8 Hot Hacking Tools to Come out of Black Hat USA
Dark Reading Launches New Conference on Cyber Defense
Android Security Apps for BYOD Users
The Rising Tide of Crimeware-as-a-Service
How End-User Devices Get Hacked: 8 Easy Ways
News & Commentary
Virginia Consultant Charged with Espionage
Dark Reading Staff, Quick Hits
Federal authorities charged a consultant with espionage for transmitting top secret and secret documents to China.
By Dark Reading Staff , 6/23/2017
Comment0 comments  |  Read  |  Post a Comment
Android Marcher Variant Makes Rounds as Adobe Flash Player Update
Dark Reading Staff, Quick Hits
Zscaler researchers discover a new variant of the Android Marcher malware, which aims to steal online banking credentials and credit card information.
By Dark Reading Staff , 6/23/2017
Comment0 comments  |  Read  |  Post a Comment
$12B in Fraud Loss Came from Data Breach Victims in 2016
Dark Reading Staff, Quick Hits
Three-quarters of the total fraud losses for 2016 arose from victims who had been victims of a data breach within the previous six years.
By Dark Reading Staff , 6/23/2017
Comment0 comments  |  Read  |  Post a Comment
RAT Vulnerabilities Turn Hackers into Victims
Kelly Sheridan, Associate Editor, Dark ReadingNews
A small number of Remote Administration Tools have vulnerabilities which can enable attack targets to turn the tables on threat actors.
By Kelly Sheridan Associate Editor, Dark Reading, 6/23/2017
Comment0 comments  |  Read  |  Post a Comment
Threat Intelligence Sharing: The New Normal?
Danelle Au, VP Strategy, SafeBreachCommentary
The spirit of cooperation seems to be taking hold as demonstrated by the growing number of thriving services and organizations whose sole purpose is to analyze specific threats against specific communities.
By Danelle Au VP Strategy, SafeBreach, 6/23/2017
Comment1 Comment  |  Read  |  Post a Comment
Talking Cyber-Risk with Executives
Raymond Pompon, Principal Threat Research Evangelist at F5 Networks
Explaining risk can be difficult since CISOs and execs dont speak the same language. The key is to tailor your message for the audience.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 6/23/2017
Comment0 comments  |  Read  |  Post a Comment
8 Hot Hacking Tools to Come out of Black Hat USA
Ericka Chickowski, Contributing Writer, Dark Reading
High-impact tools for white hats that will be revealed and released next month at Black Hat USA in Las Vegas.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/23/2017
Comment0 comments  |  Read  |  Post a Comment
'GhostHook' Foils Windows 10 64-bit's Kernel Protection
Jai Vijayan, Freelance writerNews
Microsoft says an attacker needs kernel-level access before they can use the 'GhostHook' technique to install a rootkit.
By Jai Vijayan Freelance writer, 6/22/2017
Comment0 comments  |  Read  |  Post a Comment
Nuclear Plants, Hospitals at Risk of Hacked Radiation Monitoring Devices
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Security researcher discovers major security flaws that can't be patched or fixed.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/22/2017
Comment0 comments  |  Read  |  Post a Comment
Two Arrested for Microsoft Network Intrusion
Dark Reading Staff, Quick Hits
UK authorities arrest two men for allegedly breaking into Microsoft's network with the intent to steal customer data from the software giant.
By Dark Reading Staff , 6/22/2017
Comment0 comments  |  Read  |  Post a Comment
Most General Counsels Fret over Data Security
Dark Reading Staff, Quick Hits
An overwhelming percentage of in-house attorneys say cyberattacks and the impact on their business keeps them up at night, a recent survey shows.
By Dark Reading Staff , 6/22/2017
Comment0 comments  |  Read  |  Post a Comment
Cloud Security Lessons from the RNC Leak
Kelly Sheridan, Associate Editor, Dark ReadingNews
A poorly configured Amazon S3 bucket that led to a massive data leak could easily happen to any organization not adopting proper cloud security measures.
By Kelly Sheridan Associate Editor, Dark Reading, 6/22/2017
Comment0 comments  |  Read  |  Post a Comment
KPMG: Cybersecurity Has Reached a Tipping Point from Tech to CEO Business Issue
Tony Buffomante, KPMG, U.S. Cyber Security Services LeaderCommentary
Still, a majority of US-based chief execs say they will be maintaining and not investing in security technology over the next three years, a recent study shows.
By Tony Buffomante KPMG, U.S. Cyber Security Services Leader, 6/22/2017
Comment0 comments  |  Read  |  Post a Comment
WannaCry? Youre Not Alone: The 5 Stages of Security Grief
Eric Thomas, Director of Solutions Architecture, ExtraHopCommentary
As breach after breach hits the news, security professionals cope with the classic experiences of denial, anger, bargaining, depression, and acceptance.
By Eric Thomas Director of Solutions Architecture, ExtraHop, 6/22/2017
Comment2 comments  |  Read  |  Post a Comment
'Stack Clash' Smashed Security Fix in Linux
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Linux, OpenBSD, Free BSD, Solaris security updates available to thwart newly discovered attack by researchers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/21/2017
Comment0 comments  |  Read  |  Post a Comment
WannaCry Forces Honda to Take Production Plant Offline
Jai Vijayan, Freelance writerNews
Work on over 1,000 vehicles affected at automaker's Sayama plant in Japan while systems were restored.
By Jai Vijayan Freelance writer, 6/21/2017
Comment1 Comment  |  Read  |  Post a Comment
Russian Hackers Focused on Election Systems in 21 States
Dark Reading Staff, Quick Hits
A Department of Homeland Security official testified today that hackers tied to the Russian government attempted to infiltrate election systems in nearly two dozen states.
By Dark Reading Staff , 6/21/2017
Comment0 comments  |  Read  |  Post a Comment
Consumer Businesses Have False Confidence in their Security: Deloitte
Dark Reading Staff, Quick Hits
Consumer business executives are confident in their ability to respond to cyberattacks but fail to document and test response plans.
By Dark Reading Staff , 6/21/2017
Comment1 Comment  |  Read  |  Post a Comment
The Folly of Vulnerability & Patch Management for ICS Networks
Galina Antova & Patrick McBride, Co-founder & Chief Marketing Officer, ClarotyCommentary
Yes, such efforts matter. But depending on them can give a false sense of security.
By Galina Antova & Patrick McBride Co-founder & Chief Marketing Officer, Claroty, 6/21/2017
Comment1 Comment  |  Read  |  Post a Comment
Dark Reading Launches New Conference on Cyber Defense
Tim Wilson, Editor in Chief, Dark Reading, Commentary
More Stories
Current Conversations
More Conversations
PR Newswire
Apple iOS Threats Fewer Than Android But More Deadly
Dawn Kawamoto, Associate Editor, Dark Reading,  6/20/2017
Dark Reading Launches New Conference on Cyber Defense
Tim Wilson, Editor in Chief, Dark Reading 6/21/2017
Cybersecurity Fact vs. Fiction
Marc Laliberte, Information Security Threat Analyst, WatchGuard Technologies,  6/20/2017
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Cloud Security & the Power of Shared Responsibility
When you and your CSP jointly embrace the shared security responsibility model you can achieve greater success than you or your provider can achieve alone. Read >>
Partner Perspectives
What's This?
Talking Cyber-Risk with Executives
Explaining risk can be difficult since CISOs and execs don't speak the same language. The key is to tailor your message for the audience. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.
White Papers
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

The Dark Reading Security Spending Survey
The Dark Reading Security Spending Survey
Enterprises are spending an unprecedented amount of money on IT security where does it all go? In this survey, Dark Reading polled senior IT management on security budgets and spending plans, and their priorities for the coming year. Download the report and find out what they had to say.
Flash Poll
Video
Slideshows
Twitter Feed