News & Commentary
Mobile Security By The Numbers
Ericka Chickowski, Contributing Writer, Dark Reading
Rounding up the latest research on mobile malware and security practices.
By Ericka Chickowski , 3/2/2015
Comment0 comments  |  Read  |  Post a Comment
Gemalto: NSA, GCHQ May Have Been Behind Breaches It Suffered In 2010 And 2011
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
But the 'sophisticated' attacks hit only Gemalto office networks--not 'massive theft' of SIM crypto keys, vendor says, and such an attack, if waged, would only affect 2G networks, not 3G or 4G.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/25/2015
Comment3 comments  |  Read  |  Post a Comment
Mobile Apps Remain Vulnerable For Months
Thomas Claburn, Editor-at-LargeNews
Developers are failing to respond quickly to reports of security flaws, Trojans are infecting corporate devices at an alarming rate, and even mundane data about your device's power consumption could threaten your privacy.
By Thomas Claburn Editor-at-Large, 2/24/2015
Comment16 comments  |  Read  |  Post a Comment
7 Things You Should Know About Secure Payment Technology
Sara Peters, Senior Editor at Dark Reading
Despite the existence of EMV and Apple Pay, we're a long way from true payment security, especially in the US.
By Sara Peters Senior Editor at Dark Reading, 2/24/2015
Comment14 comments  |  Read  |  Post a Comment
Video: Net Neutrality, Apple Malware & InformationWeek Live
Andrew Conry Murray, Director of Content & Community, InteropCommentary
This Week In 60 Seconds looks at legal challenges to the FCC’s regulatory proposal, discusses new malware that targets Apple iOS, and invites you to InformationWeek’s live radio show.
By Andrew Conry Murray Director of Content & Community, Interop, 2/6/2015
Comment0 comments  |  Read  |  Post a Comment
Android Adware Raises Google Play Security Concerns
Eric Zeman, Commentary
Three apps, downloaded to tens of millions of Android devices from the Google Play store, foisted ads for apps on unsuspecting users.
By Eric Zeman , 2/4/2015
Comment9 comments  |  Read  |  Post a Comment
Apple iOS Now Targeted In Massive Cyber Espionage Campaign
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Attack campaign tied to Russia now zeroing in on mobile user's iPhones, iPads.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/4/2015
Comment4 comments  |  Read  |  Post a Comment
Enterprises Underestimate Actual Shadow Cloud Risks
Jai Vijayan, Freelance writerNews
More than 85 percent of cloud applications used in the workplace are unsanctioned, study shows.
By Jai Vijayan Freelance writer, 2/3/2015
Comment3 comments  |  Read  |  Post a Comment
BMW's Software Security Patch A Sign Of Things To Come
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
But not all car security flaws can be patched as simply -- or at all.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/3/2015
Comment8 comments  |  Read  |  Post a Comment
Syrian Opposition Forces Social-Engineered And Hacked
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers uncover trove of sensitive information and details of Syrian government opposition plans and players -- pilfered by pro-Assad government hackers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/2/2015
Comment6 comments  |  Read  |  Post a Comment
Google Paid Over $1.5 Million In Bug Bounties In 2014
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Mobile apps developed by Google now included in its Vulnerability Reward Program.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/30/2015
Comment5 comments  |  Read  |  Post a Comment
FCC: Stop Blocking Personal WiFi
Thomas Claburn, Editor-at-LargeNews
Great news for travelers: Hotels and other businesses cannot interfere with your personal WiFi hotspot.
By Thomas Claburn Editor-at-Large, 1/28/2015
Comment7 comments  |  Read  |  Post a Comment
WiIl Millennials Be The Death Of Data Security?
Chris Rouland, Founder & CEO, BastilleCommentary
Millennials, notoriously promiscuous with data and devices, this year will become the largest generation in the workforce. Is your security team prepared?
By Chris Rouland Founder & CEO, Bastille, 1/27/2015
Comment35 comments  |  Read  |  Post a Comment
Facebook Messenger: Classically Bad AppSec
Daniel Riedel, CEO, New ContextCommentary
Facebook offers a textbook example of what the software industry needs to do to put application security in the forefront of software development.
By Daniel Riedel CEO, New Context, 1/21/2015
Comment2 comments  |  Read  |  Post a Comment
Verizon Wireless Customers Face 'Zombie Cookies'
Thomas Claburn, Editor-at-LargeNews
Cookie files placed on the phones of Verizon Wireless customers by the ad company Turn return to life even after they've been deleted.
By Thomas Claburn Editor-at-Large, 1/15/2015
Comment3 comments  |  Read  |  Post a Comment
CES 2015: 8 Innovative Security Products
Luke Bilton, Luke Bilton, Director, Digital & Content, UBMNews
The explosion in smart technologies that connect everyday objects to the internet is transforming both home and personal security.
By Luke Bilton, Director, Digital & Content, UBM , 1/7/2015
Comment0 comments  |  Read  |  Post a Comment
CES 2015 Preview: 8 Hot Trends
Kevin Casey,
Tech's annual celebration of gadgets, robots, and connected everything kicks off soon in Vegas. Here's what will grab the spotlight at CES 2015.
By Kevin Casey , 1/3/2015
Comment7 comments  |  Read  |  Post a Comment
Why Digital Forensics In Incident Response Matters More Now
Craig Carpenter, President & COO, Resolution1 SecurityCommentary
By understanding what happened, when, how, and why, security teams can prevent similar breaches from occurring in the future.
By Craig Carpenter President & COO, Resolution1 Security, 12/24/2014
Comment6 comments  |  Read  |  Post a Comment
Millions Of Android Phones In China Have Backdoor
Jai Vijayan, Freelance writerNews
An Android backdoor is the topic of one of two advisories this week on mobile threats.
By Jai Vijayan Freelance writer, 12/17/2014
Comment0 comments  |  Read  |  Post a Comment
Smartphones Get Headlines, But Lax USB Security Is Just As Risky
Cam Roberson, Director Reseller Channel, Beachhead SolutionsCommentary
Most companies use no software to detect or secure sensitive data when it is moved to a USB flash drive, or even check USB drives for viruses or malware.
By Cam Roberson Director Reseller Channel, Beachhead Solutions, 12/10/2014
Comment8 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Current Issue
Flash Poll
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If you’re still focused on securing endpoints, you’ve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-03-02
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different vulnerability than CVE-2014-9644.

Published: 2015-03-02
net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disall...

Published: 2015-03-02
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-201...

Published: 2015-03-02
The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYS...

Published: 2015-03-01
The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the automatic configuration option, which makes it easier for remote attackers to capture credentials by c...

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.