Application Security
News & Commentary
From Carna To Mirai: Recovering From A Lost Opportunity
Bob Rudis & Deral Heiland, Rapid7 Chief Data Scientist & IoT Research LeadCommentary
We had four years to prepare for recent DDoS attacks and failed. How can we learn from our mistakes?
By Bob Rudis & Deral Heiland Rapid7 Chief Data Scientist & IoT Research Lead, 12/8/2016
Comment1 Comment  |  Read  |  Post a Comment
Biometric Technology Is Not A Cure-All For Password Woes
Corey Nachreiner, Chief Technology Officer, WatchGuard TechnologiesCommentary
No single authentication token is infallible. The only real solution is multifactor authentication.
By Corey Nachreiner Chief Technology Officer, WatchGuard Technologies, 12/7/2016
Comment0 comments  |  Read  |  Post a Comment
Kaspersky Lab: 323,000 New Malware Samples Found Each Day
Dark Reading Staff, Quick Hits
Credit it to mass-produced malware and better detection through machine learning.
By Dark Reading Staff , 12/7/2016
Comment2 comments  |  Read  |  Post a Comment
Most iOS Apps In Enterprises Not Using Apple Encryption Feature
Jai Vijayan, Freelance writerNews
Despite a January 1, 2017 deadline, not many app vendors have switched on the Apple App Transport Security, according to a study by Appthority.
By Jai Vijayan Freelance writer, 12/7/2016
Comment0 comments  |  Read  |  Post a Comment
Web Gateways: 5 Big Security Challenges
Guy Guzner, CEO and co-founder, FireglassCommentary
Overreliance on Web gateways is putting data, users, customers, organizations, and reputation in harm's way.
By Guy Guzner CEO and co-founder, Fireglass, 12/6/2016
Comment0 comments  |  Read  |  Post a Comment
Reality Check: Getting Serious About IoT Security
Troy Dearing, Senior Ethical HackerCommentary
The Department of Homeland Security is fully justified in urging security standards for the Internet of Things.
By Troy Dearing Senior Ethical Hacker, 12/5/2016
Comment2 comments  |  Read  |  Post a Comment
DMARC Continues To Confound Users, Report Says
Terry Sweeney, Contributing EditorNews
Almost three-quarters of those who deploy email authentication standard fail to get its full benefits, ValiMail says.
By Terry Sweeney Contributing Editor, 12/1/2016
Comment2 comments  |  Read  |  Post a Comment
Microsoft 'Father Of SDL' Named To Top Post At SAFECode
Kelly Sheridan, Associate Editor, InformationWeekNews
Steve Lipner, the former Microsoft security leader credited with spearheading its security development lifecycle (SDL) initiative, takes on a new role as executive director at SAFECode.
By Kelly Sheridan Associate Editor, InformationWeek, 12/1/2016
Comment1 Comment  |  Read  |  Post a Comment
The Rise Of SecBizOps & Why It Matters
Kevin O'Brien, Co-Founder and CEO, GreatHornCommentary
By aligning security dollars and technology with core business requirements, infosec can become a business enabler, not a business impediment.
By Kevin O'Brien Co-Founder and CEO, GreatHorn, 11/30/2016
Comment1 Comment  |  Read  |  Post a Comment
Symantec To Buy LifeLock At $2.3 Billion
Dark Reading Staff, Quick Hits
Deal set to be finalized by Q1 2017 and financed by cash and $750 million of new debt.
By Dark Reading Staff , 11/22/2016
Comment0 comments  |  Read  |  Post a Comment
Oracle Announces Acquisition Of Dyn
Dark Reading Staff, Quick Hits
Oracle says purchase of the recently DDoSed DNS service is aimed expanding the companys cloud computing platform.
By Dark Reading Staff , 11/22/2016
Comment1 Comment  |  Read  |  Post a Comment
Raising The Nation's Cybersecurity IQ: 'Learn To Code'
Mike Baukes, Co-Founder & Co-CEO, UpGuardCommentary
We need to ensure that the students of today are prepared for the security challenges of tomorrow.
By Mike Baukes Co-Founder & Co-CEO, UpGuard, 11/22/2016
Comment13 comments  |  Read  |  Post a Comment
Balancing The Risk & Promise Of The Internet Of Things
Daniel Miessler, Director of Advisory Services, IOActiveCommentary
You can't defend against something you don't understand. So make sure you consider IoT's risks before embracing its functionality.
By Daniel Miessler Director of Advisory Services, IOActive, 11/21/2016
Comment1 Comment  |  Read  |  Post a Comment
Internet Of Things 'Pollutants' & The Case For A Cyber EPA
Mike Pittenger, Vice President, Security Strategy at Black Duck SoftwareCommentary
Recent IoT-executed DDoS attacks have been annoying, not life threatening. Should device makers be held liable if something worse happens?
By Mike Pittenger Vice President, Security Strategy at Black Duck Software, 11/16/2016
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Radio: 'Bug Bounties & The Zero-Day Trade'
Sara Peters, Senior Editor at Dark ReadingCommentary
Join us, HackerOne's Alex Rice, and Veracode's Chris Wysopal for the next episode of Dark Reading Radio, today, Wednesday Nov. 16, at 1pmET.
By Sara Peters Senior Editor at Dark Reading, 11/15/2016
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Virtual Event Seeks To Break Security Myths, Conventional Wisdom
Tim Wilson, Editor in Chief, Dark Reading, Commentary
Three keynotes, two panel sessions offer new ways to think about enterprise information security.
By Tim Wilson, Editor in Chief, Dark Reading , 11/14/2016
Comment6 comments  |  Read  |  Post a Comment
Learning To Trust Cloud Security
Larry Biagini, Chief Technology Evangelist, ZscalerCommentary
Cloud-centric computing is inevitable, so you need to face your concerns and be realistic about risks.
By Larry Biagini Chief Technology Evangelist, Zscaler, 11/14/2016
Comment1 Comment  |  Read  |  Post a Comment
The Big Lesson We Must Learn From The Dyn DDoS Attack
Nathaniel Gleicher, Head of Cybersecurity Strategy, IllummioCommentary
The vulnerabilities that make IoT devices susceptible to being used in a botnet also make them the perfect avenue into our data centers and clouds.
By Nathaniel Gleicher, , 11/9/2016
Comment0 comments  |  Read  |  Post a Comment
Is Fingerprint Authentication Making The Password Problem Worse?
Mickey Boodaei, CEO, Transmit SecurityCommentary
Problems emerge when users switch to a new phone.
By Mickey Boodaei CEO, Transmit Security, 11/8/2016
Comment0 comments  |  Read  |  Post a Comment
Changing IoT Passwords Won't Stop Attacks. Here's What Will.
Paul Madsen, Senior Technical Architect, Ping IdentityCommentary
The solution will take an industry-wide effort, it won't happen overnight, and the problem is not the users' fault!
By Paul Madsen Senior Technical Architect, Ping Identity, 11/7/2016
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by TriSqueri
Current Conversations Awesome article, Kevin!
In reply to: Awesome!
Post Your Own Reply
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Five Things Every Business Executive Should Know About Cybersecurity
Don't get lost in security's technical minutiae - a clearer picture of what's at stake can help align business imperatives with technology execution.
Flash Poll
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Social engineering, ransomware, and other sophisticated exploits are leading to new IT security compromises every day. Dark Reading's 2016 Strategic Security Survey polled 300 IT and security professionals to get information on breach incidents, the fallout they caused, and how recent events are shaping preparations for inevitable attacks in the coming year. Download this report to get a look at data from the survey and to find out what a breach might mean for your organization.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Security researchers are finding that there's a growing market for the vulnerabilities they discover and persistent conundrum as to the right way to disclose them. Dark Reading editors will speak to experts -- Veracode CTO and co-founder Chris Wysopal and HackerOne co-founder and CTO Alex Rice -- about bug bounties and the expanding market for zero-day security vulnerabilities.