News & Commentary
Thousands Of Potentially Malicious Android Apps Unearthed In Google Play
Jai Vijayan, Freelance writerNews
Indiana University researchers develop a new scanning technique dubbed 'MassVet' for vetting mobile app stores at scale.
By Jai Vijayan Freelance writer, 8/27/2015
Comment1 Comment  |  Read  |  Post a Comment
Consumers Want Password Alternatives
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Consumer confidence in online passwords wanes and their password hygiene remains as sketchy as ever, study finds.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/27/2015
Comment0 comments  |  Read  |  Post a Comment
Android Lock Patterns Laughably Easy To Guess
Eric Zeman, Commentary
A researcher shows that people rely on weak Android lock patterns just as they do weak passwords.
By Eric Zeman , 8/24/2015
Comment1 Comment  |  Read  |  Post a Comment
The Month Of Android Vulnerabilities Rolls On
Sara Peters, Senior Editor at Dark ReadingNews
Multi-media handling takes the most hits, and there are no easy fixes.
By Sara Peters Senior Editor at Dark Reading, 8/20/2015
Comment2 comments  |  Read  |  Post a Comment
Blackphone 2 Delivers Secure Smartphone Improvements
Eric Zeman, News
Silent Circle is now accepting preorders for the Blackphone 2, its secure enterprise smartphone.
By Eric Zeman , 8/19/2015
Comment0 comments  |  Read  |  Post a Comment
Making The Security Case For A Software-Defined Perimeter
Kurt A. Mueffelmann, President & CEO, CryptzoneCommentary
With SDP, organizations can create an 'invisible' infrastructure that only authorized users and devices can access. Here’s why it’s time has come.
By Kurt A. Mueffelmann President & CEO, Cryptzone, 8/18/2015
Comment0 comments  |  Read  |  Post a Comment
Why AT&T's 'Willingness' To Help NSA Is Alarming
Eric Zeman, News
Snowden documents show AT&T was all too happy to aid the NSA spy on Americans. Are we really that surprised?
By Eric Zeman , 8/17/2015
Comment18 comments  |  Read  |  Post a Comment
Securing OS X: Apple, Security Vendors Need To Up Their Game
Rutrell Yasin, Business Technology Writer, Tech Writers BureauNews
To date, OS X malware is pretty lame, but it’s easy to write better malware to bypass current defenses, security researcher Patrick Wardle told a Black Hat audience last week.
By Rutrell Yasin Business Technology Writer, Tech Writers Bureau, 8/12/2015
Comment2 comments  |  Read  |  Post a Comment
Risk of Data Loss From Non-Jailbroken iOS Devices Real, Security Firm says
Jai Vijayan, Freelance writerNews
Data from the Hacking Team reveals actively used exploit for breaking into and stealing data from registered iOS systems, FireEye says.
By Jai Vijayan Freelance writer, 8/7/2015
Comment0 comments  |  Read  |  Post a Comment
Stagefright Bug Spurs Android Makers Into Action
Eric Zeman, Commentary
In the wake of the Stagefright bug, Google and Samsung plan to issue monthly Android security patches to ward off potential threats. Will other smartphone manufacturers and carriers follow?
By Eric Zeman , 8/6/2015
Comment2 comments  |  Read  |  Post a Comment
Your Smartphone Battery Could Be Tracking You
Eric Zeman, Commentary
Security researchers have found a way to track a user's smartphone Web usage through battery life.
By Eric Zeman , 8/4/2015
Comment6 comments  |  Read  |  Post a Comment
Dark Reading News Desk Comes To You Live From Black Hat
Sara Peters, Senior Editor at Dark ReadingCommentary
Live video coverage from Las Vegas Wednesday and Thursday
By Sara Peters Senior Editor at Dark Reading, 8/3/2015
Comment3 comments  |  Read  |  Post a Comment
GM Vehicles Can Be Located, Unlocked, Started Remotely Via OnStar App
Jai Vijayan, Freelance writerNews
White Hat hacker Samy Kamkar’s OwnStart device latest to show up vulnerabilities in modern vehicles
By Jai Vijayan Freelance writer, 7/31/2015
Comment1 Comment  |  Read  |  Post a Comment
There's Another Android Media Vulnerability, But Google Isn't Worried
Sara Peters, Senior Editor at Dark ReadingNews
Vulnerability could become a favorite of ransomware operators, but Google has left it unpatched for more than two months.
By Sara Peters Senior Editor at Dark Reading, 7/30/2015
Comment2 comments  |  Read  |  Post a Comment
Stagefright Android Bug: 'Heartbleed for Mobile' But Harder To Patch
Sara Peters, Senior Editor at Dark ReadingNews
Critical vulnerability in Android's multimedia playback engine is easy to exploit, requires no user interaction, and affects 95 percent of Android devices.
By Sara Peters Senior Editor at Dark Reading, 7/27/2015
Comment0 comments  |  Read  |  Post a Comment
iPhone Kill Switch: How Effective Is It?
Eric Zeman, Commentary
A new report shows that the iPhone kill switch may not be as effective as first thought. What does this mean for other smartphone kill switches?
By Eric Zeman , 7/27/2015
Comment9 comments  |  Read  |  Post a Comment
Chrysler Recalls 1.4 Million Vehicles After Jeep Hacking Demo
Dark Reading Staff, Quick Hits
National Highway Traffic Safety Administration will be watching to see if it works.
By Dark Reading Staff , 7/24/2015
Comment1 Comment  |  Read  |  Post a Comment
Smartwatches Could Become New Frontier for Cyber Attackers
Jai Vijayan, Freelance writerNews
Every single smartwatch tested in a recent study by HP had serious security weaknesses.
By Jai Vijayan Freelance writer, 7/24/2015
Comment1 Comment  |  Read  |  Post a Comment
Mobile App Security: 4 Critical Issues
Subbu Sthanu, Director, Mobile Security & Application Security, IBMCommentary
Securing the mobile workforce in the age of BYOD is no easy task. You can begin with these four measures.
By Subbu Sthanu Director, Mobile Security & Application Security, IBM, 7/17/2015
Comment3 comments  |  Read  |  Post a Comment
Adobe Flash Failure Shows Plug-Ins Are Obsolete
Larry Loeb, Blogger, InformationweekCommentary
This week's Flash failure also illustrates why plug-ins need to go. One solution to all of this is HTML5.
By Larry Loeb Blogger, Informationweek, 7/15/2015
Comment13 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Current Issue
Flash Poll
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If you’re still focused on securing endpoints, you’ve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-08-29
Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets (CSS) token...

Published: 2015-08-29
The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early point i...

Published: 2015-08-28
Buffer overflow in CHICKEN 4.9.0.x before, 4.9.x before 4.9.1, and before 5.0 allows attackers to have unspecified impact via a positive START argument to the "substring-index[-ci] procedures."

Published: 2015-08-28
Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file.

Published: 2015-08-28
Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attackers to obtain plaintext data via differential cryptanalysis of a file with an original length smaller than 128 bits.

Dark Reading Radio
Archived Dark Reading Radio
Another Black Hat is in the books and Dark Reading was there. Join the editors as they share their top stories, biggest lessons, and best conversations from the premier security conference.