Vulnerabilities / Threats // Vulnerability Management
News & Commentary
Malware Markets: Exposing The Hype & Filtering The Noise
Jim Walter, Senior SPEAR Researcher, CylanceCommentary
Theres a lot of useful infosec information out there, but cutting through clutter is harder than it should be.
By Jim Walter Senior SPEAR Researcher, Cylance, 8/30/2016
Comment0 comments  |  Read  |  Post a Comment
The Hidden Dangers Of 'Bring Your Own Body'
Kon Leong, CEO/Co-founder, ZL TechnologiesCommentary
The use of biometric data is on the rise, causing new security risks that must be assessed and addressed.
By Kon Leong CEO/Co-founder, ZL Technologies, 8/26/2016
Comment7 comments  |  Read  |  Post a Comment
Apple Releases Patch For 'Trident,' A Trio Of iOS 0-Days
Dark Reading Staff, Quick Hits
Already rolled into the Pegasus spyware product and used to target social activists, the vulnerabilities are fixed in iOS 9.3.5.
By Dark Reading Staff , 8/25/2016
Comment1 Comment  |  Read  |  Post a Comment
A Temperature-Check On The State Of Application Security
Ericka Chickowski, Contributing Writer, Dark ReadingNews
AppSec is more dangerous than network security but receives less than half the funding, according to new Ponemon study.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/25/2016
Comment1 Comment  |  Read  |  Post a Comment
Attacker's Playbook Top 5 Is High On Passwords, Low On Malware
Sara Peters, Senior Editor at Dark ReadingNews
Report: Penetration testers' five most reliable methods of compromising targets include four different ways to use stolen credentials, but zero ways to exploit software.
By Sara Peters Senior Editor at Dark Reading, 8/18/2016
Comment1 Comment  |  Read  |  Post a Comment
Newly Announced Chipset Vuln Affects 900 Million Android Devices
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Check Point Research Team details four vulnerabilities that can easily lead to full privilege escalation.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/8/2016
Comment0 comments  |  Read  |  Post a Comment
Dark Reading News Desk Coming Back To Black Hat, Live
Sara Peters, Senior Editor at Dark ReadingNews
Live from Las Vegas: over 40 video interviews with Black Hat USA conference speakers and sponsors. Wednesday Aug. 3, Thursday Aug, 4, starting at 2 p.m. ET.
By Sara Peters Senior Editor at Dark Reading, 8/4/2016
Comment1 Comment  |  Read  |  Post a Comment
Hacker Creates Software Ratings System
Dark Reading Staff, Quick Hits
The new formula to rate computer software could force creators to perform better, says Peiter Mudge Zatko.
By Dark Reading Staff , 8/4/2016
Comment1 Comment  |  Read  |  Post a Comment
Google Adds New Kernel-Level Protections For Android
Jai Vijayan, Freelance writerNews
Measures include kernel memory controls and features to reduce attack surface.
By Jai Vijayan Freelance writer, 7/28/2016
Comment1 Comment  |  Read  |  Post a Comment
Auto Industry ISAC Releases Best Practices For Connected Vehicle Cybersecurity
Jai Vijayan, Freelance writerNews
Goal is to provide car manufactures with guidelines for protecting modern vehicles against emerging cyber threats
By Jai Vijayan Freelance writer, 7/21/2016
Comment0 comments  |  Read  |  Post a Comment
National Governors Association Seeks Higher Profile on Cybersecurity
Steve Zurier, Freelance WriterNews
NGAs new chairman Virginia Gov. Terry McAuliffe says states can play a pivotal role in cybersecurity, including emergency response, workforce development and protecting health care data.
By Steve Zurier Freelance Writer, 7/20/2016
Comment0 comments  |  Read  |  Post a Comment
Meet The Teams In DARPA's All-Machine Hacking Tournament
Steve Zurier, Freelance Writer
"Autonomous security" is DARPA's latest game. Its Cyber Grand Challenge will culminate at DEF CON with a contest to see which of these seven finalists' machines will automatically detect and remediate the most security vulnerabilities.
By Steve Zurier Freelance Writer, 7/15/2016
Comment1 Comment  |  Read  |  Post a Comment
Context-Rich And Context-Aware Cybersecurity
Ned Miller, Intel Security, Chief Technology Strategist for Public Sector
An adaptive threat-prevention model is quickly replacing traditional, unintegrated architectures as security teams work to achieve a sustainable advantage against complex threats.
By Ned Miller Intel Security, Chief Technology Strategist for Public Sector, 7/14/2016
Comment1 Comment  |  Read  |  Post a Comment
Purple Teaming: Red & Blue Living Together, Mass Hysteria
Sara Peters, Senior Editor at Dark ReadingNews
When you set focused objectives for the red team, you get your blue team to work the weak muscles they need trained most.
By Sara Peters Senior Editor at Dark Reading, 7/13/2016
Comment1 Comment  |  Read  |  Post a Comment
Adobe Fixes 52 Vulnerabilities In Flash
Dark Reading Staff, Quick Hits
Updated version fixes CVEs that allowed remote code execution on affected machines.
By Dark Reading Staff , 7/13/2016
Comment0 comments  |  Read  |  Post a Comment
Fiat Chrysler Launches Bug Bounty Program
Dark Reading Staff, Quick Hits
Platform will be leveraged to identify and resolve security issues in automobile software.
By Dark Reading Staff , 7/13/2016
Comment0 comments  |  Read  |  Post a Comment
What I Expect to See At Black Hat 2016: 5 Themes
Chris Wysopal, CTO, CISO and co-founder, VeracodeCommentary
Over the years, Black Hat has morphed from a little show for security researchers to a big conference that attracts everyone from black-hat hackers to C-level security execs. Heres what piques my interest this year.
By Chris Wysopal CTO, CISO and co-founder, Veracode, 7/13/2016
Comment1 Comment  |  Read  |  Post a Comment
Profiles Of The Top 7 Bug Hunters From Around the Globe
Sean Martin, CISSP | President, imsmartin
'Super hunters' share a common goal: to find the most high impact valid bugs before a bad guy does.
By Sean Martin CISSP | President, imsmartin, 7/12/2016
Comment0 comments  |  Read  |  Post a Comment
5 Ways To Think Like A Hacker
Steve Zurier, Freelance Writer
Security expert says CISOs need to use simulations more effectively so they can understand how hackers work and beat them at their own game.
By Steve Zurier Freelance Writer, 6/24/2016
Comment0 comments  |  Read  |  Post a Comment
Bug Poachers: A New Breed of Cybercriminal
Chris Wysopal, CTO, CISO and co-founder, VeracodeCommentary
As if security researchers dont have enough to worry about, we now have to contend with extortionists who take advantage of the well-established fact that applications are a ripe target for exploitation.
By Chris Wysopal CTO, CISO and co-founder, Veracode, 6/22/2016
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join Dark Reading community editor Marilyn Cohodas and her guest, David Shearer, (ISC)2 Chief Executive Officer, as they discuss issues that keep IT security professionals up at night, including results from the recent 2016 Black Hat Attendee Survey.