Vulnerabilities / Threats
News & Commentary
How To Put Data At The Heart Of Your Security Practice
Jay Jacobs, Senior Data Scientist, BitSight TechnologiesCommentary
First step: A good set of questions that seek out objective, measurable answers.
By Jay Jacobs Senior Data Scientist, BitSight Technologies, 7/28/2015
Comment0 comments  |  Read  |  Post a Comment
New Phishing Campaign Leverages Google Drive
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Researchers believe technique is geared to take over Google SSO accounts.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/28/2015
Comment0 comments  |  Read  |  Post a Comment
Ban AI Weapons, Scientists Demand
Thomas Claburn, Editor at Large, Enterprise MobilityNews
Roboticists and experts in artificial intelligence want to prohibit offensive autonomous weapons.
By Thomas Claburn Editor at Large, Enterprise Mobility, 7/27/2015
Comment4 comments  |  Read  |  Post a Comment
Stagefright Android Bug: 'Heartbleed for Mobile' But Harder To Patch
Sara Peters, Senior Editor at Dark ReadingNews
Critical vulnerability in Android's multimedia playback engine is easy to exploit, requires no user interaction, and affects 95 percent of Android devices.
By Sara Peters Senior Editor at Dark Reading, 7/27/2015
Comment0 comments  |  Read  |  Post a Comment
The First 24 Hours In The Wake Of A Data Breach
Stephen Treglia, JD, HCISPP, Legal Counsel & HIPAA Compliance Officer- Investigations, Absolute SoftwareCommentary
There is a direct correlation between how quickly an organization can identify and contain a data breach and the financial consequences that may result.
By Stephen Treglia JD, HCISPP, Legal Counsel & HIPAA Compliance Officer- Investigations, Absolute Software, 7/27/2015
Comment0 comments  |  Read  |  Post a Comment
Chrysler Recalls 1.4 Million Vehicles After Jeep Hacking Demo
Dark Reading Staff, Quick Hits
National Highway Traffic Safety Administration will be watching to see if it works.
By Dark Reading Staff , 7/24/2015
Comment1 Comment  |  Read  |  Post a Comment
Car Hacking Shifts Into High Gear
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers now have proven you can hack a car remotely, and at Black Hat USA will share most -- but not all -- of the details on how they did it.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/23/2015
Comment7 comments  |  Read  |  Post a Comment
Emerging Web Infrastructure Threats
Sara Peters, Senior Editor at Dark Reading
A secure cloud relies on some weak Internet infrastructure with some new BGP vulnerabilities that will be disclosed at Black Hat USA.
By Sara Peters Senior Editor at Dark Reading, 7/23/2015
Comment1 Comment  |  Read  |  Post a Comment
Researchers Enlist Machine Learning In Malware Detection
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
No sandbox required for schooling software to speedily spot malware, researchers will demonstrate at Black Hat USA.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/22/2015
Comment0 comments  |  Read  |  Post a Comment
Finding The ROI Of Threat Intelligence: 5 Steps
Ryan Trost, CIO & Co-founder, ThreatQuotientCommentary
Advice from a former SOC manager on how to leverage threat intel without increasing the bottom line.
By Ryan Trost CIO & Co-founder, ThreatQuotient, 7/22/2015
Comment0 comments  |  Read  |  Post a Comment
Angler Climbing To Top Of Exploit Heap
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Exploit kit dominates the field, making up 82 percent of all exploit kits currently used.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/22/2015
Comment0 comments  |  Read  |  Post a Comment
Hacking Team Detection Tools Released By Rook, Facebook
Sara Peters, Senior Editor at Dark ReadingNews
Organizations get help keeping up with Hacking Team threats, and Microsoft releases an out-of-band patch for a new Hacking Team 0-day.
By Sara Peters Senior Editor at Dark Reading, 7/21/2015
Comment1 Comment  |  Read  |  Post a Comment
Detection: A Balanced Approach For Mitigating Risk
Joshua Goldfarb, VP & CTO - Americas, FireEye.Commentary
Only detection and response can complete the security picture that begins with prevention.
By Joshua Goldfarb VP & CTO - Americas, FireEye., 7/21/2015
Comment0 comments  |  Read  |  Post a Comment
Time’s Running Out For The $76 Billion Detection Industry
Simon Crosby, Co-founder & CTO, BromiumCommentary
The one strategy that can deliver the needle to the security team without the haystack is prevention.
By Simon Crosby Co-founder & CTO, Bromium, 7/21/2015
Comment2 comments  |  Read  |  Post a Comment
Photo Processing Vendor Exposes CVS, Wal-Mart, Costco
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Retail breaches highlight third-party risk -- again.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/20/2015
Comment0 comments  |  Read  |  Post a Comment
How I Learned To Love Active Defense
John Strand, SANS Senior Instructor & Owner, Black Hills Information SecurityCommentary
Yes, traditional cyber defenses can be effective. They just need to be a little more active.
By John Strand SANS Senior Instructor & Owner, Black Hills Information Security, 7/20/2015
Comment1 Comment  |  Read  |  Post a Comment
U.S. Vuln Research, Pen Test Firms Protest Impending Export Controls
Sara Peters, Senior Editor at Dark ReadingNews
American security companies have the most to lose from new rules that would restrict the export of tools and information about network surveillance and 'intrusion software.'
By Sara Peters Senior Editor at Dark Reading, 7/16/2015
Comment0 comments  |  Read  |  Post a Comment
The Insiders: A Rogues Gallery
Mike Tierney, COO, SpectorSoftCommentary
You can defend against an insider threat if you know where to look.
By Mike Tierney COO, SpectorSoft, 7/16/2015
Comment0 comments  |  Read  |  Post a Comment
4 Lasting Impacts Of The Hacking Team Leaks
Sara Peters, Senior Editor at Dark ReadingNews
Doxing attack against Italian surveillance company put some nasty tools in the hands of attackers and might be the final nail in the coffin for Adobe Flash.
By Sara Peters Senior Editor at Dark Reading, 7/15/2015
Comment7 comments  |  Read  |  Post a Comment
Adobe Flash Failure Shows Plug-Ins Are Obsolete
Larry Loeb, Blogger, InformationweekCommentary
This week's Flash failure also illustrates why plug-ins need to go. One solution to all of this is HTML5.
By Larry Loeb Blogger, Informationweek, 7/15/2015
Comment11 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by suhasuseless
Current Conversations cool article..really cool
In reply to: good post
Post Your Own Reply
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4692
Published: 2015-07-27
The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call.

CVE-2015-1840
Published: 2015-07-26
jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space cha...

CVE-2015-1872
Published: 2015-07-26
The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via craft...

CVE-2015-2847
Published: 2015-07-26
Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream.

CVE-2015-2848
Published: 2015-07-26
Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command.

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!