News & Commentary
Latest Content
Page 1 / 2   >   >>
Corporations Cite Reputational Damage As Biggest Cyber Risk
News  |  12/7/2016  | 
New data analyzing SEC disclosures found 83% of publicly traded companies worry most about the risk of brand damage via hacks exposing customer or employee information.
Survey Stresses Importance Of Securing The Internet of Things
Partner Perspectives  |  12/7/2016  | 
If organizations monitor and deploy IoT devices with caution, they can stay ahead of the curve and continue to keep all of their endpoints protected.
Biometric Technology Is Not A Cure-All For Password Woes
Commentary  |  12/7/2016  | 
No single authentication token is infallible. The only real solution is multifactor authentication.
Dailymotion Advises Password Change After Possible Data Breach
Quick Hits  |  12/7/2016  | 
Breach not yet confirmed, but LeakedSource says it has compromised IDs of over 87 million Dailymotion users, protected by bcrypt.
Hacker Of Celeb Emails Goes To Jail For Five Years
Quick Hits  |  12/7/2016  | 
Bahamian Alonzo Knowles was sentenced for illegal access of 130 celebrity email accounts and selling their personal information.
Kaspersky Lab: 323,000 New Malware Samples Found Each Day
Quick Hits  |  12/7/2016  | 
Credit it to mass-produced malware and better detection through machine learning.
Most iOS Apps In Enterprises Not Using Apple Encryption Feature
News  |  12/7/2016  | 
Despite a January 1, 2017 deadline, not many app vendors have switched on the Apple App Transport Security, according to a study by Appthority.
Pennsylvania State Prosecutor's Office Paid Ransom In 'Avalanche' Ransomware Attack
Quick Hits  |  12/6/2016  | 
Allegheny County state prosecutor's office paid attackers $1,400 in Bitcoin to free its data.
US Presidential Commission Outlines Key Cybersecurity Actions For Future Administrations
News  |  12/6/2016  | 
Report outlines ways to lock down critical infrastructure as well as IoT - and the urgent need to expand the security workforce by 2020 with 100,000 new jobs.
PoisonTap USB Device Can Hack A Locked PC In A Minute
Partner Perspectives  |  12/6/2016  | 
This is just one example of an emerging technology that enables anyone with physical access to a computers USB port to potentially harvest data and gain access by spoofing an Internet ecosystem.
Derivative Suit Against Home Depot For 2014 Data Breach Dismissed
Quick Hits  |  12/6/2016  | 
Judge says defendants may have been slow to spike up network security, but did not fail to act.
Web Gateways: 5 Big Security Challenges
Commentary  |  12/6/2016  | 
Overreliance on Web gateways is putting data, users, customers, organizations, and reputation in harm's way.
The 7 Most Sensational Breaches Of 2016
Slideshows  |  12/6/2016  | 
The biggest hacks, data exposures, and thefts that left companies and government entities reeling.
Adobe Flash Flaws Dominate Exploit Kits In 2016
News  |  12/6/2016  | 
The top 10 vulnerabilities this year were mostly Adobe Flash, followed by Internet Explorer, according to a Recorded Future study.
Cybersecurity Readiness Confidence Declined In 2016
News  |  12/5/2016  | 
New report querying security pros shows increase in worry about risks with mobile and cloud environments.
Protect Your Company From Hackable Holiday Gifts
Partner Perspectives  |  12/5/2016  | 
This holiday season promises to be full of devices, apps, and connectivity. Planning and executing appropriate security precautions now will save your business from a serious breach later.
Hackers Steal $31 Million From Russia's Central Bank
Quick Hits  |  12/5/2016  | 
Bank says cybercriminals faked client credentials to break into accounts and attempted to steal 5 billion rubles.
Software Salesman Pleads Guilty To PoS Scam
Quick Hits  |  12/5/2016  | 
Washington's John Yin allegedly sold point-of-sale systems with revenue suppression software, incurring government monetary loss of $3.4 million.
Avalanche Cybercrime Platform Takedown Leaves A Lot To Clean Up
Partner Perspectives  |  12/5/2016  | 
Help us wipe out the remaining bots and put an end to Avalanche once and for all.
Reality Check: Getting Serious About IoT Security
Commentary  |  12/5/2016  | 
The Department of Homeland Security is fully justified in urging security standards for the Internet of Things.
Where Cybercriminals Go To Buy Your Stolen Data
Slideshows  |  12/3/2016  | 
What malicious sites provide both free and paid access to stolen credit cards, company databases, malware and more?
'Frighteningly Easy' Hack Guesses Full Credit Card Details In 6 Seconds
News  |  12/2/2016  | 
Attack works only on Visa network, Newcastle University researchers say.
Dark Web Vendor Gets 50 Months Jail For ID Theft
Quick Hits  |  12/2/2016  | 
Minnesota resident Aaron Glende aka IcyEagle caught selling stolen bank details on AlphaBay market.
MasterCard, Visa Push Gas Pump EMV Migration Deadline To 2020
Quick Hits  |  12/2/2016  | 
Fuel merchants get three extra years to deploy the secure chip-enabled payment infrastructure in their complex environments.
The Human Firewall: Why People Are Critical To Email Security
Commentary  |  12/2/2016  | 
Technology is just the beginning; employees must be fully on board with security procedures.
Avalanche Botnet Comes Tumbling Down In Largest-Ever Sinkholing Operation
News  |  12/1/2016  | 
800,000 domains seized, sinkholed, or blocked, and five individuals arrested, in international effort to bring down botnet linked to 17 major malware families.
Mandia: Russian State Hackers Changed The Game
News  |  12/1/2016  | 
Founder of Mandiant and FireEye CEO says Russia doesn't appear to want to cover its tracks anymore.
Organizations In Saudi Arabia Reportedly Hit In Destructive New Shamoon Attacks
News  |  12/1/2016  | 
Thousands of computers at countrys main civil aviation authority and other entities rendered unusable by same malware that destroyed 30,000 computers at Aramco in 2012.
Holiday Weekend Online Payment Card Fraud 20% Higher In 2016
Quick Hits  |  12/1/2016  | 
In the face of EMV chips, criminals turned online to commit card-not-present fraud this Black Friday and Cyber Monday.
Cybercriminals Next Target: Long-Term Prizes (Part 2 of 2)
Partner Perspectives  |  12/1/2016  | 
Attacks of a more strategic nature will test early blockchain implementations and continue to explore ways to monetize weak IoT devices.
DMARC Continues To Confound Users, Report Says
News  |  12/1/2016  | 
Almost three-quarters of those who deploy email authentication standard fail to get its full benefits, ValiMail says.
20 Questions Smart Security Pros Should Ask About 'Intelligence'
Commentary  |  12/1/2016  | 
Threat intel is a hot but complicated topic that encompasses a lot more than just data feeds. Here's how to get beyond the fear, uncertainty, and doubt to maximize its potential.
Gaming Company Sues Ex-Employees Over Data Theft
Quick Hits  |  12/1/2016  | 
San Francisco-based Zynga alleges former workers took sensitive information with them when they joined rival company.
Microsoft 'Father Of SDL' Named To Top Post At SAFECode
News  |  12/1/2016  | 
Steve Lipner, the former Microsoft security leader credited with spearheading its security development lifecycle (SDL) initiative, takes on a new role as executive director at SAFECode.
China Cybersecurity Firm Linked With Countrys Intel Agency For Espionage
Quick Hits  |  11/30/2016  | 
Boyusec is working with Chinas intelligence services and military to doctor security products for spying, says Pentagon report.
Georgia Tech Gets $17 Million Defense Deal For Cyberattack Attribution
Quick Hits  |  11/30/2016  | 
US Department of Defense awards research to work on technique for quick attribution of cyberattack with hard evidence.
In Break From Usual, Threat Actors Use RAT To Steal POS Data
News  |  11/30/2016  | 
New NetWire RAT version comes with keylogger for stealing a lot more than just credit and debit card data.
Androids Under Attack: 1 Million Google Accounts Hijacked
News  |  11/30/2016  | 
Two separate attack campaigns were discovered targeting Androids - one that roots them and gains access to Google Gmail, Docs, Drive, accounts and another that steals information and intercepts and sends messages.
Cybercriminals' Next Target: Short-Term Dangers (Part 1 of 2)
Partner Perspectives  |  11/30/2016  | 
With the holidays approaching, the focus will be on lucrative online shopping, email ransomware, phishing for credentials, and infection by holiday-lurking malware.
Windows Malware Infections Spiked 106% From Black Friday To Cyber Monday
News  |  11/30/2016  | 
The number of infected PCs jumped some 106% during the holiday season's first shopping weekend and 118% above normal on Cyber Monday.
The Rise Of SecBizOps & Why It Matters
Commentary  |  11/30/2016  | 
By aligning security dollars and technology with core business requirements, infosec can become a business enabler, not a business impediment.
Just Half Of Organizations Employ Threat Intelligence
News  |  11/30/2016  | 
PwC survey finds half of enterprises worldwide swap actionable information with industry peers, and 45% with ISACs.
Job Loss And Financial Damage: CIOs Main Fears When Adopting Virtualization
Partner Perspectives  |  11/30/2016  | 
Companies arent prepared for the security challenges of hybrid infrastructures, Bitdefender study reveals.
Deutsche Telekom Attacks Suggest Mirai Threat Poised To Become Much Larger
News  |  11/29/2016  | 
With attack, Mirai has added an exploit targeting Web service vulnerability.
Retailers Limit Data Access For Temporary, Seasonal Workers
News  |  11/29/2016  | 
Employers are scaling back on sensitive data access for temporary and contract employees, and increasing visibility into their online activity.
Beware: Scalable Vector Graphics Files Are A New Ransomware Threat
Partner Perspectives  |  11/29/2016  | 
SVG files offer many advantages as far as graphics go, but hackers looking to embed malware on websites can exploit them.
Cybersecurity User Training That Sticks: 3 Steps
Commentary  |  11/29/2016  | 
People are eager for common-sense advice that gives them control over their environment and helps them stay safe online.
European Commission Hit By DDoS Attack
Quick Hits  |  11/29/2016  | 
The cyberattack lasted for several hours and affected output but no loss of data was reported.
German Telco Probes Possible Hack Of 900,000 Customers
Quick Hits  |  11/29/2016  | 
Network outages bring down services of many Deutsche Telekom customers raising suspicion that external parties may be involved.
San Francisco Transit Agency Earns Praise For Denying Ransom Request
News  |  11/28/2016  | 
Despite being forced to give out free rides all weekend, metropolitan transportation authority declines to pay the ransomware operators who locked down ticketing systems.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Yeah, my cookies were deleted too!!"
Current Issue
Five Things Every Business Executive Should Know About Cybersecurity
Don't get lost in security's technical minutiae - a clearer picture of what's at stake can help align business imperatives with technology execution.
Flash Poll
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Social engineering, ransomware, and other sophisticated exploits are leading to new IT security compromises every day. Dark Reading's 2016 Strategic Security Survey polled 300 IT and security professionals to get information on breach incidents, the fallout they caused, and how recent events are shaping preparations for inevitable attacks in the coming year. Download this report to get a look at data from the survey and to find out what a breach might mean for your organization.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Security researchers are finding that there's a growing market for the vulnerabilities they discover and persistent conundrum as to the right way to disclose them. Dark Reading editors will speak to experts -- Veracode CTO and co-founder Chris Wysopal and HackerOne co-founder and CTO Alex Rice -- about bug bounties and the expanding market for zero-day security vulnerabilities.