Intro to Cyber Insurance: 7 Questions to Ask
7 Steps to Transforming Yourself into a DevSecOps Rockstar
Report: 'OilRig' Attacks Expanding Across Industries, Geographies
Getting Beyond the Buzz & Hype of Threat Hunting
New Wave of Security Acquisitions Signals Start of Consolidation Trend
News & Commentary
Patch Unlikely for Widely Publicized Flaw in Microsoft IIS 6.0
Dark Reading Staff, Quick Hits
Microsoft recommends upgrade to latest operating system for more protection.
By Dark Reading Staff , 3/30/2017
Comment0 comments  |  Read  |  Post a Comment
Internet's Security Woes are Not All Technical
Kelly Sheridan, Associate Editor, InformationWeekNews
Google engineer Halvar Flake told Black Hat Asia attendees that flaws in organizational structure and market power put enterprises at risk.
By Kelly Sheridan Associate Editor, InformationWeek, 3/30/2017
Comment0 comments  |  Read  |  Post a Comment
30% of Malware Attacks are Zero-Day Exploits
Dark Reading Staff, Quick Hits
WatchGuard quarterly report, based on Firebox Feed data, lists five key findings on Internet security threats.
By Dark Reading Staff , 3/30/2017
Comment0 comments  |  Read  |  Post a Comment
Insider Threat Fear Greater Than Ever, Survey Shows
Jai Vijayan, Freelance writerNews
More than half of security pros say insider threat incidents have become more frequent in the past 12 months.
By Jai Vijayan Freelance writer, 3/29/2017
Comment0 comments  |  Read  |  Post a Comment
Privacy Babel: Making Sense of Global Privacy Regulations
Dimitri Sirota, Founder & CEO of BigIDCommentary
Countries around the world are making their own privacy laws. How can a global company possibly keep up?
By Dimitri Sirota Founder & CEO of BigID, 3/29/2017
Comment1 Comment  |  Read  |  Post a Comment
Russian Man Pleads Guilty for his Role in Ebury Botnet
Dark Reading Staff, Quick Hits
Maxim Senakh, arrested by Finnish authorities and extradited to the US, will be sentenced this August.
By Dark Reading Staff , 3/29/2017
Comment0 comments  |  Read  |  Post a Comment
Dutch Parliament Website Suffers Ransomware Attack
Dark Reading Staff, Quick Hits
Hackers, suspected to belong to Turkish groups, continue to target Dutch websites.
By Dark Reading Staff , 3/29/2017
Comment0 comments  |  Read  |  Post a Comment
Millions of Stolen US University Email Credentials for Sale on the Dark Web
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers find booming underground market for stolen and fake email credentials from the 300 largest universities in the US.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/29/2017
Comment1 Comment  |  Read  |  Post a Comment
To Gain Influence, CISOs Must Get Security's Human Element Right
Rocco Grillo, Cyber Resilience Leader at Stroz FriedbergCommentary
Focusing on certain elements of security in isolation can cause a false sense of security.
By Rocco Grillo Cyber Resilience Leader at Stroz Friedberg, 3/29/2017
Comment1 Comment  |  Read  |  Post a Comment
Cerber Ransomware Now Evades Machine Learning
Jai Vijayan, Freelance writerNews
New variant has been broken into separate harmless-looking components to fool ML-based detection systems, Trend Micro says.
By Jai Vijayan Freelance writer, 3/29/2017
Comment1 Comment  |  Read  |  Post a Comment
Cloud Security: New Research Says IT Pros Still Skittish
Steve Zurier, Freelance WriterNews
Respondents complain in two studies that traditional security tools dont work in the cloud, and cant deliver visibility across multiple cloud environments.
By Steve Zurier Freelance Writer, 3/29/2017
Comment0 comments  |  Read  |  Post a Comment
Should Trump Tackle Air-Gapped Critical Infrastructure?
Ericka Chickowski, Contributing Writer, Dark ReadingNews
MIT experts issue recommendations to the president, urging him to take elements of the electric grid and gas pipeline offline - but other security experts say that ship has sailed.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/28/2017
Comment0 comments  |  Read  |  Post a Comment
Commercial IoT: Big Trouble in Small Devices
Stuart Bailey, CTO, Open Data Group, Board Member, Tempered NetworksCommentary
There are endless scenarios where hackers could wreak havoc on the industrial Internet of Things. Theres also a readily available solution called HIP.
By Stuart Bailey CTO, Open Data Group, Board Member, Tempered Networks, 3/28/2017
Comment6 comments  |  Read  |  Post a Comment
1.4 Billion Data Records Exposed in 2016 Breaches
Dark Reading Staff, Quick Hits
The number of data records breached soared in 2016 over the previous year, with the technology sector facing the brunt of the attacks.
By Dark Reading Staff , 3/28/2017
Comment3 comments  |  Read  |  Post a Comment
Exploit Kits: Winter 2017 Review
Jerome Segura, Lead Malware Intelligence Analyst, Malwarebytes,
We take another look at the current EK scene by going over RIG, Sundown, Neutrino and Magnitude.
By Jerome Segura, Lead Malware Intelligence Analyst, Malwarebytes , 3/28/2017
Comment0 comments  |  Read  |  Post a Comment
How Identity Deception Increases the Success of Ransomware
Markus Jakobsson, Chief Scientist at AgariCommentary
As scammers hone their skills, their handiwork looks more credible to intended victims, making a successful ransomware scam more likely.
By Markus Jakobsson Chief Scientist at Agari, 3/28/2017
Comment3 comments  |  Read  |  Post a Comment
Jail Time Set for Two More Members of Global Telecom Fraud Scheme
Dark Reading Staff, Quick Hits
Ramon Batista and Farintong Calderon have been sentenced to 75 months and 36 months in prison, respectively.
By Dark Reading Staff , 3/28/2017
Comment1 Comment  |  Read  |  Post a Comment
Two Israeli Youths May Be Charged for vDOS Operation
Dark Reading Staff, Quick Hits
Israeli authorities prepare to accuse two 18-year-olds for the online attack service, which caused $1.65 million in losses.
By Dark Reading Staff , 3/28/2017
Comment8 comments  |  Read  |  Post a Comment
Hacking the Business Email Compromise
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
BEC attacks are on the rise, but plain-old spoofing of business executives' email accounts remains more prevalent.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/27/2017
Comment0 comments  |  Read  |  Post a Comment
FBI: Attackers Targeting Anonymous FTP Servers in Healthcare
Kelly Sheridan, Associate Editor, InformationWeekNews
The FBI warns medical and dental organizations of cybercriminals targeting anonymous FTP servers to steal personal health data.
By Kelly Sheridan Associate Editor, InformationWeek, 3/27/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Intro to Cyber Insurance: 7 Questions to Ask
Kelly Sheridan, Associate Editor, InformationWeek,  3/24/2017
Prioritizing Threats: Why Most Companies Get It Wrong
Michael A. Davis, CTO of CounterTack,  3/24/2017
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Cartoon
Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.
White Papers
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Flash Poll
Video
Slideshows
Twitter Feed