Vulnerabilities / Threats // Vulnerability Management
News & Commentary
RSA Warns Of Zero Detection Trojan
Jai Vijayan, Freelance writerNews
GlassRAT has remained undetected for more than three years while stealthily targeting victims, security firm says.
By Jai Vijayan Freelance writer, 11/24/2015
Comment2 comments  |  Read  |  Post a Comment
Why The Java Deserialization Bug Is A Big Deal
Jai Vijayan, Freelance writerNews
Millions of app servers are potentially open to compromise due to how they handle serialized Java apps, researchers say.
By Jai Vijayan Freelance writer, 11/19/2015
Comment0 comments  |  Read  |  Post a Comment
And Now, A Cyber Arms Race Towards Critical Infrastructure Attacks
Barak Perelman, CEO, IndegyCommentary
As traditional explosives give way to 'logic bombs,' the need to protect our industrial networks and systems has never been more important.
By Barak Perelman CEO, Indegy, 11/19/2015
Comment0 comments  |  Read  |  Post a Comment
Exploit Kit Explosion Will Keep Victims Off Kilter
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Exploit kit C&C infrastructure expanded by 75% in Q3.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/18/2015
Comment0 comments  |  Read  |  Post a Comment
CoreOS Service Scans Containers For Vulnerabilities
Charles Babcock, Editor at Large, CloudNews
CoreOS, supplier of a slender Linux for container hosts, has launched a container scanning service capable of detecting vulnerabilities.
By Charles Babcock Editor at Large, Cloud, 11/13/2015
Comment2 comments  |  Read  |  Post a Comment
Cherry Picker POS Malware Has Remained Hidden For Four Years
Jai Vijayan, Freelance writerNews
Sophisticated obfuscation techniques have allowed malware to evade AV systems and security vendors for a long time, says Trustwave.
By Jai Vijayan Freelance writer, 11/12/2015
Comment0 comments  |  Read  |  Post a Comment
Machine Learning: Perception Problem? Maybe. Pipe Dream? No Way!
Mike Paquette, VP Products, PrelertCommentary
Guided by an organization's internal security experts,'algorithmic assistants' provide a powerful new way to find anomalies and patterns for detecting cyberthreat activity.
By Mike Paquette VP Products, Prelert, 11/11/2015
Comment0 comments  |  Read  |  Post a Comment
NSA Discloses 91 Percent Of Vulns It Finds, But How Quickly?
Ericka Chickowski, Contributing Writer, Dark ReadingNews
NSA says 'vast majority' of flaws it finds are reported to vendors, but keeps mum on how long it takes--offering enterprises another reason for remaining vigilant with their own internal security.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/9/2015
Comment2 comments  |  Read  |  Post a Comment
Vulnerable Coffee Machine Demonstrates Brewing Security Challenges Of IoT
Jai Vijayan, Freelance writerNews
Researchers examined four mobile-app controlled home devices and found vulnerabilities in every single one of them.
By Jai Vijayan Freelance writer, 11/5/2015
Comment0 comments  |  Read  |  Post a Comment
AndroBugs: A Framework For Android Vulnerability Scanning
Sara Peters, Senior Editor at Dark ReadingNews
At Black Hat Europe next week, a researcher will present a framework he says is more systematic than the vulnerability scanners popping up on the market.
By Sara Peters Senior Editor at Dark Reading, 11/4/2015
Comment0 comments  |  Read  |  Post a Comment
Apple iTunes & QuickTime Named 'Most Exposed' To Threats In US
Sara Peters, Senior Editor at Dark ReadingNews
Vulnerability report finds users lazy about patching Apple applications. Plus, in Q3, U.S. had more unpatched operating systems than any other country.
By Sara Peters Senior Editor at Dark Reading, 10/27/2015
Comment8 comments  |  Read  |  Post a Comment
Adobe Patches Pawn Storm Zero-Day Ahead Of Schedule
Dark Reading Staff, Quick Hits
Critical bug wasn't expected to be fixed until next week.
By Dark Reading Staff , 10/16/2015
Comment0 comments  |  Read  |  Post a Comment
'POODLE' One Year Later: Still Around? Not So Much
Rob Tate, Senior Manager, WhiteHat Security, Threat Research CenterCommentary
As high-severity vulnerabilities go, POODLE remediation rates and times have proven to be astonishingly better than expected.
By Rob Tate Senior Manager, WhiteHat Security, Threat Research Center, 10/14/2015
Comment0 comments  |  Read  |  Post a Comment
The 'Remediation Gap:' A 4-Month Invitation To Attack
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Organizations set out the welcome mat for cyberattackers by taking an average of 120 days to patch flaws.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/29/2015
Comment2 comments  |  Read  |  Post a Comment
The Unintended Attack Surface Of The Internet Of Things
Oliver Tavakoli, CTO, Vectra Networks, Inc.Commentary
How a vulnerability in a common consumer WiFi device is challenging today’s enterprise security.
By Oliver Tavakoli CTO, Vectra Networks, Inc., 9/29/2015
Comment9 comments  |  Read  |  Post a Comment
Free Tool Helps Companies Measure And Map Their Bug Reporting Programs
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The new Vulnerability Coordination Maturity Model (VCMM) created by HackerOne's Katie Moussouris, includes an assessment tool, key elements, and best practices in a vulnerability coordination program.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/22/2015
Comment2 comments  |  Read  |  Post a Comment
The Common Core Of Application Security
Jason Schmitt, VP & General Manager, Fortify, HP Enterprise Security ProductsCommentary
Why you will never succeed by teaching to the test.
By Jason Schmitt VP & General Manager, Fortify, HP Enterprise Security Products, 9/22/2015
Comment3 comments  |  Read  |  Post a Comment
Why It’s Insane To Trust Static Analysis
Jeff Williams, CTO, Contrast SecurityCommentary
If you care about achieving application security at scale, then your highest priority should be to move to tools that empower everyone, not just security experts.
By Jeff Williams CTO, Contrast Security, 9/22/2015
Comment5 comments  |  Read  |  Post a Comment
Wordpress Dodges Further Embarassment By Patching Three Vulns
Rutrell Yasin, Business Technology Writer, Tech Writers BureauNews
The popular platform for building and running websites fixed two XSS-scripting vulnerabilities and a potential privilege escalation exploit that could have put millions of sites at risk.
By Rutrell Yasin Business Technology Writer, Tech Writers Bureau, 9/16/2015
Comment0 comments  |  Read  |  Post a Comment
Backdoored Business Routers An Emerging Threat
Jai Vijayan, Freelance writerNews
Discovery of malicious implants in 14 Cisco routers, “tip of iceberg” FireEye says
By Jai Vijayan Freelance writer, 9/15/2015
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Current Issue
E-Commerce Security: What Every Enterprise Needs to Know
The mainstream use of EMV smartcards in the US has experts predicting an increase in online fraud. Organizations will need to look at new tools and processes for building better breach detection and response capabilities.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio