Vulnerabilities / Threats // Vulnerability Management
News & Commentary
7 New Rules For IoT Safety & Vuln Disclosure
Lysa Myers, Security Researcher, ESETCommentary
In the Internet of Things, even the lowliest smart device can be used for a malicious purpose. Manufacturers take heed!
By Lysa Myers Security Researcher, ESET, 9/24/2016
Comment0 comments  |  Read  |  Post a Comment
An Open-Source Security Maturity Model
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Oh you don't run open-source code? Really? Christine Gadsby and Jake Kouns explain how to identify and secure all those open-source libraries and other third-party components lurking inside your applications, proprietary and otherwise.
By Sara Peters Senior Editor at Dark Reading, 9/23/2016
Comment0 comments  |  Read  |  Post a Comment
Biometric Skimmers Pose Emerging Threat To ATMs
Jai Vijayan, Freelance writerNews
Even as financial institutions move to shore up ATM security with biometric mechanisms, cybercrooks are busy figuring out ways to beat them.
By Jai Vijayan Freelance writer, 9/22/2016
Comment1 Comment  |  Read  |  Post a Comment
National Health ISAC Calls For Collaborative Vuln Disclosure
Sara Peters, Senior Editor at Dark ReadingNews
St. Jude Medical to host upcoming workshop on medical device info sharing, convened by NH-ISAC and medical device security consortium.
By Sara Peters Senior Editor at Dark Reading, 9/21/2016
Comment0 comments  |  Read  |  Post a Comment
How Windows 10 Stops Script-Based Attacks On The Fly
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Move over Apple 'Walled Garden.' Windows 10's new antimalware scan interface halts scripts by signing code on the fly... but does it work? Security researcher Nikhil Mittal takes a look.
By Sara Peters Senior Editor at Dark Reading, 9/21/2016
Comment0 comments  |  Read  |  Post a Comment
The Future Of AI-Based Cybersecurity: It's Here Now
Dark Reading Staff, CommentaryVideo
Stuart McClure, president and CEO of Cylance, stops by the Dark Reading News Desk at Black Hat.
By Dark Reading Staff , 9/19/2016
Comment0 comments  |  Read  |  Post a Comment
Uber, Dropbox, Other Tech Leaders Team Up To Boost Vendor Security
Kelly Sheridan, Associate Editor, InformationWeekNews
Tech companies - including Uber, Dropbox, Twitter, and Docker - have joined forces to create the Vendor Security Alliance, which aims to vet vendor security practices.
By Kelly Sheridan Associate Editor, InformationWeek, 9/16/2016
Comment1 Comment  |  Read  |  Post a Comment
Data Loss Risks Rise In The Age Of Collaboration
Kelly Sheridan, Associate Editor, InformationWeekNews
Most organizations believe they have lost sensitive information due to external file sharing and third-party collaboration.
By Kelly Sheridan Associate Editor, InformationWeek, 9/15/2016
Comment1 Comment  |  Read  |  Post a Comment
Portrait Of A Bug Bounty Hacker
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Bounty programs attract young, self-taught hackers who primarily depend on it as a lucrative side gig.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/13/2016
Comment0 comments  |  Read  |  Post a Comment
PCI Security Update Targets PIN System Vendors
Jai Vijayan, Freelance writerNews
New requirements cover physical and logical security controls.
By Jai Vijayan Freelance writer, 9/12/2016
Comment0 comments  |  Read  |  Post a Comment
Crimeware-as-a-Service Hack Turns Potential Hackers Into Victims
Kelly Sheridan, Associate Editor, InformationWeekNews
Cybercriminals are using Google Docs to host a new Facebook scamming tool, which is designed to steal credentials from potential hackers who try to access other users' accounts.
By Kelly Sheridan Associate Editor, InformationWeek, 9/8/2016
Comment2 comments  |  Read  |  Post a Comment
The Shifting Mindset Of Financial Services CSOs
Leni Selvaggio, Global Lead, Financial Services Industry, CiscoCommentary
Theyre getting more realistic and developing strategies to close security gaps.
By Leni Selvaggio Global Lead, Financial Services Industry, Cisco, 9/8/2016
Comment0 comments  |  Read  |  Post a Comment
Network Management Systems Vulnerable To SNMP Attacks
Jai Vijayan, Freelance writerNews
Products from many vendors vulnerable to XSS attacks because of basic input validation errors, Rapid7 says in report.
By Jai Vijayan Freelance writer, 9/7/2016
Comment0 comments  |  Read  |  Post a Comment
Cryptographic Key Reuse Remains Widespread In Embedded Products
Jai Vijayan, Freelance writerNews
Nine months after SEC Consult warned about the reuse of private keys and certificates in routers, modems, other products, problem has grown worse.
By Jai Vijayan Freelance writer, 9/6/2016
Comment0 comments  |  Read  |  Post a Comment
8 Security Categories Healthcare Providers Need to Improve On
Steve Zurier, Freelance Writer
A new survey by HIMSS finds that many providers dont even cover the basics of IT security.
By Steve Zurier Freelance Writer, 9/6/2016
Comment1 Comment  |  Read  |  Post a Comment
Yelp Offers Up To $15K Per Bug Via New Bounty Program
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Reviews site building off previous success with private bug bounty program to launch new public program.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/6/2016
Comment0 comments  |  Read  |  Post a Comment
Apple Issues Patches To Fix Trident Flaws In OS X El Capitan, Yosemite
Jai Vijayan, Freelance writerNews
Same zero-day flaws had been patched earlier in iOS as well
By Jai Vijayan Freelance writer, 9/2/2016
Comment0 comments  |  Read  |  Post a Comment
Malware Markets: Exposing The Hype & Filtering The Noise
Jim Walter, Senior SPEAR Researcher, CylanceCommentary
Theres a lot of useful infosec information out there, but cutting through clutter is harder than it should be.
By Jim Walter Senior SPEAR Researcher, Cylance, 8/30/2016
Comment1 Comment  |  Read  |  Post a Comment
The Hidden Dangers Of 'Bring Your Own Body'
Kon Leong, CEO/Co-founder, ZL TechnologiesCommentary
The use of biometric data is on the rise, causing new security risks that must be assessed and addressed.
By Kon Leong CEO/Co-founder, ZL Technologies, 8/26/2016
Comment7 comments  |  Read  |  Post a Comment
Apple Releases Patch For 'Trident,' A Trio Of iOS 0-Days
Dark Reading Staff, Quick Hits
Already rolled into the Pegasus spyware product and used to target social activists, the vulnerabilities are fixed in iOS 9.3.5.
By Dark Reading Staff , 8/25/2016
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Cybercrime has become a well-organized business, complete with job specialization, funding, and online customer service. Dark Reading editors speak to cybercrime experts on the evolution of the cybercrime economy and the nature of today's attackers.