Vulnerabilities / Threats
News & Commentary
FBI Sounds Alarm Again On Business Email Compromise Threat
Jai Vijayan, Freelance writerNews
Over 7,000 US business have been victimized by so-called BEC fraud between October 2013 and August 2015 alone, the FBI said in an alert this week.
By Jai Vijayan Freelance writer, 8/28/2015
Comment1 Comment  |  Read  |  Post a Comment
The 7 ‘Most Common’ RATS In Use Today
Udi Shamir, Chief Security Officer, SentinelOneCommentary
Sniffing out RATS -- remote access Trojans -- is a challenge for even the most hardened cyber defender. Here’s a guide to help you in the hunt.
By Udi Shamir Chief Security Officer, SentinelOne, 8/28/2015
Comment1 Comment  |  Read  |  Post a Comment
A Virtual Tour of IBM’s SOCs, With Roger Hellman
Dark Reading Staff, CommentaryVideo
IBM's Roger Hellman visits the Dark Reading News Desk to talk about how IBM recreated a unique security operations center experience at Black Hat.
By Dark Reading Staff , 8/27/2015
Comment0 comments  |  Read  |  Post a Comment
Catching Attackers In The Act Of Stage Two, With Gigamon
Dark Reading Staff, CommentaryVideo
Shehzad Merchant, CTO of Gigamon, visits the Dark Reading News Desk to discuss a platform for finding and containing attackers once they've broken through your perimeter defense.
By Dark Reading Staff , 8/27/2015
Comment1 Comment  |  Read  |  Post a Comment
Cybersecurity Under FTC Authority: What Does it Mean?
Tom Kellermann, Chief Cybersecurity Office, Trend MicroCommentary
Consumers can now expect the same level of security and privacy in the digital realm as they do in the physical.
By Tom Kellermann Chief Cybersecurity Office, Trend Micro, 8/27/2015
Comment8 comments  |  Read  |  Post a Comment
Flash: Web Browser Plugins Are Vulnerable
Gavin Millard, Technical Director, EMEA, Tenable Network Security
Maybe it’s time to uninstall Flash for those that don’t need it and continuously monitor those that do.
By Gavin Millard Technical Director, EMEA, Tenable Network Security, 8/27/2015
Comment1 Comment  |  Read  |  Post a Comment
Consumers Want Password Alternatives
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Consumer confidence in online passwords wanes and their password hygiene remains as sketchy as ever, study finds.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/27/2015
Comment0 comments  |  Read  |  Post a Comment
Getting To Yes, Cooperatively
Lysa Myers, Security Researcher, ESETCommentary
As security advocates, determining what “beneficial” means to a particular audience should be our first step in developing recommendations.
By Lysa Myers Security Researcher, ESET, 8/26/2015
Comment1 Comment  |  Read  |  Post a Comment
From Vicious To Virtuous: A Plan Of Attack For Incident Response
Torry Campbell, Chief Technical Officer of Endpoint and Management at Intel Security
How do you get there? Increase the cost and effort required by the bad guys and boost your efficiency.
By Torry Campbell Chief Technical Officer of Endpoint and Management at Intel Security, 8/26/2015
Comment0 comments  |  Read  |  Post a Comment
Kelly's Glimpse Of Black Hat
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Dark Reading executive editor Kelly Jackson Higgins talks through the top trends and sessions, and how the industry has evolved since her first trip to Black Hat.
By Sara Peters Senior Editor at Dark Reading, 8/26/2015
Comment0 comments  |  Read  |  Post a Comment
Ouch! Feeling The Pain Of Cybersecurity In Healthcare
Marilyn Cohodas, Community Editor, Dark Reading
There are lots of reasons why medical data is so vulnerable but the sheer numbers at risk speak volumes about the scale of the problem.
By Marilyn Cohodas Community Editor, Dark Reading, 8/25/2015
Comment11 comments  |  Read  |  Post a Comment
What Drives A Developer To Use Security Tools -- Or Not
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
National Science Foundation (NSF)-funded research by Microsoft Research, NC State, and UNC-Charlotte sheds light on what really makes a software developer scan his or her code for security bugs.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/24/2015
Comment10 comments  |  Read  |  Post a Comment
Keyless Cars: A New Frontier For Bug Bounties?
Ken Munro,  Partner & Founder, Pen Test Partners LLPCommentary
With up to 100 million lines of code in the average car today -- and growing -- security vulnerabilities are bound to become the new normal.
By Ken Munro Partner & Founder, Pen Test Partners LLP, 8/24/2015
Comment4 comments  |  Read  |  Post a Comment
Pen Testing A Smart City
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Black Hat speakers visit the Dark Reading News Desk to discuss the stunning complexity and many soft spots of a metropolis full of IoT devices.
By Sara Peters Senior Editor at Dark Reading, 8/21/2015
Comment1 Comment  |  Read  |  Post a Comment
With Great IoT Comes Great Insecurity
Bil Harmer​, Chief Security Officer, GoodDataCommentary
In the brave new world of 'things' and the services they connect to, built-in security has never been more critical. Here's what's getting in the way.
By Bil Harmer​ Chief Security Officer, GoodData, 8/21/2015
Comment2 comments  |  Read  |  Post a Comment
The Month Of Android Vulnerabilities Rolls On
Sara Peters, Senior Editor at Dark ReadingNews
Multi-media handling takes the most hits, and there are no easy fixes.
By Sara Peters Senior Editor at Dark Reading, 8/20/2015
Comment2 comments  |  Read  |  Post a Comment
How Much Threat Intelligence Is Too Much?
Steve Hall, VP of Product Marketing, Tenable Network Security, Inc.
Turn your threat data into actionable intelligence by focusing on what is relevant to you and your organization.
By Steve Hall VP of Product Marketing, Tenable Network Security, Inc., 8/20/2015
Comment0 comments  |  Read  |  Post a Comment
Beware The Hidden Risk Of Business Partners In The Cloud
Sekhar Sarukkai, Co-founder & VP, Engineering, Skyhigh NetworksCommentary
Enterprises vastly underestimate the cyber risk from digital connections to vendors, suppliers, agencies, consultants -- and any company with which employees do business.
By Sekhar Sarukkai Co-founder & VP, Engineering, Skyhigh Networks, 8/20/2015
Comment1 Comment  |  Read  |  Post a Comment
Applying the 80/20 Rule to Cyber Security Practices
Mark Clancy, CEO, SoltraCommentary
How to look holistically across technology and processes and focus resources on threats that create the greatest damage.
By Mark Clancy CEO, Soltra, 8/19/2015
Comment1 Comment  |  Read  |  Post a Comment
IE Bug Exploited In Wild After Microsoft Releases Out-Of-Band Patch
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Remote code execution vulnerability in Internet Explorer versions 7 through 11 being used to drop PlugX RAT.
By Sara Peters Senior Editor at Dark Reading, 8/19/2015
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3966
Published: 2015-08-30
The IPsec SA establishment process on Innominate mGuard devices with firmware 8.x before 8.1.7 allows remote authenticated users to cause a denial of service (VPN service restart) by leveraging a peer relationship to send a crafted configuration with compression.

CVE-2015-4555
Published: 2015-08-30
Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vect...

CVE-2015-5698
Published: 2015-08-30
Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVE-2015-4497
Published: 2015-08-29
Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets (CSS) token...

CVE-2015-4498
Published: 2015-08-29
The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early point i...

Dark Reading Radio
Archived Dark Reading Radio
Another Black Hat is in the books and Dark Reading was there. Join the editors as they share their top stories, biggest lessons, and best conversations from the premier security conference.