Vulnerabilities / Threats
News & Commentary
Researchers Steal Door Badge Credentials Using Smartphone Bluetooth
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Weakness in facility access control protocol leaves most badge-in systems open to attack.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/28/2015
Comment0 comments  |  Read  |  Post a Comment
Lockheed Martin-Led Consortium Builds Secure 'System Of Systems'
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Multilevel Security (MLS) group says this policy-based architecture could apply to sensitive commercial networks as well as government agencies.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/28/2015
Comment0 comments  |  Read  |  Post a Comment
How To Put Data At The Heart Of Your Security Practice
Jay Jacobs, Senior Data Scientist, BitSight TechnologiesCommentary
First step: A good set of questions that seek out objective, measurable answers.
By Jay Jacobs Senior Data Scientist, BitSight Technologies, 7/28/2015
Comment1 Comment  |  Read  |  Post a Comment
New Phishing Campaign Leverages Google Drive
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Researchers believe technique is geared to take over Google SSO accounts.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/28/2015
Comment1 Comment  |  Read  |  Post a Comment
Ban AI Weapons, Scientists Demand
Thomas Claburn, Editor at Large, Enterprise MobilityNews
Roboticists and experts in artificial intelligence want to prohibit offensive autonomous weapons.
By Thomas Claburn Editor at Large, Enterprise Mobility, 7/27/2015
Comment8 comments  |  Read  |  Post a Comment
Stagefright Android Bug: 'Heartbleed for Mobile' But Harder To Patch
Sara Peters, Senior Editor at Dark ReadingNews
Critical vulnerability in Android's multimedia playback engine is easy to exploit, requires no user interaction, and affects 95 percent of Android devices.
By Sara Peters Senior Editor at Dark Reading, 7/27/2015
Comment0 comments  |  Read  |  Post a Comment
The First 24 Hours In The Wake Of A Data Breach
Stephen Treglia, JD, HCISPP, Legal Counsel & HIPAA Compliance Officer- Investigations, Absolute SoftwareCommentary
There is a direct correlation between how quickly an organization can identify and contain a data breach and the financial consequences that may result.
By Stephen Treglia JD, HCISPP, Legal Counsel & HIPAA Compliance Officer- Investigations, Absolute Software, 7/27/2015
Comment0 comments  |  Read  |  Post a Comment
Chrysler Recalls 1.4 Million Vehicles After Jeep Hacking Demo
Dark Reading Staff, Quick Hits
National Highway Traffic Safety Administration will be watching to see if it works.
By Dark Reading Staff , 7/24/2015
Comment1 Comment  |  Read  |  Post a Comment
Car Hacking Shifts Into High Gear
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers now have proven you can hack a car remotely, and at Black Hat USA will share most -- but not all -- of the details on how they did it.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/23/2015
Comment11 comments  |  Read  |  Post a Comment
Emerging Web Infrastructure Threats
Sara Peters, Senior Editor at Dark Reading
A secure cloud relies on some weak Internet infrastructure with some new BGP vulnerabilities that will be disclosed at Black Hat USA.
By Sara Peters Senior Editor at Dark Reading, 7/23/2015
Comment1 Comment  |  Read  |  Post a Comment
Researchers Enlist Machine Learning In Malware Detection
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
No sandbox required for schooling software to speedily spot malware, researchers will demonstrate at Black Hat USA.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/22/2015
Comment0 comments  |  Read  |  Post a Comment
Finding The ROI Of Threat Intelligence: 5 Steps
Ryan Trost, CIO & Co-founder, ThreatQuotientCommentary
Advice from a former SOC manager on how to leverage threat intel without increasing the bottom line.
By Ryan Trost CIO & Co-founder, ThreatQuotient, 7/22/2015
Comment0 comments  |  Read  |  Post a Comment
Angler Climbing To Top Of Exploit Heap
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Exploit kit dominates the field, making up 82 percent of all exploit kits currently used.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/22/2015
Comment0 comments  |  Read  |  Post a Comment
Hacking Team Detection Tools Released By Rook, Facebook
Sara Peters, Senior Editor at Dark ReadingNews
Organizations get help keeping up with Hacking Team threats, and Microsoft releases an out-of-band patch for a new Hacking Team 0-day.
By Sara Peters Senior Editor at Dark Reading, 7/21/2015
Comment1 Comment  |  Read  |  Post a Comment
Detection: A Balanced Approach For Mitigating Risk
Joshua Goldfarb, VP & CTO - Americas, FireEye.Commentary
Only detection and response can complete the security picture that begins with prevention.
By Joshua Goldfarb VP & CTO - Americas, FireEye., 7/21/2015
Comment0 comments  |  Read  |  Post a Comment
Time’s Running Out For The $76 Billion Detection Industry
Simon Crosby, Co-founder & CTO, BromiumCommentary
The one strategy that can deliver the needle to the security team without the haystack is prevention.
By Simon Crosby Co-founder & CTO, Bromium, 7/21/2015
Comment2 comments  |  Read  |  Post a Comment
Photo Processing Vendor Exposes CVS, Wal-Mart, Costco
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Retail breaches highlight third-party risk -- again.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/20/2015
Comment0 comments  |  Read  |  Post a Comment
How I Learned To Love Active Defense
John Strand, SANS Senior Instructor & Owner, Black Hills Information SecurityCommentary
Yes, traditional cyber defenses can be effective. They just need to be a little more active.
By John Strand SANS Senior Instructor & Owner, Black Hills Information Security, 7/20/2015
Comment1 Comment  |  Read  |  Post a Comment
U.S. Vuln Research, Pen Test Firms Protest Impending Export Controls
Sara Peters, Senior Editor at Dark ReadingNews
American security companies have the most to lose from new rules that would restrict the export of tools and information about network surveillance and 'intrusion software.'
By Sara Peters Senior Editor at Dark Reading, 7/16/2015
Comment0 comments  |  Read  |  Post a Comment
The Insiders: A Rogues Gallery
Mike Tierney, COO, SpectorSoftCommentary
You can defend against an insider threat if you know where to look.
By Mike Tierney COO, SpectorSoft, 7/16/2015
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0732
Published: 2015-07-28
Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9.0.0-193; Email Security Appliance (ESA) 8.5.6-113, 9.1.0-032, 9.1.1-000, and 9.6.0-000; and Content Security Management Appliance (SMA) 9.1.0-033 allows remote attackers to inject arbitrary web script or ...

CVE-2015-2974
Published: 2015-07-28
LEMON-S PHP Gazou BBS plus before 2.36 allows remote attackers to upload arbitrary HTML documents via vectors involving a crafted image file.

CVE-2015-4287
Published: 2015-07-28
Cisco Firepower Extensible Operating System 1.1(1.86) on Firepower 9000 devices allows remote attackers to bypass intended access restrictions and obtain sensitive device information by visiting an unspecified web page, aka Bug ID CSCuu82230.

CVE-2015-4288
Published: 2015-07-28
The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain s...

CVE-2015-4692
Published: 2015-07-27
The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call.

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!