Endpoint
News & Commentary
The 7 ‘Most Common’ RATS In Use Today
Udi Shamir, Chief Security Officer, SentinelOneCommentary
Sniffing out RATS -- remote access Trojans -- is a challenge for even the most hardened cyber defender. Here’s a guide to help you in the hunt.
By Udi Shamir Chief Security Officer, SentinelOne, 8/28/2015
Comment1 Comment  |  Read  |  Post a Comment
Cybersecurity Under FTC Authority: What Does it Mean?
Tom Kellermann, Chief Cybersecurity Office, Trend MicroCommentary
Consumers can now expect the same level of security and privacy in the digital realm as they do in the physical.
By Tom Kellermann Chief Cybersecurity Office, Trend Micro, 8/27/2015
Comment8 comments  |  Read  |  Post a Comment
Consumers Want Password Alternatives
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Consumer confidence in online passwords wanes and their password hygiene remains as sketchy as ever, study finds.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/27/2015
Comment0 comments  |  Read  |  Post a Comment
Ouch! Feeling The Pain Of Cybersecurity In Healthcare
Marilyn Cohodas, Community Editor, Dark Reading
There are lots of reasons why medical data is so vulnerable but the sheer numbers at risk speak volumes about the scale of the problem.
By Marilyn Cohodas Community Editor, Dark Reading, 8/25/2015
Comment11 comments  |  Read  |  Post a Comment
Keyless Cars: A New Frontier For Bug Bounties?
Ken Munro,  Partner & Founder, Pen Test Partners LLPCommentary
With up to 100 million lines of code in the average car today -- and growing -- security vulnerabilities are bound to become the new normal.
By Ken Munro Partner & Founder, Pen Test Partners LLP, 8/24/2015
Comment4 comments  |  Read  |  Post a Comment
Pen Testing A Smart City
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Black Hat speakers visit the Dark Reading News Desk to discuss the stunning complexity and many soft spots of a metropolis full of IoT devices.
By Sara Peters Senior Editor at Dark Reading, 8/21/2015
Comment1 Comment  |  Read  |  Post a Comment
With Great IoT Comes Great Insecurity
Bil Harmer​, Chief Security Officer, GoodDataCommentary
In the brave new world of 'things' and the services they connect to, built-in security has never been more critical. Here's what's getting in the way.
By Bil Harmer​ Chief Security Officer, GoodData, 8/21/2015
Comment2 comments  |  Read  |  Post a Comment
Re-evaluating Ransomware, Without The Hype
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Engin Kirda, chief architect of LastLine, joins the Dark Reading News Desk at Black Hat Aug. 5 to explain why most ransomware isn't as scary as we think.
By Sara Peters Senior Editor at Dark Reading, 8/18/2015
Comment2 comments  |  Read  |  Post a Comment
An Apple Fanboi Writing Malware For Mac OSX
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Patrick Wardle, director of research for Synack, spoke about his "Writing Bad@$$ Malware for OS X" session at the Dark Reading News Desk at Black Hat.
By Sara Peters Senior Editor at Dark Reading, 8/18/2015
Comment3 comments  |  Read  |  Post a Comment
Making The Security Case For A Software-Defined Perimeter
Kurt A. Mueffelmann, President & CEO, CryptzoneCommentary
With SDP, organizations can create an 'invisible' infrastructure that only authorized users and devices can access. Here’s why it’s time has come.
By Kurt A. Mueffelmann President & CEO, Cryptzone, 8/18/2015
Comment0 comments  |  Read  |  Post a Comment
Securing OS X: Apple, Security Vendors Need To Up Their Game
Rutrell Yasin, Business Technology Writer, Tech Writers BureauNews
To date, OS X malware is pretty lame, but it’s easy to write better malware to bypass current defenses, security researcher Patrick Wardle told a Black Hat audience last week.
By Rutrell Yasin Business Technology Writer, Tech Writers Bureau, 8/12/2015
Comment2 comments  |  Read  |  Post a Comment
June Was 'Worst Month Of Malvertising Ever'
Sara Peters, Senior Editor at Dark ReadingNews
Flash zero-days made it easier to deliver ransomware and banking Trojans, and commit click fraud.
By Sara Peters Senior Editor at Dark Reading, 8/12/2015
Comment1 Comment  |  Read  |  Post a Comment
FTC to Black Hat Attendees: Help Us Make Good Tech Policy
Fahmida Y. Rashid, Contributing Editor, Dark ReadingNews
The FTC’s chief technologist made a direct appeal to security, privacy, and technology communities to get involved and help shape tech laws and policies.
By Fahmida Y. Rashid Contributing Editor, Dark Reading, 8/12/2015
Comment1 Comment  |  Read  |  Post a Comment
Data Protection: The 98 Percent Versus The 2 Percent
Jeff Schilling, CSO, FirehostCommentary
Four steps for defending your most sensitive corporate information from the inside out.
By Jeff Schilling CSO, Firehost, 8/11/2015
Comment0 comments  |  Read  |  Post a Comment
IoT Working Group Crafts Framework For Security, Privacy
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Microsoft, Symantec, Target, home security system vendor ADT and others team up and issue security recommendations for some consumer Internet of Things things -- but embedded firmware remains a wildcard.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/11/2015
Comment1 Comment  |  Read  |  Post a Comment
Risk of Data Loss From Non-Jailbroken iOS Devices Real, Security Firm says
Jai Vijayan, Freelance writerNews
Data from the Hacking Team reveals actively used exploit for breaking into and stealing data from registered iOS systems, FireEye says.
By Jai Vijayan Freelance writer, 8/7/2015
Comment0 comments  |  Read  |  Post a Comment
Defending Industrial Ethernet Switches Is Not Easy, But Doable
Rutrell Yasin, Business Technology Writer, Tech Writers BureauNews
Attacks and vulnerabilities against ICS and SCADA can be detected and monitored if operational folks know their network infrastructure.
By Rutrell Yasin Business Technology Writer, Tech Writers Bureau, 8/6/2015
Comment0 comments  |  Read  |  Post a Comment
New SMB Relay Attack Steals User Credentials Over Internet
Fahmida Y. Rashid, Contributing Editor, Dark ReadingNews
Researchers found a twist to an older vulnerability that lets them launch SMB relay attacks from the Internet.
By Fahmida Y. Rashid Contributing Editor, Dark Reading, 8/5/2015
Comment0 comments  |  Read  |  Post a Comment
From The Black Hat Keynote Stage: Jennifer Granick
Marilyn Cohodas, Community Editor, Dark ReadingNews
World famous defender of hackers, privacy, and civil liberties exhorts attendees to preserve the dream of an open Internet.
By Marilyn Cohodas Community Editor, Dark Reading, 8/5/2015
Comment1 Comment  |  Read  |  Post a Comment
Code Theft: Protecting IP At The Source
Anna Chiang, Technical Marketing Manager, Perforce SoftwareCommentary
Your corporate assets are at risk and every day that you avoid taking action shortens the time until your IP will be leaked. Here are six steps toward better data security.
By Anna Chiang Technical Marketing Manager, Perforce Software, 7/29/2015
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3966
Published: 2015-08-30
The IPsec SA establishment process on Innominate mGuard devices with firmware 8.x before 8.1.7 allows remote authenticated users to cause a denial of service (VPN service restart) by leveraging a peer relationship to send a crafted configuration with compression.

CVE-2015-4555
Published: 2015-08-30
Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vect...

CVE-2015-5698
Published: 2015-08-30
Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVE-2015-4497
Published: 2015-08-29
Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets (CSS) token...

CVE-2015-4498
Published: 2015-08-29
The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early point i...

Dark Reading Radio
Archived Dark Reading Radio
Another Black Hat is in the books and Dark Reading was there. Join the editors as they share their top stories, biggest lessons, and best conversations from the premier security conference.