Vulnerabilities / Threats // Vulnerability Management
News & Commentary
Cisco Issues Advisory on Flaw in Hundreds of Switches
Dark Reading Staff, Quick Hits
Vulnerability was discovered in WikiLeaks recent data dump on CIAs secret cyber-offensive unit.
By Dark Reading Staff , 3/21/2017
Comment1 Comment  |  Read  |  Post a Comment
Canada Takes Tax Site Offline After Apache Struts Attacks
Dark Reading Staff, Quick Hits
Hackers exploit vulnerability in Apache Struts 2 software of Statistics Canada but no damage done.
By Dark Reading Staff , 3/14/2017
Comment0 comments  |  Read  |  Post a Comment
Trojan Android App Bullies Google Play Users Into Giving It 5 Stars
Dark Reading Staff, Quick Hits
Users who download "Music Mania" get pounded by ads until they say uncle.
By Dark Reading Staff , 3/9/2017
Comment0 comments  |  Read  |  Post a Comment
Users Can Now Time Their Windows 10 Updates
Dark Reading Staff, Quick Hits
Microsoft gives option to users to fix security update schedule within three days of notification.
By Dark Reading Staff , 3/6/2017
Comment1 Comment  |  Read  |  Post a Comment
HackerOne Offers Free Service for Open Source Projects
Dark Reading Staff, Quick Hits
Service aims to provide efficient security programs but projects must meet certain rules to qualify for it.
By Dark Reading Staff , 3/3/2017
Comment4 comments  |  Read  |  Post a Comment
End-Of-Life Software Alive And Well On US PCs
Kelly Sheridan, Associate Editor, InformationWeekNews
7.5% of users ran unpatched Windows operating systems in Q4 of 2016, up from 6.1 percent in Q3 of 2016, new study shows.
By Kelly Sheridan Associate Editor, InformationWeek, 2/23/2017
Comment0 comments  |  Read  |  Post a Comment
New Bug Bounty Program Targets IoT Security
Kelly Sheridan, Associate Editor, InformationWeekNews
GeekPwn bug bounty program aims to collect Internet of Things security vulnerabilities, and highlight mistakes to vendors.
By Kelly Sheridan Associate Editor, InformationWeek, 2/13/2017
Comment0 comments  |  Read  |  Post a Comment
Facebook Aims To Shape Stronger Security Practices
Kelly Sheridan, Associate Editor, InformationWeekNews
Facebook is among social platforms focusing on security as social media poses a growing risk to individuals and businesses.
By Kelly Sheridan Associate Editor, InformationWeek, 2/8/2017
Comment0 comments  |  Read  |  Post a Comment
Enterprise Android Vs iOS: Which is More Secure?
Satish Shetty, CEO, Codeproof TechnologiesCommentary
The answer is not as simple as you think. A mobile security expert parses the pros and cons.
By Satish Shetty CEO, Codeproof Technologies, 2/7/2017
Comment0 comments  |  Read  |  Post a Comment
Vulnerabilities Hit High Water Mark in 2016
Ericka Chickowski, Contributing Writer, Dark ReadingNews
The good news is that coordinated disclosure keeps getting better.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/6/2017
Comment0 comments  |  Read  |  Post a Comment
How Cybercriminals Turn Employees Into Rogue Insiders
Kelly Sheridan, Associate Editor, InformationWeekNews
The Dark Web is a growing threat to organizations as hackers recruit insiders with access to corporate networks.
By Kelly Sheridan Associate Editor, InformationWeek, 1/31/2017
Comment2 comments  |  Read  |  Post a Comment
Record Number of Vulns For Adobe, Microsoft, Apple In '16, Says ZDI
Terry Sweeney, Contributing EditorNews
Advantech makes surprise debut on vulnerability list at number two, right behind Adobe
By Terry Sweeney Contributing Editor, 1/10/2017
Comment0 comments  |  Read  |  Post a Comment
'Zero Trust': The Way Forward in Cybersecurity
John Kindervag, Vice President & Principal Analyst, ForresterCommentary
This approach to network design can cut the chance of a breach.
By John Kindervag Vice President & Principal Analyst, Forrester, 1/10/2017
Comment7 comments  |  Read  |  Post a Comment
The Bug Bounty Model: 21 Years & Counting
Jason Haddix, Head of Trust & Security, BugcrowdCommentary
A look back on the beginnings of crowdsourced vulnerability assessment and how its robust history is paving the way for the future.
By Jason Haddix Head of Trust & Security, Bugcrowd, 12/29/2016
Comment1 Comment  |  Read  |  Post a Comment
Amit Yoran Leaves Dell RSA To Join Tenable As New CEO
Sara Peters, Senior Editor at Dark ReadingNews
Yoran says recent Dell acquisition of RSA parent company EMC did 'not really' impact his decision to leave.
By Sara Peters Senior Editor at Dark Reading, 12/15/2016
Comment0 comments  |  Read  |  Post a Comment
Bangladesh Police Say Some Bank Officials Involved In Cyberheist
Dark Reading Staff, Quick Hits
Mid-ranking officials of Bangladesh Bank deliberately exposed banks network to allow theft of $81 million, says top investigator.
By Dark Reading Staff , 12/14/2016
Comment0 comments  |  Read  |  Post a Comment
As Deadline Looms, 35 Percent Of Web Sites Still Rely On SHA-1
Jai Vijayan, Freelance writerNews
Over 60 million web sites are relying on a hashing algorithm that will be blocked by major browsers starting Jan 1.
By Jai Vijayan Freelance writer, 11/17/2016
Comment0 comments  |  Read  |  Post a Comment
Active Defense Framework Can Help Businesses Defend Against Cyberattacks
Malwarebytes Labs, Malwarebytes Labs
New report provides a framework that lets private sector entities defend themselves while at the same time protect individual liberties and privacy, and mitigate the risk of collateral damage.
By Malwarebytes Labs Malwarebytes Labs, 11/17/2016
Comment0 comments  |  Read  |  Post a Comment
Internet Of Things 'Pollutants' & The Case For A Cyber EPA
Mike Pittenger, Vice President, Security Strategy at Black Duck SoftwareCommentary
Recent IoT-executed DDoS attacks have been annoying, not life threatening. Should device makers be held liable if something worse happens?
By Mike Pittenger Vice President, Security Strategy at Black Duck Software, 11/16/2016
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Radio: 'Bug Bounties & The Zero-Day Trade'
Sara Peters, Senior Editor at Dark ReadingCommentary
Join us, HackerOne's Alex Rice, and Veracode's Chris Wysopal for the next episode of Dark Reading Radio, today, Wednesday Nov. 16, at 1pmET.
By Sara Peters Senior Editor at Dark Reading, 11/15/2016
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.