Endpoint // Privacy
News & Commentary
Internet Of Things & The Platform Of Parenthood
Don Bailey, Founder & CEO, Lab Mouse SecurityCommentary
A new fathers musings on the problems with securing embedded systems, and why there are so few incentives for architecting trustworthy IoT technology from the ground up.
By Don Bailey Founder & CEO, Lab Mouse Security, 6/23/2016
Comment8 comments  |  Read  |  Post a Comment
5 Tips For Making Data Privacy Part Of The Companys Culture
Steve Zurier, Freelance WriterNews
Common sense steps organizations can take to protect corporate data.
By Steve Zurier Freelance Writer, 6/22/2016
Comment0 comments  |  Read  |  Post a Comment
Privacy Shield: Can the US Earn the EUs Trust Post Apple vs. FBI?
Peter Merkulov, VP, Product Strategy & Technology AlliancesCommentary
Rebuilding the privacy framework for data transfer between the US and its European trading partners wont be easy but its still a worthwhile effort.
By Peter Merkulov VP, Product Strategy & Technology Alliances, 6/20/2016
Comment2 comments  |  Read  |  Post a Comment
How Secure is Secure? Tips For Investing In The Right Strategy
Pritesh Parekh, VP & Chief Security Officer, ZuoraCommentary
Business alignment, defense-in-depth and a phased approach are three principles to follow when building out a solid security program.
By Pritesh Parekh VP & Chief Security Officer, Zuora, 6/17/2016
Comment1 Comment  |  Read  |  Post a Comment
Apple Rehires Security Expert Jon Callas
Dark Reading Staff, Quick Hits
Move seen as attempt to strengthen encryption features of Apple devices following face-off with FBI.
By Dark Reading Staff , 5/25/2016
Comment0 comments  |  Read  |  Post a Comment
What Europe Tells Us About The Future Of Data Privacy
Alan M Usas, Adjunct Professor, Department of Computer Science, Brown UniversityCommentary
Recent initiatives offer new strategies for balancing technology, security, and organizational policy goals. Here are three approaches worth considering.
By Alan M Usas Adjunct Professor, Department of Computer Science, Brown University, 5/23/2016
Comment1 Comment  |  Read  |  Post a Comment
Why Security Investigators Should Care About Forensic Research
Paul Shomo,  Technical Manager Strategic Partnerships, Guidance SoftwareCommentary
Despite the promise of expanded visibility into the user trail behind a data breach, the security industry has largely ignored the meticulous advances of forensic researchers. Privacy is just one reason for the snub.
By Paul Shomo Technical Manager Strategic Partnerships, Guidance Software, 5/19/2016
Comment2 comments  |  Read  |  Post a Comment
Tennessee Man Found Guilty Of Mitt Romney Tax Return Hack Scheme
Dark Reading Staff, Quick Hits
Convicted for attempt to blackmail PwC accounting firm with release of former U.S. Presidential candidate's pre-2010 tax returns.
By Dark Reading Staff , 5/16/2016
Comment0 comments  |  Read  |  Post a Comment
Encryption 101: Covering the Bases
Steve Zurier, Freelance Writer
Heres an overview of the key encryption types youll need to lock down your companys systems.
By Steve Zurier Freelance Writer, 5/13/2016
Comment0 comments  |  Read  |  Post a Comment
British Law Enforcement Agency Loses Bid To Get Passwords From Hacker Lauri Love
Dark Reading Staff, Quick Hits
Judge says National Crime Agency should use normal police powers -- not civil action -- to access information, allegedly hacked from US Army, NASA and US Federal Reserve networks.
By Dark Reading Staff , 5/11/2016
Comment0 comments  |  Read  |  Post a Comment
8 Microsoft Office 365 Security Tips To Reduce Data Loss
Sean Martin, CISSP | President, imsmartin
Even with a slew of new security tools and compliance guidance, there are still things you can do to protect this critical business system.
By Sean Martin CISSP | President, imsmartin, 5/2/2016
Comment0 comments  |  Read  |  Post a Comment
Device Advice: Keeping Fraudsters From Consumer Info
Gasan Awad, VP, Identity & Fraud Product Management, EquifaxCommentary
Data breaches are the first stop for criminals with intentions to steal personally identifiable information. These tips show how to fight fraud while optimizing the customer experience.
By Gasan Awad VP, Identity & Fraud Product Management, Equifax, 4/19/2016
Comment0 comments  |  Read  |  Post a Comment
Privacy Debate: Apple & Google Today; AWS or Azure Tomorrow?
Kennet Westby, Founding Partner, President & COO, CoalfireCommentary
Why the recent fight over mobile phone security and encryption is moving to the cloud.
By Kennet Westby Founding Partner, President & COO, Coalfire, 4/18/2016
Comment1 Comment  |  Read  |  Post a Comment
EU Privacy Officials Push Back On Privacy Shield
Sara Peters, Senior Editor at Dark ReadingNews
Better than Safe Harbor, but not good enough. Should we care what they think?
By Sara Peters Senior Editor at Dark Reading, 4/13/2016
Comment1 Comment  |  Read  |  Post a Comment
'FBiOS' Case Heading For A New Firestorm
Jonathan Braverman, Legal and Compliance Officer, CymmetriaCommentary
The surprise developments in the FBI v Apple case offer little reason to celebrate for encryption and privacy advocates.
By Jonathan Braverman Legal and Compliance Officer, Cymmetria, 3/30/2016
Comment1 Comment  |  Read  |  Post a Comment
How To Share Threat Intelligence Through CISA: 10 Things To Know
Sara Peters, Senior Editor at Dark ReadingNews
If you want those liability protections the Cybersecurity Information Sharing Act promised, you must follow DHS's new guidelines.
By Sara Peters Senior Editor at Dark Reading, 3/26/2016
Comment3 comments  |  Read  |  Post a Comment
Think Risk When You Talk About Application Security Today
Preston Hogue, Director of Security Marketing Architecture, F5 NetworksCommentary
Security from a risk-based perspective puts the focus on component failures and provides robust security for the ultimate target of most attacks -- company, customer and personal data.
By Preston Hogue Director of Security Marketing Architecture, F5 Networks, 3/23/2016
Comment0 comments  |  Read  |  Post a Comment
Sextortion, Hacking, Gets Former State Dept. Employee 57 Months In Prison
Dark Reading Staff, Quick Hits
Embassy worker targeted young women and started campaign with phishing, social engineering.
By Dark Reading Staff , 3/22/2016
Comment3 comments  |  Read  |  Post a Comment
iMessage Encryption Cracked, But Fixed In New iOS 9.3
Sara Peters, Senior Editor at Dark ReadingNews
While FBI fights with Apple over iPhone encryption, Johns Hopkins researchers find a weakness in secure IM on iOS, OSX.
By Sara Peters Senior Editor at Dark Reading, 3/21/2016
Comment1 Comment  |  Read  |  Post a Comment
#SaveSecurity Campaign Protests FBI's iPhone Unlocking Request
Dark Reading Staff, Quick Hits
Fight for the Future will publicly display and read aloud thousands of comments outside the US District courthouse at Apple vs. FBI hearing on March 22.
By Dark Reading Staff , 3/21/2016
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by RobbyF912
Current Conversations Nice tips!
In reply to: goo article
Post Your Own Reply
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How To Build An Effective Defense Against Ransomware
A compendium of Dark Reading´s best recent coverage of ransomware attacks, as well as best practices for defending your enterprise against them.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Tim Wilson speaks to two experts on vulnerability research independent consultant Jeremiah Grossman and Black Duck Softwares Mike Pittenger about the latest wave of vulnerabilities being exploited by online attackers