Endpoint
News & Commentary
IRS Breach Exposes 100,000 Taxpayers' Tax Returns, Other Data
Dark Reading Staff, Quick Hits
Online 'Get Transcript' service accessed from February to mid-May.
By Dark Reading Staff , 5/26/2015
Comment2 comments  |  Read  |  Post a Comment
Google: Account Recovery Security Questions Not Very Secure
Jai Vijayan, Freelance writerNews
An analysis of millions of answers to security questions show many are predictable and easily guessable, says Google.
By Jai Vijayan Freelance writer, 5/22/2015
Comment2 comments  |  Read  |  Post a Comment
Data Encryption In The Cloud: Square Pegs In Round Holes
Thomas Ristenpart, Asst. Professor, Computer Sciences, University of WisconsinCommentary
Conventional encryption is a surefire solution for protecting sensitive data -- except when it breaks cloud applications. “Format-preserving” encryption could change all that.
By Thomas Ristenpart Asst. Professor, Computer Sciences, University of Wisconsin, 5/21/2015
Comment0 comments  |  Read  |  Post a Comment
5 Signs Credentials In Your Network Are Being Compromised
Idan Tendler, CEO, FortscaleCommentary
Where should you start to keep ahead of attackers using insiders to steal corporate secrets or personal identifiable information? Check out these common scenarios.
By Idan Tendler CEO, Fortscale, 5/20/2015
Comment1 Comment  |  Read  |  Post a Comment
Hacking Airplanes: No One Benefits When Lives Are Risked To Prove A Point
Don Bailey, Founder & CEO, Lab Mouse SecurityCommentary
In the brave new world of self-driving cars and Wifi-enabled pacemakers, everything we do as information security professionals, everything we hack, every joke we make on Twitter, has real, quantifiable consequences.
By Don Bailey Founder & CEO, Lab Mouse Security, 5/19/2015
Comment7 comments  |  Read  |  Post a Comment
When Encrypted Communication Is Not Good Enough
Lysa Myers, Security Researcher, ESETCommentary
For the vast majority of conversations -- on paper, by phone or computer -- encryption is a perfectly adequate form of protection. Unless, of course, a life or livelihood is at stake.
By Lysa Myers Security Researcher, ESET, 5/14/2015
Comment5 comments  |  Read  |  Post a Comment
Protecting The Data Lifecycle From Network To Cloud
Gerry Grealish, CMO, PerspecsysCommentary
Enterprises are pushing more sensitive and regulated data into the public cloud than ever before. But the journey carries many new risks.
By Gerry Grealish CMO, Perspecsys, 5/12/2015
Comment0 comments  |  Read  |  Post a Comment
Building a Stronger Security Strategy: 6 Tips
Harry Folloder, CIO, Advantage Waypoint LLC (AWP)Commentary
CIO offers his formula for achieving the right balance between data security and employee productivity and convenience
By Harry Folloder CIO, Advantage Waypoint LLC (AWP), 5/4/2015
Comment0 comments  |  Read  |  Post a Comment
Wi-Fi Woes Continue To Plague Infosec
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Several pieces of research coincide to send the message that hotspot connectivity is probably always going to be a sore spot for security.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/30/2015
Comment8 comments  |  Read  |  Post a Comment
Hacking The Real Mobile Threats
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Mobile malware remains a mess, but the actual threat depends on where you live and where you get your apps.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/27/2015
Comment3 comments  |  Read  |  Post a Comment
Twitter's Top 10 Social CISOs
Marilyn Cohodas, Community Editor, Dark Reading
If you work in information security today, you're on Twitter. Or are you?
By Marilyn Cohodas Community Editor, Dark Reading, 4/27/2015
Comment1 Comment  |  Read  |  Post a Comment
As Malware Surges, U.S. Remains Biggest Source of Attacks
Jai Vijayan, Freelance writerNews
The country leads others in malicious IP, URLs and phishing sites.
By Jai Vijayan Freelance writer, 4/24/2015
Comment7 comments  |  Read  |  Post a Comment
Smartphone Security Shootout
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researcher compared Apple iOS, Android, Windows smartphones for business use privacy and security.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/24/2015
Comment16 comments  |  Read  |  Post a Comment
BBVA CISOs Give Tips For Securing 'Digital Bank'
Sara Peters, Senior Editor at Dark ReadingNews
At RSA conference today, CISOs at the multinational financial organization describe security strategy.
By Sara Peters Senior Editor at Dark Reading, 4/21/2015
Comment1 Comment  |  Read  |  Post a Comment
Health Insurers’ Digital Footprint Widening Attack Surface
Peter Zavlaris, Analyst, RiskIQCommentary
Insurers are ripe targets for attackers since they’re efficient concentrators of every kind of data needed for identity theft, credit card and insurance fraud. Here’s proof.
By Peter Zavlaris Analyst, RiskIQ, 4/21/2015
Comment1 Comment  |  Read  |  Post a Comment
Plan X: DARPA's Revolutionary Cyber Security Platform
Joe Stanganelli, Attorney, Beacon Hill Law
DARPA's Plan X aims to make active cyber defense more accessible to the masses through agility, training, and intuitive interfaces.
By Joe Stanganelli Attorney, Beacon Hill Law, 4/21/2015
Comment2 comments  |  Read  |  Post a Comment
7 Deadly Sins That Get Users Hacked
Ericka Chickowski, Contributing Writer, Dark Reading
How users and their endpoints are leveraged by the bad guys to eventually find their way to critical data
By Ericka Chickowski Contributing Writer, Dark Reading, 4/16/2015
Comment11 comments  |  Read  |  Post a Comment
How Ionic Says It Makes Data Breaches Irrelevant
Sara Peters, Senior Editor at Dark ReadingNews
Ionic Security goes public with a data security platform that manages trillions of encryption keys and enables a user to sign each pixel with its own unique key.
By Sara Peters Senior Editor at Dark Reading, 4/15/2015
Comment2 comments  |  Read  |  Post a Comment
Police Pay Off Ransomware Operators, Again
Sara Peters, Senior Editor at Dark ReadingNews
Law enforcement agencies are proving to be easy marks -- but are they any worse than the rest of us?
By Sara Peters Senior Editor at Dark Reading, 4/14/2015
Comment1 Comment  |  Read  |  Post a Comment
Verizon DBIR: Mobile Devices Not A Factor In Real-World Attacks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New annual Verizon Data Breach Investigations Report shows most attacks affect a secondary victim, the average cost of a data breach is just 58 cents per stolen record -- and attackers are not going after mobile en masse.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/14/2015
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by ODA155
Current Conversations Wow...
In reply to: Re: Remembering 911
Post Your Own Reply
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-9710
Published: 2015-05-27
The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time windo...

CVE-2014-9715
Published: 2015-05-27
include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that trig...

CVE-2015-2666
Published: 2015-05-27
Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to t...

CVE-2015-2830
Published: 2015-05-27
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrate...

CVE-2015-2922
Published: 2015-05-27
The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.