Vulnerabilities / Threats // Advanced Threats
News & Commentary
Russia Likely Behind DNC Breach, Says FBI
Dark Reading Staff, Quick Hits
Motive behind DNC hack and leak is possibly to tilt election in favor of Trump, say US officials.
By Dark Reading Staff , 7/26/2016
Comment0 comments  |  Read  |  Post a Comment
New Portal Offers Decryption Tools For Some Ransomware Victims
Jai Vijayan, Freelance writerNews
Nomoreransom.org, a joint initiative between Europol, the Dutch National Police, Kaspersky Lab and Intel Security, offers help in getting encrypted data back.
By Jai Vijayan Freelance writer, 7/25/2016
Comment0 comments  |  Read  |  Post a Comment
How Jihadists Operate Online And Under The Radar: Report
Jai Vijayan, Freelance writerNews
Secure browsers, VPNs, protected email apps, and mobile security apps are just tip of iceberg, Flashpoint report shows.
By Jai Vijayan Freelance writer, 7/22/2016
Comment2 comments  |  Read  |  Post a Comment
Auto Industry ISAC Releases Best Practices For Connected Vehicle Cybersecurity
Jai Vijayan, Freelance writerNews
Goal is to provide car manufactures with guidelines for protecting modern vehicles against emerging cyber threats
By Jai Vijayan Freelance writer, 7/21/2016
Comment0 comments  |  Read  |  Post a Comment
Tools & Training To ‘Hack Yourself’ Into Better Security
Ofer Israeli, Founder & VP, R&D, illusive networksCommentary
How to teach your blue team to think like the red team when your network is under attack and time is your most valuable asset.
By Ofer Israeli Founder & VP, R&D, illusive networks, 7/21/2016
Comment3 comments  |  Read  |  Post a Comment
Majority Of Companies Say Trade Secrets Likely Compromised
Jai Vijayan, Freelance writerNews
About 60 percent of companies in a survey by Ponemon and Kilpatrick Townsend say at least some of their trade secrets are likely in the hands of rivals
By Jai Vijayan Freelance writer, 7/21/2016
Comment0 comments  |  Read  |  Post a Comment
Ransomware Victims Rarely Pay The Full Ransom Price
Jai Vijayan, Freelance writerNews
The purveyors of cyber-extortion schemes often willing to negotiate their ransom fees, F-Secure study finds.
By Jai Vijayan Freelance writer, 7/18/2016
Comment2 comments  |  Read  |  Post a Comment
UK Rail Hit By Four Cyberattacks In One Year
Dark Reading Staff, Quick Hits
No disruption to rail network caused, hackers appear to be nation-states, says cybersecurity firm Darktrace.
By Dark Reading Staff , 7/18/2016
Comment0 comments  |  Read  |  Post a Comment
Meet The Teams In DARPA's All-Machine Hacking Tournament
Steve Zurier, Freelance Writer
"Autonomous security" is DARPA's latest game. Its Cyber Grand Challenge will culminate at DEF CON with a contest to see which of these seven finalists' machines will automatically detect and remediate the most security vulnerabilities.
By Steve Zurier Freelance Writer, 7/15/2016
Comment1 Comment  |  Read  |  Post a Comment
Context-Rich And Context-Aware Cybersecurity
Ned Miller, Intel Security, Chief Technology Strategist for Public Sector
An adaptive threat-prevention model is quickly replacing traditional, unintegrated architectures as security teams work to achieve a sustainable advantage against complex threats.
By Ned Miller Intel Security, Chief Technology Strategist for Public Sector, 7/14/2016
Comment1 Comment  |  Read  |  Post a Comment
Adobe Fixes 52 Vulnerabilities In Flash
Dark Reading Staff, Quick Hits
Updated version fixes CVEs that allowed remote code execution on affected machines.
By Dark Reading Staff , 7/13/2016
Comment0 comments  |  Read  |  Post a Comment
Fiat Chrysler Launches Bug Bounty Program
Dark Reading Staff, Quick Hits
Platform will be leveraged to identify and resolve security issues in automobile software.
By Dark Reading Staff , 7/13/2016
Comment0 comments  |  Read  |  Post a Comment
What I Expect to See At Black Hat 2016: 5 Themes
Chris Wysopal, CTO, CISO and co-founder, VeracodeCommentary
Over the years, Black Hat has morphed from a little show for security researchers to a big conference that attracts everyone from black-hat hackers to C-level security execs. Here’s what piques my interest this year.
By Chris Wysopal CTO, CISO and co-founder, Veracode, 7/13/2016
Comment1 Comment  |  Read  |  Post a Comment
Profiles Of The Top 7 Bug Hunters From Around the Globe
Sean Martin, CISSP | President, imsmartin
'Super hunters' share a common goal: to find the most high impact valid bugs before a bad guy does.
By Sean Martin CISSP | President, imsmartin, 7/12/2016
Comment0 comments  |  Read  |  Post a Comment
Does Defense In Depth Still Work Against Today’s Cyber Threats?
Frank Mong, Senior VP, Product, Industry & Solutions Marketing, Palo Alto NetworksCommentary
Yes. But not for much longer unless the industry shifts to an automated security and zero trust model.
By Frank Mong Senior VP, Product, Industry & Solutions Marketing, Palo Alto Networks, 7/11/2016
Comment1 Comment  |  Read  |  Post a Comment
NATO Ambassador: How The Ukraine Crisis Fits Cyber War Narrative
Sara Peters, Senior Editor at Dark ReadingNews
Kenneth Geers previews his Black Hat talk and discusses the strategic military maneuvers governments can make within cyberspace.
By Sara Peters Senior Editor at Dark Reading, 7/7/2016
Comment1 Comment  |  Read  |  Post a Comment
Big Business Ransomware: A Lucrative Market in the Underground Economy
Michael Sutton, Chief Information Security Office, ZscalerCommentary
Why lock and/or pilfer a person’s files worth hundreds of dollars when corporate data is infinitely more valuable?
By Michael Sutton Chief Information Security Office, Zscaler, 7/1/2016
Comment1 Comment  |  Read  |  Post a Comment
China’s Economic Cyber-Spying Drops Post Sept Talks: US Official
Dark Reading Staff, Quick Hits
U.S. Assistant Attorney General John Carlin's statement finds support in FireEye report of a 90% fall in China-based hacking.
By Dark Reading Staff , 7/1/2016
Comment0 comments  |  Read  |  Post a Comment
The Attribution Question: Does It Matter Who Attacked You?
Sara Peters, Senior Editor at Dark ReadingNews
Everyone will ask whodunnit, but how can an organization put that information to practical use during disaster recovery and planning for the future?
By Sara Peters Senior Editor at Dark Reading, 6/29/2016
Comment3 comments  |  Read  |  Post a Comment
Over 25,000 IoT CCTV Cameras Used In DDoS Attack
Dark Reading Staff, Quick Hits
Probe uncovers attacks generated from 105 global locations and delivering 50,000 HTTP requests per second.
By Dark Reading Staff , 6/29/2016
Comment6 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Raymacmurray
Current Conversations great post nice
In reply to: Re: brief suspects
Post Your Own Reply
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Changing Face of Identity Management
Mobility and cloud services are altering the concept of user identity. Here are some ways to keep up.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio

The cybersecurity profession struggles to retain women (figures range from 10 to 20 percent). It's particularly worrisome for an industry with a rapidly growing number of vacant positions.

So why does the shortage of women continue to be worse in security than in other IT sectors? How can men in infosec be better allies for women; and how can women be better allies for one another? What is the industry doing to fix the problem -- what's working, and what isn't?

Is this really a problem at all? Are the low numbers simply an indication that women do not want to be in cybersecurity, and is it possible that more women will never want to be in cybersecurity? How many women would we need to see in the industry to declare success?

Join Dark Reading senior editor Sara Peters and guests Angela Knox of Cloudmark, Barrett Sellers of Arbor Networks, Regina Wallace-Jones of Facebook, Steve Christey Coley of MITRE, and Chris Roosenraad of M3AAWG on Wednesday, July 13 at 1 p.m. Eastern Time to discuss all this and more.