Endpoint
News & Commentary
7 New Rules For IoT Safety & Vuln Disclosure
Lysa Myers, Security Researcher, ESETCommentary
In the Internet of Things, even the lowliest smart device can be used for a malicious purpose. Manufacturers take heed!
By Lysa Myers Security Researcher, ESET, 9/24/2016
Comment0 comments  |  Read  |  Post a Comment
Biometric Skimmers Pose Emerging Threat To ATMs
Jai Vijayan, Freelance writerNews
Even as financial institutions move to shore up ATM security with biometric mechanisms, cybercrooks are busy figuring out ways to beat them.
By Jai Vijayan Freelance writer, 9/22/2016
Comment1 Comment  |  Read  |  Post a Comment
Snowden: Hollywood Highlights 2 Persistent Privacy Threats
Will Ackerly, Co-Founder & CTO, VirtruCommentary
Oliver Stones movie shows us that while most of us have nothing to hide, we all have information worth protecting both technically and constitutionally.
By Will Ackerly Co-Founder & CTO, Virtru, 9/22/2016
Comment9 comments  |  Read  |  Post a Comment
Even A False Positive Can Be Valuable
Mark Clancy, CEO, SoltraCommentary
Sharing information about cyberthreats is important for the financial services industry, even when threats turn out to be not-so-threatening.
By Mark Clancy CEO, Soltra, 9/22/2016
Comment0 comments  |  Read  |  Post a Comment
Majority Of Major Corporations Have User Credentials Stolen And Exposed
Jai Vijayan, Freelance writerNews
Companies in the entertainment and technology sectors are far more exposed than others, Digital Shadows analysis shows.
By Jai Vijayan Freelance writer, 9/21/2016
Comment0 comments  |  Read  |  Post a Comment
A Twist On The Cyber Kill Chain: Defending Against A JavaScript Malware Attack
Marc Laliberte, Information Security Threat Analyst, WatchGuard TechnologiesCommentary
This slightly modified model is a practical way to keep attackers out of your systems.
By Marc Laliberte Information Security Threat Analyst, WatchGuard Technologies, 9/21/2016
Comment0 comments  |  Read  |  Post a Comment
Rand Study: Average Data Breach Costs $200K, Not Millions
Terry Sweeney, Contributing EditorNews
Rand taps multiple data sources to calculate that cyber incidents cost firms a scant 0.4% of annual revenues, on average.
By Terry Sweeney Contributing Editor, 9/21/2016
Comment2 comments  |  Read  |  Post a Comment
Smartphone Infections Rise 96% In H1-2016: Malware Study
Dark Reading Staff, Quick Hits
Nokia report reveals April 2016 saw new all-time high in mobile infections with one out of every 120 smartphone affected.
By Dark Reading Staff , 9/20/2016
Comment0 comments  |  Read  |  Post a Comment
Scientist Clones Chip To Unlock iPhone, Proves FBI Wrong
Dark Reading Staff, Quick Hits
Dr. Sergei Skorobogatov of Cambridge University spent $100 on a process that may have cost FBI $1 million.
By Dark Reading Staff , 9/20/2016
Comment0 comments  |  Read  |  Post a Comment
What Smart Cities Can Teach Enterprises About Security
Gary Hayslip, Deputy Director, CISO, City of San DiegoCommentary
The more you simplify your security program while still being effective, the better, says San Diegos chief information security officer. Heres his three-step process.
By Gary Hayslip Deputy Director, CISO, City of San Diego, 9/19/2016
Comment0 comments  |  Read  |  Post a Comment
San Bernardino iPhone Hack: Media Agencies Sue FBI For Vendor Details
Dark Reading Staff, Quick Hits
Associated Press and two others invoke Freedom of Information Act against the government seeking details of secret transaction.
By Dark Reading Staff , 9/19/2016
Comment0 comments  |  Read  |  Post a Comment
Whats The Risk? 3 Things To Know About Chatbots & Cybersecurity
Mike Baker, Founder & Principal, Mosaic451Commentary
Interactive message bots are useful and becoming more popular, but they raise serious security issues.
By Mike Baker Founder & Principal, Mosaic451, 9/19/2016
Comment3 comments  |  Read  |  Post a Comment
Google Chrome To Flag Non-HTTPS Logins, Credit Card Info 'Not Secure'
Terry Sweeney, Contributing EditorNews
The move is part of a larger Google push to lock down Web traffic using encryption between the browser and Web server.
By Terry Sweeney Contributing Editor, 9/15/2016
Comment0 comments  |  Read  |  Post a Comment
Students Say They'd Only Pay Ransomware Operators About $50
Dark Reading Staff, Quick Hits
Webroot survey finds that students will pay more to recover their private photos than to recover their schoolwork.
By Dark Reading Staff , 9/15/2016
Comment0 comments  |  Read  |  Post a Comment
Yes, The Cloud Can Be A Security Win
Stan Black, CSO, CitrixCommentary
With the right controls in place, the cloud doesnt have to be a scary place. These guidelines can help your company stay safe.
By Stan Black CSO, Citrix, 9/15/2016
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Patches Zero Day Flaw Used In Two Massive Malvertising Campaigns
Jai Vijayan, Freelance writerNews
Bug gave attackers a way to identify and avoid systems belonging to security researchers and vendors, Proofpoint says.
By Jai Vijayan Freelance writer, 9/14/2016
Comment0 comments  |  Read  |  Post a Comment
Making The Dark Web Less Scary
Dark Reading Staff, CommentaryVideo
Lance James, chief scientist at Flashpoint, stops by the Dark Reading News Desk to share his thoughts about the Dark Web.
By Dark Reading Staff , 9/14/2016
Comment0 comments  |  Read  |  Post a Comment
Risk Management Best Practices For CISOs
Jim Bandanza & Mike D. Kail, Cyber Security Industry Advisor & Cybric Chief Innovation OfficerCommentary
What's your company's risk appetite? Our list of best practices can help you better understand a difficult topic.
By Jim Bandanza and Mike D. Kail , 9/14/2016
Comment0 comments  |  Read  |  Post a Comment
Yes, Your Database Can Be Breached Through A Coffee Pot
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Aditya Gupta, CEO of Attify, talks about how to improve Internet of Things security and the very worst scenarios he's encountered in an IoT penetration test.
By Sara Peters Senior Editor at Dark Reading, 9/13/2016
Comment0 comments  |  Read  |  Post a Comment
Data Manipulation: An Imminent Threat
John Moynihan, President, Minuteman GovernanceCommentary
Critical industries are largely unprepared for a potential wave of destructive attacks.
By John Moynihan President, Minuteman Governance, 9/12/2016
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Cybercrime has become a well-organized business, complete with job specialization, funding, and online customer service. Dark Reading editors speak to cybercrime experts on the evolution of the cybercrime economy and the nature of today's attackers.