Vulnerabilities / Threats
News & Commentary
How Retailers Can Fight Holiday Season Hackers
Steve Zurier, Freelance Writer
Experts offer tips for locking down retailers point-of-sale systems for the busy holiday shopping season.
By Steve Zurier Freelance Writer, 12/8/2016
Comment0 comments  |  Read  |  Post a Comment
From Carna To Mirai: Recovering From A Lost Opportunity
Bob Rudis & Deral Heiland, Rapid7 Chief Data Scientist & IoT Research LeadCommentary
We had four years to prepare for recent DDoS attacks and failed. How can we learn from our mistakes?
By Bob Rudis & Deral Heiland Rapid7 Chief Data Scientist & IoT Research Lead, 12/8/2016
Comment1 Comment  |  Read  |  Post a Comment
Researchers Find Backdoors, Bugs In Sony, White Box IP Cameras
Jai Vijayan, Freelance writerNews
New vulnerabilities discovered by SEC Consult and Cybereason highight increasing IoT threat to enterprises.
By Jai Vijayan Freelance writer, 12/7/2016
Comment1 Comment  |  Read  |  Post a Comment
Biometric Technology Is Not A Cure-All For Password Woes
Corey Nachreiner, Chief Technology Officer, WatchGuard TechnologiesCommentary
No single authentication token is infallible. The only real solution is multifactor authentication.
By Corey Nachreiner Chief Technology Officer, WatchGuard Technologies, 12/7/2016
Comment0 comments  |  Read  |  Post a Comment
Kaspersky Lab: 323,000 New Malware Samples Found Each Day
Dark Reading Staff, Quick Hits
Credit it to mass-produced malware and better detection through machine learning.
By Dark Reading Staff , 12/7/2016
Comment2 comments  |  Read  |  Post a Comment
PoisonTap USB Device Can Hack A Locked PC In A Minute
Matthew Rosenquist, Cybersecurity Strategist for Intel
This is just one example of an emerging technology that enables anyone with physical access to a computers USB port to potentially harvest data and gain access by spoofing an Internet ecosystem.
By Matthew Rosenquist Cybersecurity Strategist for Intel, 12/6/2016
Comment1 Comment  |  Read  |  Post a Comment
Web Gateways: 5 Big Security Challenges
Guy Guzner, CEO and co-founder, FireglassCommentary
Overreliance on Web gateways is putting data, users, customers, organizations, and reputation in harm's way.
By Guy Guzner CEO and co-founder, Fireglass, 12/6/2016
Comment0 comments  |  Read  |  Post a Comment
The 7 Most Sensational Breaches Of 2016
Ericka Chickowski, Contributing Writer, Dark Reading
The biggest hacks, data exposures, and thefts that left companies and government entities reeling.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/6/2016
Comment0 comments  |  Read  |  Post a Comment
Protect Your Company From Hackable Holiday Gifts
Jonathan Anderson, Chief Technology Officer of IoT Security, Intel Security
This holiday season promises to be full of devices, apps, and connectivity. Planning and executing appropriate security precautions now will save your business from a serious breach later.
By Jonathan Anderson Chief Technology Officer of IoT Security, Intel Security, 12/5/2016
Comment0 comments  |  Read  |  Post a Comment
Reality Check: Getting Serious About IoT Security
Troy Dearing, Senior Ethical HackerCommentary
The Department of Homeland Security is fully justified in urging security standards for the Internet of Things.
By Troy Dearing Senior Ethical Hacker, 12/5/2016
Comment2 comments  |  Read  |  Post a Comment
'Frighteningly Easy' Hack Guesses Full Credit Card Details In 6 Seconds
Jai Vijayan, Freelance writerNews
Attack works only on Visa network, Newcastle University researchers say.
By Jai Vijayan Freelance writer, 12/2/2016
Comment1 Comment  |  Read  |  Post a Comment
The Human Firewall: Why People Are Critical To Email Security
Roland Cloutier, Senior VP, Chief Security Officer, ADPCommentary
Technology is just the beginning; employees must be fully on board with security procedures.
By Roland Cloutier Senior VP, Chief Security Officer, ADP, 12/2/2016
Comment2 comments  |  Read  |  Post a Comment
Cybercriminals Next Target: Long-Term Prizes (Part 2 of 2)
Matthew Rosenquist, Cybersecurity Strategist for Intel
Attacks of a more strategic nature will test early blockchain implementations and continue to explore ways to monetize weak IoT devices.
By Matthew Rosenquist Cybersecurity Strategist for Intel, 12/1/2016
Comment0 comments  |  Read  |  Post a Comment
DMARC Continues To Confound Users, Report Says
Terry Sweeney, Contributing EditorNews
Almost three-quarters of those who deploy email authentication standard fail to get its full benefits, ValiMail says.
By Terry Sweeney Contributing Editor, 12/1/2016
Comment2 comments  |  Read  |  Post a Comment
20 Questions Smart Security Pros Should Ask About 'Intelligence'
Joshua Goldfarb, VP & CTO - Emerging Technologies, FireEyeCommentary
Threat intel is a hot but complicated topic that encompasses a lot more than just data feeds. Here's how to get beyond the fear, uncertainty, and doubt to maximize its potential.
By Joshua Goldfarb VP & CTO - Emerging Technologies, FireEye, 12/1/2016
Comment2 comments  |  Read  |  Post a Comment
Gaming Company Sues Ex-Employees Over Data Theft
Dark Reading Staff, Quick Hits
San Francisco-based Zynga alleges former workers took sensitive information with them when they joined rival company.
By Dark Reading Staff , 12/1/2016
Comment7 comments  |  Read  |  Post a Comment
Microsoft 'Father Of SDL' Named To Top Post At SAFECode
Kelly Sheridan, Associate Editor, InformationWeekNews
Steve Lipner, the former Microsoft security leader credited with spearheading its security development lifecycle (SDL) initiative, takes on a new role as executive director at SAFECode.
By Kelly Sheridan Associate Editor, InformationWeek, 12/1/2016
Comment1 Comment  |  Read  |  Post a Comment
China Cybersecurity Firm Linked With Countrys Intel Agency For Espionage
Dark Reading Staff, Quick Hits
Boyusec is working with Chinas intelligence services and military to doctor security products for spying, says Pentagon report.
By Dark Reading Staff , 11/30/2016
Comment0 comments  |  Read  |  Post a Comment
Cybercriminals' Next Target: Short-Term Dangers (Part 1 of 2)
Matthew Rosenquist, Cybersecurity Strategist for Intel
With the holidays approaching, the focus will be on lucrative online shopping, email ransomware, phishing for credentials, and infection by holiday-lurking malware.
By Matthew Rosenquist Cybersecurity Strategist for Intel, 11/30/2016
Comment0 comments  |  Read  |  Post a Comment
Windows Malware Infections Spiked 106% From Black Friday To Cyber Monday
Kelly Sheridan, Associate Editor, InformationWeekNews
The number of infected PCs jumped some 106% during the holiday season's first shopping weekend and 118% above normal on Cyber Monday.
By Kelly Sheridan Associate Editor, InformationWeek, 11/30/2016
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Five Things Every Business Executive Should Know About Cybersecurity
Don't get lost in security's technical minutiae - a clearer picture of what's at stake can help align business imperatives with technology execution.
Flash Poll
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Social engineering, ransomware, and other sophisticated exploits are leading to new IT security compromises every day. Dark Reading's 2016 Strategic Security Survey polled 300 IT and security professionals to get information on breach incidents, the fallout they caused, and how recent events are shaping preparations for inevitable attacks in the coming year. Download this report to get a look at data from the survey and to find out what a breach might mean for your organization.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Security researchers are finding that there's a growing market for the vulnerabilities they discover and persistent conundrum as to the right way to disclose them. Dark Reading editors will speak to experts -- Veracode CTO and co-founder Chris Wysopal and HackerOne co-founder and CTO Alex Rice -- about bug bounties and the expanding market for zero-day security vulnerabilities.