Dark Reading INsecurity Conference Registration Now Open
Desperately Seeking Security: 6 Skills Most In Demand
NotPetya: How to Prep and Respond if You're Hit
How To (And Not To) Make the Online Trust Honor Roll
9 Ways to Protect Your Cloud Environment from Ransomware
News & Commentary
BEC Attacks Far More Lucrative than Ransomware over Past 3 Years
Dawn Kawamoto, Associate Editor, Dark ReadingNews
BEC fraud netted cyberthieves five times more profit than ransomware over a three-year period, according to Cisco's midyear report released today.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/20/2017
Comment0 comments  |  Read  |  Post a Comment
Microsoft Office 365 Users Targeted in Brute Force Attacks
Dark Reading Staff, Quick Hits
Attackers leveraged popular cloud service platforms to conduct persistent - and stealthy - login attempts on corporate Office 365 accounts.
By Dark Reading Staff , 7/20/2017
Comment0 comments  |  Read  |  Post a Comment
DevOps & Security: Butting Heads for Years but Integration is Happening
Zeus Kerravala, Founder and Principal Analyst, ZK ResearchCommentary
A combination of culture change, automation, tools and processes can bring security into the modern world where it can be as agile as other parts of IT.
By Zeus Kerravala Founder and Principal Analyst, ZK Research, 7/20/2017
Comment2 comments  |  Read  |  Post a Comment
Profile of a Hacker: The Real Sabu
David Holmes, World-Wide Security Evangelist, F5
There are multiple stories about how the capture of the infamous Anonymous leader Sabu went down. Heres one, and another about what he is doing today.
By David Holmes World-Wide Security Evangelist, F5, 7/20/2017
Comment0 comments  |  Read  |  Post a Comment
'AVPass' Sneaks Malware Past Android Antivirus Apps
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers at Black Hat USA will release a toolset that studies and then cheats specific Android AV apps.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/19/2017
Comment0 comments  |  Read  |  Post a Comment
Online Courses Projected to Drive Credit Card Fraud to $24B by 2018
Kelly Sheridan, Associate Editor, Dark ReadingNews
An underground ecosystem provides cybercriminals with online tutorials, tools, and credit card data they need to commit fraud.
By Kelly Sheridan Associate Editor, Dark Reading, 7/19/2017
Comment0 comments  |  Read  |  Post a Comment
98% of Companies Favor Integrating Security with DevOps
Dawn Kawamoto, Associate Editor, Dark ReadingNews
A majority of companies are either planning or have launched an integrated DevOps and security team, a new report shows.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/19/2017
Comment0 comments  |  Read  |  Post a Comment
New Cyber Readiness Institute Aims to Improve Risk Management
Dark Reading Staff, Quick Hits
The nonprofit will bring together senior leaders of global companies to discuss best practices for managing security employees, processes, and tech.
By Dark Reading Staff , 7/19/2017
Comment0 comments  |  Read  |  Post a Comment
Best of Black Hat: 20 Epic Talks in 20 Years
Kelly Sheridan, Associate Editor, Dark Reading
In celebration of Black Hat's 20th birthday, we take a look back at the most memorable presentations and demos since the show's inception in 1997.
By Kelly Sheridan Associate Editor, Dark Reading, 7/19/2017
Comment0 comments  |  Read  |  Post a Comment
Most Office 365 Admins Rely on Recycle Bin for Data Backup
Kelly Sheridan, Associate Editor, Dark ReadingNews
Nearly 66% of Office 365 administrators use Recycle Bin to back up their data, a practice that could leave data lost and unrecoverable.
By Kelly Sheridan Associate Editor, Dark Reading, 7/19/2017
Comment3 comments  |  Read  |  Post a Comment
Catastrophic Cloud Attack Costs Would Rival that of Hurricane Damages
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Lloyd's of London estimates multi-billion-dollar loss figures in worst-case scenarios of a major zero-day exploit or massive cloud outage.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/19/2017
Comment0 comments  |  Read  |  Post a Comment
4 Steps to Securing Citizen-Developed Apps
Mike Lemire, Compliance & Information Security Officer at  Quick BaseCommentary
Low- and no-code applications can be enormously helpful to businesses, but they pose some security problems.
By Mike Lemire Compliance & Information Security Officer at Quick Base, 7/19/2017
Comment0 comments  |  Read  |  Post a Comment
Rapid7 Buys Security Orchestration and Automation Firm Komand
Dark Reading Staff, Quick Hits
Rapid7 has acquired Komand with plans to integrate its orchestration and automation technology into the Insights platform.
By Dark Reading Staff , 7/18/2017
Comment0 comments  |  Read  |  Post a Comment
Dow Jones Data Leak Results from Amazon AWS Configuration Error
Kelly Sheridan, Associate Editor, Dark ReadingNews
Security pros expect to see more incidents like the Dow Jones leak, which exposed customers' personal information following a public cloud configuration error.
By Kelly Sheridan Associate Editor, Dark Reading, 7/18/2017
Comment0 comments  |  Read  |  Post a Comment
Zero-Day Exploit Surfaces that May Affect Millions of IoT Users
Dark Reading Staff, Quick Hits
A zero-day vulnerability dubbed Devil's Ivy is discovered in a widely used third-party toolkit called gSOAP.
By Dark Reading Staff , 7/18/2017
Comment0 comments  |  Read  |  Post a Comment
Apple iOS Malware Growth Outpaces that of Android
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Number of iOS devices running malicious apps more than tripled in three consecutive quarters, while infected Android devices remained largely flat, report shows.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/18/2017
Comment0 comments  |  Read  |  Post a Comment
SIEM Training Needs a Better Focus on the Human Factor
Justin Henderson, SANS Instructor and CEO of H & A Security SolutionsCommentary
The problem with security information and event management systems isn't the solutions themselves but the training that people receive.
By Justin Henderson SANS Instructor and CEO of H & A Security Solutions, 7/18/2017
Comment1 Comment  |  Read  |  Post a Comment
IoT Security Incidents Rampant and Costly
Dawn Kawamoto, Associate Editor, Dark Reading
New research offers details about the hidden and not so hidden costs of defending the Internet of Things.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/18/2017
Comment0 comments  |  Read  |  Post a Comment
New IBM Mainframe Encrypts All the Things
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Next-generation Z series features the elusive goal of full data encryption - from an application, cloud service, or database in transit or at rest.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/17/2017
Comment1 Comment  |  Read  |  Post a Comment
FBI Issues Warning on IoT Toy Security
Dark Reading Staff, Quick Hits
IoT toys are more than fun and games and can potentially lead to a violation of children's privacy and safety, the Federal Bureau of Investigation warned Monday.
By Dark Reading Staff , 7/17/2017
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by every347
Current Conversations nice
In reply to: Re: I agree!
Post Your Own Reply
Posted by Lacework
Current Conversations Well said. 
In reply to: Re: security adoption
Post Your Own Reply
More Conversations
PR Newswire
Black Hat to Host Discussion on Diversity
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/13/2017
Most Office 365 Admins Rely on Recycle Bin for Data Backup
Kelly Sheridan, Associate Editor, Dark Reading,  7/19/2017
DevOps & Security: Butting Heads for Years but Integration is Happening
Zeus Kerravala, Founder and Principal Analyst, ZK Research,  7/20/2017
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Securing your Cloud Stack from Ransomware
Poor configuration, lack of policies, and permissive behaviors are three factors that can leave your cloud infrastructure vulnerable to ransomware threats. Read >>
Partner Perspectives
What's This?
Profile of a Hacker: The Real Sabu
There are multiple stories about how the capture of the infamous Anonymous leader Sabu went down. Here's one, and another about what he is doing today. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: No, you were supposed to display UNICODE characters!
White Papers
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

[Strategic Security Report] Assessing Cybersecurity Risk
[Strategic Security Report] Assessing Cybersecurity Risk
As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
Flash Poll
Video
Slideshows
Twitter Feed