News & Commentary

Content tagged with Privacy posted in July 2015
Smartwatches Could Become New Frontier for Cyber Attackers
News  |  7/24/2015  | 
Every single smartwatch tested in a recent study by HP had serious security weaknesses.
Internet of Things: Anything You Track Could Be Used Against You
Commentary  |  7/23/2015  | 
Lawyers not security advocates have fired the first salvos over wearable tech privacy. The results may surprise you.
3 Reasons Why Giving Government A Backdoor Is A Bad Idea
News  |  7/9/2015  | 
Exceptional access of the kind being demanded by the FBI and others is unworkable and impractical, security researchers say
OpenSSL Fixes High-Severity, Narrow-Scope Vulnerability
News  |  7/9/2015  | 
Bug allows attackers to issue invalid certificates, but is difficult to exploit and only affects OpenSSL versions released since last month.
Underwriters Laboratories To Launch Cyber Security Certification Program
News  |  7/6/2015  | 
Meanwhile, UL is also in discussion with the White House on its plans to foster standards for Internet of Things security.
Italian Surveillance Software Maker Falls Victim To Doxing Attack
News  |  7/6/2015  | 
Milan-based Hacking Team tells customers to stop using its products after leaked documents reveal the product's source code and the company's history of selling to governments with records of human rights abuses.


Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11354
PUBLISHED: 2018-05-22
In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling.
CVE-2018-11355
PUBLISHED: 2018-05-22
In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks.
CVE-2018-11356
PUBLISHED: 2018-05-22
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record.
CVE-2018-11357
PUBLISHED: 2018-05-22
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths.
CVE-2018-11358
PUBLISHED: 2018-05-22
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup.