Endpoint
News & Commentary
7 Deadly Sins That Get Users Hacked
Ericka Chickowski, Contributing Writer, Dark Reading
How users and their endpoints are leveraged by the bad guys to eventually find their way to critical data
By Ericka Chickowski Contributing Writer, Dark Reading, 4/16/2015
Comment7 comments  |  Read  |  Post a Comment
How Ionic Says It Makes Data Breaches Irrelevant
Sara Peters, Senior Editor at Dark ReadingNews
Ionic Security goes public with a data security platform that manages trillions of encryption keys and enables a user to sign each pixel with its own unique key.
By Sara Peters Senior Editor at Dark Reading, 4/15/2015
Comment2 comments  |  Read  |  Post a Comment
Police Pay Off Ransomware Operators, Again
Sara Peters, Senior Editor at Dark ReadingNews
Law enforcement agencies are proving to be easy marks -- but are they any worse than the rest of us?
By Sara Peters Senior Editor at Dark Reading, 4/14/2015
Comment1 Comment  |  Read  |  Post a Comment
Verizon DBIR: Mobile Devices Not A Factor In Real-World Attacks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New annual Verizon Data Breach Investigations Report shows most attacks affect a secondary victim, the average cost of a data breach is just 58 cents per stolen record -- and attackers are not going after mobile en masse.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/14/2015
Comment2 comments  |  Read  |  Post a Comment
New Security Flaw Spans All Versions Of Windows
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Newly found 'forever-day' vulnerability affects 31 popular software programs including applications from Adobe, Apple, Microsoft, Symantec -- and Windows 10 preview.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/13/2015
Comment0 comments  |  Read  |  Post a Comment
Apple Patches 'Darwin Nuke,' Other Security Flaws With New OS Releases
Jai Vijayan, Freelance writerNews
Denial-of-service flaw discovered by researchers at Kaspersky Lab could affect Apple users' corporate networks.
By Jai Vijayan Freelance writer, 4/10/2015
Comment0 comments  |  Read  |  Post a Comment
Utilities And Education The Most Bot-Infested Sectors
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The more bots in-house, the more a company is likely to have reported a data breach, BitSight report finds.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/9/2015
Comment13 comments  |  Read  |  Post a Comment
Beebone Botnet Taken Down By Another Security Team-Up
Sara Peters, Senior Editor at Dark ReadingNews
Small in scale, but high in sophistication, the Beebone botnet and polymorphic downloader is disrupted by an international, public-private effort.
By Sara Peters Senior Editor at Dark Reading, 4/9/2015
Comment6 comments  |  Read  |  Post a Comment
AlienSpy A More Sophisticated Version Of The Same Old RATs
Jai Vijayan, Freelance writerNews
The AlienSpy remote access Trojan bears a resemblance to Frutas, Adwind, and Unrecom, say researchers at Fidelis.
By Jai Vijayan Freelance writer, 4/8/2015
Comment0 comments  |  Read  |  Post a Comment
3 Internet Of Things Devices That Threaten More Than Your Data
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Veracode study of IoT devices show how vulnerabilities in our always-on households can have dire real-world consequences.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/7/2015
Comment2 comments  |  Read  |  Post a Comment
So, You 'Don’t Believe In' Security Education?
Joe Ferrara,  President & CEO, Wombat Security TechnologiesCommentary
You're in the minority for a reason. Here's why.
By Joe Ferrara President & CEO, Wombat Security Technologies, 4/7/2015
Comment9 comments  |  Read  |  Post a Comment
3 Of 4 Global 2000 Companies Still Vulnerable To Heartbleed
Sara Peters, Senior Editor at Dark ReadingNews
Largest companies on Earth might have patched, but haven't done their due diligence with revoking and issuing new certificates, says Venafi.
By Sara Peters Senior Editor at Dark Reading, 4/7/2015
Comment1 Comment  |  Read  |  Post a Comment
The Good & Bad Of BYOD
Michele Chubirka, Security ArchitectCommentary
BYOD has very little to do with technology and everything to do with security, organizational politics, and human psychology.
By Michele Chubirka Security Architect, 4/3/2015
Comment5 comments  |  Read  |  Post a Comment
Salesforce Acquires Mobile Authentication Specialist Toopher
Nathan Eddy, Freelance WriterNews
Salesforce is looking to add to its identity and access management offering by acquiring start-up Toopher. Financial details were not disclosed.
By Nathan Eddy Freelance Writer, 4/2/2015
Comment0 comments  |  Read  |  Post a Comment
8 Identity & Access Metrics To Manage Breach Risks
Ericka Chickowski, Contributing Writer, Dark Reading
Measurables for improving security posture around access controls.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/2/2015
Comment0 comments  |  Read  |  Post a Comment
Dance Of The 'Next-Gen' CISO
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Security Pro File: Classical ballerina-turned hacker-turned CISO Justine Bone talks old-school hacking, biometric authentication, coding in stilettos, Kristin Wiig -- and finishing her kids' leftover mac and cheese.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/1/2015
Comment0 comments  |  Read  |  Post a Comment
30% Of Companies Would Pay Ransoms To Cybercriminals
Sara Peters, Senior Editor at Dark ReadingNews
Factor in under-reporting and the growing sophistication of ransomware -- like PacMan's social engineering scheme -- and the number might be higher.
By Sara Peters Senior Editor at Dark Reading, 3/31/2015
Comment4 comments  |  Read  |  Post a Comment
Hotel Router Vulnerability A Reminder Of Untrusted WiFi Risks
Jai Vijayan, Freelance writerNews
A flaw in a popular router product may have exposed millions of hotel guests, researchers from Cylance say.
By Jai Vijayan Freelance writer, 3/27/2015
Comment2 comments  |  Read  |  Post a Comment
SSL/TLS Suffers 'Bar Mitzvah Attack'
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researcher at Black Hat Asia shows how attackers could abuse a known-weak crypto algorithm to steal credentials and other data from encrypted communications.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/26/2015
Comment3 comments  |  Read  |  Post a Comment
The Internet Of Bring-Your-Own Things
David Lindner, Global Practice Manager, Mobile Application Security Services, Aspect SecurityCommentary
Devices and interconnected systems are finding a foothold not only in our homes but in mainstream organizations. Here are three tips to mitigate the risk.
By David Lindner Global Practice Manager, Mobile Application Security Services, Aspect Security, 3/25/2015
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by praneeth.goud
Current Conversations nice one
In reply to: Re: What's next?
Post Your Own Reply
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: nice one
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-1235
Published: 2015-04-19
The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element.

CVE-2015-1236
Published: 2015-04-19
The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a cr...

CVE-2015-1237
Published: 2015-04-19
Use-after-free vulnerability in the RenderFrameImpl::OnMessageReceived function in content/renderer/render_frame_impl.cc in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger renderer IPC messages ...

CVE-2015-1238
Published: 2015-04-19
Skia, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors.

CVE-2015-1240
Published: 2015-04-19
gpu/blink/webgraphicscontext3d_impl.cc in the WebGL implementation in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebGL program that triggers a state inconsistency.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.