Vulnerabilities / Threats
News & Commentary
Google Paid Over $1.5 Million In Bug Bounties In 2014
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Mobile apps developed by Google now included in its Vulnerability Reward Program.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/30/2015
Comment0 comments  |  Read  |  Post a Comment
Video: Super Bowl WiFi Coaches, Leaky Apps & Binge Watching
Andrew Conry Murray, Director of Content & Community, InteropCommentary
This Week In 60 Seconds checks out WiFi troubleshooters at the Super Bowl, a leaky NFL app, and whether binge watching is a sign of depression.
By Andrew Conry Murray Director of Content & Community, Interop, 1/30/2015
Comment1 Comment  |  Read  |  Post a Comment
WiIl Millennials Be The Death Of Data Security?
Chris Rouland, Founder & CEO, BastilleCommentary
Millennials, notoriously promiscuous with data and devices, this year will become the largest generation in the workforce. Is your security team prepared?
By Chris Rouland Founder & CEO, Bastille, 1/27/2015
Comment32 comments  |  Read  |  Post a Comment
NFL Mobile Sports App Contains Super Bowl-Sized Vulns
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Lack of protections puts users at risk of exposed information by way of man-in-the-middle attacks.
By Ericka Chickowski Contributing Writer, Dark Reading, 1/27/2015
Comment9 comments  |  Read  |  Post a Comment
Gas Stations Urged To Secure Internet-Exposed Fuel Tank Devices
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers find more than 5,000 US gas stations' automated tank gauges unprotected on the public Internet and open to hackers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/26/2015
Comment9 comments  |  Read  |  Post a Comment
Why Russia Hacks
Mike Walls, Managing Director Security Operations & Analysis, EdgeWaveCommentary
Conventional wisdom holds that Russia hacks primarily for financial gain. But equally credible is the belief that the Russians engage in cyberwarfare to further their geopolitical ambitions.
By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 1/23/2015
Comment16 comments  |  Read  |  Post a Comment
Diverse White Hat Community Leads To Diverse Vuln Disclosures
Sara Peters, Senior Editor at Dark ReadingNews
Researchers at Penn State find that courting new bug hunters is just as important as rewarding seasoned ones.
By Sara Peters Senior Editor at Dark Reading, 1/22/2015
Comment6 comments  |  Read  |  Post a Comment
What Government Can (And Can’t) Do About Cybersecurity
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
In his 2015 State of the Union address, President Obama introduced a number of interesting, if not terribly novel, proposals. Here are six that will have minimal impact.
By Jeff Williams CTO, Aspect Security & Contrast Security, 1/22/2015
Comment18 comments  |  Read  |  Post a Comment
President's Plan To Crack Down On Hacking Could Hurt Good Hackers
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Security experts critical of President Obama's new proposed cybersecurity legislation.
By Ericka Chickowski Contributing Writer, Dark Reading, 1/21/2015
Comment9 comments  |  Read  |  Post a Comment
Adobe Investigating New Flash Zero-Day Spotted In Crimeware Kit
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Researcher Kafeine's 0day discovery confirmed by Malwarebytes.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/21/2015
Comment2 comments  |  Read  |  Post a Comment
Facebook Messenger: Classically Bad AppSec
Daniel Riedel, CEO, New ContextCommentary
Facebook offers a textbook example of what the software industry needs to do to put application security in the forefront of software development.
By Daniel Riedel CEO, New Context, 1/21/2015
Comment2 comments  |  Read  |  Post a Comment
Ransomware Leads Surge In 2014 Mobile Malware Onslaught
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Mobile malware increases 75 percent in U.S.
By Ericka Chickowski Contributing Writer, Dark Reading, 1/20/2015
Comment3 comments  |  Read  |  Post a Comment
New Technology Detects Cyberattacks By Their Power Consumption
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Startup's "power fingerprinting" approach catches stealthy malware within milliseconds in DOE test.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/20/2015
Comment2 comments  |  Read  |  Post a Comment
Security MIA In Car Insurance Dongle
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
A researcher finds security holes in Flo the Progressive Girl's Snapshot insurance policy product.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/16/2015
Comment11 comments  |  Read  |  Post a Comment
The Truth About Malvertising
Peter Zavlaris, Analyst, RiskIQCommentary
Malvertising accounts for huge amounts of cyberfraud and identity theft. Yet there is still no consensus on who is responsible for addressing these threats.
By Peter Zavlaris Analyst, RiskIQ, 1/16/2015
Comment7 comments  |  Read  |  Post a Comment
Why North Korea Hacks
Mike Walls, Managing Director Security Operations & Analysis, EdgeWaveCommentary
The motivation behind Democratic People’s Republic of Korea hacking is rooted in a mix of retribution, paranoia, and the immature behavior of an erratic leader.
By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 1/15/2015
Comment10 comments  |  Read  |  Post a Comment
Anatomy Of A 'Cyber-Physical' Attack
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Inflicting major or physical harm in ICS/SCADA environments takes more than malware.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/14/2015
Comment4 comments  |  Read  |  Post a Comment
Majority Of Enterprises Finally Recognize Users As Endpoint's Weakest Vulnerability
Ericka Chickowski, Contributing Writer, Dark ReadingNews
The Ponemon State of the Endpoint report shows endpoint management continues to grow more difficult.
By Ericka Chickowski Contributing Writer, Dark Reading, 1/14/2015
Comment0 comments  |  Read  |  Post a Comment
4 Mega-Vulnerabilities Hiding in Plain Sight
Giora Engel, VP Product & Strategy, LightCyberCommentary
How four recently discovered, high-impact vulnerabilities provided “god mode” access to 90% of the Internet for 15 years, and what that means for the future.
By Giora Engel VP Product & Strategy, LightCyber, 1/14/2015
Comment1 Comment  |  Read  |  Post a Comment
Insider Threats in the Cloud: 6 Harrowing Tales
Kaushik Narayan, Co-Founder and CTO at Skyhigh NetworksCommentary
The cloud has vastly expanded the scope of rogue insiders. Read on to discover the latest threat actors and scenarios.
By Kaushik Narayan Co-Founder and CTO at Skyhigh Networks, 1/13/2015
Comment5 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4467
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web site.

CVE-2014-4476
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulner...

CVE-2014-4477
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulner...

CVE-2014-4479
Published: 2015-01-30
WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, 7.x before 7.1.3, and 8.x before 8.0.3; and Apple TV before 7.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulner...

CVE-2014-4480
Published: 2015-01-30
Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.