News & Commentary
Majority of Consumers Believe IoT Needs Security Built In
Dark Reading Staff, Quick Hits
Respondents to a global survey say Internet of Things security is a shared responsibility between consumers and manufacturers.
By Dark Reading Staff , 7/26/2017
Comment3 comments  |  Read  |  Post a Comment
7 Hardware & Firmware Hacks Highlighted at Black Hat 2017
Ericka Chickowski, Contributing Writer, Dark Reading
Researchers will hammer home potentially devastating attacks, and demo a range of vulnerabilities, techniques and tools.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/24/2017
Comment0 comments  |  Read  |  Post a Comment
Dark Reading News Desk Live at Black Hat USA 2017
Dark Reading Staff, Commentary
Over 40 interviews streaming live right from Black Hat USA, July 26-27, from 2 p.m. - 7 p.m. Eastern Time (11 - 4 P.T.).
By Dark Reading Staff , 7/21/2017
Comment3 comments  |  Read  |  Post a Comment
Healthcare Industry Lacks Awareness of IoT Threat, Survey Says
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Three-quarters of IT decision makers report they are "confident" or "very confident" that portable and connected medical devices are secure on their networks.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/20/2017
Comment7 comments  |  Read  |  Post a Comment
IoT Security Incidents Rampant and Costly
Dawn Kawamoto, Associate Editor, Dark Reading
New research offers details about the hidden and not so hidden costs of defending the Internet of Things.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/18/2017
Comment1 Comment  |  Read  |  Post a Comment
FBI Issues Warning on IoT Toy Security
Dark Reading Staff, Quick Hits
IoT toys are more than fun and games and can potentially lead to a violation of children's privacy and safety, the Federal Bureau of Investigation warned Monday.
By Dark Reading Staff , 7/17/2017
Comment1 Comment  |  Read  |  Post a Comment
IoT Physical Attack Exploit to be Revealed at Black Hat
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Security researcher Billy Rios plans to demonstrate how an exploit can cause an IoT device to launch a physical attack against a human.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/7/2017
Comment1 Comment  |  Read  |  Post a Comment
Black Hat Survey: Security Pros Expect Major Breaches in Next Two Years
Tim Wilson, Editor in Chief, Dark Reading, News
Significant compromises are not just feared, but expected, Black Hat attendees say.
By Tim Wilson, Editor in Chief, Dark Reading , 7/6/2017
Comment4 comments  |  Read  |  Post a Comment
The Growing Danger of IP Theft and Cyber Extortion
Robert McFarlane, Chief Revenue OfficerCommentary
The recent hacks of Disney and Netflix show the jeopardy that intellectual property and company secrets are in, fueled by cheap hacking tools and cryptocurrencies.
By Robert McFarlane Chief Revenue Officer, 7/6/2017
Comment1 Comment  |  Read  |  Post a Comment
The Problem with Data
Mike Baukes, Co-Founder & Co-CEO, UpGuardCommentary
The sheer amount of data that organizations collect makes it both extremely valuable and dangerous. Business leaders must do everything possible to keep it safe.
By Mike Baukes Co-Founder & Co-CEO, UpGuard, 7/3/2017
Comment1 Comment  |  Read  |  Post a Comment
Hacking Factory Robot Arms for Sabotage, Fun & Profit
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Black Hat talk will discuss how hackers could take over robotic arms, create micro-defects in products, and open up a new world of subtle blackmail.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/29/2017
Comment3 comments  |  Read  |  Post a Comment
Why Enterprise Security Needs a New Focus
Kirsten Bay, President and CEO, Cyber adAPTCommentary
The WannaCry ransomware attack shows patching and perimeter defenses aren't enough. Enterprises should combine preventative measures with threat detection tactics.
By Kirsten Bay President and CEO, Cyber adAPT, 6/29/2017
Comment7 comments  |  Read  |  Post a Comment
IoT Vulns Draw Biggest Bug Bounty Payouts
Dawn Kawamoto, Associate Editor, Dark ReadingNews
As bug bounty programs become more popular outside of the technology sector, IoT vulnerabilities are yielding the highest payouts for bug hunters, according to two reports released Wednesday.
By Dawn Kawamoto Associate Editor, Dark Reading, 6/29/2017
Comment0 comments  |  Read  |  Post a Comment
'Stack Clash' Smashed Security Fix in Linux
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Linux, OpenBSD, Free BSD, Solaris security updates available to thwart newly discovered attack by researchers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/21/2017
Comment0 comments  |  Read  |  Post a Comment
Trusted IDs Gain Acceptance in Smart Building Environment
Dark Reading Staff, Quick Hits
A majority of survey respondents believe identities can be connected across multiple systems and devices through a single ID card or mobile phone.
By Dark Reading Staff , 6/20/2017
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Fact vs. Fiction
Marc Laliberte, Information Security Threat Analyst, WatchGuard TechnologiesCommentary
Based on popular media, it's easy to be concerned about the security of smart cars, homes, medical devices, and public utilities. But how truly likely are such attacks?
By Marc Laliberte Information Security Threat Analyst, WatchGuard Technologies, 6/20/2017
Comment2 comments  |  Read  |  Post a Comment
Invisible Invaders: Why Detecting Bot Attacks Is Becoming More Difficult
Ido Safruti,  Founder and CTO at PerimeterXCommentary
Traditional methods can't block the latest attackers, but a behavioral approach can tell the difference between bots and humans.
By Ido Safruti Founder and CTO at PerimeterX, 6/19/2017
Comment0 comments  |  Read  |  Post a Comment
First Malware Designed Solely for Electric Grids Caused 2016 Ukraine Outage
Jai Vijayan, Freelance writerNews
Attackers used CrashOverride/Industroyer to cause a partial power outage in Kiev, Ukraine, but it can be used anywhere, say researchers at Dragos and ESET.
By Jai Vijayan Freelance writer, 6/12/2017
Comment1 Comment  |  Read  |  Post a Comment
Move Over, Mirai: Persirai Now the Top IP Camera Botnet
Jai Vijayan, Freelance writerNews
Mirai's success has spawned a flurry of similar IoT malware.
By Jai Vijayan Freelance writer, 6/8/2017
Comment0 comments  |  Read  |  Post a Comment
Balancing the Risks of the Internet of Things
Darren Anstee, Chief Technology Officer at Arbor NetworksCommentary
Do the benefits of an Internet-connected coffee maker really outweigh its security issues?
By Darren Anstee Chief Technology Officer at Arbor Networks, 6/7/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: " I think Google Doodle is getting a little out of control"
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
[Strategic Security Report] Assessing Cybersecurity Risk
[Strategic Security Report] Assessing Cybersecurity Risk
As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.