Endpoint
News & Commentary
Plan X: DARPA's Revolutionary Cyber Security Platform
Joe Stanganelli, Attorney, Beacon Hill Law
DARPA's Plan X aims to make active cyber defense more accessible to the masses through agility, training, and intuitive interfaces.
By Joe Stanganelli Attorney, Beacon Hill Law, 4/21/2015
Comment1 Comment  |  Read  |  Post a Comment
7 Deadly Sins That Get Users Hacked
Ericka Chickowski, Contributing Writer, Dark Reading
How users and their endpoints are leveraged by the bad guys to eventually find their way to critical data
By Ericka Chickowski Contributing Writer, Dark Reading, 4/16/2015
Comment9 comments  |  Read  |  Post a Comment
How Ionic Says It Makes Data Breaches Irrelevant
Sara Peters, Senior Editor at Dark ReadingNews
Ionic Security goes public with a data security platform that manages trillions of encryption keys and enables a user to sign each pixel with its own unique key.
By Sara Peters Senior Editor at Dark Reading, 4/15/2015
Comment2 comments  |  Read  |  Post a Comment
Police Pay Off Ransomware Operators, Again
Sara Peters, Senior Editor at Dark ReadingNews
Law enforcement agencies are proving to be easy marks -- but are they any worse than the rest of us?
By Sara Peters Senior Editor at Dark Reading, 4/14/2015
Comment1 Comment  |  Read  |  Post a Comment
Verizon DBIR: Mobile Devices Not A Factor In Real-World Attacks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New annual Verizon Data Breach Investigations Report shows most attacks affect a secondary victim, the average cost of a data breach is just 58 cents per stolen record -- and attackers are not going after mobile en masse.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/14/2015
Comment2 comments  |  Read  |  Post a Comment
New Security Flaw Spans All Versions Of Windows
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Newly found 'forever-day' vulnerability affects 31 popular software programs including applications from Adobe, Apple, Microsoft, Symantec -- and Windows 10 preview.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/13/2015
Comment0 comments  |  Read  |  Post a Comment
Apple Patches 'Darwin Nuke,' Other Security Flaws With New OS Releases
Jai Vijayan, Freelance writerNews
Denial-of-service flaw discovered by researchers at Kaspersky Lab could affect Apple users' corporate networks.
By Jai Vijayan Freelance writer, 4/10/2015
Comment0 comments  |  Read  |  Post a Comment
Utilities And Education The Most Bot-Infested Sectors
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The more bots in-house, the more a company is likely to have reported a data breach, BitSight report finds.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/9/2015
Comment13 comments  |  Read  |  Post a Comment
Beebone Botnet Taken Down By Another Security Team-Up
Sara Peters, Senior Editor at Dark ReadingNews
Small in scale, but high in sophistication, the Beebone botnet and polymorphic downloader is disrupted by an international, public-private effort.
By Sara Peters Senior Editor at Dark Reading, 4/9/2015
Comment6 comments  |  Read  |  Post a Comment
AlienSpy A More Sophisticated Version Of The Same Old RATs
Jai Vijayan, Freelance writerNews
The AlienSpy remote access Trojan bears a resemblance to Frutas, Adwind, and Unrecom, say researchers at Fidelis.
By Jai Vijayan Freelance writer, 4/8/2015
Comment0 comments  |  Read  |  Post a Comment
3 Internet Of Things Devices That Threaten More Than Your Data
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Veracode study of IoT devices show how vulnerabilities in our always-on households can have dire real-world consequences.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/7/2015
Comment2 comments  |  Read  |  Post a Comment
So, You 'Don’t Believe In' Security Education?
Joe Ferrara,  President & CEO, Wombat Security TechnologiesCommentary
You're in the minority for a reason. Here's why.
By Joe Ferrara President & CEO, Wombat Security Technologies, 4/7/2015
Comment9 comments  |  Read  |  Post a Comment
3 Of 4 Global 2000 Companies Still Vulnerable To Heartbleed
Sara Peters, Senior Editor at Dark ReadingNews
Largest companies on Earth might have patched, but haven't done their due diligence with revoking and issuing new certificates, says Venafi.
By Sara Peters Senior Editor at Dark Reading, 4/7/2015
Comment1 Comment  |  Read  |  Post a Comment
The Good & Bad Of BYOD
Michele Chubirka, Security ArchitectCommentary
BYOD has very little to do with technology and everything to do with security, organizational politics, and human psychology.
By Michele Chubirka Security Architect, 4/3/2015
Comment4 comments  |  Read  |  Post a Comment
Salesforce Acquires Mobile Authentication Specialist Toopher
Nathan Eddy, Freelance WriterNews
Salesforce is looking to add to its identity and access management offering by acquiring start-up Toopher. Financial details were not disclosed.
By Nathan Eddy Freelance Writer, 4/2/2015
Comment0 comments  |  Read  |  Post a Comment
8 Identity & Access Metrics To Manage Breach Risks
Ericka Chickowski, Contributing Writer, Dark Reading
Measurables for improving security posture around access controls.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/2/2015
Comment0 comments  |  Read  |  Post a Comment
Dance Of The 'Next-Gen' CISO
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Security Pro File: Classical ballerina-turned hacker-turned CISO Justine Bone talks old-school hacking, biometric authentication, coding in stilettos, Kristin Wiig -- and finishing her kids' leftover mac and cheese.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/1/2015
Comment0 comments  |  Read  |  Post a Comment
30% Of Companies Would Pay Ransoms To Cybercriminals
Sara Peters, Senior Editor at Dark ReadingNews
Factor in under-reporting and the growing sophistication of ransomware -- like PacMan's social engineering scheme -- and the number might be higher.
By Sara Peters Senior Editor at Dark Reading, 3/31/2015
Comment4 comments  |  Read  |  Post a Comment
Hotel Router Vulnerability A Reminder Of Untrusted WiFi Risks
Jai Vijayan, Freelance writerNews
A flaw in a popular router product may have exposed millions of hotel guests, researchers from Cylance say.
By Jai Vijayan Freelance writer, 3/27/2015
Comment2 comments  |  Read  |  Post a Comment
SSL/TLS Suffers 'Bar Mitzvah Attack'
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researcher at Black Hat Asia shows how attackers could abuse a known-weak crypto algorithm to steal credentials and other data from encrypted communications.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/26/2015
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by praneeth.goud
Current Conversations nice one
In reply to: Re: What's next?
Post Your Own Reply
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-1701
Published: 2015-04-21
Unspecified vulnerability in Microsoft Windows before 8 allows local users to gain privileges via unknown vectors, as exploited in the wild in April 2015.

CVE-2015-2041
Published: 2015-04-21
net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.

CVE-2015-2042
Published: 2015-04-21
net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.

CVE-2015-0702
Published: 2015-04-20
Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the languageShortName parameter to upload a file that provides shell access, aka Bug ID CSCus95712.

CVE-2015-0703
Published: 2015-04-20
Cross-site scripting (XSS) vulnerability in the administrative web interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCus95857.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.