Vulnerabilities / Threats
News & Commentary
State-Sponsored Cybercrime: A Growing Business Threat
David Venable,  Director, Professional Services, Masergy CommunicationsCommentary
You donít have to be the size of Sony -- or even mock North Korea -- to be a target.
By David Venable Director, Professional Services, Masergy Communications, 5/26/2015
Comment1 Comment  |  Read  |  Post a Comment
Cyber Threat Analysis: A Call for Clarity
Michael McMahon, Director, Cyber Strategy & Analysis, Innovative Analytics & Training, LLCCommentary
The general public deserves less hyperbole and more straight talk
By Michael McMahon Director, Cyber Strategy & Analysis, Innovative Analytics & Training, LLC, 5/22/2015
Comment8 comments  |  Read  |  Post a Comment
Hacking Virginia State Trooper Cruisers
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Working group of federal agencies and private industry launched by the state of Virginia is studying car vulnerabilities and building tools to detect and protect against vehicle hacking and tampering.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/22/2015
Comment1 Comment  |  Read  |  Post a Comment
Half Of Retail, Healthcare Sites 'Always Vulnerable'
Sara Peters, Senior Editor at Dark ReadingNews
Finding vulnerabilities in custom web applications isn't the major problem; fixing them in a timely fashion is, a new report from WhiteHat Security finds.
By Sara Peters Senior Editor at Dark Reading, 5/21/2015
Comment0 comments  |  Read  |  Post a Comment
Logjam Encryption Flaw Threatens Secure Communications On Web
Jai Vijayan, Freelance writerNews
Most major browsers, websites that support export ciphers impacted
By Jai Vijayan Freelance writer, 5/20/2015
Comment1 Comment  |  Read  |  Post a Comment
Planes, Tweets & Possible Hacks From Seats
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
There are conflicting reports over whether security researcher Chris Roberts hacked into flight controls and manipulated a plane.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/20/2015
Comment9 comments  |  Read  |  Post a Comment
5 Signs Credentials In Your Network Are Being Compromised
Idan Tendler, CEO, FortscaleCommentary
Where should you start to keep ahead of attackers using insiders to steal corporate secrets or personal identifiable information? Check out these common scenarios.
By Idan Tendler CEO, Fortscale, 5/20/2015
Comment1 Comment  |  Read  |  Post a Comment
Hacking Airplanes: No One Benefits When Lives Are Risked To Prove A Point
Don Bailey, Founder & CEO, Lab Mouse SecurityCommentary
In the brave new world of self-driving cars and Wifi-enabled pacemakers, everything we do as information security professionals, everything we hack, every joke we make on Twitter, has real, quantifiable consequences.
By Don Bailey Founder & CEO, Lab Mouse Security, 5/19/2015
Comment7 comments  |  Read  |  Post a Comment
Every 4 Seconds New Malware Is Born
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New report shows rate of new malware strains discovered increased by 77 percent in 2014.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/18/2015
Comment2 comments  |  Read  |  Post a Comment
Why We Can't Afford To Give Up On Cybersecurity Defense
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
There is no quick fix, but organizations can massively reduce the complexity of building secure applications by empowering developers with four basic practices.
By Jeff Williams CTO, Aspect Security & Contrast Security, 5/18/2015
Comment3 comments  |  Read  |  Post a Comment
Polish Security Firm Discloses Unpatched Security Flaws in Google App Engine
Jai Vijayan, Freelance writerNews
Google was given enough time to respond researcher says.
By Jai Vijayan Freelance writer, 5/15/2015
Comment0 comments  |  Read  |  Post a Comment
The Cybercrime Carnival in Brazil: Loose Cyberlaws Make for Loose Cybercriminals
Limor S Kessem, Sr. Cybersecurity Evangelist, IBM SecurityCommentary
Brazil loses over $8 billion a year to Internet crime, making it the second-largest cybercrime generator in the world.
By Limor S Kessem Sr. Cybersecurity Evangelist, IBM Security, 5/15/2015
Comment8 comments  |  Read  |  Post a Comment
Experts' Opinions Mixed On VENOM Vulnerability
Sara Peters, Senior Editor at Dark ReadingNews
Some say the virtualization vuln could be worse than Heartbleed, while others advise to patch, but don't panic.
By Sara Peters Senior Editor at Dark Reading, 5/14/2015
Comment2 comments  |  Read  |  Post a Comment
Taking A Security Program From Zero To Hero
Joshua Goldfarb, VP & CTO - Americas, FireEye.Commentary
Breaking the enigma of InfoSec into smaller bites is a proven method for building up an organizationís security capabilities. Here are six steps to get you started.
By Joshua Goldfarb VP & CTO - Americas, FireEye., 5/13/2015
Comment2 comments  |  Read  |  Post a Comment
Microsoft Edge Browser Gets Security Boost
Kelly Sheridan, Associate Editor, InformationWeekNews
The new Windows 10 browser, Microsoft Edge, is fortified with security measures to keep users safe.
By Kelly Sheridan Associate Editor, InformationWeek, 5/13/2015
Comment7 comments  |  Read  |  Post a Comment
VENOM Zero-Day May Affect Thousands Of Cloud, Virtualization Products
Sara Peters, Senior Editor at Dark ReadingNews
Critical vulnerability in the open-source QEMU hypervisor lets attackers break out of a virtual machine, execute code on a host machine and access all the other VMs on the host.
By Sara Peters Senior Editor at Dark Reading, 5/13/2015
Comment6 comments  |  Read  |  Post a Comment
Vulnerability Disclosure Deja Vu: Prosecute Crime Not Research
Katie Moussouris, Chief Policy Officer, HackerOneCommentary
There is a lesson to be learned from a locksmith living 150 years ago: Attackers and criminals are the only parties who benefit when security researchers fear the consequences for reporting issues.
By Katie Moussouris Chief Policy Officer, HackerOne, 5/12/2015
Comment10 comments  |  Read  |  Post a Comment
First Example Of SAP Breach Surfaces
Ericka Chickowski, Contributing Writer, Dark ReadingNews
USIS attack in 2013 stealing background check information about government personnel with classified clearance came by way of an SAP exploit.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/12/2015
Comment0 comments  |  Read  |  Post a Comment
PHP Hash Comparison Weakness A Threat To Websites, Researcher Says
Jai Vijayan, Freelance writerNews
Flaw could allow attackers to compromise user accounts, WhiteHat Security's Robert Hansen -- aka "RSnake" -- says in new finding on 'Magic Hash' vulnerability.
By Jai Vijayan Freelance writer, 5/9/2015
Comment2 comments  |  Read  |  Post a Comment
Beginning Of The End For Patch Tuesday
Sara Peters, Senior Editor at Dark ReadingNews
Starting with Windows 10, Microsoft will introduce Windows Update for Business, issuing patches as they're available, instead of once a month.
By Sara Peters Senior Editor at Dark Reading, 5/7/2015
Comment6 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-9710
Published: 2015-05-27
The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time windo...

CVE-2014-9715
Published: 2015-05-27
include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that trig...

CVE-2015-2666
Published: 2015-05-27
Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to t...

CVE-2015-2830
Published: 2015-05-27
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrate...

CVE-2015-2922
Published: 2015-05-27
The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.

Dark Reading Radio
Archived Dark Reading Radio
After a serious cybersecurity incident, everyone will be looking to you for answers -- but youíll never have complete information and youíll never have enough time. So in those heated moments, when a business is on the brink of collapse, how will you and the rest of the board room executives respond?