News & Commentary
Multiple Apple iOS Zero-Days Enabled Firm To Spy On Targeted iPhone Users For Years
Jai Vijayan, Freelance writerNews
Victims of lawful intercepts include human rights activists and journalist, researchers from Citizen Lab and Lookout say.
By Jai Vijayan Freelance writer, 8/26/2016
Comment0 comments  |  Read  |  Post a Comment
Apple Releases Patch For 'Trident,' A Trio Of iOS 0-Days
Dark Reading Staff, Quick Hits
Already rolled into the Pegasus spyware product and used to target social activists, the vulnerabilities are fixed in iOS 9.3.5.
By Dark Reading Staff , 8/25/2016
Comment1 Comment  |  Read  |  Post a Comment
The Secret Behind the NSA Breach: Network Infrastructure Is the Next Target
Yoni Allon, Research Team Leader, LightCyberCommentary
How the networking industry has fallen way behind in incorporating security measures to prevent exploits to ubiquitous routers, proxies, firewalls, and switches.
By Yoni Allon Research Team Leader, LightCyber, 8/25/2016
Comment0 comments  |  Read  |  Post a Comment
Newly Announced Chipset Vuln Affects 900 Million Android Devices
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Check Point Research Team details four vulnerabilities that can easily lead to full privilege escalation.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/8/2016
Comment0 comments  |  Read  |  Post a Comment
8 Alternatives to Selfie Authentication
Terry Sweeney, Contributing Editor
How to definitively prove your identity? A variety of anatomical parts and functions may soon be able to vouch for you.
By Terry Sweeney Contributing Editor, 8/4/2016
Comment0 comments  |  Read  |  Post a Comment
Awareness Improving But Security Still Lags For SAP Implementations
Ericka Chickowski, Contributing Writer, Dark ReadingNews
SAP ecosystem a huge Achilles heel for enterprise system security, report says.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/2/2016
Comment0 comments  |  Read  |  Post a Comment
How To Stay Safe On The Black Hat Network: Dont Connect To It
Neil R. Wyler (Grifter), Threat Hunting and Incident Response Specialist, RSACommentary
Black Hat attendees may have changed their titles and now carry business cards but hackers gotta hack and theres no better place to do it than Black Hat.
By Neil R. Wyler (Grifter) Threat Hunting and Incident Response Specialist, RSA, 7/28/2016
Comment10 comments  |  Read  |  Post a Comment
10 Hottest Talks at Black Hat USA 2016
Sean Martin, CISSP | President, imsmartin
The impressive roll call of speakers offers a prime opportunity to learn from the very best of the information security world.
By Sean Martin CISSP | President, imsmartin, 7/25/2016
Comment0 comments  |  Read  |  Post a Comment
Crooks Hack Taiwan ATMs With 'Smartphone,' No Bank Card, Steal Millions
Dark Reading Staff, Quick Hits
Police say Russian suspects operate ATM machines without bank card, make off with $2.2 million.
By Dark Reading Staff , 7/18/2016
Comment1 Comment  |  Read  |  Post a Comment
HummingBad Malware Infects 85 Million Android Devices
Nathan Eddy, Freelance WriterNews
A group of Chinese hackers dubbed Yingmob is using a sophisticated malware campaign called HummingBad to access and sell the info stored on Android devices. The malware may have already infected 85 million devices.
By Nathan Eddy Freelance Writer, 7/9/2016
Comment9 comments  |  Read  |  Post a Comment
Ripping Away The Mobile Security Blanket
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Upcoming Black Hat USA talk will highlight vulns in Good Technology platform and discuss the dangers of overreliance on enterprise mobility security suites.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/7/2016
Comment1 Comment  |  Read  |  Post a Comment
UEFA Euro Fans At High Risk Of Online Threats, Study Shows
Dark Reading Staff, Quick Hits
A study by Allot and Kaspersky Lab during 2016 UEFA Euro matches shows significant spike in cybercriminal activities.
By Dark Reading Staff , 7/7/2016
Comment0 comments  |  Read  |  Post a Comment
One iPhone In Every Large Company Infected With Malware
Dark Reading Staff, Quick Hits
Four percent of all mobile devices in big enterprises have malware installed but network threat to mobile phones bigger, says report.
By Dark Reading Staff , 6/30/2016
Comment3 comments  |  Read  |  Post a Comment
5 Tips For Staying Cyber-Secure On Your Summer Vacation
Emily Johnson, Associate Editor, UBM AmericasNews
Stick with mobile payment apps and carrier networks when traveling. And don't broadcast your plans or locations via social media.
By Emily Johnson Associate Editor, UBM Americas, 6/20/2016
Comment3 comments  |  Read  |  Post a Comment
An Inside Look At The Mitsubishi Outlander Hack
Steve Zurier, Freelance Writer
White hat hacker finds WiFi flaws in mobile app for popular auto; Mitsubishi working on fix.
By Steve Zurier Freelance Writer, 6/17/2016
Comment0 comments  |  Read  |  Post a Comment
Wendys Credit Card Breach Worse Than Earlier Thought
Dark Reading Staff, Quick Hits
Breach took place in two waves, cannot rule out there arent others, says the fast food chain.
By Dark Reading Staff , 6/13/2016
Comment0 comments  |  Read  |  Post a Comment
27% Of Corporate-Connected Apps Are Risky
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Number of apps up by 30x, with many asking for sensitive connections to enterprise.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/13/2016
Comment0 comments  |  Read  |  Post a Comment
Microsoft, Lookout Team Up In Mobile Security
Dark Reading Staff, Quick Hits
Microsofts EMS integration with Lookout aim to strengthen customer access policies.
By Dark Reading Staff , 6/7/2016
Comment0 comments  |  Read  |  Post a Comment
How Risky Is Bleeding Edge Tech?
Ericka Chickowski, Contributing Writer, Dark Reading
Experts with the Carnegie Mellon University Software Engineering Institute rate 10 up-and-coming technologies for risk.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/5/2016
Comment1 Comment  |  Read  |  Post a Comment
BYOD Security: How To Shift Device Control & Grant Users More Choice
Rob Greer, CMO & Senior VP, Products, ForeScoutCommentary
Gartners managed diversity model offers an ITIL-compliant information security solution to the problem of Shadow IT.
By Rob Greer CMO & Senior VP, Products, ForeScout, 6/3/2016
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Marilyn Cohodas
Current Conversations :-)
In reply to: LOL Good one!
Post Your Own Reply
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If youre still focused on securing endpoints, youve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join Dark Reading community editor Marilyn Cohodas and her guest, David Shearer, (ISC)2 Chief Executive Officer, as they discuss issues that keep IT security professionals up at night, including results from the recent 2016 Black Hat Attendee Survey.