Database Security
Authentication
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
The Future Of ATM Hacking
Here's The Business Side Of Thwarting A Cyberattack
Dark Reading Radio at Black Hat 2016: 2 Shows, 4 #BHUSA Presenters
Kaminsky Creates Prototype To Lock Out Attackers
This Time, Miller & Valasek Hack The Jeep At Speed
News & Commentary
Trump Winning Spam Race By Huge Margin
Jai Vijayan, Freelance writerNews
Republican Presidential contender’s name appears nearly 170 times more often in spam email subject lines than Clinton’s over last two months.
By Jai Vijayan Freelance writer, 8/11/2016
Comment1 Comment  |  Read  |  Post a Comment
Security Portfolios: A Different Approach To Leadership
Adam Shostack, Founder, Stealth StartupCommentary
How grounding a conversation around a well-organized list of controls and their goals can help everyone be, literally, on the same page.
By Adam Shostack Founder, Stealth Startup, 8/11/2016
Comment0 comments  |  Read  |  Post a Comment
What The TSA Teaches Us About IP Protection
Brian White, Chief Operating Officer, RedOwlCommentary
Data loss prevention solutions are no longer effective. Today’s security teams have to keep context and human data in mind, as the TSA does.
By Brian White Chief Operating Officer, RedOwl, 8/11/2016
Comment0 comments  |  Read  |  Post a Comment
Rio Games Escalating Cyber Risk To Mobile Users
Dark Reading Staff, Quick Hits
Intensified social media activities during sporting events increase threats from cybercriminals to 55%, new report from Allot finds.
By Dark Reading Staff , 8/11/2016
Comment0 comments  |  Read  |  Post a Comment
Google To Roll Out New Security Alerts On Gmail
Dark Reading Staff, Quick Hits
Gmail users to get alerts for suspicious email senders as well as sketchy links in messages.
By Dark Reading Staff , 8/11/2016
Comment0 comments  |  Read  |  Post a Comment
The Future Of ATM Hacking
Sara Peters, Senior Editor at Dark ReadingNews
Research released at Black Hat USA last week shows that one of our best defenses for the future of payment card and ATM security isn't infallible. Here's why.
By Sara Peters Senior Editor at Dark Reading, 8/11/2016
Comment1 Comment  |  Read  |  Post a Comment
Here's The Business Side Of Thwarting A Cyberattack
Sean Martin, CISSP | President, imsmartin
Ponemon Group study data illustrates the balancing act of running a business while trying to stay secure.
By Sean Martin CISSP | President, imsmartin, 8/11/2016
Comment0 comments  |  Read  |  Post a Comment
Government, Hackers Learn To Make Nice
Terry Sweeney, Contributing EditorNews
It's still an uneasy alliance, but the hacking community and government are finding their way toward more constructive dialog and cooperation
By Terry Sweeney Contributing Editor, 8/10/2016
Comment4 comments  |  Read  |  Post a Comment
PLC Worms Pose Stealthy Threat To Industrial Systems
Jai Vijayan, Freelance writerNews
Researchers at Black Hat USA demonstrated 'PLC Blaster' worm capable of infecting programmable logic controllers and spreading to other systems.
By Jai Vijayan Freelance writer, 8/10/2016
Comment0 comments  |  Read  |  Post a Comment
Theory Vs Practice: Getting The Most Out Of Infosec
Joshua Goldfarb, VP & CTO - Emerging Technologies, FireEyeCommentary
Why being practical and operationally minded is the only way to build a successful security program.
By Joshua Goldfarb VP & CTO - Emerging Technologies, FireEye, 8/10/2016
Comment0 comments  |  Read  |  Post a Comment
Advanced Threat Hunting: Are You The Hunter Or The Hunted?
Ned Miller, Intel Security, Chief Technology Strategist for Public Sector
Make proactive threat hunting a standard part of your security best practices and not just an element of incident-response measures.
By Ned Miller Intel Security, Chief Technology Strategist for Public Sector, 8/10/2016
Comment0 comments  |  Read  |  Post a Comment
US Cyber Command Could Be Elevated To Major Cyber Weapon Unit
Dark Reading Staff, Quick Hits
Obama administration debates separating Cyber Command from NSA in battle against cyber threats and Islamic State, say sources.
By Dark Reading Staff , 8/10/2016
Comment2 comments  |  Read  |  Post a Comment
Four Years In Jail For Man Charged In Romney Tax Return And Hack Scheme
Dark Reading Staff, Quick Hits
Michael Mancil Brown was convicted in May for wire fraud and demanding ransom of $1 million in bitcoins.
By Dark Reading Staff , 8/10/2016
Comment0 comments  |  Read  |  Post a Comment
30 More Victims Pinned On Highly Selective Cyberespionage Group
Jai Vijayan, Freelance writerNews
Kaspersky Lab says newly discovered threat actor ProjectSauron -- called Strider by Symantec -- has hit organizations in Russia, Rwanda, Iran, and Italian-speaking nations.
By Jai Vijayan Freelance writer, 8/9/2016
Comment0 comments  |  Read  |  Post a Comment
Spearphishing: It’s Curiosity That Makes Them Click
Steve Zurier, Freelance WriterNews
Researchers prove that people can be fooled just because they want to know what’s on the other end of that email. Here are three steps you can take without spending too much money.
By Steve Zurier Freelance Writer, 8/9/2016
Comment2 comments  |  Read  |  Post a Comment
Why Hackers Are Getting 'All Political' This Election Year
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Jeff Moss, aka 'The Dark Tangent,' explains why the 2016 Presidential election is a turning point for security and politics -- and why he headlined a Clinton fundraiser last week in Vegas.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/9/2016
Comment0 comments  |  Read  |  Post a Comment
Global IT Security Spending Will Top $81 Billion In 2016
Kelly Sheridan, Associate Editor, InformationWeekNews
Gartner predicts worldwide spending on information security products and services will reach $81.6 billion in 2016 -- an increase of 7.9% from last year.
By Kelly Sheridan Associate Editor, InformationWeek, 8/9/2016
Comment0 comments  |  Read  |  Post a Comment
Organizations Still Give Employees More Access Than They Need
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Ponemon study shows that access to proprietary information remains on the rise.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/9/2016
Comment0 comments  |  Read  |  Post a Comment
Building A Detection Strategy With The Right Metrics
Giora Engel, VP Product & Strategy, LightCyberCommentary
The tools used in detecting intrusions can lead to an overwhelming number of alerts, but they’re a vital part of security.
By Giora Engel VP Product & Strategy, LightCyber, 8/9/2016
Comment0 comments  |  Read  |  Post a Comment
People Who Work Together Will Win
Josh Thurston, Security Strategist - Americas, Office of the CTO, Intel Security
It’s time for an updated security strategy, built on efficiency and automation.
By Josh Thurston Security Strategist - Americas, Office of the CTO, Intel Security, 8/9/2016
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
HTTP/2: Imperva Hacker Intelligence Initiative Report Reveals Four High-Profile Flaws in the Latest Version of the Worldwide Web’s Underlying Protocol
Untangle Announces Revolutionary Wi-Fi Router Operating System
Kudelski Security Expands Into U.S. Market to Address Demand for Advanced Cybersecurity Solutions
TrapX Evolves Deception-Based Network Security Beyond IT
Attivo Networks Launches Attack Path Vulnerability Assessments for Continuous Threat Management at Black Hat
Acalvio Technologies Emerges from Stealth Mode with $17 Million Investment from Accel Ventures, Ignition Partners, Eileses Capital
Indegy Lands $12M in Series A Financing to Protect Critical Infrastructures from Cyber Threats
Third-Party Cyber Risk Management Platform Company CyberGRX Closes $9M Series A Funding
More Products & Releases
PR Newswire
New Internet Security Domains Debut
Terry Sweeney, Contributing Editor,  8/5/2016
Government, Hackers Learn To Make Nice
Terry Sweeney, Contributing Editor,  8/10/2016
Spearphishing: It's Curiosity That Makes Them Click
Steve Zurier, Freelance Writer,  8/9/2016
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Advanced Threat Hunting: Are You The Hunter Or The Hunted?
Make proactive threat hunting a standard part of your security best practices and not just an element of incident-response measures. Read >>
Partner Perspectives
What's This?
Breach Defense Playbook: Cybersecurity Governance
Time to leave the island: Integrate cybersecurity into your risk management strategy. Read >>
Partner Perspectives
What's This?
How the Adoption of EDR Transforms a SOC's Effectiveness
Endpoint detection response is helping take the headache out of responding to threats by providing visibility where most organizations are blind. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Cartoon Contest
Dark Reading Radio
Archived Dark Reading Radio
Dark Reading editors are live at Black Hat 2016. In this special episode of Dark Reading Radio, join executive editor Kelly Jackson Higgins and senior editor Sara Peters as they bring you conversations with speakers from the Black Hat 2016 conference.
White Papers
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed