Car Hacking Shifts Into High Gear
Emerging Web Infrastructure Threats
Detection: A Balanced Approach For Mitigating Risk
Time's Running Out For The $76 Billion Detection Industry
Poor Priorities, Lack Of Resources Put Enterprises At Risk, Security Pros Say
News & Commentary
There's Another Android Media Vulnerability, But Google Isn't Worried
Sara Peters, Senior Editor at Dark ReadingNews
Vulnerability could become a favorite of ransomware operators, but Google has left it unpatched for more than two months.
By Sara Peters Senior Editor at Dark Reading, 7/30/2015
Comment1 Comment  |  Read  |  Post a Comment
Study Reveals the Most Common Attack Methods of Data Thieves
Raja Patel, Vice President and General Manager of Network Security at Intel Security
Learning more about your attackers helps to improve your security profile and reduce the possibility of a breach.
By Raja Patel Vice President and General Manager of Network Security at Intel Security, 7/30/2015
Comment0 comments  |  Read  |  Post a Comment
Closing The Gap Between Security & Networking Ops: 5 Best Practices
Nimmy Reichenberg, VP of Strategy, AlgoSecCommentary
If your factions are warring, there’s a lot you can do about it. Here’s how -- and why you can’t afford to wait.
By Nimmy Reichenberg VP of Strategy, AlgoSec, 7/30/2015
Comment0 comments  |  Read  |  Post a Comment
From Russia With Love: A Slew of New Hacker Capabilities and Services
Jai Vijayan, Freelance writerNews
A review of the Russian underground by Trend Micro reveals it to be the world’s most sophisticated.
By Jai Vijayan Freelance writer, 7/30/2015
Comment0 comments  |  Read  |  Post a Comment
Anthem Breach Linked To Black Vine Group & Beijing InfoSec Firm
Sara Peters, Senior Editor at Dark ReadingNews
Health insurer's breach of 80 million records attributed to 'well-resourced cyberespionage group' Black Vine. Could they also be behind breaches at OPM and United Airlines?
By Sara Peters Senior Editor at Dark Reading, 7/29/2015
Comment0 comments  |  Read  |  Post a Comment
Can't Touch This: 'Hammertoss' Russian Cyberspies Hide In Plain Sight
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
APT29 cyber espionage attackers operate under the cover of legitimate services including Twitter, Github, and cloud storage services.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/29/2015
Comment3 comments  |  Read  |  Post a Comment
Code Theft: Protecting IP At The Source
Anna Chiang, Technical Marketing Manager, Perforce SoftwareCommentary
Your corporate assets are at risk and every day that you avoid taking action shortens the time until your IP will be leaked. Here are six steps toward better data security.
By Anna Chiang Technical Marketing Manager, Perforce Software, 7/29/2015
Comment1 Comment  |  Read  |  Post a Comment
Researchers Steal Door Badge Credentials Using Smartphone Bluetooth
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Weakness in facility access control protocol leaves most badge-in systems open to attack.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/28/2015
Comment1 Comment  |  Read  |  Post a Comment
Lockheed Martin-Led Consortium Builds Secure 'System Of Systems'
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Multilevel Security (MLS) group says this policy-based architecture could apply to sensitive commercial networks as well as government agencies.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/28/2015
Comment11 comments  |  Read  |  Post a Comment
How To Put Data At The Heart Of Your Security Practice
Jay Jacobs, Senior Data Scientist, BitSight TechnologiesCommentary
First step: A good set of questions that seek out objective, measurable answers.
By Jay Jacobs Senior Data Scientist, BitSight Technologies, 7/28/2015
Comment1 Comment  |  Read  |  Post a Comment
What 30 Classic Games Can Teach Us about Security
David Spark, Veteran Tech journalist and founder of Spark Media Solutions
Information security experts share their thoughts on how participating in games and sports helped hone their professional skills.
By David Spark Veteran Tech journalist and founder of Spark Media Solutions, 7/28/2015
Comment2 comments  |  Read  |  Post a Comment
New Phishing Campaign Leverages Google Drive
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Researchers believe technique is geared to take over Google SSO accounts.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/28/2015
Comment1 Comment  |  Read  |  Post a Comment
Stagefright Android Bug: 'Heartbleed for Mobile' But Harder To Patch
Sara Peters, Senior Editor at Dark ReadingNews
Critical vulnerability in Android's multimedia playback engine is easy to exploit, requires no user interaction, and affects 95 percent of Android devices.
By Sara Peters Senior Editor at Dark Reading, 7/27/2015
Comment0 comments  |  Read  |  Post a Comment
Interop Radio: Gen. John Michel On Leadership
Curtis Franklin Jr., Executive Editor, Technical ContentCommentary
Gen. John Michel joins us for the debut of our new show, Interop Radio's Business Matters.
By Curtis Franklin Jr. Executive Editor, Technical Content, 7/27/2015
Comment0 comments  |  Read  |  Post a Comment
Phishing Attacks Drive Spike In DNS Threat
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Nearly 75% jump in phishing helped propel DNS abuse in the second quarter of this year.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/27/2015
Comment0 comments  |  Read  |  Post a Comment
The First 24 Hours In The Wake Of A Data Breach
Stephen Treglia, JD, HCISPP, Legal Counsel & HIPAA Compliance Officer- Investigations, Absolute SoftwareCommentary
There is a direct correlation between how quickly an organization can identify and contain a data breach and the financial consequences that may result.
By Stephen Treglia JD, HCISPP, Legal Counsel & HIPAA Compliance Officer- Investigations, Absolute Software, 7/27/2015
Comment0 comments  |  Read  |  Post a Comment
iPhone Kill Switch: How Effective Is It?
Eric Zeman, Commentary
A new report shows that the iPhone kill switch may not be as effective as first thought. What does this mean for other smartphone kill switches?
By Eric Zeman , 7/27/2015
Comment8 comments  |  Read  |  Post a Comment
Online Security: How The Experts Keep Safe
Thomas Claburn, Editor at Large, Enterprise MobilityNews
Google researchers have compared the security practices of experts to non-experts, and identified several ways that typical Internet users can improve their online security.
By Thomas Claburn Editor at Large, Enterprise Mobility, 7/27/2015
Comment5 comments  |  Read  |  Post a Comment
Chrysler Recalls 1.4 Million Vehicles After Jeep Hacking Demo
Dark Reading Staff, Quick Hits
National Highway Traffic Safety Administration will be watching to see if it works.
By Dark Reading Staff , 7/24/2015
Comment1 Comment  |  Read  |  Post a Comment
Smartwatches Could Become New Frontier for Cyber Attackers
Jai Vijayan, Freelance writerNews
Every single smartwatch tested in a recent study by HP had serious security weaknesses.
By Jai Vijayan Freelance writer, 7/24/2015
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Car Hacking Shifts Into High Gear
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/23/2015
Lockheed Martin-Led Consortium Builds Secure 'System Of Systems'
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/28/2015
Can't Touch This: 'Hammertoss' Russian Cyberspies Hide In Plain Sight
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/29/2015
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
What 30 Classic Games Can Teach Us about Security
Information security experts share their thoughts on how participating in games and sports helped hone their professional skills. Read >>
Cartoon
Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4293
Published: 2015-07-30
The packet-reassembly implementation in Cisco IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (CPU consumption or packet loss) via fragmented (1) IPv4 or (2) IPv6 packets that trigger ATTN-3-SYNC_TIMEOUT errors after reassembly failures, aka Bug ID CSCuo37957.

CVE-2014-7912
Published: 2015-07-29
The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and other products, does not validate the relationship between length fields and the amount of data, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory c...

CVE-2014-7913
Published: 2015-07-29
The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corru...

CVE-2015-2977
Published: 2015-07-29
Webservice-DIC yoyaku_v41 allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via unspecified vectors.

CVE-2015-2978
Published: 2015-07-29
Webservice-DIC yoyaku_v41 allows remote attackers to bypass authentication and complete a conference-room reservation via unspecified vectors, as demonstrated by an "unintentional reservation."

10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed