Vulnerabilities / Threats // Advanced Threats
News & Commentary
Pro-ISIS Hacking Groups Growing, Unifying, But Still Unskilled
Sara Peters, Senior Editor at Dark ReadingNews
Flashpoint report outlines the patchwork of hacking groups and the validity of their claims to fame.
By Sara Peters Senior Editor at Dark Reading, 4/28/2016
Comment1 Comment  |  Read  |  Post a Comment
'Dogspectus' Breaks New Ground For Android Ransomware
Jai Vijayan, Freelance writerNews
Blue Coat says it's the first Android ransomware that installs without user interaction
By Jai Vijayan Freelance writer, 4/26/2016
Comment1 Comment  |  Read  |  Post a Comment
Crowdsourcing The Dark Web: A One-Stop Ran$om Shop
Nitsan Saddan, Advanced Threat Researcher, CymmetriaCommentary
Say hello to Ran$umBin, a new kind of ransom market dedicated to criminals and victims alike.
By Ran$umBin Ran$omBin , 4/26/2016
Comment0 comments  |  Read  |  Post a Comment
Malware At Root Of Bangladesh Bank Heist Lies To SWIFT Financial Platform
Sara Peters, Senior Editor at Dark ReadingNews
Customized malware hid $81 million of wire transfers until the money had been safely laundered.
By Sara Peters Senior Editor at Dark Reading, 4/25/2016
Comment1 Comment  |  Read  |  Post a Comment
Microsoft: Keep Calm But Vigilant About Ransomware
Jai Vijayan, Freelance writerNews
Though a growing problem, ransomware is still nowhere as prevalent as other threats, Microsoft says.
By Jai Vijayan Freelance writer, 4/22/2016
Comment11 comments  |  Read  |  Post a Comment
SpyEye Creators Sentenced To Long Prison Terms
Sara Peters, Senior Editor at Dark ReadingNews
FBI found that arrest halted the release of nasty SpyEye 2.0.
By Sara Peters Senior Editor at Dark Reading, 4/21/2016
Comment1 Comment  |  Read  |  Post a Comment
MIT AI Researchers Make Breakthrough On Threat Detection
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New artificial intelligence platform offers 3x detection capabilities with 5x fewer false positives.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/18/2016
Comment1 Comment  |  Read  |  Post a Comment
8 Active APT Groups To Watch
Sean Martin, CISSP | President, imsmartin
Ever wonder who's behind some of the attacks we hear about in the news? Here are eight advanced persistent threat (APT) groups that operate some of the most successful and well-known malware campaigns worldwide.
By Sean Martin CISSP | President, imsmartin, 4/16/2016
Comment0 comments  |  Read  |  Post a Comment
5 Steps to Improve Your Software Supply Chain Security
Derek Weeks, Vice President & DevOps Advocate, SonatypeCommentary
Organizations that take control of their software supply chains will see tremendous gains in developer productivity, improved quality, and lower risk.
By Derek Weeks Vice President & DevOps Advocate, Sonatype, 4/14/2016
Comment0 comments  |  Read  |  Post a Comment
Java Deserialization: Running Faster Than a Bear
Derek Weeks, Vice President & DevOps Advocate, SonatypeCommentary
Software components that were once good can sour instantly when new vulnerabilities are discovered within them. When that happens, the bears are coming, and you have to respond quickly.
By Derek Weeks Vice President & DevOps Advocate, Sonatype, 4/14/2016
Comment3 comments  |  Read  |  Post a Comment
Zero-Day Discoveries A Once-A-Week Habit
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Symantec threat report shows growth in zero-day vulns to enable more targeted attacks.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/12/2016
Comment0 comments  |  Read  |  Post a Comment
Imagining The Ransomware Of The Future
Sara Peters, Senior Editor at Dark ReadingNews
Cisco Talos Lab paints a dark picture of what ransomware could have in store next.
By Sara Peters Senior Editor at Dark Reading, 4/11/2016
Comment2 comments  |  Read  |  Post a Comment
Dridex Malware Now Used For Stealing Payment Card Data
Jai Vijayan, Freelance writerNews
An analysis of Dridex infrastructure shows dangerous changes, potentially new operators.
By Jai Vijayan Freelance writer, 4/8/2016
Comment0 comments  |  Read  |  Post a Comment
Adobe Issues Emergency Updates For Zero-Day Flaw in Flash Player
Jai Vijayan, Freelance writerNews
Memory corruption flaw is being exploited in the wild to distribute ransomware samples like Locky and Cerber.
By Jai Vijayan Freelance writer, 4/8/2016
Comment0 comments  |  Read  |  Post a Comment
7 Lessons From The Panama Papers Leak
Sara Peters, Senior Editor at Dark ReadingNews
Hopefully your organization isn't hiding as many dark secrets as Mossack Fonseca, but the incident still brings helpful hints about data security, breach response, and breach impact.
By Sara Peters Senior Editor at Dark Reading, 4/5/2016
Comment2 comments  |  Read  |  Post a Comment
Panama Papers Leak Exposes Tax Evasion -- And Poor Data Security, Data Integrity Practices
Dark Reading Staff, Quick Hits
Whether an insider leak or an outsider hack, an exposure of 11.5 million documents definitely falls under the infosec umbrella.
By Dark Reading Staff , 4/4/2016
Comment4 comments  |  Read  |  Post a Comment
Ransomware Authors Break New Ground With Petya
Jai Vijayan, Freelance writerNews
Instead of encrypting files on disk, Petya goes for the jugular by encrypting the entire disk instead, says F-Secure.
By Jai Vijayan Freelance writer, 4/1/2016
Comment3 comments  |  Read  |  Post a Comment
In Brief: The Unusual Suspects -- DeMystifying Attack Groups
Brian Gillooly, Vice President, Event Content & Strategy, UBM TechCommentaryVideo
Your adversary is an imperfect human being. Use that knowledge to fight back.
By Brian Gillooly Vice President, Event Content & Strategy, UBM Tech, 3/31/2016
Comment0 comments  |  Read  |  Post a Comment
Apple’s Workflow For Enterprise iOS App Distribution Vulnerable To Attack
Jai Vijayan, Freelance writerNews
Millions of iPhones and iPads running iOS 9 can be exploited if enrolled in mobile device management, Check Point Software says.
By Jai Vijayan Freelance writer, 3/31/2016
Comment0 comments  |  Read  |  Post a Comment
Business Disruption A Big Focus In 2015 Cyberattacks
Jai Vijayan, Freelance writerNews
In a shift from the low and slow attacks of recent years, many incidents last year were attention seeking and were motivated not just by money, according to Mandiant's annual report.
By Jai Vijayan Freelance writer, 3/30/2016
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Better he's on the Internet than on the couch."
Current Issue
Understanding & Managing the Mobile Security Threat
Mobile devices are increasing IT security risk. Is your enterprise ready?
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join us as Dark Reading editors speak with IT security hiring experts about improving IT career prospects.