News & Commentary
Latest Content
Page 1 / 2   >   >>
Stagefright Android Bug: 'Heartbleed for Mobile' But Harder To Patch
News  |  7/27/2015  | 
Critical vulnerability in Android's multimedia playback engine is easy to exploit, requires no user interaction, and affects 95 percent of Android devices.
Phishing Attacks Drive Spike In DNS Threat
News  |  7/27/2015  | 
Nearly 75% jump in phishing helped propel DNS abuse in the second quarter of this year.
The First 24 Hours In The Wake Of A Data Breach
Commentary  |  7/27/2015  | 
There is a direct correlation between how quickly an organization can identify and contain a data breach and the financial consequences that may result.
Chrysler Recalls 1.4 Million Vehicles After Jeep Hacking Demo
Quick Hits  |  7/24/2015  | 
National Highway Traffic Safety Administration will be watching to see if it works.
Smartwatches Could Become New Frontier for Cyber Attackers
News  |  7/24/2015  | 
Every single smartwatch tested in a recent study by HP had serious security weaknesses.
Car Hacking Shifts Into High Gear
News  |  7/23/2015  | 
Researchers now have proven you can hack a car remotely, and at Black Hat USA will share most -- but not all -- of the details on how they did it.
Emerging Web Infrastructure Threats
Slideshows  |  7/23/2015  | 
A secure cloud relies on some weak Internet infrastructure with some new BGP vulnerabilities that will be disclosed at Black Hat USA.
Internet of Things: Anything You Track Could Be Used Against You
Commentary  |  7/23/2015  | 
Lawyers – not security advocates – have fired the first salvos over wearable tech privacy. The results may surprise you.
Out of Aspen: State of Critical Infrastructure Cybersecurity, 2015
Partner Perspectives  |  7/22/2015  | 
The good, bad, and potentially worse of critical infrastructure protection.
Researchers Enlist Machine Learning In Malware Detection
News  |  7/22/2015  | 
No sandbox required for schooling software to speedily spot malware, researchers will demonstrate at Black Hat USA.
Finding The ROI Of Threat Intelligence: 5 Steps
Commentary  |  7/22/2015  | 
Advice from a former SOC manager on how to leverage threat intel without increasing the bottom line.
Angler Climbing To Top Of Exploit Heap
News  |  7/22/2015  | 
Exploit kit dominates the field, making up 82 percent of all exploit kits currently used.
Hacking Team Detection Tools Released By Rook, Facebook
News  |  7/21/2015  | 
Organizations get help keeping up with Hacking Team threats, and Microsoft releases an out-of-band patch for a new Hacking Team 0-day.
Arrests Made In JPMorgan Hack, Securities Fraud Scheme
Quick Hits  |  7/21/2015  | 
Four individuals arrested in Israel and Florida, one more at large, according to report.
Detection: A Balanced Approach For Mitigating Risk
Commentary  |  7/21/2015  | 
Only detection and response can complete the security picture that begins with prevention.
Time’s Running Out For The $76 Billion Detection Industry
Commentary  |  7/21/2015  | 
The one strategy that can deliver the needle to the security team without the haystack is prevention.
CISOs Caught In A Catch-22
News  |  7/21/2015  | 
Chief information security officers are considered 'accountable' for breaches while not always in charge of all infosec strategy and purchases, new report shows.
Photo Processing Vendor Exposes CVS, Wal-Mart, Costco
News  |  7/20/2015  | 
Retail breaches highlight third-party risk -- again.
6 Ex-Employees Questioned About Hacking Team Breach, Prior Leak
News  |  7/20/2015  | 
Japanese targets also getting hit with leaked Flash zero-day exploits, and Hacking Team reportedly worked on drone-based WiFi surveillance tools.
Ashley Madison Exposed: Affair Hookup Site Hacked, Member Data Posted Online
Quick Hits  |  7/20/2015  | 
Member data pilfered, posted in apparent hacktivist-style doxing attack.
How I Learned To Love Active Defense
Commentary  |  7/20/2015  | 
Yes, traditional cyber defenses can be effective. They just need to be a little more active.
Darkode Shuttered But Cybercrime Still Alive And Well
News  |  7/17/2015  | 
Major international law enforcement takedown of exclusive criminal hacker forum highlights victory -- and challenges -- of global law enforcement of cybercrime.
Mobile App Security: 4 Critical Issues
Commentary  |  7/17/2015  | 
Securing the mobile workforce in the age of BYOD is no easy task. You can begin with these four measures.
U.S. Vuln Research, Pen Test Firms Protest Impending Export Controls
News  |  7/16/2015  | 
American security companies have the most to lose from new rules that would restrict the export of tools and information about network surveillance and 'intrusion software.'
10 Trends In Infosec Careers And Staffing
Slideshows  |  7/16/2015  | 
Employment stable for job-seekers, but staffing gaps persist for employers who need better security teams to counter threats
Java Back In The Bullseye
News  |  7/16/2015  | 
Adobe Flash may be all the attack rage lately, but Oracle's new pile of patches -- including one for an 0day spotted in the wild -- highlight how Java remains an attractive target.
The Insiders: A Rogues Gallery
Commentary  |  7/16/2015  | 
You can defend against an insider threat if you know where to look.
4 Lasting Impacts Of The Hacking Team Leaks
News  |  7/15/2015  | 
Doxing attack against Italian surveillance company put some nasty tools in the hands of attackers and might be the final nail in the coffin for Adobe Flash.
Researchers To Offer Free BGP Security Alert Tool Via Twitter
News  |  7/15/2015  | 
New tool to be unveiled at Black Hat USA next month will tweet out route hijacking attacks on the Net.
Notorious Cybercrime Underground Forum Infiltrated By FBI And Shut Down
Quick Hits  |  7/15/2015  | 
International law enforcement operation shutters Darkode underground cybercrime forum, leads to charges, arrests, searches of 70 members worldwide.
The End Of Whac-A-Mole: From Incident Response To Strategic Intelligence
Commentary  |  7/15/2015  | 
In the face of mounting cybercrime, hacktivism, and espionage, network defenders need to transform their tactical IR groups into full-scale cyber intelligence teams.
Poor Priorities, Lack Of Resources Put Enterprises At Risk, Security Pros Say
News  |  7/15/2015  | 
In Black Hat survey, security professionals say misplaced enterprise priorities often leave them without the time and budget they need to address the most critical threats.
Shared Passwords And No Accountability Plague Privileged Account Use
News  |  7/14/2015  | 
Even IT decision-makers guilty of poor account hygiene.
Automobile Industry Gears Up For Cyber-Threat Intel-Sharing
News  |  7/14/2015  | 
New auto industry ISAC is now official, with major automakers as the charter members.
Most Ransomware's Not So Bad
News  |  7/14/2015  | 
Although some ransomware is getting smarter and scarier, most of it is pretty dumb, as one researcher will show at Black Hat.
Are Criminals Quicker Than The Flash?
Partner Perspectives  |  7/14/2015  | 
Using the right technology, we can defeat the malicious exploitation of Flash and return it to its full superhero status.
Inside A Vicious DDoS Attack
Commentary  |  7/14/2015  | 
What it's really like to fend off a relentless distributed denial-of-service attack.
Cybersecurity Gains Higher Profile Among Chief Financial Officers
News  |  7/14/2015  | 
Deloitte study shows CFOs view security risks as a top threat to financial health.
Internet Of Things Hacking Village Debuts At DEF CON
News  |  7/13/2015  | 
Apple network storage, Fitbit, a fridge, blood pressure monitor and a HappyCow toy are all fair game in the IoT hacking Village network.
Dark Reading Radio: Firewall Smackdown
Commentary  |  7/13/2015  | 
Is there a future for the venerable firewall? Security CEOs Asaf Cidon of Sookasa and Jody Brazil of FireMon debate the issues in our latest radio show.
What Morpho Means: Why Hackers Target Intellectual Property And Business-Confidential Information
Partner Perspectives  |  7/13/2015  | 
A quiet, professional cyberespionage group steals what every company wants to keep secret: valuable information that drives business. Welcome to the new normal.
How To Make Internet Voting Secure
News  |  7/10/2015  | 
To be effective, an Internet voting system has to auditable every step of the way, a new study says.
Black Hat For Beginners: 4 Tips
Commentary  |  7/10/2015  | 
What happens in Vegas stays in Vegas. But for newbies, these helpful hints will make sure you get the most out of the Black Hat USA experience.
OPM: Personal Info On 21.5 Million People Exposed In Hack
Quick Hits  |  7/9/2015  | 
The Office of Personnel Management today confirmed the final body count of victims affected by its massive data breach, which also exposed some 1.1 million fingerprints stored in the background-check database.
3 Reasons Why Giving Government A Backdoor Is A Bad Idea
News  |  7/9/2015  | 
Exceptional access of the kind being demanded by the FBI and others is unworkable and impractical, security researchers say
OpenSSL Fixes High-Severity, Narrow-Scope Vulnerability
News  |  7/9/2015  | 
Bug allows attackers to issue invalid certificates, but is difficult to exploit and only affects OpenSSL versions released since last month.
Creating Your Own Threat Intel Through ‘Hunting’ & Visualization
Commentary  |  7/9/2015  | 
How security analysts armed with a visual interface can use data science to find hidden attacks and the ‘unknown unknowns.’
Hacking Team 0-Day Shows Widespread Dangers Of All Offense, No Defense
News  |  7/8/2015  | 
While the Italian surveillance company sells government agencies high-end zero-day proof-of-concept exploits, it secures root systems with the password 'P4ssword.' What's vulnerability commoditization got to do with it?
The Role of the Board In Cybersecurity: ‘Learn, Ensure, Inspect’
Commentary  |  7/8/2015  | 
Board members of the most forward-thinking U.S. companies are not just throwing money at the mounting problem of managing cyber risk.
Cybercriminal Group Spying On US, European Businesses For Profit
News  |  7/8/2015  | 
Symantec, Kaspersky Lab spot Morpho' hacking team that hit Apple, Microsoft, Facebook and Twitter expanding its targets to lucrative industries for possible illegal trading purposes.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4692
Published: 2015-07-27
The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call.

CVE-2015-1840
Published: 2015-07-26
jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space cha...

CVE-2015-1872
Published: 2015-07-26
The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via craft...

CVE-2015-2847
Published: 2015-07-26
Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream.

CVE-2015-2848
Published: 2015-07-26
Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command.

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!