Vulnerabilities / Threats
News & Commentary
As Dyre Goes Quiet, Focus Turns On Other Banking Trojans
Jai Vijayan, Freelance writerNews
Dridex, Gozi, and Shifu are just three of the many malware tools that could replace Dyre, security researchers say.
By Jai Vijayan Freelance writer, 2/9/2016
Comment0 comments  |  Read  |  Post a Comment
New White House Cybersecurity Plan Creates Federal CISO
Sara Peters, Senior Editor at Dark ReadingNews
Cybersecurity National Action Plan aims to increase federal cybersecurity spending by 35 percent to modernize IT and address skills shortage, IoT.
By Sara Peters Senior Editor at Dark Reading, 2/9/2016
Comment0 comments  |  Read  |  Post a Comment
Monday Morning Quarterbacking Super Bowl 50: Infosec Edition
Tim Helming, Director of Product Management, DomainToolsCommentary
How to coach your team to victory in the battle to protect corporate data and intellectual property. After all, there’s a lot riding on your game, too.
By Tim Helming Director of Product Management, DomainTools, 2/8/2016
Comment1 Comment  |  Read  |  Post a Comment
10 Shocking New Facts About Ransomware
Ericka Chickowski, Contributing Writer, Dark Reading
Ransomware has taken over the cybercriminal world in the last few years and there's no end in sight.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/8/2016
Comment0 comments  |  Read  |  Post a Comment
Online 'Batman' Takes On Dridex Banking Trojan Operators
Jai Vijayan, Freelance writerNews
Several Dridex malware download sites have begun mysteriously serving up antivirus software instead.
By Jai Vijayan Freelance writer, 2/5/2016
Comment2 comments  |  Read  |  Post a Comment
Here’s How To Protect Against A Ransomware Attack
Jai Vijayan, Freelance writerNews
Recovering data encrypted by a ransomware attack is next to impossible, so prevention offers the better approach.
By Jai Vijayan Freelance writer, 2/4/2016
Comment1 Comment  |  Read  |  Post a Comment
Agriculture, Alternative Energy Could Be Chinese Hackers' Next Targets
Sara Peters, Senior Editor at Dark ReadingNews
Perhaps Anthem and Premera breaches were not just about stealing PII, but about researching the ins and outs of Western healthcare systems, CrowdStrike's annual global threat report says.
By Sara Peters Senior Editor at Dark Reading, 2/3/2016
Comment0 comments  |  Read  |  Post a Comment
Zero Trust: Now A Critical Foundation For Securing Mobile
Adam Ely, COO, BlueboxCommentary
No longer willing to rely on an OS that doesn't provide the security features they need, developers are taking steps to secure apps, defend data, and protect users.
By Adam Ely COO, Bluebox, 2/3/2016
Comment0 comments  |  Read  |  Post a Comment
NASA Denies Hackers Hijacked Its Drone
Thomas Claburn, Editor at Large, Enterprise MobilityNews
The space agency insists AnonSec didn't commandeer a NASA Global Hawk drone, but it's still looking into claims its network was hacked.
By Thomas Claburn Editor at Large, Enterprise Mobility, 2/2/2016
Comment2 comments  |  Read  |  Post a Comment
Encryption Has Its Place But It Isn’t Foolproof
Doug Clare, Vice President of Product Management, FICOCommentary
Most encrypted data is unencrypted at some point in its lifecycle -- and the bad guys are pretty good at finding the one window left open.
By Doug Clare Vice President of Product Management, FICO, 2/2/2016
Comment2 comments  |  Read  |  Post a Comment
As Good As They're Getting, Analytics Don't Inherently Protect Data
Scott Petry , Co-Founder & CEO of Authentic8Commentary
It is only a matter of time before your system is breached, and when your data is lost, analytics won't help you.
By Scott Petry Co-Founder & CEO of Authentic8, 2/2/2016
Comment0 comments  |  Read  |  Post a Comment
Macro Malware Resurgence Highlighted By Kasidet Outbreak
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Also known as Neutrino, this piece of malware is another case of Office macro malaise.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/2/2016
Comment0 comments  |  Read  |  Post a Comment
First Hacker Arrested for CyberTerror Charges Arrives In American Court
Dark Reading Staff, Quick Hits
Kosovo citizen faces a maximum sentence of 35 years in prison for hacking and providing material support to ISIS.
By Dark Reading Staff , 2/1/2016
Comment0 comments  |  Read  |  Post a Comment
IEEE Anti-Malware Support Service Goes Live
Mark Kennedy, Chair, IEEE Industry Connections Security Group, Chair, IEEE Malware Working GroupCommentary
Through the collaborative effort of major players in the computer security industry, organizations now have two new tools for better malware detection.
By Mark Kennedy Chair, IEEE Industry Connections Security Group, Chair, IEEE Malware Working Group, 2/1/2016
Comment0 comments  |  Read  |  Post a Comment
Wendy's Could Become Test Case For New EMV Liability Rules
Jai Vijayan, Freelance writerNews
The fast food giant confirms it is investigating fraudulent activity involving payment cards used at some of its 6,500 locations.
By Jai Vijayan Freelance writer, 1/29/2016
Comment4 comments  |  Read  |  Post a Comment
Clever LG Droid Bug Can Attack You Through Birthday Notifications
Dark Reading Staff, Quick Hits
'SNAP' vulnerability affects Smart Notice application pre-installed on every new LG device.
By Dark Reading Staff , 1/29/2016
Comment3 comments  |  Read  |  Post a Comment
New Version Of CenterPOS Malware Taps Rush To Attack Retail Systems
Jai Vijayan, Freelance writerNews
EMV will make it much harder for criminals to steal payment card data, so there’s a rush to do it while they can
By Jai Vijayan Freelance writer, 1/28/2016
Comment3 comments  |  Read  |  Post a Comment
Big Week For Ransomware
Sara Peters, Senior Editor at Dark ReadingNews
Inventive new variants and damaging attacks swept through the headlines this week.
By Sara Peters Senior Editor at Dark Reading, 1/28/2016
Comment5 comments  |  Read  |  Post a Comment
Data Privacy: Key Elements Of An Information Governance Plan
Heidi Maher, Executive Director, Compliance, Governance and Oversight Counsel (CGOC)Commentary
For Data Privacy Day! Do you have the policies in place to safeguard your company’s most strategic information? Here are nine best practices.
By Heidi Maher Executive Director, Compliance, Governance and Oversight Counsel (CGOC), 1/28/2016
Comment0 comments  |  Read  |  Post a Comment
Hot-Patching Tools Another Crack In Apple's Walled Garden
Sara Peters, Senior Editor at Dark ReadingNews
Researchers at FireEye investigate how the tools some iOS developers use to push out patches more quickly are themselves a threat to Apple security.
By Sara Peters Senior Editor at Dark Reading, 1/27/2016
Comment9 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: nice one good
Current Issue
E-Commerce Security: What Every Enterprise Needs to Know
The mainstream use of EMV smartcards in the US has experts predicting an increase in online fraud. Organizations will need to look at new tools and processes for building better breach detection and response capabilities.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join Dark Reading community editor Marilyn Cohodas in a thought-provoking discussion about the evolving role of the CISO.