Vulnerabilities / Threats
News & Commentary
Stealing Data By 'Living Off The Land'
Rutrell Yasin, Business Technology Writer, Tech Writers BureauNews
Hackers latest tactic involves a malware-free attack using a company’s own system credentials and admin tools to gain access.
By Rutrell Yasin Business Technology Writer, Tech Writers Bureau, 9/3/2015
Comment0 comments  |  Read  |  Post a Comment
China's Great Cannon: The Great Firewall's More Aggressive Partner
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Crowdstrike researchers visit Dark Reading News Desk at Black Hat to describe how China went on the offensive and extended its Internet censorship efforts beyond Chinese borders.
By Sara Peters Senior Editor at Dark Reading, 9/3/2015
Comment0 comments  |  Read  |  Post a Comment
New Shifu Banking Trojan An ‘Uber Patchwork’ Of Malware Tools
Jai Vijayan, Freelance writerNews
Sophisticated threat hitting banks in Japan combines best features of multiple previous banking malware, new IBM research says.
By Jai Vijayan Freelance writer, 9/2/2015
Comment0 comments  |  Read  |  Post a Comment
Microsoft's Remarkable Pivot: Windows 10 Abandons Privacy
Mark Weinstein, CEO, MeWe.comCommentary
You can read all you want about Windows 10 powerful new privacy features, but that doesn’t mean you have them.
By Mark Weinstein CEO, MeWe.com, 9/2/2015
Comment5 comments  |  Read  |  Post a Comment
Baby Monitors Expose Home -- And Business -- Networks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers find major security flaws in popular networked video baby monitor products that could allow attackers to snoop on babies and businesses.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/2/2015
Comment2 comments  |  Read  |  Post a Comment
Report: Ransomware Jumped 58 Percent in Q2
Sara Peters, Senior Editor at Dark ReadingNews
McAfee Threat Labs Report also zooms in on GPU malware and looks back on the first five years of the Intel-McAfee marriage.
By Sara Peters Senior Editor at Dark Reading, 9/1/2015
Comment1 Comment  |  Read  |  Post a Comment
Malware Pre-Installed On Over Two-Dozen Android Smartphone Brands
Jai Vijayan, Freelance writerNews
Threat affects several smartphones shipping from Asia including some popular ones such as Lenovo, Huawei, and Xiaomi, says G Data.
By Jai Vijayan Freelance writer, 9/1/2015
Comment1 Comment  |  Read  |  Post a Comment
We Can Allow Cybersecurity Research Without Stifling Innovation
Gavin Reid, Vice President, Threat Intelligence, Lancope IncCommentary
The U.S. government is in a unique position to become a global leader in cybersecurity. But only if it retains the open spirit of the Internet that kick-started the Information Age.
By Gavin Reid Vice President, Threat Intelligence, Lancope Inc, 9/1/2015
Comment0 comments  |  Read  |  Post a Comment
Your Worst Day In IT
David Spark, Veteran Tech journalist and founder of Spark Media Solutions
Turns out the most common culprits aren't what you might think.
By David Spark Veteran Tech journalist and founder of Spark Media Solutions, 9/1/2015
Comment0 comments  |  Read  |  Post a Comment
Sights & Sounds Of Black Hat USA And DEF CON
Kelly Jackson Higgins, Executive Editor at Dark Reading
Some hackers call the week of Black Hat USA and DEF CON 'security summer camp' -- a look at some of the highlights of the two shows.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/31/2015
Comment0 comments  |  Read  |  Post a Comment
A CISO's View of Mobile Security Strategy, With Stacey Halota
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
CISO of Graham Holdings visits Dark Reading News Desk at Black Hat to discuss why mobile security is a top priority and how to use mobile devices as a security tool.
By Sara Peters Senior Editor at Dark Reading, 8/31/2015
Comment0 comments  |  Read  |  Post a Comment
FBI Sounds Alarm Again On Business Email Compromise Threat
Jai Vijayan, Freelance writerNews
Over 7,000 US business have been victimized by so-called BEC fraud between October 2013 and August 2015 alone, the FBI said in an alert this week.
By Jai Vijayan Freelance writer, 8/28/2015
Comment2 comments  |  Read  |  Post a Comment
The 7 ‘Most Common’ RATS In Use Today
Udi Shamir, Chief Security Officer, SentinelOneCommentary
Sniffing out RATS -- remote access Trojans -- is a challenge for even the most hardened cyber defender. Here’s a guide to help you in the hunt.
By Udi Shamir Chief Security Officer, SentinelOne, 8/28/2015
Comment3 comments  |  Read  |  Post a Comment
A Virtual Tour of IBM’s SOCs, With Roger Hellman
Dark Reading Staff, CommentaryVideo
IBM's Roger Hellman visits the Dark Reading News Desk to talk about how IBM recreated a unique security operations center experience at Black Hat.
By Dark Reading Staff , 8/27/2015
Comment0 comments  |  Read  |  Post a Comment
Catching Attackers In The Act Of Stage Two, With Gigamon
Dark Reading Staff, CommentaryVideo
Shehzad Merchant, CTO of Gigamon, visits the Dark Reading News Desk to discuss a platform for finding and containing attackers once they've broken through your perimeter defense.
By Dark Reading Staff , 8/27/2015
Comment1 Comment  |  Read  |  Post a Comment
Cybersecurity Under FTC Authority: What Does it Mean?
Tom Kellermann, Chief Cybersecurity Office, Trend MicroCommentary
Consumers can now expect the same level of security and privacy in the digital realm as they do in the physical.
By Tom Kellermann Chief Cybersecurity Office, Trend Micro, 8/27/2015
Comment8 comments  |  Read  |  Post a Comment
Flash: Web Browser Plugins Are Vulnerable
Gavin Millard, Technical Director, EMEA, Tenable Network Security
Maybe it’s time to uninstall Flash for those that don’t need it and continuously monitor those that do.
By Gavin Millard Technical Director, EMEA, Tenable Network Security, 8/27/2015
Comment1 Comment  |  Read  |  Post a Comment
Consumers Want Password Alternatives
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Consumer confidence in online passwords wanes and their password hygiene remains as sketchy as ever, study finds.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/27/2015
Comment0 comments  |  Read  |  Post a Comment
Getting To Yes, Cooperatively
Lysa Myers, Security Researcher, ESETCommentary
As security advocates, determining what “beneficial” means to a particular audience should be our first step in developing recommendations.
By Lysa Myers Security Researcher, ESET, 8/26/2015
Comment1 Comment  |  Read  |  Post a Comment
From Vicious To Virtuous: A Plan Of Attack For Incident Response
Torry Campbell, Chief Technical Officer of Endpoint and Management at Intel Security
How do you get there? Increase the cost and effort required by the bad guys and boost your efficiency.
By Torry Campbell Chief Technical Officer of Endpoint and Management at Intel Security, 8/26/2015
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-1291
Published: 2015-09-03
The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service (DOM tree corruption) via a web s...

CVE-2015-1292
Published: 2015-09-03
The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker.

CVE-2015-1293
Published: 2015-09-03
The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

CVE-2015-1294
Published: 2015-09-03
Use-after-free vulnerability in the SkMatrix::invertNonIdentity function in core/SkMatrix.cpp in Skia, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering the use of matrix elements that lead to an...

CVE-2015-1295
Published: 2015-09-03
Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/print_web_view_helper.cc in Google Chrome before 45.0.2454.85 allow user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact by triggering nested IPC m...

Dark Reading Radio
Archived Dark Reading Radio
Another Black Hat is in the books and Dark Reading was there. Join the editors as they share their top stories, biggest lessons, and best conversations from the premier security conference.