Endpoint
News & Commentary
Code Theft: Protecting IP At The Source
Anna Chiang, Technical Marketing Manager, Perforce SoftwareCommentary
Your corporate assets are at risk and every day that you avoid taking action shortens the time until your IP will be leaked. Here are six steps toward better data security.
By Anna Chiang Technical Marketing Manager, Perforce Software, 7/29/2015
Comment2 comments  |  Read  |  Post a Comment
Stagefright Android Bug: 'Heartbleed for Mobile' But Harder To Patch
Sara Peters, Senior Editor at Dark ReadingNews
Critical vulnerability in Android's multimedia playback engine is easy to exploit, requires no user interaction, and affects 95 percent of Android devices.
By Sara Peters Senior Editor at Dark Reading, 7/27/2015
Comment0 comments  |  Read  |  Post a Comment
Chrysler Recalls 1.4 Million Vehicles After Jeep Hacking Demo
Dark Reading Staff, Quick Hits
National Highway Traffic Safety Administration will be watching to see if it works.
By Dark Reading Staff , 7/24/2015
Comment1 Comment  |  Read  |  Post a Comment
Smartwatches Could Become New Frontier for Cyber Attackers
Jai Vijayan, Freelance writerNews
Every single smartwatch tested in a recent study by HP had serious security weaknesses.
By Jai Vijayan Freelance writer, 7/24/2015
Comment1 Comment  |  Read  |  Post a Comment
Internet of Things: Anything You Track Could Be Used Against You
Lysa Myers, Security Researcher, ESETCommentary
Lawyers – not security advocates – have fired the first salvos over wearable tech privacy. The results may surprise you.
By Lysa Myers Security Researcher, ESET, 7/23/2015
Comment0 comments  |  Read  |  Post a Comment
Windows 10 Will Use Virtualization For Extra Security
Kelly Sheridan, Associate Editor, InformationWeekCommentary
Microsoft explores new security strategies based on virtualization to better protect enterprise customers from malware and identity theft.
By Kelly Sheridan Associate Editor, InformationWeek, 7/22/2015
Comment0 comments  |  Read  |  Post a Comment
Detection: A Balanced Approach For Mitigating Risk
Joshua Goldfarb, VP & CTO - Americas, FireEye.Commentary
Only detection and response can complete the security picture that begins with prevention.
By Joshua Goldfarb VP & CTO - Americas, FireEye., 7/21/2015
Comment0 comments  |  Read  |  Post a Comment
Time’s Running Out For The $76 Billion Detection Industry
Simon Crosby, Co-founder & CTO, BromiumCommentary
The one strategy that can deliver the needle to the security team without the haystack is prevention.
By Simon Crosby Co-founder & CTO, Bromium, 7/21/2015
Comment3 comments  |  Read  |  Post a Comment
Java Back In The Bullseye
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Adobe Flash may be all the attack rage lately, but Oracle's new pile of patches -- including one for an 0day spotted in the wild -- highlight how Java remains an attractive target.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/16/2015
Comment2 comments  |  Read  |  Post a Comment
Most Ransomware's Not So Bad
Sara Peters, Senior Editor at Dark ReadingNews
Although some ransomware is getting smarter and scarier, most of it is pretty dumb, as one researcher will show at Black Hat.
By Sara Peters Senior Editor at Dark Reading, 7/14/2015
Comment0 comments  |  Read  |  Post a Comment
Internet Of Things Hacking Village Debuts At DEF CON
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Apple network storage, Fitbit, a fridge, blood pressure monitor and a HappyCow toy are all fair game in the IoT hacking Village network.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/13/2015
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Radio: Firewall Smackdown
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Is there a future for the venerable firewall? Security CEOs Asaf Cidon of Sookasa and Jody Brazil of FireMon debate the issues in our latest radio show.
By Marilyn Cohodas Community Editor, Dark Reading, 7/13/2015
Comment1 Comment  |  Read  |  Post a Comment
3 Reasons Why Giving Government A Backdoor Is A Bad Idea
Jai Vijayan, Freelance writerNews
Exceptional access of the kind being demanded by the FBI and others is unworkable and impractical, security researchers say
By Jai Vijayan Freelance writer, 7/9/2015
Comment6 comments  |  Read  |  Post a Comment
OpenSSL Fixes High-Severity, Narrow-Scope Vulnerability
Sara Peters, Senior Editor at Dark ReadingNews
Bug allows attackers to issue invalid certificates, but is difficult to exploit and only affects OpenSSL versions released since last month.
By Sara Peters Senior Editor at Dark Reading, 7/9/2015
Comment0 comments  |  Read  |  Post a Comment
The Role of the Board In Cybersecurity: ‘Learn, Ensure, Inspect’
Jason Straight, Senior VP & Chief Privacy Officer, UnitedLexCommentary
Board members of the most forward-thinking U.S. companies are not just throwing money at the mounting problem of managing cyber risk.
By Jason Straight Senior VP & Chief Privacy Officer, UnitedLex, 7/8/2015
Comment1 Comment  |  Read  |  Post a Comment
Cybercriminal Group Spying On US, European Businesses For Profit
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Symantec, Kaspersky Lab spot Morpho' hacking team that hit Apple, Microsoft, Facebook and Twitter expanding its targets to lucrative industries for possible illegal trading purposes.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/8/2015
Comment1 Comment  |  Read  |  Post a Comment
6 Emerging Android Threats
Sara Peters, Senior Editor at Dark Reading
A peek at some of the Android vulnerabilities and malware that will be revealed at Black Hat USA next month.
By Sara Peters Senior Editor at Dark Reading, 7/7/2015
Comment1 Comment  |  Read  |  Post a Comment
Underwriters Laboratories To Launch Cyber Security Certification Program
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Meanwhile, UL is also in discussion with the White House on its plans to foster standards for Internet of Things security.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/6/2015
Comment1 Comment  |  Read  |  Post a Comment
In The Cyber Realm, Let’s Be Knights Not Blacksmiths
Jeff Schilling, CSO, FirehostCommentary
Why the Internet of Things is our chance to finally get information security right.
By Jeff Schilling CSO, Firehost, 7/2/2015
Comment3 comments  |  Read  |  Post a Comment
Smart Cities' 4 Biggest Security Challenges
Sara Peters, Senior Editor at Dark ReadingNews
The messiness of politics and the vulnerability of the Internet of Things in one big, unwieldy package.
By Sara Peters Senior Editor at Dark Reading, 7/1/2015
Comment4 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by suhasuseless
Current Conversations cool article..really cool
In reply to: good post
Post Your Own Reply
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4293
Published: 2015-07-30
The packet-reassembly implementation in Cisco IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (CPU consumption or packet loss) via fragmented (1) IPv4 or (2) IPv6 packets that trigger ATTN-3-SYNC_TIMEOUT errors after reassembly failures, aka Bug ID CSCuo37957.

CVE-2014-7912
Published: 2015-07-29
The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and other products, does not validate the relationship between length fields and the amount of data, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory c...

CVE-2014-7913
Published: 2015-07-29
The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corru...

CVE-2015-2977
Published: 2015-07-29
Webservice-DIC yoyaku_v41 allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via unspecified vectors.

CVE-2015-2978
Published: 2015-07-29
Webservice-DIC yoyaku_v41 allows remote attackers to bypass authentication and complete a conference-room reservation via unspecified vectors, as demonstrated by an "unintentional reservation."

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!