Vulnerabilities / Threats // Vulnerability Management
News & Commentary
Cybersecurity & Fitness: Weekend Warriors Need Not Apply
Mike D. Kail, Chief Innovation Officer, CybricCommentary
It takes consistency and a repeatable but flexible approach to achieve sustainable, measurable gains in both disciplines.
By Mike D. Kail Chief Innovation Officer, Cybric, 4/12/2017
Comment0 comments  |  Read  |  Post a Comment
How Innovative Companies Lock Down Data
Justin Somaini, Chief Security Officer, SAPCommentary
A mix of back-to-basics security and a set of new, data-centric best practices is key to defending against a future of growing and sophisticated cyberattacks.
By Justin Somaini , 4/12/2017
Comment0 comments  |  Read  |  Post a Comment
Forget the Tax Man: Time for a DNS Security Audit
Ericka Chickowski, Contributing Writer, Dark Reading
Here's a 5-step DNS security review process that's not too scary and will help ensure your site availability and improve user experience.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/11/2017
Comment0 comments  |  Read  |  Post a Comment
FCC Privacy Rule Repeal Will Have Widespread Security Implications
Jai Vijayan, Freelance writerNews
Concerns over the action are sending VPN sales soaring, some vendors say.
By Jai Vijayan Freelance writer, 4/4/2017
Comment0 comments  |  Read  |  Post a Comment
Patch Unlikely for Widely Publicized Flaw in Microsoft IIS 6.0
Dark Reading Staff, Quick Hits
Microsoft recommends upgrade to latest operating system for more protection.
By Dark Reading Staff , 3/30/2017
Comment1 Comment  |  Read  |  Post a Comment
7 Steps to Transforming Yourself into a DevSecOps Rockstar
Ericka Chickowski, Contributing Writer, Dark Reading
Security practitioners at one education software firm offer lessons learned from merging DevOps with security.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/23/2017
Comment4 comments  |  Read  |  Post a Comment
Cisco Issues Advisory on Flaw in Hundreds of Switches
Dark Reading Staff, Quick Hits
Vulnerability was discovered in WikiLeaks recent data dump on CIAs secret cyber-offensive unit.
By Dark Reading Staff , 3/21/2017
Comment1 Comment  |  Read  |  Post a Comment
Canada Takes Tax Site Offline After Apache Struts Attacks
Dark Reading Staff, Quick Hits
Hackers exploit vulnerability in Apache Struts 2 software of Statistics Canada but no damage done.
By Dark Reading Staff , 3/14/2017
Comment0 comments  |  Read  |  Post a Comment
Trojan Android App Bullies Google Play Users Into Giving It 5 Stars
Dark Reading Staff, Quick Hits
Users who download "Music Mania" get pounded by ads until they say uncle.
By Dark Reading Staff , 3/9/2017
Comment0 comments  |  Read  |  Post a Comment
Users Can Now Time Their Windows 10 Updates
Dark Reading Staff, Quick Hits
Microsoft gives option to users to fix security update schedule within three days of notification.
By Dark Reading Staff , 3/6/2017
Comment1 Comment  |  Read  |  Post a Comment
HackerOne Offers Free Service for Open Source Projects
Dark Reading Staff, Quick Hits
Service aims to provide efficient security programs but projects must meet certain rules to qualify for it.
By Dark Reading Staff , 3/3/2017
Comment4 comments  |  Read  |  Post a Comment
End-Of-Life Software Alive And Well On US PCs
Kelly Sheridan, Associate Editor, Dark ReadingNews
7.5% of users ran unpatched Windows operating systems in Q4 of 2016, up from 6.1 percent in Q3 of 2016, new study shows.
By Kelly Sheridan Associate Editor, Dark Reading, 2/23/2017
Comment0 comments  |  Read  |  Post a Comment
New Bug Bounty Program Targets IoT Security
Kelly Sheridan, Associate Editor, Dark ReadingNews
GeekPwn bug bounty program aims to collect Internet of Things security vulnerabilities, and highlight mistakes to vendors.
By Kelly Sheridan Associate Editor, Dark Reading, 2/13/2017
Comment0 comments  |  Read  |  Post a Comment
Facebook Aims To Shape Stronger Security Practices
Kelly Sheridan, Associate Editor, Dark ReadingNews
Facebook is among social platforms focusing on security as social media poses a growing risk to individuals and businesses.
By Kelly Sheridan Associate Editor, Dark Reading, 2/8/2017
Comment0 comments  |  Read  |  Post a Comment
Enterprise Android Vs iOS: Which is More Secure?
Satish Shetty, CEO, Codeproof TechnologiesCommentary
The answer is not as simple as you think. A mobile security expert parses the pros and cons.
By Satish Shetty CEO, Codeproof Technologies, 2/7/2017
Comment0 comments  |  Read  |  Post a Comment
Vulnerabilities Hit High Water Mark in 2016
Ericka Chickowski, Contributing Writer, Dark ReadingNews
The good news is that coordinated disclosure keeps getting better.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/6/2017
Comment0 comments  |  Read  |  Post a Comment
How Cybercriminals Turn Employees Into Rogue Insiders
Kelly Sheridan, Associate Editor, Dark ReadingNews
The Dark Web is a growing threat to organizations as hackers recruit insiders with access to corporate networks.
By Kelly Sheridan Associate Editor, Dark Reading, 1/31/2017
Comment2 comments  |  Read  |  Post a Comment
Record Number of Vulns For Adobe, Microsoft, Apple In '16, Says ZDI
Terry Sweeney, Contributing EditorNews
Advantech makes surprise debut on vulnerability list at number two, right behind Adobe
By Terry Sweeney Contributing Editor, 1/10/2017
Comment1 Comment  |  Read  |  Post a Comment
'Zero Trust': The Way Forward in Cybersecurity
John Kindervag, Vice President & Principal Analyst, ForresterCommentary
This approach to network design can cut the chance of a breach.
By John Kindervag Vice President & Principal Analyst, Forrester, 1/10/2017
Comment7 comments  |  Read  |  Post a Comment
The Bug Bounty Model: 21 Years & Counting
Jason Haddix, Head of Trust & Security, BugcrowdCommentary
A look back on the beginnings of crowdsourced vulnerability assessment and how its robust history is paving the way for the future.
By Jason Haddix Head of Trust & Security, Bugcrowd, 12/29/2016
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.