News & Commentary
Dark Reading News Desk Comes To You Live From Black Hat
Sara Peters, Senior Editor at Dark ReadingCommentary
Live video coverage from Las Vegas Wednesday and Thursday
By Sara Peters Senior Editor at Dark Reading, 8/3/2015
Comment3 comments  |  Read  |  Post a Comment
GM Vehicles Can Be Located, Unlocked, Started Remotely Via OnStar App
Jai Vijayan, Freelance writerNews
White Hat hacker Samy Kamkar’s OwnStart device latest to show up vulnerabilities in modern vehicles
By Jai Vijayan Freelance writer, 7/31/2015
Comment1 Comment  |  Read  |  Post a Comment
There's Another Android Media Vulnerability, But Google Isn't Worried
Sara Peters, Senior Editor at Dark ReadingNews
Vulnerability could become a favorite of ransomware operators, but Google has left it unpatched for more than two months.
By Sara Peters Senior Editor at Dark Reading, 7/30/2015
Comment2 comments  |  Read  |  Post a Comment
Stagefright Android Bug: 'Heartbleed for Mobile' But Harder To Patch
Sara Peters, Senior Editor at Dark ReadingNews
Critical vulnerability in Android's multimedia playback engine is easy to exploit, requires no user interaction, and affects 95 percent of Android devices.
By Sara Peters Senior Editor at Dark Reading, 7/27/2015
Comment0 comments  |  Read  |  Post a Comment
iPhone Kill Switch: How Effective Is It?
Eric Zeman, Commentary
A new report shows that the iPhone kill switch may not be as effective as first thought. What does this mean for other smartphone kill switches?
By Eric Zeman , 7/27/2015
Comment9 comments  |  Read  |  Post a Comment
Chrysler Recalls 1.4 Million Vehicles After Jeep Hacking Demo
Dark Reading Staff, Quick Hits
National Highway Traffic Safety Administration will be watching to see if it works.
By Dark Reading Staff , 7/24/2015
Comment1 Comment  |  Read  |  Post a Comment
Smartwatches Could Become New Frontier for Cyber Attackers
Jai Vijayan, Freelance writerNews
Every single smartwatch tested in a recent study by HP had serious security weaknesses.
By Jai Vijayan Freelance writer, 7/24/2015
Comment1 Comment  |  Read  |  Post a Comment
Mobile App Security: 4 Critical Issues
Subbu Sthanu, Director, Mobile Security & Application Security, IBMCommentary
Securing the mobile workforce in the age of BYOD is no easy task. You can begin with these four measures.
By Subbu Sthanu Director, Mobile Security & Application Security, IBM, 7/17/2015
Comment3 comments  |  Read  |  Post a Comment
Adobe Flash Failure Shows Plug-Ins Are Obsolete
Larry Loeb, Blogger, InformationweekCommentary
This week's Flash failure also illustrates why plug-ins need to go. One solution to all of this is HTML5.
By Larry Loeb Blogger, Informationweek, 7/15/2015
Comment11 comments  |  Read  |  Post a Comment
Mozilla Kills Flash On Firefox As Adobe Rushes Patch
Nathan Eddy, Freelance WriterNews
It's another nail in the coffin for Adobe's Flash platform as Mozilla disables it from running on the company's Firefox Web browser.
By Nathan Eddy Freelance Writer, 7/14/2015
Comment12 comments  |  Read  |  Post a Comment
Inside A Vicious DDoS Attack
Anthony Lye, President & CEO Chief Executive Officer, HotSchedulesCommentary
What it's really like to fend off a relentless distributed denial-of-service attack.
By Anthony Lye President & CEO Chief Executive Officer, HotSchedules, 7/14/2015
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Radio: Firewall Smackdown
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Is there a future for the venerable firewall? Security CEOs Asaf Cidon of Sookasa and Jody Brazil of FireMon debate the issues in our latest radio show.
By Marilyn Cohodas Community Editor, Dark Reading, 7/13/2015
Comment1 Comment  |  Read  |  Post a Comment
6 Emerging Android Threats
Sara Peters, Senior Editor at Dark Reading
A peek at some of the Android vulnerabilities and malware that will be revealed at Black Hat USA next month.
By Sara Peters Senior Editor at Dark Reading, 7/7/2015
Comment1 Comment  |  Read  |  Post a Comment
iOS 8.4, Mac OS X Updates Plug Vulnerabilities
Eric Zeman, Commentary
Apple released its iOS 8.4 and Mac OS X 10.10.4 updates that add Apple Music and tackle a range of security problems.
By Eric Zeman , 7/1/2015
Comment1 Comment  |  Read  |  Post a Comment
Android Malware On The Rise
Sara Peters, Senior Editor at Dark ReadingNews
By the end of 2015, researchers expect the number of new Android malware strains to hit 2 million.
By Sara Peters Senior Editor at Dark Reading, 7/1/2015
Comment1 Comment  |  Read  |  Post a Comment
Getting To Yes: Negotiating Technology Innovation & Security Risk
Tsion Gonen , Chief Strategy Office, Gemalto, Identity & Data ProtectionCommentary
As enterprises look for ways to leverage the cloud, mobility, Big Data, and social media for competitive advantage, CISOs can no longer give blanket refusals to IT experimentation.
By Tsion Gonen Chief Strategy Office, Gemalto, Identity & Data Protection, 6/30/2015
Comment0 comments  |  Read  |  Post a Comment
What Do You Mean My Security Tools Don’t Work on APIs?!!
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
SAST and DAST scanners haven’t advanced much in 15 years. But the bigger problem is that they were designed for web apps, not to test the security of an API.
By Jeff Williams CTO, Aspect Security & Contrast Security, 6/25/2015
Comment9 comments  |  Read  |  Post a Comment
iOS 9, Android M Place New Focus On Security, Privacy
Pablo Valerio, International Business & IT ConsultantCommentary
Google and Apple have publicly challenged calls from law enforcement agencies to weaken encryption on consumer devices. In turn, iOS 9 and Android M will sport a string of new security and privacy features for users.
By Pablo Valerio International Business & IT Consultant, 6/24/2015
Comment5 comments  |  Read  |  Post a Comment
FitBit, Acer Liquid Leap Fail In Security Fitness
Sara Peters, Senior Editor at Dark ReadingNews
Transmissions to the cloud are secured with these Internet of Things devices, but wristband-to-phone comms are open to eavesdropping.
By Sara Peters Senior Editor at Dark Reading, 6/22/2015
Comment4 comments  |  Read  |  Post a Comment
Samsung Update Fixes SwiftKey Security Flaw
Kelly Sheridan, Associate Editor, InformationWeekNews
Samsung will release a security policy update following reports of vulnerability in SwiftKey keyboard replacement software.
By Kelly Sheridan Associate Editor, InformationWeek, 6/20/2015
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Current Issue
Flash Poll
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If you’re still focused on securing endpoints, you’ve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-08-02
The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite applications before for Android do not properly store passwords, which allows physically approximate attackers to obtain sensitive information via unspecified vectors.

Published: 2015-08-02
The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time ...

Published: 2015-08-02
The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566.

Published: 2015-08-02
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumptio...

Published: 2015-07-31
Schneider Electric InduSoft Web Studio before Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file.

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!