Vulnerabilities / Threats // Vulnerability Management
News & Commentary
5 Ways To Think Like A Hacker
Steve Zurier, Freelance Writer
Security expert says CISOs need to use simulations more effectively so they can understand how hackers work and beat them at their own game.
By Steve Zurier Freelance Writer, 6/24/2016
Comment0 comments  |  Read  |  Post a Comment
‘Bug Poachers:’ A New Breed of Cybercriminal
Chris Wysopal, CTO, CISO and co-founder, VeracodeCommentary
As if security researchers don’t have enough to worry about, we now have to contend with extortionists who take advantage of the well-established fact that applications are a ripe target for exploitation.
By Chris Wysopal CTO, CISO and co-founder, Veracode, 6/22/2016
Comment0 comments  |  Read  |  Post a Comment
Singapore To Cut Internet Access For Government Computers
Dark Reading Staff, Quick Hits
To counter cyberattacks, 100,000 computers will be taken offline next May.
By Dark Reading Staff , 6/10/2016
Comment0 comments  |  Read  |  Post a Comment
Zcrypt Ransomware: Old Wine In A New Bottle
Jai Vijayan, Freelance writerNews
Malware authors have combined old and new approaches to try and sneak Zcrypt past defenses, Check Point says.
By Jai Vijayan Freelance writer, 6/8/2016
Comment0 comments  |  Read  |  Post a Comment
‘Super Hunters’ Emerge As More Companies Adopt Bug Bounties
Rutrell Yasin, Business Technology Writer, Tech Writers BureauNews
'Super hunters' chase down vulnerabilities wherever there's a bug bounty payday...and they've become very popular with cybersecurity job recruiters, says Bugcrowd report.
By Rutrell Yasin Business Technology Writer, Tech Writers Bureau, 6/8/2016
Comment0 comments  |  Read  |  Post a Comment
Enterprises Still Don't Base Vuln Remediation On Risk
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New White Hat study shows critical vulnerabilities aren't fixed any faster than other security flaws.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/7/2016
Comment1 Comment  |  Read  |  Post a Comment
Top Security To-Dos For The Entertainment Industry
Sara Peters, Senior Editor at Dark ReadingNews
'The biz' has unique security needs. And it isn't only about preventing 'the next Sony.'
By Sara Peters Senior Editor at Dark Reading, 6/6/2016
Comment1 Comment  |  Read  |  Post a Comment
SWIFT Proposes New Measures For Bolstering Its Security
Jai Vijayan, Freelance writerNews
Measures come amid news that up to 12 banks may have fallen victim to attacks attempting to steal millions via the SWIFT network.
By Jai Vijayan Freelance writer, 5/27/2016
Comment5 comments  |  Read  |  Post a Comment
GSA May Offer Bug Bounty Program For Federal Agencies
Jai Vijayan, Freelance writerNews
Researchers will be eligible for bounties of up to $3,500 for discovering bugs in federal agency systems.
By Jai Vijayan Freelance writer, 5/24/2016
Comment0 comments  |  Read  |  Post a Comment
Cyber Security A Major Risk To US Financial System: SEC Chief
Dark Reading Staff, Quick Hits
Mary Jo White believes that despite preparedness, procedures in place to fight cyberattacks are inadequate.
By Dark Reading Staff , 5/20/2016
Comment1 Comment  |  Read  |  Post a Comment
Windows 0-Day Exploit Used In Recent Wave Of PoS Attacks
Jai Vijayan, Freelance writerNews
Privilege-escalation exploit was part of a malware campaign that impacted more than 100 organizations earlier this year, according to FireEye.
By Jai Vijayan Freelance writer, 5/11/2016
Comment0 comments  |  Read  |  Post a Comment
6 Eye-Opening Stats About Endpoint Device Health
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New report shows state of endpoint patching and updates among a sample of 2 million devices.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/10/2016
Comment0 comments  |  Read  |  Post a Comment
The 10 Worst Vulnerabilities of The Last 10 Years
Jai Vijayan, Freelance writer
From the thousands of vulns that software vendors disclosed over the past 10 years, a few stand out for being a lot scarier than the rest.
By Jai Vijayan Freelance writer, 5/6/2016
Comment5 comments  |  Read  |  Post a Comment
‘Stupid’ Locky Network Breached
Jai Vijayan, Freelance writerNews
For the second time in recent months, a white hat hacker appears to have broken into a C&C server for a major malware threat.
By Jai Vijayan Freelance writer, 5/5/2016
Comment0 comments  |  Read  |  Post a Comment
The Hidden Flaws Of Commercial Applications
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Open source components in commercial applications are more plentiful than organizations think -- and they're full of long-standing vulnerabilities.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/2/2016
Comment2 comments  |  Read  |  Post a Comment
MIT Launches Bug Bounty Program
Jai Vijayan, Freelance writerNews
University will reward MIT affiliates who find specific categories of flaws in its web domains.
By Jai Vijayan Freelance writer, 4/20/2016
Comment2 comments  |  Read  |  Post a Comment
5 Steps to Improve Your Software Supply Chain Security
Derek Weeks, Vice President & DevOps Advocate, SonatypeCommentary
Organizations that take control of their software supply chains will see tremendous gains in developer productivity, improved quality, and lower risk.
By Derek Weeks Vice President & DevOps Advocate, Sonatype, 4/14/2016
Comment0 comments  |  Read  |  Post a Comment
Java Deserialization: Running Faster Than a Bear
Derek Weeks, Vice President & DevOps Advocate, SonatypeCommentary
Software components that were once good can sour instantly when new vulnerabilities are discovered within them. When that happens, the bears are coming, and you have to respond quickly.
By Derek Weeks Vice President & DevOps Advocate, Sonatype, 4/14/2016
Comment3 comments  |  Read  |  Post a Comment
Law Firms Present Tempting Targets For Attackers
Jai Vijayan, Freelance writerNews
Panama Papers breach just scratched the surface of the relative lack of budget and resources in the legal sector that leaves many law firms vulnerable to cyberattacks.
By Jai Vijayan Freelance writer, 4/12/2016
Comment2 comments  |  Read  |  Post a Comment
Adobe Issues Emergency Updates For Zero-Day Flaw in Flash Player
Jai Vijayan, Freelance writerNews
Memory corruption flaw is being exploited in the wild to distribute ransomware samples like Locky and Cerber.
By Jai Vijayan Freelance writer, 4/8/2016
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How To Build An Effective Defense Against Ransomware
A compendium of Dark Reading´s best recent coverage of ransomware attacks, as well as best practices for defending your enterprise against them.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Tim Wilson speaks to two experts on vulnerability research – independent consultant Jeremiah Grossman and Black Duck Software’s Mike Pittenger – about the latest wave of vulnerabilities being exploited by online attackers