Vulnerabilities / Threats // Advanced Threats
News & Commentary
Threat Lifecycle Management
Emily Johnson, Digital Content Editor, InformationWeekCommentaryVideo
Principal Sales Engineer for LogRhythm Chris Martin stops by the InformationWeek News Desk.
By Emily Johnson Digital Content Editor, InformationWeek, 5/24/2017
Comment0 comments  |  Read  |  Post a Comment
Staying a Step Ahead of Internet Attacks
Markus Jakobsson, Chief Scientist at AgariCommentary
There's no getting around the fact that targeted attacks - like phishing - will happen. But you can figure out the type of attack to expect next.
By Markus Jakobsson Chief Scientist at Agari, 5/23/2017
Comment2 comments  |  Read  |  Post a Comment
All Generations, All Risks, All Contained: A How-To Guide
Stan Black, CSO, CitrixCommentary
Organizations must have a security plan that considers all of their employees.
By Stan Black CSO, Citrix, 5/18/2017
Comment1 Comment  |  Read  |  Post a Comment
WannaCry: Ransomware Catastrophe or Failure?
Gary Warner, Chief Threat ScientistCommentary
Using Bitcoin payments as a measure, the WannaCry attack is not nearly as profitable as the headlines suggest. But you should still patch your Windows systems and educate users.
By Gary Warner Chief Threat Scientist, 5/18/2017
Comment0 comments  |  Read  |  Post a Comment
Why We Need a Data-Driven Cybersecurity Market
David Damato, Chief Security Officer, TaniumCommentary
NIST should bring together industry to create a standard set of metrics and develop better ways to share information.
By David Damato Chief Security Officer, Tanium, 5/17/2017
Comment0 comments  |  Read  |  Post a Comment
New Threat Research Shows Vietnam a Rising Force in Cyberespionage
Ericka Chickowski, Contributing Writer, Dark ReadingNews
FireEye report on APT32 puts evidence together of a group attacking private and public targets for the sake of Vietnamese state interests.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/16/2017
Comment0 comments  |  Read  |  Post a Comment
The Wide-Ranging Impact of New York's Cybersecurity Regulations
Mark Sangster, VP and industry security strategist, eSentireCommentary
New York's toughest regulations yet are now in effect. Here's what that means for your company.
By Mark Sangster VP and industry security strategist, eSentire, 5/16/2017
Comment0 comments  |  Read  |  Post a Comment
8 Notorious Russian Hackers Arrested in the Past 8 Years
Ericka Chickowski, Contributing Writer, Dark Reading
Lesson learned by Russian cybercriminals: Don't go on vacation, it's bad for your freedom to scam.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/12/2017
Comment2 comments  |  Read  |  Post a Comment
What Developers Don't Know About Security Can Hurt You
Peter Chestna, Director of Developer Engagement, VeracodeCommentary
Developers won't start writing secure code just because you tell them it's part of their job. You need to give them the right training, support, and tools to instill a security mindset.
By Peter Chestna Director of Developer Engagement, Veracode, 5/11/2017
Comment0 comments  |  Read  |  Post a Comment
Your IoT Baby Isn't as Beautiful as You Think It Is
Andrew Howard, Chief Technology Officer for Kudelski SecurityCommentary
Both development and evaluation teams have been ignoring security problems in Internet-connected devices for too long. That must stop.
By Andrew Howard Chief Technology Officer for Kudelski Security, 5/10/2017
Comment0 comments  |  Read  |  Post a Comment
Why Cyber Attacks Will Continue until Prevention Becomes a Priority
Todd Thibodeaux, President & CEO, CompTIACommentary
Organizations must rethink their security measures. Focus on training, getting rid of old tech, and overcoming apathy.
By Todd Thibodeaux President & CEO, CompTIA, 5/8/2017
Comment0 comments  |  Read  |  Post a Comment
How to Integrate Threat Intel & DevOps
Andrew Storms, VP Security Services, New ContextCommentary
Automating intelligence can help your organization in myriad ways.
By Andrew Storms VP Security Services, New Context, 5/4/2017
Comment1 Comment  |  Read  |  Post a Comment
7 Steps to Fight Ransomware
G. Mark Hardy, Instructor for SANS and President of National Security CorporationCommentary
Perpetrators are shifting to more specific targets. This means companies must strengthen their defenses, and these strategies can help.
By G. Mark Hardy Instructor for SANS and President of National Security Corporation, 5/3/2017
Comment2 comments  |  Read  |  Post a Comment
What's in a Name? Breaking Down Attribution
Jonathan Couch, Senior VP of Strategy, ThreatQuotientCommentary
Here's what you really need to know about adversaries.
By Jonathan Couch Senior VP of Strategy, ThreatQuotient, 5/2/2017
Comment0 comments  |  Read  |  Post a Comment
The Cyber-Committed CEO & Board
Ryan LaSalle, Global Managing Director, Growth & Strategy at Accenture SecurityCommentary
Here is what CISOs need to communicate to upper management about the business risks of mismanaging cybersecurity.
By Ryan LaSalle Global Managing Director, Growth & Strategy at Accenture Security, 5/1/2017
Comment2 comments  |  Read  |  Post a Comment
What Role Should ISPs Play in Cybersecurity?
Corey Nachreiner, Chief Technology Officer, WatchGuard TechnologiesCommentary
There are many actions ISPs could do to make browsing the Web safer, but one thing stands out.
By Corey Nachreiner Chief Technology Officer, WatchGuard Technologies, 4/26/2017
Comment0 comments  |  Read  |  Post a Comment
New Ad Fraud Campaign Uses Millions of Domain Names to Bilk Advertising Networks
Ericka Chickowski, Contributing Writer, Dark ReadingNews
NoTrove has established a huge infrastructure to make money through click redirection and scam traffic-brokering.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/26/2017
Comment0 comments  |  Read  |  Post a Comment
IT-OT Convergence: Coming to an Industrial Plant Near You
Barak Perelman, CEO, IndegyCommentary
There's been a big divide between IT and OT, but that must end. Here's how to make them come together.
By Barak Perelman CEO, Indegy, 4/25/2017
Comment0 comments  |  Read  |  Post a Comment
Russian Citizen Gets Record 27-Year Sentence for Hacking, Fraud Scheme
Dark Reading Staff, Quick Hits
Roman Valeryevich gets 27 years for hacking PoS machines. Meanwhile, spam master Pyotr Levashov's indictment is unsealed.
By Dark Reading Staff , 4/21/2017
Comment0 comments  |  Read  |  Post a Comment
Best Practices for Securing Open Source Code
Mike Pittenger, Vice President, Security Strategy at Black Duck SoftwareCommentary
Attackers see open source components as an obvious target because there's so much information on how to exploit them. These best practices will help keep you safer.
By Mike Pittenger Vice President, Security Strategy at Black Duck Software, 4/21/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by hypumysidiv
Current Conversations now thats my boiiiii Blinkbest  
In reply to: sx
Post Your Own Reply
Posted by TimonN774
Current Conversations dobrarobota. 
In reply to: Bravo
Post Your Own Reply
Posted by joye121
Current Conversations nice good work
In reply to: new york
Post Your Own Reply
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "I've seen worse.  Last week Tim had a dragon."
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.