Vulnerabilities / Threats // Advanced Threats
News & Commentary
Top Democrats Tell Putin To Halt Hacking Of US Political Parties
Dark Reading Staff, Quick Hits
Russia trying to influence November presidential elections, say Senator Dianne Feinstein and Rep. Adam Schiff.
By Dark Reading Staff , 9/23/2016
Comment6 comments  |  Read  |  Post a Comment
Biometric Skimmers Pose Emerging Threat To ATMs
Jai Vijayan, Freelance writerNews
Even as financial institutions move to shore up ATM security with biometric mechanisms, cybercrooks are busy figuring out ways to beat them.
By Jai Vijayan Freelance writer, 9/22/2016
Comment1 Comment  |  Read  |  Post a Comment
Majority Of Major Corporations Have User Credentials Stolen And Exposed
Jai Vijayan, Freelance writerNews
Companies in the entertainment and technology sectors are far more exposed than others, Digital Shadows analysis shows.
By Jai Vijayan Freelance writer, 9/21/2016
Comment0 comments  |  Read  |  Post a Comment
Zscaler Warns Of New iSpy Commercial Keylogger
Jai Vijayan, Freelance writerNews
Malware steals user data, license keys to popular applications.
By Jai Vijayan Freelance writer, 9/20/2016
Comment0 comments  |  Read  |  Post a Comment
The Future Of AI-Based Cybersecurity: It's Here Now
Dark Reading Staff, CommentaryVideo
Stuart McClure, president and CEO of Cylance, stops by the Dark Reading News Desk at Black Hat.
By Dark Reading Staff , 9/19/2016
Comment0 comments  |  Read  |  Post a Comment
Whats The Risk? 3 Things To Know About Chatbots & Cybersecurity
Mike Baker, Founder & Principal, Mosaic451Commentary
Interactive message bots are useful and becoming more popular, but they raise serious security issues.
By Mike Baker Founder & Principal, Mosaic451, 9/19/2016
Comment3 comments  |  Read  |  Post a Comment
Republican Lawmaker Withdraws Hack Allegations Saying He Misspoke
Dark Reading Staff, Quick Hits
Michael McCaul had earlier alleged that like DNC, the Republican National Committee computers were also breached by Russian hackers.
By Dark Reading Staff , 9/16/2016
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Patches Zero Day Flaw Used In Two Massive Malvertising Campaigns
Jai Vijayan, Freelance writerNews
Bug gave attackers a way to identify and avoid systems belonging to security researchers and vendors, Proofpoint says.
By Jai Vijayan Freelance writer, 9/14/2016
Comment0 comments  |  Read  |  Post a Comment
France's Online Criminal Underground Built On Foundation Of Distrust
Sara Peters, Senior Editor at Dark ReadingNews
French criminals seeking black market goods and services -- cyber and otherwise -- have to look in darker shadows and work harder to prove their felonious credibility.
By Sara Peters Senior Editor at Dark Reading, 9/14/2016
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity In The Obama Era
Rutrell Yasin, Business Technology Writer, Tech Writers Bureau
Our roundup of the Obama administrations major initiatives, executive orders and actions over the past seven and a half years. How would you grade the president's cybersecurity achievements?
By Rutrell Yasin Business Technology Writer, Tech Writers Bureau, 9/13/2016
Comment2 comments  |  Read  |  Post a Comment
Israeli Teenagers Held For Allegedly Running Hacking Service
Dark Reading Staff, Quick Hits
The two 18-year-olds were responsible for more than 150,000 DDoS attacks which earned them around $600,000 in two years, say reports.
By Dark Reading Staff , 9/13/2016
Comment0 comments  |  Read  |  Post a Comment
PCI Security Update Targets PIN System Vendors
Jai Vijayan, Freelance writerNews
New requirements cover physical and logical security controls.
By Jai Vijayan Freelance writer, 9/12/2016
Comment0 comments  |  Read  |  Post a Comment
Obama Calls For Norms To Prevent 'Cyber Wild Wild West'
Dark Reading Staff, Quick Hits
At G-20 summit, US President warns of a free-for-all if urgent measures are not taken by countries with cyber weapons capabilities.
By Dark Reading Staff , 9/8/2016
Comment0 comments  |  Read  |  Post a Comment
The Shifting Mindset Of Financial Services CSOs
Leni Selvaggio, Global Lead, Financial Services Industry, CiscoCommentary
Theyre getting more realistic and developing strategies to close security gaps.
By Leni Selvaggio Global Lead, Financial Services Industry, Cisco, 9/8/2016
Comment0 comments  |  Read  |  Post a Comment
Network Management Systems Vulnerable To SNMP Attacks
Jai Vijayan, Freelance writerNews
Products from many vendors vulnerable to XSS attacks because of basic input validation errors, Rapid7 says in report.
By Jai Vijayan Freelance writer, 9/7/2016
Comment0 comments  |  Read  |  Post a Comment
Look The Other Way: DDoS Attacks As Diversions
Dark Reading Staff, CommentaryVideo
Black Hat News Desk talks to Joe Loveless of Neustar.
By Dark Reading Staff , 9/7/2016
Comment0 comments  |  Read  |  Post a Comment
Bad Boys, Whatcha Gonna Do When They Come For You?
Dark Reading Staff, CommentaryVideo
A Black Hat News Desk discussion with Shehzad Merchant of Gigamon.
By Dark Reading Staff , 9/7/2016
Comment0 comments  |  Read  |  Post a Comment
Cryptographic Key Reuse Remains Widespread In Embedded Products
Jai Vijayan, Freelance writerNews
Nine months after SEC Consult warned about the reuse of private keys and certificates in routers, modems, other products, problem has grown worse.
By Jai Vijayan Freelance writer, 9/6/2016
Comment0 comments  |  Read  |  Post a Comment
Apple Issues Patches To Fix Trident Flaws In OS X El Capitan, Yosemite
Jai Vijayan, Freelance writerNews
Same zero-day flaws had been patched earlier in iOS as well
By Jai Vijayan Freelance writer, 9/2/2016
Comment0 comments  |  Read  |  Post a Comment
Air-Gapped Systems Foiled Again, Via USB Drive
Jai Vijayan, Freelance writerNews
Researchers at Israels Ben-Gurion University have come up with another novel way to extract data from air-gapped systems, at least theoretically.
By Jai Vijayan Freelance writer, 9/1/2016
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Cybercrime has become a well-organized business, complete with job specialization, funding, and online customer service. Dark Reading editors speak to cybercrime experts on the evolution of the cybercrime economy and the nature of today's attackers.