1.2.5i2p1 allows local users to read arbitrary files via a symlink attack to a file in /var/lib/check_mk_agent/job.
CVE-2014-2302
PUBLISHED: 2018-07-19
The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org.
CVE-2018-7602
PUBLISHED: 2018-07-19
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Rem...
CVE-2018-14332
PUBLISHED: 2018-07-19
An issue was discovered in Clementine Music Player 1.3.1. Clementine.exe is vulnerable to a user mode write access violation due to a NULL pointer dereference in the Init call in the MoodbarPipeline::NewPadCallback function in moodbar/moodbarpipeline.cpp. The vulnerability is triggered when the user...
CVE-2018-1529
PUBLISHED: 2018-07-19
IBM Rational DOORS Next Generation 5.0 through 5.0.2, 6.0 through 6.0.5 and IBM Rational Requirements Composer 5.0 through 5.0.2 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential...