Dark Reading News Desk Live at Black Hat USA 2017
7 Hardware & Firmware Hacks Highlighted at Black Hat 2017
Dark Reading INsecurity Conference Registration Now Open
Best of Black Hat: 20 Epic Talks in 20 Years
IoT Security Incidents Rampant and Costly
News & Commentary
Dark Reading News Desk Live at Black Hat USA 2017
Dark Reading Staff, Commentary
Over 40 interviews streaming live right from Black Hat USA, July 26-27, from 2 p.m. - 7 p.m. Eastern Time (11 - 4 P.T.).
By Dark Reading Staff , 7/27/2017
Comment4 comments  |  Read  |  Post a Comment
How to Build a Path Toward Diversity in Information Security
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Hiring women and minorities only addresses half the issue for the IT security industry -- the next step is retaining these workers.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/27/2017
Comment0 comments  |  Read  |  Post a Comment
The Right to Be Forgotten & the New Era of Personal Data Rights
Dimitri Sirota, Founder & CEO of BigIDCommentary
Because of the European Union's GDPR and other pending legislation, companies must become more transparent in how they protect their customers' data.
By Dimitri Sirota Founder & CEO of BigID, 7/27/2017
Comment0 comments  |  Read  |  Post a Comment
Can Your Risk Assessment Stand Up Under Scrutiny?
Raymond Pompon, Principal Threat Research Evangelist at F5 Networks
Weak risk assessments have gotten a pass up until now, but that may be changing.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 7/27/2017
Comment1 Comment  |  Read  |  Post a Comment
Downtime from Ransomware More Lethal to Small Businesses Than the Ransom
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New survey of small-to midsized businesses (SMBs) shows half of SMBs infected with malware suffer 25 hours or more of business disruption.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/27/2017
Comment1 Comment  |  Read  |  Post a Comment
How Attackers Use Machine Learning to Predict BEC Success
Kelly Sheridan, Associate Editor, Dark ReadingNews
Researchers show how scammers defeat other machines, increase their success rate, and get more money from their targets.
By Kelly Sheridan Associate Editor, Dark Reading, 7/26/2017
Comment0 comments  |  Read  |  Post a Comment
Adobe's Move to Kill Flash Is Good for Security
Jai Vijayan, Freelance writerNews
In recent years, Flash became one of the buggiest widely used apps out there.
By Jai Vijayan Freelance writer, 7/26/2017
Comment1 Comment  |  Read  |  Post a Comment
FBI Talks Avalanche Botnet Takedown
Kelly Sheridan, Associate Editor, Dark ReadingNews
FBI unit chief Tom Grasso explains the takedown of Avalanche and how the agency approaches botnet infrastructures.
By Kelly Sheridan Associate Editor, Dark Reading, 7/26/2017
Comment0 comments  |  Read  |  Post a Comment
Hacking the Wind
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
A security researcher at Black Hat USA shows how wind turbine systems are susceptible to potentially damaging cyberattacks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/26/2017
Comment0 comments  |  Read  |  Post a Comment
The Wild West of Security Post-Secondary Education
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Black Hat researchers will show how inconsistent security schooling is at the university level.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/26/2017
Comment0 comments  |  Read  |  Post a Comment
Facebook Offers $1 Million for New Security Defenses
Dawn Kawamoto, Associate Editor, Dark ReadingNews
The social media giant has increased the size of its Internet Defense Prize program in order to spur more research into ways to defend users against the more prevalent and common methods of attack.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/26/2017
Comment0 comments  |  Read  |  Post a Comment
Majority of Consumers Believe IoT Needs Security Built In
Dark Reading Staff, Quick Hits
Respondents to a global survey say Internet of Things security is a shared responsibility between consumers and manufacturers.
By Dark Reading Staff , 7/26/2017
Comment4 comments  |  Read  |  Post a Comment
10 Critical Steps to Create a Culture of Cybersecurity
Edward J. McAndrew, Partner & Co-Chair, Privacy & Data Security  Group, Ballard Spahr LLP, Faculty Member of the Compliance, Governance &  Oversight CouncilCommentary
Businesses are more vulnerable than they need to be. Here's what you should do about it.
By Edward J. McAndrew Partner & Co-Chair, Privacy & Data Security Group, Ballard Spahr LLP, Faculty Member of the Compliance, Governance & Oversight Council, 7/26/2017
Comment0 comments  |  Read  |  Post a Comment
Iranian Cyber Espionage Group CopyKittens Successful, But Not Skilled
Jai Vijayan, Freelance writerNews
Despite being only moderately skilled, CopyKittens has exfiltrated large volumes of data since at least 2013.
By Jai Vijayan Freelance writer, 7/25/2017
Comment0 comments  |  Read  |  Post a Comment
How 'Postcript' Exploits Networked Printers
Dawn Kawamoto, Associate Editor, Dark ReadingNews
At Black Hat 2017, a university researcher will demo how attackers can drill into networked printers by way of the ubiquitous PostScript programming language.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/25/2017
Comment0 comments  |  Read  |  Post a Comment
How Women Can Raise Their Profile within the Cybersecurity Industry
Jodie Nel, Event Organizer, Cyber Security Event SeriesCommentary
Closing the cybersecurity gender gap won't happen overnight, but women can take can take steps to begin leveling the playing field.
By Jodie Nel Event Organizer, Cyber Security Event Series, 7/25/2017
Comment0 comments  |  Read  |  Post a Comment
Using AI to Break Detection Models
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Pitting machine learning bots against one another is the new spy vs. spy battle in cybersecurity today.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/25/2017
Comment0 comments  |  Read  |  Post a Comment
Lessons from Verizon: Managing Cloud Security for Partners
Tim Prendergast, Founder & CEO, Evident.io
The recent Verizon breach data exposed by an insecure Amazon S3 bucket highlights the need for enterprises to have visibility into how partners and other stakeholders keep their data secure.
By Tim Prendergast Founder & CEO, Evident.io, 7/25/2017
Comment0 comments  |  Read  |  Post a Comment
Regulators Question Wells Fargo Regarding Data Breach
Dark Reading Staff, Quick Hits
Scrutiny a result of a lawyer's unauthorized release of sensitive information on tens of thousands of wealthy Well Fargo customers.
By Dark Reading Staff , 7/25/2017
Comment4 comments  |  Read  |  Post a Comment
Custom Source Code Accounts for 93% of App Vulnerabilities
Dark Reading Staff, Quick Hits
A new study finds that third-party libraries account for 79% of the code found in apps, but only 7% of the vulnerabilities found in the software.
By Dark Reading Staff , 7/25/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Majority of Security Pros Let Productivity Trump Security
Dawn Kawamoto, Associate Editor, Dark Reading,  7/24/2017
Healthcare Industry Lacks Awareness of IoT Threat, Survey Says
Dawn Kawamoto, Associate Editor, Dark Reading,  7/20/2017
Microsoft Rolls Out AI-based Security Risk Detection Tool
Kelly Sheridan, Associate Editor, Dark Reading,  7/21/2017
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Lessons from Verizon: Managing Cloud Security for Partners
The recent Verizon breach -- data exposed by an insecure Amazon S3 bucket -- highlights the need for enterprises to have visibility into how partners and other stakeholders keep their data secure. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: " I think Google Doodle is getting a little out of control"
White Papers
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

[Strategic Security Report] Assessing Cybersecurity Risk
[Strategic Security Report] Assessing Cybersecurity Risk
As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
Flash Poll
Video
Slideshows
Twitter Feed