Attacks/Breaches
News & Commentary
Enterprises Hit with Malware Preinstalled on their Androids
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Check Point details evidence of mobile supply chain problems based on infections on devices at two large organizations.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/13/2017
Comment0 comments  |  Read  |  Post a Comment
What Your SecOps Team Can (and Should) Do
Chris Crowley, Independent Consultant at Montance, LLCCommentary
If your organization has all of these pieces in place, congratulations!
By Chris Crowley Independent Consultant at Montance, LLC, 3/13/2017
Comment0 comments  |  Read  |  Post a Comment
Home Depot Will Pay Banks $25 Million for 2014 Breach
Dark Reading Staff, Quick Hits
Home Depot has already spent $179 million in compensation for the data breach, which affected 50 million customers.
By Dark Reading Staff , 3/13/2017
Comment0 comments  |  Read  |  Post a Comment
IoT & Liability: How Organizations Can Hold Themselves Accountable
Richard Henderson, Global Security Strategist, AbsoluteCommentary
To avoid a lawsuit, your company needs to better understand the state of your infrastructure and the devices and applications within it. Here are five areas on which to focus.
By Richard Henderson Global Security Strategist, Absolute, 3/10/2017
Comment0 comments  |  Read  |  Post a Comment
Attacks Under Way Against Easily Exploitable Apache Struts Flaw
Jai Vijayan, Freelance writerNews
Enterprises urged to upgrade now to more secure versions of Web application framework.
By Jai Vijayan Freelance writer, 3/9/2017
Comment0 comments  |  Read  |  Post a Comment
Securing Today’s 'Elastic Attack Surface'
Amit Yoran, Chairman & CEO, Tenable Network SecurityCommentary
The foundation of good cybersecurity is knowing your network. But as organizations embrace new technologies, that simple task has gotten incredibly difficult.
By Amit Yoran Chairman & CEO, Tenable Network Security, 3/9/2017
Comment0 comments  |  Read  |  Post a Comment
Trojan Android App Bullies Google Play Users Into Giving It 5 Stars
Dark Reading Staff, Quick Hits
Users who download "Music Mania" get pounded by ads until they say uncle.
By Dark Reading Staff , 3/9/2017
Comment0 comments  |  Read  |  Post a Comment
9 Phishing Lures that Could Hijack your 2017 Tax Refund
Steve Zurier, Freelance Writer
Scammers are taking an aggressive approach to tax season this year, packing attachments and links with banking Trojans, and fairly new strains of ransomware.
By Steve Zurier Freelance Writer, 3/9/2017
Comment0 comments  |  Read  |  Post a Comment
In a Cybersecurity Vendor War, the End User Loses
Morey Haber, VP, Technology, BeyondTrustCommentary
When vulnerability information is disclosed without a patch available, users are the ones really being punished.
By Morey Haber VP, Technology, BeyondTrust, 3/8/2017
Comment0 comments  |  Read  |  Post a Comment
4 Ways to Recover from a Cyberattack
Malwarebytes Labs, Malwarebytes Labs
Be prepared and act quickly are two key steps that will help you bounce back quickly from a cyberattack.
By Malwarebytes Labs Malwarebytes Labs, 3/8/2017
Comment0 comments  |  Read  |  Post a Comment
Why Printers Still Pose a Security Threat
Kelly Sheridan, Associate Editor, InformationWeekNews
Newly discovered security flaws in popular printers remind us how networked devices continue to put users at risk.
By Kelly Sheridan Associate Editor, InformationWeek, 3/8/2017
Comment0 comments  |  Read  |  Post a Comment
'Entire Hacking Capacity Of CIA' Dumped On Wikileaks, Site Claims
Jai Vijayan, Freelance writerNews
Leaked data tranche of 8,700 documents purportedly includes tools that turn smart TVs into covert surveillance devices.
By Jai Vijayan Freelance writer, 3/7/2017
Comment1 Comment  |  Read  |  Post a Comment
A Real-Life Look into Responsible Disclosure for Security Vulnerabilities
Marc Laliberte, Information Security Threat Analyst, WatchGuard TechnologiesCommentary
A researcher gives us a glimpse into what happened when he found a problem with an IoT device.
By Marc Laliberte Information Security Threat Analyst, WatchGuard Technologies, 3/7/2017
Comment0 comments  |  Read  |  Post a Comment
France Abandons Electronic Voting for Citizens Abroad, Cites Security
Dark Reading Staff, Quick Hits
The French government made its decision after the national cybersecurity agency warned of a high risk of cyberattacks.
By Dark Reading Staff , 3/7/2017
Comment0 comments  |  Read  |  Post a Comment
Shamoon Data-Wiping Malware Now Comes with Ransomware Option
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
And: another data-destruction variant discovered, with similarities to Shamoon.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/6/2017
Comment0 comments  |  Read  |  Post a Comment
FTC Report Highlights Low DMARC Adoption
Kelly Sheridan, Associate Editor, InformationWeekNews
New Federal Trade Commission research discovers most online businesses employ email authentication, but few use DMARC to combat phishing.
By Kelly Sheridan Associate Editor, InformationWeek, 3/6/2017
Comment0 comments  |  Read  |  Post a Comment
New York’s Cyber Regulations: How to Take Action & Who’s Next
Prakash Linga, CTO & Co-founder of VeraCommentary
Even if your company isn’t directly subject to these new rules, you can assume that the approach will be adopted by regulatory agencies at home and abroad eventually.
By Prakash Linga , 3/6/2017
Comment0 comments  |  Read  |  Post a Comment
Adware vs. Ad Fraud: Viva la Difference!
Pieter Arntz, Malware Intelligence Researcher, Malwarebytes
Both earn their money in the advertising trade but they each have very different means of operation and targets.
By Pieter Arntz Malware Intelligence Researcher, Malwarebytes, 3/6/2017
Comment0 comments  |  Read  |  Post a Comment
Threats Converge: IoT Meets Ransomware
Javvad Malik, Security Advocate at AlienVaultCommentary
Ransomware is already a problem. The Internet of Things has had a number of security issues. What happens when the two combine?
By Javvad Malik Security Advocate at AlienVault, 3/6/2017
Comment0 comments  |  Read  |  Post a Comment
Attackers Employ Sneaky New Method to Control Trojans
Jai Vijayan, Freelance writerNews
A new malware sample shows threat actors have begun using DNS TXT record and queries for C2 communications, Cisco Talos says,
By Jai Vijayan Freelance writer, 3/3/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by aashbel
Current Conversations Great article.
In reply to: Love it.
Post Your Own Reply
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: So, how's the mobile device management roll-out going?
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.