Endpoint
News & Commentary
FBI Report: Deconstructing The Wide Scope Of Internet Crime
Ericka Chickowski, Contributing Writer, Dark Reading
Hottest crimes reported to IC3 last year include ransomware and email scams via business email compromise and all account compromise attacks.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/27/2016
Comment0 comments  |  Read  |  Post a Comment
Bangladesh Reopens 2013 Cold Case Of Bank Theft Via SWIFT
Dark Reading Staff, Quick Hits
Authorities cite similarities in Sonali Bank hack with February's $81 million central bank theft.
By Dark Reading Staff , 5/26/2016
Comment0 comments  |  Read  |  Post a Comment
A Newer Variant Of RawPOS: An In-Depth Look
Melia Kelley, Managing Consultant, UnitedLexCommentary
There's no silver bullet for RawPOS prevention, but you can impede RawPOS's ability to execute successfully by understanding how it works.
By Melia Kelley Managing Consultant, UnitedLex, 5/25/2016
Comment2 comments  |  Read  |  Post a Comment
Apple Rehires Security Expert Jon Callas
Dark Reading Staff, Quick Hits
Move seen as attempt to strengthen encryption features of Apple devices following face-off with FBI.
By Dark Reading Staff , 5/25/2016
Comment0 comments  |  Read  |  Post a Comment
APWG: Phishing Attacks Jump 250% From Oct Through March
Dark Reading Staff, Quick Hits
Quarterly and monthly totals are the highest since the Anti-Phishing Working Group began tracking phishing in 2004.
By Dark Reading Staff , 5/25/2016
Comment0 comments  |  Read  |  Post a Comment
Attackers Clobbering Victims With One-Two Punch Of Ransomware And DDoS
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Encrypted systems now being added to botnets in the latest incarnations of ransomware attacks, with experts expecting this to become standard practice.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/24/2016
Comment6 comments  |  Read  |  Post a Comment
Poor Airport Security Practices Just Don’t Fly
Joe Schorr, Director of Advanced Security Solutions, BomgarCommentary
Five lessons learned the hard way by the Tampa International Airport about bringing third parties into a security environment.
By Joe Schorr Director of Advanced Security Solutions, Bomgar, 5/24/2016
Comment0 comments  |  Read  |  Post a Comment
How To Manage And Control End User Access
Sean Martin, CISSP | President, imsmartin
A look at the perils of manual user-access provisioning and ways to streamline and better manage the process via automation.
By Sean Martin CISSP | President, imsmartin, 5/24/2016
Comment11 comments  |  Read  |  Post a Comment
Google To Eliminate Passwords For Android Apps
Dark Reading Staff, Quick Hits
Project Abacus, in last stage of trial, will employ secure biometrics to unlock devices.
By Dark Reading Staff , 5/24/2016
Comment7 comments  |  Read  |  Post a Comment
$13 Million Stolen From Japan ATMs Via Stolen S. African Bank Data
Dark Reading Staff, Quick Hits
Coordinated fraudsters hit ATMs at 1,400 Japanese 7-Eleven stores -- before lunch.
By Dark Reading Staff , 5/23/2016
Comment4 comments  |  Read  |  Post a Comment
What Europe Tells Us About The Future Of Data Privacy
Alan M Usas, Adjunct Professor, Department of Computer Science, Brown UniversityCommentary
Recent initiatives offer new strategies for balancing technology, security, and organizational policy goals. Here are three approaches worth considering.
By Alan M Usas Adjunct Professor, Department of Computer Science, Brown University, 5/23/2016
Comment1 Comment  |  Read  |  Post a Comment
TeslaCrypt Ransomware Group Pulls Plug, Releases Decrypt Key
Jai Vijayan, Freelance writerNews
But don’t be surprised if group revives campaign or launches another one, security researchers say.
By Jai Vijayan Freelance writer, 5/20/2016
Comment2 comments  |  Read  |  Post a Comment
5 Tips for Protecting Firmware From Attacks
Steve Zurier, Freelance Writer
Don’t let hackers take advantage of holes in firmware. Here’s how to stop them.
By Steve Zurier Freelance Writer, 5/20/2016
Comment1 Comment  |  Read  |  Post a Comment
Bangladesh Official’s Computer Hacked To Carry Out $81 Million Theft
Dark Reading Staff, Quick Hits
Bangladeshi diplomat shares FBI report with Philippine inquiry panel on Bangladesh Bank theft.
By Dark Reading Staff , 5/20/2016
Comment1 Comment  |  Read  |  Post a Comment
IoT Security By The Numbers
Ericka Chickowski, Contributing Writer, Dark Reading
Some recent stats on adoption rates and perceptions about risks surrounding the Internet of Things.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/19/2016
Comment1 Comment  |  Read  |  Post a Comment
Why Security Investigators Should Care About Forensic Research
Paul Shomo,  Technical Manager Strategic Partnerships, Guidance SoftwareCommentary
Despite the promise of expanded visibility into the user trail behind a data breach, the security industry has largely ignored the meticulous advances of forensic researchers. Privacy is just one reason for the snub.
By Paul Shomo Technical Manager Strategic Partnerships, Guidance Software, 5/19/2016
Comment2 comments  |  Read  |  Post a Comment
Time To Treat Sponsors Of Ransomware Campaigns As Terrorists, Lawmaker Says
Jai Vijayan, Freelance writerNews
Fighting ransomware at an international level will require cooperation between law enforcement and State Department, Sen. Lindsey Graham, said at a Senate hearing.
By Jai Vijayan Freelance writer, 5/18/2016
Comment2 comments  |  Read  |  Post a Comment
Tennessee Man Found Guilty Of Mitt Romney Tax Return Hack Scheme
Dark Reading Staff, Quick Hits
Convicted for attempt to blackmail PwC accounting firm with release of former U.S. Presidential candidate's pre-2010 tax returns.
By Dark Reading Staff , 5/16/2016
Comment0 comments  |  Read  |  Post a Comment
Encryption 101: Covering the Bases
Steve Zurier, Freelance Writer
Here’s an overview of the key encryption types you’ll need to lock down your company’s systems.
By Steve Zurier Freelance Writer, 5/13/2016
Comment0 comments  |  Read  |  Post a Comment
Why Online Video Gaming Will Be The Next Industry Under Cyber Attack
Matthew Cook, Co-founder, Panopticon LaboratoriesCommentary
As more money flows into games, criminals are targeting this new and lucrative market with the tools and techniques they once used to hack online banks and Internet retailers.
By Matthew Cook Co-founder, Panopticon Laboratories, 5/13/2016
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
8 Key Building Blocks for Enterprise Network Defense
Networks are changing rapidly -- and so are strategies for protecting them. This Tech Digest looks at the fundamentals for the next-gen environment.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In this episode of Dark Reading Radio, veteran CISOs will share their experience and insight into how organizations can get the best bang for their security buck.