Endpoint
News & Commentary
Microsoft + LinkedIn: How To Spot Insider Trading Risk Early
Eleonore Fournier-Tombs, Field Data Scientist, RedOwlCommentary
With the explosion of mobile, cloud and the blurring of work and personal data, companies considering M&A have a lot to worry about when it comes to insider threats.
By Eleonore Fournier-Tombs Field Data Scientist, RedOwl, 6/28/2016
Comment0 comments  |  Read  |  Post a Comment
Google Accounts Of US Military, Journalists Targeted By Russian Attack Group
Sara Peters, Senior Editor at Dark ReadingNews
The Threat Group 4127 that hit the Democratic National Committee also went after 1,800 other targets with info interesting to Russian government, says SecureWorks.
By Sara Peters Senior Editor at Dark Reading, 6/27/2016
Comment0 comments  |  Read  |  Post a Comment
Cerber Strikes With Office 365 Zero-Day Attacks
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Ransomware variant continues its success through chameleon-like reinvention.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/27/2016
Comment0 comments  |  Read  |  Post a Comment
The Blind Spot Between The Cloud & The Data Center
Saryu Nayyar, CEO, GuruculCommentary
Ask most enterprise security analysts responsible for detection and response about their visibility into identity access risks and you’re likely to get some confused looks. Here’s why.
By Saryu Nayyar CEO, Gurucul, 6/27/2016
Comment0 comments  |  Read  |  Post a Comment
Large Botnet Comes Back To Life -- With More Malware
Jai Vijayan, Freelance writerNews
The Necurs botnet associated with Dridex and Locky is back after three-week haitus.
By Jai Vijayan Freelance writer, 6/23/2016
Comment0 comments  |  Read  |  Post a Comment
Internet Of Things & The Platform Of Parenthood
Don Bailey, Founder & CEO, Lab Mouse SecurityCommentary
A new father’s musings on the problems with securing embedded systems, and why there are so few incentives for architecting trustworthy IoT technology from the ground up.
By Don Bailey Founder & CEO, Lab Mouse Security, 6/23/2016
Comment21 comments  |  Read  |  Post a Comment
Crypto Ransomware Officially Eclipses Screen-Blocker Ransomware
Jai Vijayan, Freelance writerNews
Encryption malware represented 54 percent of all ransomware in April compared to barely 10 percent a year ago, Kaspersky Lab found.
By Jai Vijayan Freelance writer, 6/22/2016
Comment1 Comment  |  Read  |  Post a Comment
Phishing, Whaling & The Surprising Importance Of Privileged Users
Joseph Opacki, VP, Threat Research, PhishLabsCommentary
By bagging a privileged user early on, attackers can move from entry point to mission accomplished in no time at all.
By Joseph Opacki VP, Threat Research, PhishLabs, 6/21/2016
Comment1 Comment  |  Read  |  Post a Comment
5 Tips For Staying Cyber-Secure On Your Summer Vacation
Emily Johnson, Associate Editor, UBM AmericasNews
Stick with mobile payment apps and carrier networks when traveling. And don't broadcast your plans or locations via social media.
By Emily Johnson Associate Editor, UBM Americas, 6/20/2016
Comment2 comments  |  Read  |  Post a Comment
Privacy Shield: Can the US Earn the EU’s Trust Post Apple vs. FBI?
Peter Merkulov, VP, Product Strategy & Technology AlliancesCommentary
Rebuilding the privacy framework for data transfer between the US and its European trading partners won’t be easy but it’s still a worthwhile effort.
By Peter Merkulov VP, Product Strategy & Technology Alliances, 6/20/2016
Comment2 comments  |  Read  |  Post a Comment
An Inside Look At The Mitsubishi Outlander Hack
Steve Zurier, Freelance Writer
White hat hacker finds WiFi flaws in mobile app for popular auto; Mitsubishi working on fix.
By Steve Zurier Freelance Writer, 6/17/2016
Comment0 comments  |  Read  |  Post a Comment
Pretty Good Passwords: Cartoon Caption Contest Winners
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Sticky notes, multi-factor authentication, password reuse and Donald Trump. And the winner is...
By Marilyn Cohodas Community Editor, Dark Reading, 6/16/2016
Comment1 Comment  |  Read  |  Post a Comment
Symantec’s Purchase of Blue Coat Fills Critical Product Gap, Interim President Says
Jai Vijayan, Freelance writerNews
Combined business will have a product portfolio that is wide enough to address all threat vectors, Ajei Gopal says.
By Jai Vijayan Freelance writer, 6/16/2016
Comment0 comments  |  Read  |  Post a Comment
Wendy’s Credit Card Breach Worse Than Earlier Thought
Dark Reading Staff, Quick Hits
Breach took place in two waves, cannot rule out there aren’t others, says the fast food chain.
By Dark Reading Staff , 6/13/2016
Comment0 comments  |  Read  |  Post a Comment
Self-Service Password Reset & Social Engineering: A Match Made In Hell
Jackson Shaw, Senior Director, Product Management, Dell SecurityCommentary
A sad tale of how hackers compromised a CEO’s corporate account by trolling Facebook and LInkedin for answers to six common authentication questions. (And how to avoid that happening to you)
By Jackson Shaw Senior Director, Product Management, Dell Security, 6/13/2016
Comment9 comments  |  Read  |  Post a Comment
IoT Security: Onus On Developers, Security Researchers
Daniel Riedel, CEO, New ContextCommentary
Security teams and DevOps need to team up on 'lean security' processes that make safety a top priority before a product reaches the market.
By Daniel Riedel CEO, New Context, 6/11/2016
Comment0 comments  |  Read  |  Post a Comment
Ransomware Now Comes With Live Chat Support
Jai Vijayan, Freelance writerNews
Victims of a new version of Jigsaw now have access to live chat operators to help them through the ransom payment process, Trend Micro says.
By Jai Vijayan Freelance writer, 6/10/2016
Comment2 comments  |  Read  |  Post a Comment
Biggest Attacks Of 2016 (So Far)
Ericka Chickowski, Contributing Writer, Dark Reading
An attack against a Ukraine power grid and major upticks in ransomware dominate the headlines in this Dark Reading mid-year report.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/10/2016
Comment0 comments  |  Read  |  Post a Comment
US-CERT Warns Of Resurgence In Macro Attacks
Jai Vijayan, Freelance writerNews
Organizations and individuals urged to be proactive in protecting against threat from the 90s.
By Jai Vijayan Freelance writer, 6/9/2016
Comment0 comments  |  Read  |  Post a Comment
University Pays $20K To Ransomware Attackers
Dark Reading Staff, Quick Hits
Cybercriminals infect University of Calgary network with virus, demand ransom to unlock data.
By Dark Reading Staff , 6/9/2016
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
DNS Threats: What Every Enterprise Should Know
Domain Name System exploits could put your data at risk. Here's some advice on how to avoid them.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Tim Wilson speaks to two experts on vulnerability research – independent consultant Jeremiah Grossman and Black Duck Software’s Mike Pittenger – about the latest wave of vulnerabilities being exploited by online attackers