IoT
News & Commentary
Make a Wish: Dark Reading Caption Contest Winners
Marilyn Cohodas, Managing Editor, Dark ReadingCommentary
Certification, endpoint security, 2FA, phishing, and PII were among the themes and puns offered by readers in our latest cartoon caption competition. And the winners are ...
By Marilyn Cohodas Managing Editor, Dark Reading, 8/18/2018
Comment0 comments  |  Read  |  Post a Comment
Researchers Find New Fast-Acting Side-Channel Vulnerability
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A group of researchers from Georgia Tech have discovered a method for pulling encryption keys from mobile devices without ever touching the phones, themselves.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
Necurs Botnet Goes Phishing for Banks
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new Necurs botnet campaign targets thousands of banks with a malicious file dropping the FlawedAmmyy remote-access Trojan.
By Kelly Sheridan Staff Editor, Dark Reading, 8/16/2018
Comment0 comments  |  Read  |  Post a Comment
Researcher Finds MQTT Hole in IoT Defenses
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A commonly used protocol provides a gaping backdoor when misconfigured.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/16/2018
Comment0 comments  |  Read  |  Post a Comment
Miller & Valasek: Security Stakes Higher for Autonomous Vehicles
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Car hacking specialists shift gears and work on car defense in their latest gigs - at GM subsidiary Cruise Automation.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/15/2018
Comment1 Comment  |  Read  |  Post a Comment
2018 Pwnie Awards: Who Pwned, Who Got Pwned
Kelly Sheridan, Staff Editor, Dark Reading
A team of security experts round up the best and worst of the year in cybersecurity at Black Hat 2018.
By Kelly Sheridan Staff Editor, Dark Reading, 8/15/2018
Comment0 comments  |  Read  |  Post a Comment
Gartner Says IT Security Spending to Hit $124B in 2019
Dark Reading Staff, Quick Hits
Global IT security spending will grow 12.4% in 2018 and another 8.7% in 2019.
By Dark Reading Staff , 8/15/2018
Comment1 Comment  |  Read  |  Post a Comment
Vulnerable Smart City Devices Can Be Exploited To Cause Panic, Chaos
Jai Vijayan, Freelance writerNews
False alerts about floods, radiation levels are just some of the ways attackers can abuse weakly protected IoT devices, researchers warn.
By Jai Vijayan Freelance writer, 8/10/2018
Comment0 comments  |  Read  |  Post a Comment
IoT Malware Discovered Trying to Attack Satellite Systems of Airplanes, Ships
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researcher Ruben Santamarta shared the details of his successful hack of an in-flight airplane Wi-Fi network and other findings at Black Hat USA today.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/9/2018
Comment0 comments  |  Read  |  Post a Comment
Dark Reading News Desk Live at Black Hat USA 2018
Sara Peters, Senior Editor at Dark ReadingNews
Watch here Wednesday and Thursday, 2 p.m. - 6 p.m. ET to see over 40 live video interviews straight from the Black Hat USA conference in Las Vegas.
By Sara Peters Senior Editor at Dark Reading, 8/9/2018
Comment1 Comment  |  Read  |  Post a Comment
Manufacturing Industry Experiencing Higher Incidence of Cyberattacks
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New report reveals the natural consequences of ignoring the attendant risks of industrial IoT and Industry 4.0.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/8/2018
Comment0 comments  |  Read  |  Post a Comment
FBI Offers New IoT Security Tips
Dark Reading Staff, Quick Hits
A new article from the FBI offers insight into IoT risks and ways to reduce them.
By Dark Reading Staff , 8/3/2018
Comment0 comments  |  Read  |  Post a Comment
New Spectre Variant Hits the Network
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new proof of concept is a reminder that complex systems can be vulnerable at the most basic level.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/30/2018
Comment0 comments  |  Read  |  Post a Comment
MUD: The Solution to Our Messy Enterprise IoT Security Problems?
Louis Creager, IoT Security Analyst, zveloCommentary
The 'Manufacturer Usage Description' proposal from IETF offers a promising route for bolstering security across the industry.
By Louis Creager IoT Security Analyst, zvelo, 7/30/2018
Comment0 comments  |  Read  |  Post a Comment
Tenable Prices IPO, Raises $250 Million
Kelly Sheridan, Staff Editor, Dark ReadingNews
The past year has been one of significant growth for the cybersecurity firm, which is trading under the NASDAQ symbol TENB.
By Kelly Sheridan Staff Editor, Dark Reading, 7/26/2018
Comment1 Comment  |  Read  |  Post a Comment
The ABCs of Hacking a Voting Machine
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
A hacker who successfully infiltrated a voting machine at last year's DEF CON will demonstrate at Black Hat USA how he did it, as well as what he later found stored on other decommissioned WinVote machines.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/25/2018
Comment1 Comment  |  Read  |  Post a Comment
Securing Our Interconnected Infrastructure
Dave Weinstein, VP of Threat Research, Claroty Commentary
A little over a year ago, the world witnessed NotPetya, the most destructive cyberattack to date. What have we learned?
By Dave Weinstein VP of Threat Research, Claroty , 7/25/2018
Comment1 Comment  |  Read  |  Post a Comment
Why Security Startups Fly And Why They Crash
Kelly Sheridan, Staff Editor, Dark ReadingNews
What makes startups stand out in a market flooded with thousands of vendors? Funding experts and former founders share their thoughts.
By Kelly Sheridan Staff Editor, Dark Reading, 7/20/2018
Comment1 Comment  |  Read  |  Post a Comment
Robotic Vacuums May Hoover Your Data
Dark Reading Staff, Quick Hits
Researchers have discovered a pair of vulnerabilities that allow unauthorized code execution in a robotic vacuum.
By Dark Reading Staff , 7/19/2018
Comment0 comments  |  Read  |  Post a Comment
Free New Scanner Aims to Protect Home Networks
Dark Reading Staff, Quick Hits
Free software pinpoints vulnerabilities and offers suggestions for remediation.
By Dark Reading Staff , 7/19/2018
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15504
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
CVE-2018-15505
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 a...
CVE-2018-15492
PUBLISHED: 2018-08-18
A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.
CVE-2018-15494
PUBLISHED: 2018-08-18
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
CVE-2018-15495
PUBLISHED: 2018-08-18
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.