Vulnerabilities / Threats // Advanced Threats
News & Commentary
SIEM Training Needs a Better Focus on the Human Factor
Justin Henderson, SANS Instructor and CEO of H & A Security SolutionsCommentary
The problem with security information and event management systems isn't the solutions themselves but the training that people receive.
By Justin Henderson SANS Instructor and CEO of H & A Security Solutions, 7/18/2017
Comment1 Comment  |  Read  |  Post a Comment
How Security Pros Can Help Protect Patients from Medical Data Theft
Reza Chapman, Managing Director, Cybersecurity, for Accenture's Global  Healthcare BusinessCommentary
The healthcare industry has been slow to address the dangers of hacking, and breaches are on the rise. Security pros must be more proactive in keeping people safe.
By Reza Chapman Managing Director, Cybersecurity, for Accenture's Global Healthcare Business, 7/13/2017
Comment0 comments  |  Read  |  Post a Comment
Dealing with Due Diligence
Eldon Sprickerhoff, Founder and Chief Security Strategist,  eSentireCommentary
Companies will find themselves evaluating third-party cybersecurity more than ever -- and being subject to scrutiny themselves. Here's how to handle it.
By Eldon Sprickerhoff Founder and Chief Security Strategist, eSentire, 7/12/2017
Comment2 comments  |  Read  |  Post a Comment
The SOC Is DeadLong Live the SOC
Dan Koloski, Vice President, Oracle's Systems Management and Security  products groupCommentary
The traditional security operations center can't deal with present reality. We must rethink the concept in a way that prepares for the future.
By Dan Koloski Vice President, Oracle's Systems Management and Security products group, 7/7/2017
Comment1 Comment  |  Read  |  Post a Comment
The Growing Danger of IP Theft and Cyber Extortion
Robert McFarlane, Chief Revenue OfficerCommentary
The recent hacks of Disney and Netflix show the jeopardy that intellectual property and company secrets are in, fueled by cheap hacking tools and cryptocurrencies.
By Robert McFarlane Chief Revenue Officer, 7/6/2017
Comment1 Comment  |  Read  |  Post a Comment
The Problem with Data
Mike Baukes, Co-Founder & Co-CEO, UpGuardCommentary
The sheer amount of data that organizations collect makes it both extremely valuable and dangerous. Business leaders must do everything possible to keep it safe.
By Mike Baukes Co-Founder & Co-CEO, UpGuard, 7/3/2017
Comment1 Comment  |  Read  |  Post a Comment
Recovering from Bad Decisions in the Cloud
Jeff Schilling, Chief Security Officer, ArmorCommentary
The cloud makes it much easier to make changes to security controls than in traditional networks.
By Jeff Schilling Chief Security Officer, Armor, 6/26/2017
Comment1 Comment  |  Read  |  Post a Comment
FireEye CEO Shares State of IT Threat Landscape
InformationWeek Staff, CommentaryVideo
FireEye CEO Kevin Mandia talks about the state of the IT threat landscape and where enterprises should focus their attention when it comes to cybersecurity.
By InformationWeek Staff , 6/23/2017
Comment0 comments  |  Read  |  Post a Comment
The Folly of Vulnerability & Patch Management for ICS Networks
Galina Antova & Patrick McBride, Co-founder & Chief Marketing Officer, ClarotyCommentary
Yes, such efforts matter. But depending on them can give a false sense of security.
By Galina Antova & Patrick McBride Co-founder & Chief Marketing Officer, Claroty, 6/21/2017
Comment1 Comment  |  Read  |  Post a Comment
Feds Call on Contractors to Play Ball in Mitigating Insider Threats
Thomas Jones, Federal Systems Engineer at Bay DynamicsCommentary
It's said that you're only as strong as your weakest player. That's as true in security as it is in sports.
By Thomas Jones Federal Systems Engineer at Bay Dynamics, 6/20/2017
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Fact vs. Fiction
Marc Laliberte, Information Security Threat Analyst, WatchGuard TechnologiesCommentary
Based on popular media, it's easy to be concerned about the security of smart cars, homes, medical devices, and public utilities. But how truly likely are such attacks?
By Marc Laliberte Information Security Threat Analyst, WatchGuard Technologies, 6/20/2017
Comment2 comments  |  Read  |  Post a Comment
Rise of Nation State Threats: How Can Businesses Respond?
Kelly Sheridan, Associate Editor, Dark ReadingNews
Cybersecurity experts discuss nation-state threats of greatest concerns, different types of attacks, and how organization can prepare.
By Kelly Sheridan Associate Editor, Dark Reading, 6/19/2017
Comment0 comments  |  Read  |  Post a Comment
Invisible Invaders: Why Detecting Bot Attacks Is Becoming More Difficult
Ido Safruti,  Founder and CTO at PerimeterXCommentary
Traditional methods can't block the latest attackers, but a behavioral approach can tell the difference between bots and humans.
By Ido Safruti Founder and CTO at PerimeterX, 6/19/2017
Comment0 comments  |  Read  |  Post a Comment
Why Your AppSec Program Is Doomed to Fail & How to Save It
Rohit Sethi, COO of Security CompassCommentary
With these measures in place, organizations can avoid common pitfalls.
By Rohit Sethi COO of Security Compass, 6/16/2017
Comment0 comments  |  Read  |  Post a Comment
Trumps Executive Order: What It Means for US Cybersecurity
Carson Sweet, Co-Founder & CTO, CloudPassageCommentary
The provisions are all well and good, but its hardly the first time theyve been ordered by the White House.
By Carson Sweet Co-Founder & CTO, CloudPassage, 6/15/2017
Comment0 comments  |  Read  |  Post a Comment
How Smart Cities Can Minimize the Threat of Cyberattacks
Todd Thibodeaux, President & CEO, CompTIACommentary
As cities face the digital future, governments must prioritize cybersecurity protocols to mitigate attacks that could cripple entire communities.
By Todd Thibodeaux President & CEO, CompTIA, 6/14/2017
Comment0 comments  |  Read  |  Post a Comment
The Detection Trap: Improving Cybersecurity by Learning from the Secret Service
Nathaniel Gleicher, Head of Cybersecurity Strategy, IllumioCommentary
Intruders often understand the networks they target better than their defenders do.
By Nathaniel Gleicher Head of Cybersecurity Strategy, Illumio, 6/12/2017
Comment2 comments  |  Read  |  Post a Comment
Your Information Isn't Being Hacked, It's Being Neglected
Mike Baukes, Co-Founder & Co-CEO, UpGuardCommentary
To stop customer information from being compromised, we must shore up the most vulnerable parts first, the day-to-day IT operations work that builds, configures, and changes systems.
By Mike Baukes Co-Founder & Co-CEO, UpGuard, 6/9/2017
Comment1 Comment  |  Read  |  Post a Comment
Balancing the Risks of the Internet of Things
Darren Anstee, Chief Technology Officer at Arbor NetworksCommentary
Do the benefits of an Internet-connected coffee maker really outweigh its security issues?
By Darren Anstee Chief Technology Officer at Arbor Networks, 6/7/2017
Comment0 comments  |  Read  |  Post a Comment
Rethinking Vulnerabilities: Network Infrastructure as a Software System
Brighten Godfrey, Co-founder and CTO, VeriflowCommentary
Increasing complexity is putting networks at risk. It's time to shift our security approach and take some lessons from software development.
By Brighten Godfrey Co-founder and CTO, Veriflow, 5/31/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by [email protected]
Current Conversations Hi, On the subject of Cybersecurity Conferences, this link might be of interest: (Events in Las Vegas) > https://infosec-conferences.com/events/cybersecurity-conferences-las-vegas/ Thanks
In reply to: Might be of interest to your readers
Post Your Own Reply
More Conversations
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: No, you were supposed to display UNICODE characters!
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] Assessing Cybersecurity Risk
[Strategic Security Report] Assessing Cybersecurity Risk
As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.