Vulnerabilities / Threats // Vulnerability Management
News & Commentary
As Deadline Looms, 35 Percent Of Web Sites Still Rely On SHA-1
Jai Vijayan, Freelance writerNews
Over 60 million web sites are relying on a hashing algorithm that will be blocked by major browsers starting Jan 1.
By Jai Vijayan Freelance writer, 11/17/2016
Comment0 comments  |  Read  |  Post a Comment
Active Defense Framework Can Help Businesses Defend Against Cyberattacks
Malwarebytes Labs, Malwarebytes Labs
New report provides a framework that lets private sector entities defend themselves while at the same time protect individual liberties and privacy, and mitigate the risk of collateral damage.
By Malwarebytes Labs Malwarebytes Labs, 11/17/2016
Comment0 comments  |  Read  |  Post a Comment
Internet Of Things 'Pollutants' & The Case For A Cyber EPA
Mike Pittenger, Vice President, Security Strategy at Black Duck SoftwareCommentary
Recent IoT-executed DDoS attacks have been annoying, not life threatening. Should device makers be held liable if something worse happens?
By Mike Pittenger Vice President, Security Strategy at Black Duck Software, 11/16/2016
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Radio: 'Bug Bounties & The Zero-Day Trade'
Sara Peters, Senior Editor at Dark ReadingCommentary
Join us, HackerOne's Alex Rice, and Veracode's Chris Wysopal for the next episode of Dark Reading Radio, today, Wednesday Nov. 16, at 1pmET.
By Sara Peters Senior Editor at Dark Reading, 11/15/2016
Comment0 comments  |  Read  |  Post a Comment
TAG Unveils Anti-Malware Certification For Online Ad Industry
Dark Reading Staff, Quick Hits
As the ad industry continues its fight against malware, the Trustworthy Accountability Group launches a threat-sharing hub to provide intelligence on attacks.
By Dark Reading Staff , 11/15/2016
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Virtual Event Seeks To Break Security Myths, Conventional Wisdom
Tim Wilson, Editor in Chief, Dark ReadingCommentary
Three keynotes, two panel sessions offer new ways to think about enterprise information security.
By Tim Wilson Editor in Chief, Dark Reading, 11/14/2016
Comment6 comments  |  Read  |  Post a Comment
How Security Scorecards Advance Security, Reduce Risk
Vincent Liu, Partner, Bishop FoxCommentary
CISO Josh Koplik offers practical advice about bridging the gap between security and business goals in a consumer-facing media and Internet company.
By Vincent Liu Partner, Bishop Fox, 11/10/2016
Comment2 comments  |  Read  |  Post a Comment
US Governors Affirm Confidence In Cybersecurity Of Election Systems
Dark Reading Staff, Quick Hits
Statement from National Governors Association say presidential election outcome will accurately reflect voters choice.
By Dark Reading Staff , 11/7/2016
Comment0 comments  |  Read  |  Post a Comment
WeMo IoT Vulnerability Lets Attackers Run Code On Android Phone
Steve Zurier, Freelance WriterNews
Vulnerabilities in Belkin's WeMo home automation device, now fixed, could exploit Android smartphones or grant root to WeMo.
By Steve Zurier Freelance Writer, 11/2/2016
Comment0 comments  |  Read  |  Post a Comment
Anthem Breach Victims Go To Court Over Cybersecurity Audit Release
Dark Reading Staff, Quick Hits
Class-action lawsuit against health insurer seeks disclosure of network security details following data breach of 80 million members.
By Dark Reading Staff , 11/1/2016
Comment0 comments  |  Read  |  Post a Comment
A Proactive Approach To Vulnerability Management: 3 Steps
Kevin Overcash, Director of SpiderLabs North America, TrustwaveCommentary
Having the tools to detect a breach is important, but what if you could prevent the attack from happening in the first place?
By Kevin Overcash Director of SpiderLabs North America, Trustwave, 10/22/2016
Comment2 comments  |  Read  |  Post a Comment
US Bank Regulators Draft Rules For Financial Services Cybersecurity
Dark Reading Staff, Quick Hits
Proposed standards will require financial firms to recover from any cyberattack within two hours.
By Dark Reading Staff , 10/20/2016
Comment2 comments  |  Read  |  Post a Comment
Malvertising Trends: Dont Talk Ad Standards Without Ad Security
Kaiying Fu, Community Manager, CloudbricCommentary
How malvertising marries the strengths and weaknesses of the complex digital advertising ecosystem perfectly and what online publishers and security leaders need to do about it.
By Kaiying Fu Community Manager, Cloudbric, 10/19/2016
Comment7 comments  |  Read  |  Post a Comment
Certifying Software: Why Were Not There Yet
Kevin E. Greene, Cyber Security Thought LeaderCommentary
Finding a solution to the software security and hygiene problem will take more than an Underwriters Lab seal of approval.
By Kevin E. Greene Cyber Security Thought Leader, 10/12/2016
Comment0 comments  |  Read  |  Post a Comment
US-CERT Cautions Against Phishing Scams In Aftermath Of Hurricane Matthew
Dark Reading Staff, Quick Hits
The government agency for cyber protection provides steps to follow before opening links or attachments with Hurricane Matthew tag.
By Dark Reading Staff , 10/12/2016
Comment0 comments  |  Read  |  Post a Comment
PwC Study Finds Greater Trust In Cloud, More Security Spend
Kelly Sheridan, Associate Editor, InformationWeekNews
Businesses are more comfortable with the cloud and have increased their security spending, but still face a shortage of skilled cybersecurity workers.
By Kelly Sheridan Associate Editor, InformationWeek, 10/6/2016
Comment0 comments  |  Read  |  Post a Comment
Researcher Roots Out Security Flaws In Insulin Pumps
Sara Peters, Senior Editor at Dark ReadingNews
Jay Radcliffe, researcher and diabetic who found the flaws in Johnson & Johnson Animas OneTouch Ping insulin pump, 'would not hesitate' to allow his own children be treated by the device if they were diabetic and advised to do so by physicians.
By Sara Peters Senior Editor at Dark Reading, 10/4/2016
Comment1 Comment  |  Read  |  Post a Comment
7 New Rules For IoT Safety & Vuln Disclosure
Lysa Myers, Security Researcher, ESETCommentary
In the Internet of Things, even the lowliest smart device can be used for a malicious purpose. Manufacturers take heed!
By Lysa Myers Security Researcher, ESET, 9/24/2016
Comment0 comments  |  Read  |  Post a Comment
An Open-Source Security Maturity Model
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Oh you don't run open-source code? Really? Christine Gadsby and Jake Kouns explain how to identify and secure all those open-source libraries and other third-party components lurking inside your applications, proprietary and otherwise.
By Sara Peters Senior Editor at Dark Reading, 9/23/2016
Comment0 comments  |  Read  |  Post a Comment
Biometric Skimmers Pose Emerging Threat To ATMs
Jai Vijayan, Freelance writerNews
Even as financial institutions move to shore up ATM security with biometric mechanisms, cybercrooks are busy figuring out ways to beat them.
By Jai Vijayan Freelance writer, 9/22/2016
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by williamkish
Current Conversations How do I enter the event?
In reply to: Virtual Event
Post Your Own Reply
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Social engineering, ransomware, and other sophisticated exploits are leading to new IT security compromises every day. Dark Reading's 2016 Strategic Security Survey polled 300 IT and security professionals to get information on breach incidents, the fallout they caused, and how recent events are shaping preparations for inevitable attacks in the coming year. Download this report to get a look at data from the survey and to find out what a breach might mean for your organization.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Security researchers are finding that there's a growing market for the vulnerabilities they discover and persistent conundrum as to the right way to disclose them. Dark Reading editors will speak to experts -- Veracode CTO and co-founder Chris Wysopal and HackerOne co-founder and CTO Alex Rice -- about bug bounties and the expanding market for zero-day security vulnerabilities.