Endpoint
News & Commentary
How To Stay Safe On The Black Hat Network: ‘Don’t Connect To It’
Neil R. Wyler (Grifter), Threat Hunting and Incident Response Specialist, RSACommentary
Black Hat attendees may have changed their titles and now carry business cards but hackers gotta hack and there’s no better place to do it than Black Hat.
By Neil R. Wyler (Grifter) Threat Hunting and Incident Response Specialist, RSA, 7/28/2016
Comment5 comments  |  Read  |  Post a Comment
7 Ways To Charm Users Out of Their Passwords
Terry Sweeney, Contributing Editor
While the incentives have changed over time, it still takes remarkably little to get users to give up their passwords.
By Terry Sweeney Contributing Editor, 7/27/2016
Comment10 comments  |  Read  |  Post a Comment
Dark Reading News Desk Coming Back To Black Hat, Live
Sara Peters, Senior Editor at Dark ReadingNews
Live from Las Vegas: 40 video interviews with Black Hat USA conference speakers and sponsors. Wednesday Aug. 3, Thursday Aug, 4, 2 p.m. - 6:10 p.m. ET.
By Sara Peters Senior Editor at Dark Reading, 7/27/2016
Comment0 comments  |  Read  |  Post a Comment
The Internet Of Tiny Things: What Lurks Inside
Dan Cuddeford, Director of Sales Engineering, WanderaCommentary
Hackers can now use a tiny $2 embedded chip -- at scale -- to launch thousands of infected 'things' out into the ether to capture data and soften consumers up for an attack.
By Dan Cuddeford Director of Sales Engineering, Wandera, 7/27/2016
Comment0 comments  |  Read  |  Post a Comment
In Security, Know That You Know Nothing
Michael Sutton, Chief Information Security Office, ZscalerCommentary
Only when security professionals become aware of what they don’t know, can they start asking the right questions and implementing the right security controls.
By Michael Sutton Chief Information Security Office, Zscaler, 7/26/2016
Comment7 comments  |  Read  |  Post a Comment
Report Finds Healthcare Most Targeted By Ransomware
Dark Reading Staff, Quick Hits
Top ransomware variant Cryptowall accounts for almost 94% of all detected attacks, says Solutionary.
By Dark Reading Staff , 7/26/2016
Comment1 Comment  |  Read  |  Post a Comment
'MouseJack' Researchers Uncover Major Wireless Keyboard Vulnerability
Ericka Chickowski, Contributing Writer, Dark ReadingNews
KeySniffer attack shows two-thirds of low-cost wireless keyboards prone to keystroke capture and malicious keystroke injection.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/26/2016
Comment0 comments  |  Read  |  Post a Comment
New Portal Offers Decryption Tools For Some Ransomware Victims
Jai Vijayan, Freelance writerNews
Nomoreransom.org, a joint initiative between Europol, the Dutch National Police, Kaspersky Lab and Intel Security, offers help in getting encrypted data back.
By Jai Vijayan Freelance writer, 7/25/2016
Comment0 comments  |  Read  |  Post a Comment
10 Hottest Talks at Black Hat USA 2016
Sean Martin, CISSP | President, imsmartin
The impressive roll call of speakers offers a prime opportunity to learn from the very best of the information security world.
By Sean Martin CISSP | President, imsmartin, 7/25/2016
Comment0 comments  |  Read  |  Post a Comment
Building Black Hat: Locking Down One Of The World’s Biggest Security Conferences
Aamir Lakhani, Senior Security Strategist & Hacker, Fortinet, FortiGuard Advanced LabsCommentary
For security pros, being asked to help secure Black Hat is like being asked to play on the Olympic basketball team.
By Aamir Lakhani Senior Security Strategist & Hacker, Fortinet, FortiGuard Advanced Labs, 7/25/2016
Comment0 comments  |  Read  |  Post a Comment
7 Ways To Lock Down Your Privileged Accounts
Steve Zurier, Freelance Writer
Admin passwords contained within privileged accounts can open up the keys to the kingdom to determined attackers. Here's how to stop them.
By Steve Zurier Freelance Writer, 7/22/2016
Comment0 comments  |  Read  |  Post a Comment
Security Gets Political With Hacks, Darknet Sales
Terry Sweeney, Contributing EditorNews
As presidential campaigns get into full swing, neither party is immune to online chicanery -- and neither are voters
By Terry Sweeney Contributing Editor, 7/21/2016
Comment0 comments  |  Read  |  Post a Comment
Ex-Cardinal Exec Jailed For Hacking Astros
Dark Reading Staff, Quick Hits
Christopher Correa gets 46 months for unlawful access of rival’s database and downloading confidential details.
By Dark Reading Staff , 7/20/2016
Comment0 comments  |  Read  |  Post a Comment
Deconstructing Connected Cars: A Hack Waiting To Happen
Cameron Camp, ESET Security ResearcherCommentary
Why your automobile’s simple and reliable Controller Area Network will put you at risk in the brave new world of connected and autonomous driving.
By Cameron Camp ESET Security Researcher, 7/19/2016
Comment0 comments  |  Read  |  Post a Comment
Ransomware Victims Rarely Pay The Full Ransom Price
Jai Vijayan, Freelance writerNews
The purveyors of cyber-extortion schemes often willing to negotiate their ransom fees, F-Secure study finds.
By Jai Vijayan Freelance writer, 7/18/2016
Comment2 comments  |  Read  |  Post a Comment
Locking Down Windows 10: 6 New Features
Rutrell Yasin, Business Technology Writer, Tech Writers Bureau
The latest version of Windows includes expanded identity and access controls, advanced Bitlocker encryption, and new malware protections.
By Rutrell Yasin Business Technology Writer, Tech Writers Bureau, 7/18/2016
Comment0 comments  |  Read  |  Post a Comment
Beyond Data: Why CISOs Must Pay Attention To Physical Security
Todd Thibodeaux, President & CEO, CompTIACommentary
Information security professionals are missing the big picture if they think of vulnerabilities and threats only in terms of data protection, password hygiene and encryption.
By Todd Thibodeaux President & CEO, CompTIA, 7/18/2016
Comment1 Comment  |  Read  |  Post a Comment
Staying Cyber Safe At The Olympics
Ericka Chickowski, Contributing Writer, Dark Reading
Travel tips and more in hostile environments abroad.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/16/2016
Comment1 Comment  |  Read  |  Post a Comment
What SMBs Need To Know About Security But Are Afraid To Ask
Sean Martin, CISSP | President, imsmartin
A comprehensive set of new payment protection resources from the PCI Security Standards Council aims to help small- and medium-sized businesses make security a priority.
By Sean Martin CISSP | President, imsmartin, 7/14/2016
Comment1 Comment  |  Read  |  Post a Comment
What's Next For Canada’s Surveillance Landscape?
Bruce Cowper, SecTor Co-FounderCommentary
Edward Snowden headlines SecTor security conference as Canadian privacy advocates await the Trudeau government’s next move in the country’s complex privacy and security debate.
By Bruce Cowper SecTor Co-Founder, 7/14/2016
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Changing Face of Identity Management
Mobility and cloud services are altering the concept of user identity. Here are some ways to keep up.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio

The cybersecurity profession struggles to retain women (figures range from 10 to 20 percent). It's particularly worrisome for an industry with a rapidly growing number of vacant positions.

So why does the shortage of women continue to be worse in security than in other IT sectors? How can men in infosec be better allies for women; and how can women be better allies for one another? What is the industry doing to fix the problem -- what's working, and what isn't?

Is this really a problem at all? Are the low numbers simply an indication that women do not want to be in cybersecurity, and is it possible that more women will never want to be in cybersecurity? How many women would we need to see in the industry to declare success?

Join Dark Reading senior editor Sara Peters and guests Angela Knox of Cloudmark, Barrett Sellers of Arbor Networks, Regina Wallace-Jones of Facebook, Steve Christey Coley of MITRE, and Chris Roosenraad of M3AAWG on Wednesday, July 13 at 1 p.m. Eastern Time to discuss all this and more.