News & Commentary
Gemalto: NSA, GCHQ May Have Been Behind Breaches It Suffered In 2010 And 2011
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
But the 'sophisticated' attacks hit only Gemalto office networks--not 'massive theft' of SIM crypto keys, vendor says, and such an attack, if waged, would only affect 2G networks, not 3G or 4G.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/25/2015
Comment3 comments  |  Read  |  Post a Comment
Mobile Apps Remain Vulnerable For Months
Thomas Claburn, Editor-at-LargeNews
Developers are failing to respond quickly to reports of security flaws, Trojans are infecting corporate devices at an alarming rate, and even mundane data about your device's power consumption could threaten your privacy.
By Thomas Claburn Editor-at-Large, 2/24/2015
Comment13 comments  |  Read  |  Post a Comment
7 Things You Should Know About Secure Payment Technology
Sara Peters, Senior Editor at Dark Reading
Despite the existence of EMV and Apple Pay, we're a long way from true payment security, especially in the US.
By Sara Peters Senior Editor at Dark Reading, 2/24/2015
Comment14 comments  |  Read  |  Post a Comment
Video: Net Neutrality, Apple Malware & InformationWeek Live
Andrew Conry Murray, Director of Content & Community, InteropCommentary
This Week In 60 Seconds looks at legal challenges to the FCC’s regulatory proposal, discusses new malware that targets Apple iOS, and invites you to InformationWeek’s live radio show.
By Andrew Conry Murray Director of Content & Community, Interop, 2/6/2015
Comment0 comments  |  Read  |  Post a Comment
Android Adware Raises Google Play Security Concerns
Eric Zeman, Commentary
Three apps, downloaded to tens of millions of Android devices from the Google Play store, foisted ads for apps on unsuspecting users.
By Eric Zeman , 2/4/2015
Comment9 comments  |  Read  |  Post a Comment
Apple iOS Now Targeted In Massive Cyber Espionage Campaign
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Attack campaign tied to Russia now zeroing in on mobile user's iPhones, iPads.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/4/2015
Comment4 comments  |  Read  |  Post a Comment
Enterprises Underestimate Actual Shadow Cloud Risks
Jai Vijayan, Freelance writerNews
More than 85 percent of cloud applications used in the workplace are unsanctioned, study shows.
By Jai Vijayan Freelance writer, 2/3/2015
Comment3 comments  |  Read  |  Post a Comment
BMW's Software Security Patch A Sign Of Things To Come
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
But not all car security flaws can be patched as simply -- or at all.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/3/2015
Comment8 comments  |  Read  |  Post a Comment
Syrian Opposition Forces Social-Engineered And Hacked
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers uncover trove of sensitive information and details of Syrian government opposition plans and players -- pilfered by pro-Assad government hackers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/2/2015
Comment6 comments  |  Read  |  Post a Comment
Google Paid Over $1.5 Million In Bug Bounties In 2014
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Mobile apps developed by Google now included in its Vulnerability Reward Program.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/30/2015
Comment5 comments  |  Read  |  Post a Comment
FCC: Stop Blocking Personal WiFi
Thomas Claburn, Editor-at-LargeNews
Great news for travelers: Hotels and other businesses cannot interfere with your personal WiFi hotspot.
By Thomas Claburn Editor-at-Large, 1/28/2015
Comment7 comments  |  Read  |  Post a Comment
WiIl Millennials Be The Death Of Data Security?
Chris Rouland, Founder & CEO, BastilleCommentary
Millennials, notoriously promiscuous with data and devices, this year will become the largest generation in the workforce. Is your security team prepared?
By Chris Rouland Founder & CEO, Bastille, 1/27/2015
Comment35 comments  |  Read  |  Post a Comment
Facebook Messenger: Classically Bad AppSec
Daniel Riedel, CEO, New ContextCommentary
Facebook offers a textbook example of what the software industry needs to do to put application security in the forefront of software development.
By Daniel Riedel CEO, New Context, 1/21/2015
Comment2 comments  |  Read  |  Post a Comment
Verizon Wireless Customers Face 'Zombie Cookies'
Thomas Claburn, Editor-at-LargeNews
Cookie files placed on the phones of Verizon Wireless customers by the ad company Turn return to life even after they've been deleted.
By Thomas Claburn Editor-at-Large, 1/15/2015
Comment3 comments  |  Read  |  Post a Comment
CES 2015: 8 Innovative Security Products
Luke Bilton, Luke Bilton, Director, Digital & Content, UBMNews
The explosion in smart technologies that connect everyday objects to the internet is transforming both home and personal security.
By Luke Bilton, Director, Digital & Content, UBM , 1/7/2015
Comment0 comments  |  Read  |  Post a Comment
CES 2015 Preview: 8 Hot Trends
Kevin Casey,
Tech's annual celebration of gadgets, robots, and connected everything kicks off soon in Vegas. Here's what will grab the spotlight at CES 2015.
By Kevin Casey , 1/3/2015
Comment7 comments  |  Read  |  Post a Comment
Why Digital Forensics In Incident Response Matters More Now
Craig Carpenter, President & COO, Resolution1 SecurityCommentary
By understanding what happened, when, how, and why, security teams can prevent similar breaches from occurring in the future.
By Craig Carpenter President & COO, Resolution1 Security, 12/24/2014
Comment6 comments  |  Read  |  Post a Comment
Millions Of Android Phones In China Have Backdoor
Jai Vijayan, Freelance writerNews
An Android backdoor is the topic of one of two advisories this week on mobile threats.
By Jai Vijayan Freelance writer, 12/17/2014
Comment0 comments  |  Read  |  Post a Comment
Smartphones Get Headlines, But Lax USB Security Is Just As Risky
Cam Roberson, Director Reseller Channel, Beachhead SolutionsCommentary
Most companies use no software to detect or secure sensitive data when it is moved to a USB flash drive, or even check USB drives for viruses or malware.
By Cam Roberson Director Reseller Channel, Beachhead Solutions, 12/10/2014
Comment8 comments  |  Read  |  Post a Comment
Healthcare Security In 2015: 9 Hotspots
Alison Diana, Senior Editor
With data breaches growing, 2015 promises to be the healthcare industry's most challenging security year yet. These nine areas demand attention in 2015.
By Alison Diana Senior Editor, 12/10/2014
Comment4 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If you’re still focused on securing endpoints, you’ve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-02-27
The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service ("invalid memory handler") and possibly execute arbitrary code via a crafted video that triggers a use after free.

Published: 2015-02-27
The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function.

Published: 2015-02-27
Cross-site scripting (XSS) vulnerability in Unified Web Interaction Manager in Cisco Unified Web and E-Mail Interaction Manager allows remote attackers to inject arbitrary web script or HTML via vectors related to a POST request, aka Bug ID CSCus74184.

Published: 2015-02-27
Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.

Published: 2015-02-27
checkpw 1.02 and earlier allows remote attackers to cause a denial of service (infinite loop) via a -- (dash dash) in a username.

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.