Commentary
Content posted in October 2014
Financial Breaches Show Trust Model Is Broken
Commentary  |  10/31/2014  | 
Its a full-blown crisis when a dozen major financial services firms admit to having their networks probed by the same attackers as those behind the JPMorgan Chase breach.
Welcome To My Cyber Security Nightmare
Commentary  |  10/30/2014  | 
Happy Halloween. Here are three chilling scenarios that will keep even the most hardened infosec warrior awake all night.
Infographic: The Many Faces of Todays Hackers
Commentary  |  10/29/2014  | 
How many of these hacker personas are you dueling with in your organization?
What Scares Me About Healthcare & Electric Power Security
Commentary  |  10/28/2014  | 
Both industries share many of the same issues as enterprises. But they also have a risk profile that makes them singularly unprepared for sophisticated threats
A Simple Formula For Usable Risk Intelligence
Commentary  |  10/27/2014  | 
How infosec can cut through the noise and gain real value from cyberdata.
Poll: Patching Is Primary Response to Shellshock
Commentary  |  10/24/2014  | 
As potential threats mount, Dark Reading community members home in on patching infrastructure but not devices, according to our latest poll.
Incident Response: Is Your IR Plan A Glorified Phone Tree?
Commentary  |  10/23/2014  | 
Training internal security teams to be first responders can drastically improve an organization's effectiveness in the wake of a data breach. Here's why.
Cyber Threats: Information vs. Intelligence
Commentary  |  10/22/2014  | 
Cyber threat intelligence or CTI is touted to be the next big thing in InfoSec. But does it narrow the security problem or compound it?
Insider Threats: Breaching The Human Barrier
Commentary  |  10/20/2014  | 
A company can spend all the money it has on technical solutions to protect the perimeter and still not prevent the attack that comes from within.
In Plain Sight: How Cyber Criminals Exfiltrate Data Via Video
Commentary  |  10/17/2014  | 
Just like Fortune 500 companies, attackers are investing in sophisticated measures that let them fly beneath the radar of conventional security.
Third-Party Code: Fertile Ground For Malware
Commentary  |  10/15/2014  | 
How big-brand corporate websites are becoming a popular method for mass distribution of exploit kits on vulnerable computers.
Stolen Medical Data Is Now A Hot Commodity
Commentary  |  10/14/2014  | 
While credit cards are selling for a dollar or less on the black market, personal health credentials are commanding as much as $10 per patient. Heres why.
In AppSec, Fast Is Everything
Commentary  |  10/13/2014  | 
The world has shifted. The SAST and DAST tools that were invented over a decade ago are no longer viable approaches to application security.
Security Education K Through Life
Commentary  |  10/10/2014  | 
InfoSec professionals of the future need access to the right education and tools early on and throughout their entire work life.
How Retail Can Win Back Consumer Trust
Commentary  |  10/9/2014  | 
Customer loyalty to their favorite brands is all about trust, which today has everything to do with security and privacy.
Good Job, Facebook: The Intersection Of Privacy, Identity & Security
Commentary  |  10/8/2014  | 
Birth names and legal names arent always the names people are best known by, concedes Facebook in the wake of a real-name policy usage flap.
Tokenization: 6 Reasons The Card Industry Should Be Wary
Commentary  |  10/7/2014  | 
VISAs new token service aims to provide consumers a simple, fraud-free digital payment experience. Its a worthy goal, but one that may prove to be more aspirational than functional.
How Cookie-Cutter Cyber Insurance Falls Short
Commentary  |  10/6/2014  | 
Many off-the-shelf cyber liability policies feature a broad range of exclusions that wont protect your company from a data breach or ransomware attack.
How Retro Malware Feeds the New Threat Wave
Commentary  |  10/3/2014  | 
Old-school exploits used in new ways are placing fresh demands for intel-sharing among infosec pros and their time-tested and next-gen security products.
Poll: Employees Clueless About Social Engineering
Commentary  |  10/2/2014  | 
Not surprisingly, our latest poll confirms that threats stemming from criminals hacking humans are all too frequently ignored.
5 New Truths To Teach Your CIO About Identity
Commentary  |  10/1/2014  | 
When CIOs talk security they often use words like "firewall" and "antivirus." Heres why todays technology landscape needs a different vocabulary.


Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.