Operations // Identity & Access Management
News & Commentary
Hackers Pilfer $10 Million From Ukraine Bank
Dark Reading Staff, Quick Hits
Reports allege criminals used SWIFT to transfer money, have compromised several Ukraine, Russia banks.
By Dark Reading Staff , 6/29/2016
Comment3 comments  |  Read  |  Post a Comment
Cisco Boosts Cloud Security Capabilities With CloudLock Buy
Jai Vijayan, Freelance writerNews
Network giant will purchase the Massachusetts-based provider of cloud access security broker technology for $293 million.
By Jai Vijayan Freelance writer, 6/28/2016
Comment1 Comment  |  Read  |  Post a Comment
Google Accounts Of US Military, Journalists Targeted By Russian Attack Group
Sara Peters, Senior Editor at Dark ReadingNews
The Threat Group 4127 that hit the Democratic National Committee also went after 1,800 other targets with info interesting to Russian government, says SecureWorks.
By Sara Peters Senior Editor at Dark Reading, 6/27/2016
Comment0 comments  |  Read  |  Post a Comment
The Blind Spot Between The Cloud & The Data Center
Saryu Nayyar, CEO, GuruculCommentary
Ask most enterprise security analysts responsible for detection and response about their visibility into identity access risks and you’re likely to get some confused looks. Here’s why.
By Saryu Nayyar CEO, Gurucul, 6/27/2016
Comment1 Comment  |  Read  |  Post a Comment
Phishing, Whaling & The Surprising Importance Of Privileged Users
Joseph Opacki, VP, Threat Research, PhishLabsCommentary
By bagging a privileged user early on, attackers can move from entry point to mission accomplished in no time at all.
By Joseph Opacki VP, Threat Research, PhishLabs, 6/21/2016
Comment2 comments  |  Read  |  Post a Comment
5 Tips For Staying Cyber-Secure On Your Summer Vacation
Emily Johnson, Associate Editor, UBM AmericasNews
Stick with mobile payment apps and carrier networks when traveling. And don't broadcast your plans or locations via social media.
By Emily Johnson Associate Editor, UBM Americas, 6/20/2016
Comment2 comments  |  Read  |  Post a Comment
Pretty Good Passwords: Cartoon Caption Contest Winners
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Sticky notes, multi-factor authentication, password reuse and Donald Trump. And the winner is...
By Marilyn Cohodas Community Editor, Dark Reading, 6/16/2016
Comment1 Comment  |  Read  |  Post a Comment
Twitter Says Its Servers Were Not Breached
Dark Reading Staff, Quick Hits
Account details leaked are from other hacked websites, claims the social media tool.
By Dark Reading Staff , 6/13/2016
Comment0 comments  |  Read  |  Post a Comment
How To Prepare For A Data Breach
Sean Martin, CISSP | President, imsmartin
These five from-the-trenches strategies will help you win the fight against today's sophisticated, conniving attackers.
By Sean Martin CISSP | President, imsmartin, 6/7/2016
Comment0 comments  |  Read  |  Post a Comment
Microsegmentation & The Need For An Intelligent Attack Surface
Doug Gourlay,  Corporate VP, Skyport SystemsCommentary
There is a fundamental difference in the security posture and technology for protecting the White House versus a Social Security office in California. So, too, for the critical apps and systems that are likely targets in your enterprise.
By Doug Gourlay Corporate VP, Skyport Systems, 6/7/2016
Comment0 comments  |  Read  |  Post a Comment
How Risky Is Bleeding Edge Tech?
Ericka Chickowski, Contributing Writer, Dark Reading
Experts with the Carnegie Mellon University Software Engineering Institute rate 10 up-and-coming technologies for risk.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/5/2016
Comment1 Comment  |  Read  |  Post a Comment
Connected Cars: 6 Tips For Riding Safely With Onboard Devices
Steve Zurier, Freelance Writer
Carnegie Mellon researchers note that the cheaper the after market device, the easier it can be hacked.
By Steve Zurier Freelance Writer, 6/3/2016
Comment0 comments  |  Read  |  Post a Comment
Poor Airport Security Practices Just Don’t Fly
Joe Schorr, Director of Advanced Security Solutions, BomgarCommentary
Five lessons learned the hard way by the Tampa International Airport about bringing third parties into a security environment.
By Joe Schorr Director of Advanced Security Solutions, Bomgar, 5/24/2016
Comment0 comments  |  Read  |  Post a Comment
OPM Breach: ‘Cyber Sprint’ Response More Like A Marathon
Rutrell Yasin, Business Technology Writer, Tech Writers BureauNews
Sixty-five percent of federal security execs surveyed in new (ISC)2 report say that government still can’t detect ongoing cyber attacks.
By Rutrell Yasin Business Technology Writer, Tech Writers Bureau, 5/19/2016
Comment0 comments  |  Read  |  Post a Comment
Enterprises Must Consider Privacy Concern For Biometrics
Ericka Chickowski, Contributing Writer, Dark ReadingNews
On-server storage and processing of biometric authentication presents a host of regulatory and corporate responsibility issues.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/12/2016
Comment3 comments  |  Read  |  Post a Comment
Investigations Into Bangladesh Bank Heist Indicate ‘Inside Job’
Dark Reading Staff, Quick Hits
FBI suspects bank worker may have acted as accomplice in the $81 Million theft.
By Dark Reading Staff , 5/11/2016
Comment1 Comment  |  Read  |  Post a Comment
Kroger Hit By W-2 Data Breach At Equifax
Dark Reading Staff, Quick Hits
Identity thieves stole tax and salary information, reports KrebsOnSecurity.
By Dark Reading Staff , 5/9/2016
Comment0 comments  |  Read  |  Post a Comment
Silicon & Artificial Intelligence: The Foundation of Next Gen Data Security
Mark Papermaster, SVP & CTO, AMDCommentary
Why new challenges like ‘real-time, always-on’ authentication and access control can only be met by a combination of smart hardware and software.
By Mark Papermaster SVP & CTO, AMD, 5/5/2016
Comment0 comments  |  Read  |  Post a Comment
10 Biggest Mega Breaches Of The Past 10 Years
Ericka Chickowski, Contributing Writer, Dark Reading
These data breaches from Dark Reading's 10-year history boggle the mind in terms of scale and fallout.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/3/2016
Comment0 comments  |  Read  |  Post a Comment
8 Microsoft Office 365 Security Tips To Reduce Data Loss
Sean Martin, CISSP | President, imsmartin
Even with a slew of new security tools and compliance guidance, there are still things you can do to protect this critical business system.
By Sean Martin CISSP | President, imsmartin, 5/2/2016
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
DNS Threats: What Every Enterprise Should Know
Domain Name System exploits could put your data at risk. Here's some advice on how to avoid them.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Tim Wilson speaks to two experts on vulnerability research – independent consultant Jeremiah Grossman and Black Duck Software’s Mike Pittenger – about the latest wave of vulnerabilities being exploited by online attackers