Vulnerabilities / Threats // Vulnerability Management
News & Commentary
End-Of-Life Software Alive And Well On US PCs
Kelly Sheridan, Associate Editor, InformationWeekNews
7.5% of users ran unpatched Windows operating systems in Q4 of 2016, up from 6.1 percent in Q3 of 2016, new study shows.
By Kelly Sheridan Associate Editor, InformationWeek, 2/23/2017
Comment0 comments  |  Read  |  Post a Comment
New Bug Bounty Program Targets IoT Security
Kelly Sheridan, Associate Editor, InformationWeekNews
GeekPwn bug bounty program aims to collect Internet of Things security vulnerabilities, and highlight mistakes to vendors.
By Kelly Sheridan Associate Editor, InformationWeek, 2/13/2017
Comment0 comments  |  Read  |  Post a Comment
Facebook Aims To Shape Stronger Security Practices
Kelly Sheridan, Associate Editor, InformationWeekNews
Facebook is among social platforms focusing on security as social media poses a growing risk to individuals and businesses.
By Kelly Sheridan Associate Editor, InformationWeek, 2/8/2017
Comment0 comments  |  Read  |  Post a Comment
Enterprise Android Vs iOS: Which is More Secure?
Satish Shetty, CEO, Codeproof TechnologiesCommentary
The answer is not as simple as you think. A mobile security expert parses the pros and cons.
By Satish Shetty CEO, Codeproof Technologies, 2/7/2017
Comment0 comments  |  Read  |  Post a Comment
Vulnerabilities Hit High Water Mark in 2016
Ericka Chickowski, Contributing Writer, Dark ReadingNews
The good news is that coordinated disclosure keeps getting better.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/6/2017
Comment0 comments  |  Read  |  Post a Comment
How Cybercriminals Turn Employees Into Rogue Insiders
Kelly Sheridan, Associate Editor, InformationWeekNews
The Dark Web is a growing threat to organizations as hackers recruit insiders with access to corporate networks.
By Kelly Sheridan Associate Editor, InformationWeek, 1/31/2017
Comment2 comments  |  Read  |  Post a Comment
Record Number of Vulns For Adobe, Microsoft, Apple In '16, Says ZDI
Terry Sweeney, Contributing EditorNews
Advantech makes surprise debut on vulnerability list at number two, right behind Adobe
By Terry Sweeney Contributing Editor, 1/10/2017
Comment0 comments  |  Read  |  Post a Comment
'Zero Trust': The Way Forward in Cybersecurity
John Kindervag, Vice President & Principal Analyst, ForresterCommentary
This approach to network design can cut the chance of a breach.
By John Kindervag Vice President & Principal Analyst, Forrester, 1/10/2017
Comment7 comments  |  Read  |  Post a Comment
The Bug Bounty Model: 21 Years & Counting
Jason Haddix, Head of Trust & Security, BugcrowdCommentary
A look back on the beginnings of crowdsourced vulnerability assessment and how its robust history is paving the way for the future.
By Jason Haddix Head of Trust & Security, Bugcrowd, 12/29/2016
Comment1 Comment  |  Read  |  Post a Comment
Amit Yoran Leaves Dell RSA To Join Tenable As New CEO
Sara Peters, Senior Editor at Dark ReadingNews
Yoran says recent Dell acquisition of RSA parent company EMC did 'not really' impact his decision to leave.
By Sara Peters Senior Editor at Dark Reading, 12/15/2016
Comment0 comments  |  Read  |  Post a Comment
Bangladesh Police Say Some Bank Officials Involved In Cyberheist
Dark Reading Staff, Quick Hits
Mid-ranking officials of Bangladesh Bank deliberately exposed banks network to allow theft of $81 million, says top investigator.
By Dark Reading Staff , 12/14/2016
Comment0 comments  |  Read  |  Post a Comment
As Deadline Looms, 35 Percent Of Web Sites Still Rely On SHA-1
Jai Vijayan, Freelance writerNews
Over 60 million web sites are relying on a hashing algorithm that will be blocked by major browsers starting Jan 1.
By Jai Vijayan Freelance writer, 11/17/2016
Comment0 comments  |  Read  |  Post a Comment
Active Defense Framework Can Help Businesses Defend Against Cyberattacks
Malwarebytes Labs, Malwarebytes Labs
New report provides a framework that lets private sector entities defend themselves while at the same time protect individual liberties and privacy, and mitigate the risk of collateral damage.
By Malwarebytes Labs Malwarebytes Labs, 11/17/2016
Comment0 comments  |  Read  |  Post a Comment
Internet Of Things 'Pollutants' & The Case For A Cyber EPA
Mike Pittenger, Vice President, Security Strategy at Black Duck SoftwareCommentary
Recent IoT-executed DDoS attacks have been annoying, not life threatening. Should device makers be held liable if something worse happens?
By Mike Pittenger Vice President, Security Strategy at Black Duck Software, 11/16/2016
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Radio: 'Bug Bounties & The Zero-Day Trade'
Sara Peters, Senior Editor at Dark ReadingCommentary
Join us, HackerOne's Alex Rice, and Veracode's Chris Wysopal for the next episode of Dark Reading Radio, today, Wednesday Nov. 16, at 1pmET.
By Sara Peters Senior Editor at Dark Reading, 11/15/2016
Comment0 comments  |  Read  |  Post a Comment
TAG Unveils Anti-Malware Certification For Online Ad Industry
Dark Reading Staff, Quick Hits
As the ad industry continues its fight against malware, the Trustworthy Accountability Group launches a threat-sharing hub to provide intelligence on attacks.
By Dark Reading Staff , 11/15/2016
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Virtual Event Seeks To Break Security Myths, Conventional Wisdom
Tim Wilson, Editor in Chief, Dark Reading, Commentary
Three keynotes, two panel sessions offer new ways to think about enterprise information security.
By Tim Wilson, Editor in Chief, Dark Reading , 11/14/2016
Comment5 comments  |  Read  |  Post a Comment
How Security Scorecards Advance Security, Reduce Risk
Vincent Liu, Partner, Bishop FoxCommentary
CISO Josh Koplik offers practical advice about bridging the gap between security and business goals in a consumer-facing media and Internet company.
By Vincent Liu Partner, Bishop Fox, 11/10/2016
Comment3 comments  |  Read  |  Post a Comment
US Governors Affirm Confidence In Cybersecurity Of Election Systems
Dark Reading Staff, Quick Hits
Statement from National Governors Association say presidential election outcome will accurately reflect voters choice.
By Dark Reading Staff , 11/7/2016
Comment0 comments  |  Read  |  Post a Comment
WeMo IoT Vulnerability Lets Attackers Run Code On Android Phone
Steve Zurier, Freelance WriterNews
Vulnerabilities in Belkin's WeMo home automation device, now fixed, could exploit Android smartphones or grant root to WeMo.
By Steve Zurier Freelance Writer, 11/2/2016
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Shantaram
Current Conversations Cool! i like it!
In reply to: 192.168.0.1">Re: 192.168.0.1
Post Your Own Reply
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I agree wtih you!
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.