Vulnerabilities / Threats // Advanced Threats
News & Commentary
Malvertising Trends: Dont Talk Ad Standards Without Ad Security
Kaiying Fu, Community Manager, CloudbricCommentaryy
How malvertising marries the strengths and weaknesses of the complex digital advertising ecosystem perfectly and what online publishers and security leaders need to do about it.
By Kaiying Fu Community Manager, Cloudbric, 10/19/2016
Comment6 comments  |  Read  |  Post a Comment
US GOP Senate Committee Allegedly Target Of Russian Hackers
Dark Reading Staff, Quick Hits
Dutch researcher finds NRSC web store among 5,900 e-commerce sites infected with malware designed to steal payment card details.
By Dark Reading Staff , 10/18/2016
Comment0 comments  |  Read  |  Post a Comment
Guccifer Sent Back To Romanian Prison
Dark Reading Staff, Quick Hits
Hacker, who exposed private email server of Hillary Clinton, will return to US in 2018 to serve 52-month jail term.
By Dark Reading Staff , 10/17/2016
Comment0 comments  |  Read  |  Post a Comment
Hacking Voting Systems: A Reality Check
Carson Sweet, Co-Founder & CTO, CloudPassageCommentaryy
Can democracy be hacked? Yes, but not in the way you might think.
By Carson Sweet Co-Founder & CTO, CloudPassage, 10/17/2016
Comment2 comments  |  Read  |  Post a Comment
IoT Default Passwords: Just Don't Do It
Daniel Riedel, CEO, New ContextCommentaryy
The rise of the Internet of Things makes the use of default passwords especially perilous. There are better options.
By Daniel Riedel CEO, New Context, 10/13/2016
Comment0 comments  |  Read  |  Post a Comment
France's TV5Monde Was Victim Of Vicious Cyberattack In 2015
Dark Reading Staff, Quick Hits
Hackers, allegedly Russians, targeted encoder systems in an attempt to destroy the network and cause major technical and financial damages.
By Dark Reading Staff , 10/11/2016
Comment0 comments  |  Read  |  Post a Comment
UN Watchdog: Nuclear Plants Disrupted By Cyberattack
Dark Reading Staff, Quick Hits
IAEA director Yukiya Amano says cyber threats to nuclear plants are "not an imaginary risk."
By Dark Reading Staff , 10/11/2016
Comment0 comments  |  Read  |  Post a Comment
Cyber Hunters, Incident Response & The Changing Nature Of Network Defense
Vincent Berk, CEO, FlowTraqCommentaryy
Or how I learned that network defense needs to evolve from a game of "stumbled upon" to "search and discover."
By Vincent Berk CEO, FlowTraq, 10/11/2016
Comment0 comments  |  Read  |  Post a Comment
US Formally Accuses Russia Of Stealing DNC Emails
Dark Reading Staff, Quick Hits
No word on what sanctions, if any, are coming.
By Dark Reading Staff , 10/7/2016
Comment0 comments  |  Read  |  Post a Comment
IoT DDoS Attack Code Released
Jai Vijayan, Freelance writerNews
Mirai malware could signal the beginning of new trend in using Internet of Things devices as bots for DDoS attacks.
By Jai Vijayan Freelance writer, 10/3/2016
Comment1 Comment  |  Read  |  Post a Comment
Hackers Attacked Voter Registration Systems Of 20 US States, Says Official
Dark Reading Staff, Quick Hits
US Homeland Security Department calls for scan of election websites and improve security even as FBI probes Russian involvement.
By Dark Reading Staff , 10/3/2016
Comment0 comments  |  Read  |  Post a Comment
Cybercriminals' Superior Business Savvy Keeps Them Ahead
Sara Peters, Senior Editor at Dark ReadingCommentaryyVideo
Rick Holland of Digital Shadows explains how the attackers' superior business agility, faster change management, specialized job force, lower barriers to entry and bulletproof hosting keeps them ahead of the good guys.
By Sara Peters Senior Editor at Dark Reading, 9/30/2016
Comment0 comments  |  Read  |  Post a Comment
Cybercrime-as-a-Service Offered To Militants, Terrorists, Says Europol
Dark Reading Staff, Quick Hits
The Darknet could provide ample resources and services for terrorists to carry out attacks, claims report.
By Dark Reading Staff , 9/30/2016
Comment1 Comment  |  Read  |  Post a Comment
Russian Hackers Target Citizen Journalists Reporting On Malaysian Airlines Crash
Jai Vijayan, Freelance writerNews
Bellingcats reporters have been hit with spear phishing attacks and account takeover attempts for over a year, ThreatConnect says.
By Jai Vijayan Freelance writer, 9/28/2016
Comment0 comments  |  Read  |  Post a Comment
Top Democrats Tell Putin To Halt Hacking Of US Political Parties
Dark Reading Staff, Quick Hits
Russia trying to influence November presidential elections, say Senator Dianne Feinstein and Rep. Adam Schiff.
By Dark Reading Staff , 9/23/2016
Comment7 comments  |  Read  |  Post a Comment
Biometric Skimmers Pose Emerging Threat To ATMs
Jai Vijayan, Freelance writerNews
Even as financial institutions move to shore up ATM security with biometric mechanisms, cybercrooks are busy figuring out ways to beat them.
By Jai Vijayan Freelance writer, 9/22/2016
Comment1 Comment  |  Read  |  Post a Comment
Majority Of Major Corporations Have User Credentials Stolen And Exposed
Jai Vijayan, Freelance writerNews
Companies in the entertainment and technology sectors are far more exposed than others, Digital Shadows analysis shows.
By Jai Vijayan Freelance writer, 9/21/2016
Comment0 comments  |  Read  |  Post a Comment
Zscaler Warns Of New iSpy Commercial Keylogger
Jai Vijayan, Freelance writerNews
Malware steals user data, license keys to popular applications.
By Jai Vijayan Freelance writer, 9/20/2016
Comment0 comments  |  Read  |  Post a Comment
The Future Of AI-Based Cybersecurity: It's Here Now
Dark Reading Staff, CommentaryyVideo
Stuart McClure, president and CEO of Cylance, stops by the Dark Reading News Desk at Black Hat.
By Dark Reading Staff , 9/19/2016
Comment0 comments  |  Read  |  Post a Comment
Whats The Risk? 3 Things To Know About Chatbots & Cybersecurity
Mike Baker, Founder & Principal, Mosaic451Commentaryy
Interactive message bots are useful and becoming more popular, but they raise serious security issues.
By Mike Baker Founder & Principal, Mosaic451, 9/19/2016
Comment5 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
According to industry estimates, about a million new IT security jobs will be created in the next two years but there aren't enough skilled professionals to fill them. On top of that, there isn't necessarily a clear path to a career in security. Dark Reading Executive Editor Kelly Jackson Higgins hosts guests Carson Sweet, co-founder and CTO of CloudPassage, which published a shocking study of the security gap in top US undergrad computer science programs, and Rodney Petersen, head of NIST's new National Initiative for Cybersecurity Education.