News & Commentary
4 Reasons the Vulnerability Disclosure Process Stalls
Lawrence Munro, Worldwide Vice President of SpiderLabs at TrustwaveCommentary
The relationship between manufacturers and researchers is often strained. Here's why, along with some resources to help.
By Lawrence Munro Worldwide Vice President of SpiderLabs at Trustwave, 5/24/2017
Comment1 Comment  |  Read  |  Post a Comment
Emerging Threats to Add to Your Security Radar Screen
Kelly Sheridan, Associate Editor, Dark ReadingNews
The cybersecurity threat landscape is poised to grow in size and complexity - what to look out for.
By Kelly Sheridan Associate Editor, Dark Reading, 5/22/2017
Comment0 comments  |  Read  |  Post a Comment
The Fundamental Flaw in TCP/IP: Connecting Everything
Jeff Hussey, President & CEO, Tempered NetworksCommentary
Almost 30 years after its inception, it's time to fix the engine that both fuels the modern day Internet and is the root cause of its most vexing security challenges.
By Jeff Hussey President & CEO, Tempered Networks, 5/17/2017
Comment4 comments  |  Read  |  Post a Comment
Microsoft Calls for IoT Cybersecurity Policy Development
Dark Reading Staff, Quick Hits
Microsoft emphasizes the need for new security policies as IoT growth heightens the consequences of cyberattacks.
By Dark Reading Staff , 5/15/2017
Comment1 Comment  |  Read  |  Post a Comment
Your IoT Baby Isn't as Beautiful as You Think It Is
Andrew Howard, Chief Technology Officer for Kudelski SecurityCommentary
Both development and evaluation teams have been ignoring security problems in Internet-connected devices for too long. That must stop.
By Andrew Howard Chief Technology Officer for Kudelski Security, 5/10/2017
Comment0 comments  |  Read  |  Post a Comment
New IoT Botnet Discovered, 120K IP Cameras At Risk of Attack
Kelly Sheridan, Associate Editor, Dark ReadingNews
The Persirai IoT botnet, which targets IP cameras, arrives hot on the heels of Mirai and highlights the growing threat of IoT botnets.
By Kelly Sheridan Associate Editor, Dark Reading, 5/9/2017
Comment0 comments  |  Read  |  Post a Comment
Hyundai Blue Link Vulnerability Allows Remote Start of Cars
Dark Reading Staff, Quick Hits
Car maker Hyundai patched a vulnerability in its Blue Link software, which could potentially allow attackers to remotely unlock a vehicle and start it.
By Dark Reading Staff , 4/25/2017
Comment1 Comment  |  Read  |  Post a Comment
Kill Chain & the Internet of Things
Ofer Amitai, CEO, PortnoxCommentary
IoT things such as security cameras, smart thermostats and wearables are particularly easy targets for kill chain intruders, but a layered approach to security can help thwart an attack.
By Ofer Amitai CEO, Portnox, 4/20/2017
Comment0 comments  |  Read  |  Post a Comment
10 Questions To Get Practical Answers At Interop ITX
Dark Reading Staff, Commentary
May 15-19 in Las Vegas: How to get solutions and advice from top speakers for the things that you really want to know.
By Dark Reading Staff , 4/14/2017
Comment0 comments  |  Read  |  Post a Comment
Got an Industrial Network? Reduce your Risk of a Cyberattack with Defense in Depth
Jeff Lund, Senior Director, Belden Industrial IT GroupCommentary
If an aggressive, all-out cyberdefense strategy isnt already on your operational technology plan for 2017, its time to get busy.
By Jeff Lund Senior Director, Belden Industrial IT Group, 4/13/2017
Comment0 comments  |  Read  |  Post a Comment
New Malware Deliberately Destroys Unsecured IoT Devices
Dark Reading Staff, Quick Hits
Motive behind BrickerBot puzzles experts who think it maybe the work of a vigilante.
By Dark Reading Staff , 4/7/2017
Comment2 comments  |  Read  |  Post a Comment
McAfee's Back as an Independent Security Firm
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Security firm is no longer part of Intel Corp.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/4/2017
Comment2 comments  |  Read  |  Post a Comment
Romanian Man Pleads Guilty to ATM Skimming Scheme
Dark Reading Staff, Quick Hits
Radu Bogdan Marin allegedly used stolen account details and fake ATM cards to withdraw tens of thousands of dollars.
By Dark Reading Staff , 3/31/2017
Comment2 comments  |  Read  |  Post a Comment
Commercial IoT: Big Trouble in Small Devices
Stuart Bailey, CTO, Open Data Group, Board Member, Tempered NetworksCommentary
There are endless scenarios where hackers could wreak havoc on the industrial Internet of Things. Theres also a readily available solution called HIP.
By Stuart Bailey CTO, Open Data Group, Board Member, Tempered Networks, 3/28/2017
Comment9 comments  |  Read  |  Post a Comment
Intro to Cyber Insurance: 7 Questions to Ask
Kelly Sheridan, Associate Editor, Dark Reading
Buying a cyber insurance policy can be complex and difficult. Make sure you're asking these questions as you navigate the process.
By Kelly Sheridan Associate Editor, Dark Reading, 3/24/2017
Comment10 comments  |  Read  |  Post a Comment
Future of the SIEM
Kelly Sheridan, Associate Editor, Dark ReadingNews
Current SIEM systems have flaws. Here's how the SIEM's role will change as mobile, cloud, and IoT continue to grow.
By Kelly Sheridan Associate Editor, Dark Reading, 3/22/2017
Comment2 comments  |  Read  |  Post a Comment
New Metasploit Extension Available for Testing IoT Device Security
Jai Vijayan, Freelance writerNews
RFTransceiver extension for the Metasploit Hardware Bridge API will let organizations detect and scan wireless devices operating outside 802.11 spec.
By Jai Vijayan Freelance writer, 3/21/2017
Comment0 comments  |  Read  |  Post a Comment
Cisco Issues Advisory on Flaw in Hundreds of Switches
Dark Reading Staff, Quick Hits
Vulnerability was discovered in WikiLeaks recent data dump on CIAs secret cyber-offensive unit.
By Dark Reading Staff , 3/21/2017
Comment1 Comment  |  Read  |  Post a Comment
Sound Waves Used to Hack Common Data Sensors
Terry Sweeney, Contributing EditorNews
Though the immediate threat to your smartphone or Fitbit is slight, University of Michigan researchers show command-and-control capability with spoofed signaling on a variety of MEMS accelerometers.
By Terry Sweeney Contributing Editor, 3/16/2017
Comment0 comments  |  Read  |  Post a Comment
Trust Begins With Layer 1 Encryption
Hector Menendez, Product Marketing Manager, IP/Optical Networks, NokiaCommentary
In todays distributed environment, cloud and communication service providers can play a key role in providing organizations with a scalable and secure platform for the connection of everything to everything. Heres how.
By Hector Menendez Product Marketing Manager, IP/Optical Networks, Nokia, 3/15/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.