Vulnerabilities / Threats //

Advanced Threats

News & Commentary
Looking Back to Look Ahead: Cyber Threat Trends to Watch
Derek Manky, Global Security Strategist, FortinetCommentary
Data from the fourth quarter of last year shows the state of application exploits, malicious software, and botnets.
By Derek Manky Global Security Strategist, Fortinet, 3/23/2018
Comment0 comments  |  Read  |  Post a Comment
5 Ways to Get Ready for Public Cloud Deployment
Rinki Sethi, Senior Director of Security Operations and Strategy of  Palo Alto NetworksCommentary
Syncing security and product development early is now a "must do."
By Rinki Sethi Senior Director of Security Operations and Strategy of Palo Alto Networks, 3/22/2018
Comment0 comments  |  Read  |  Post a Comment
GandCrab Ransomware Goes 'Agile'
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
GandCrab ransomware's developers have iterated the code rapidly, researchers found.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/21/2018
Comment0 comments  |  Read  |  Post a Comment
How Serverless Computing Reshapes Security
Guy Podjarny, CEO & Cofounder, SnykCommentary
The new division of responsibility moves some security concerns off a business's plate while changing priorities for other risks.
By Guy Podjarny CEO & Cofounder, Snyk, 3/21/2018
Comment0 comments  |  Read  |  Post a Comment
Segmentation: The Neglected (Yet Essential) Control
John Moynihan, President, Minuteman GovernanceCommentary
Failure to deploy measures to contain unauthorized intruders is a recipe for digital disaster.
By John Moynihan President, Minuteman Governance, 3/14/2018
Comment1 Comment  |  Read  |  Post a Comment
What's the C-Suite Doing About Mobile Security?
Anne Bonaparte, CEO of AppthorityCommentary
While most companies have security infrastructure for on-premises servers, networks, and endpoints, too many are ignoring mobile security. They'd better get moving.
By Anne Bonaparte CEO of Appthority, 3/13/2018
Comment0 comments  |  Read  |  Post a Comment
7 University-Connected Cyber Ranges to Know Now
Curtis Franklin Jr., Senior Editor at Dark Reading
Universities are beginning to add cyber ranges to the facilities for teaching cyber security to students and professionals.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/9/2018
Comment0 comments  |  Read  |  Post a Comment
Connected Cars Pose New Security Challenges
James Plouffe, Lead Architect at MobileIronCommentary
The auto industry should seize the opportunity and get in front of this issue.
By James Plouffe Lead Architect at MobileIron, 3/6/2018
Comment3 comments  |  Read  |  Post a Comment Goes Away, Panic Ensues
Dark Reading Staff, Quick Hits
Turns out the Carnegie Mellon CERT just moved to a newly revamped CMU Software Engineering Institute website.
By Dark Reading Staff , 3/5/2018
Comment0 comments  |  Read  |  Post a Comment
How & Why the Cybersecurity Landscape Is Changing
Zeus Kerravala, Founder and Principal Analyst, ZK ResearchCommentary
A comprehensive new report from Cisco should "scare the pants off" enterprise security leaders.
By Zeus Kerravala Founder and Principal Analyst, ZK Research, 3/1/2018
Comment0 comments  |  Read  |  Post a Comment
Why Cryptocurrencies Are Dangerous for Enterprises
David Shefter, Chief Technology Officer at Ziften TechnologiesCommentary
When employees mine coins with work computers, much can go wrong. But there are some ways to stay safe.
By David Shefter Chief Technology Officer at Ziften Technologies, 2/28/2018
Comment1 Comment  |  Read  |  Post a Comment
6 Cybersecurity Trends to Watch
Misha Govshteyn, Co-Founder and SVP Products & Marketing, Alert LogicCommentary
Expect more as the year goes on: more breaches, more IoT attacks, more fines
By Misha Govshteyn Co-Founder and SVP Products & Marketing, Alert Logic, 2/26/2018
Comment0 comments  |  Read  |  Post a Comment
SWIFT Network Used in $2 Million Heist at Indian Bank
Dark Reading Staff, Quick Hits
The theft at India's City Union Bank comes on the heels of news that attackers stole $6 million from a Russian bank via SWIFT network last year.
By Dark Reading Staff , 2/20/2018
Comment0 comments  |  Read  |  Post a Comment
Meltdown/Spectre: The First Large-Scale Example of a 'Genetic' Threat
Michael Lines, Vice President, Strategy, Risk, and Compliance Services at  OptivCommentary
These vulnerabilities mark an evolutionary leap forward, and companies must make fighting back a priority.
By Michael Lines Vice President, Strategy, Risk, and Compliance Services at Optiv, 2/20/2018
Comment0 comments  |  Read  |  Post a Comment
13 Russians Indicted for Massive Operation to Sway US Election
Kelly Sheridan, Staff Editor, Dark ReadingNews
Russian nationals reportedly used stolen American identities and infrastructure to influence the 2016 election outcome.
By Kelly Sheridan Staff Editor, Dark Reading, 2/16/2018
Comment6 comments  |  Read  |  Post a Comment
Air Force Awards $12,500 for One Bug
Dark Reading Staff, Quick Hits
The highest single bounty of any federal bug bounty program yet is awarded through Hack the Air Force 2.0.
By Dark Reading Staff , 2/15/2018
Comment1 Comment  |  Read  |  Post a Comment
Fileless Malware: Not Just a Threat, but a Super-Threat
Itay Glick, CEO & Co-founder, VotiroCommentary
Exploits are getting more sophisticated by the day, and cybersecurity technology just isn't keeping up.
By Itay Glick CEO & Co-founder, Votiro, 2/14/2018
Comment0 comments  |  Read  |  Post a Comment
As Primaries Loom, Election Security Efforts Behind Schedule
Dark Reading Staff, Quick Hits
While federal agencies lag on vulnerability assessments and security clearance requests, the bipartisan Defending Digital Democracy Project releases three new resources to help state and local election agencies with cybersecurity, incident response.
By Dark Reading Staff , 2/13/2018
Comment1 Comment  |  Read  |  Post a Comment
Fake News: Could the Next Major Cyberattack Cause a Cyberwar?
Joseph Carson, Chief Security Scientist at ThycoticCommentary
In the way it undercuts trust, fake news is a form of cyberattack. Governments must work to stop it.
By Joseph Carson Chief Security Scientist at Thycotic, 2/13/2018
Comment0 comments  |  Read  |  Post a Comment
Better Security Analytics? Clean Up the Data First!
Dan Koloski, Vice President, Oracle's Systems Management and Security  products groupCommentary
Even the best analytics algorithms using incomplete and unclean data won't yield useful results.
By Dan Koloski Vice President, Oracle's Systems Management and Security products group, 2/12/2018
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
The Case for Integrating Physical Security & Cybersecurity
Paul Kurtz, CEO & Cofounder, TruSTAR Technology,  3/20/2018
A Look at Cybercrime's Banal Nature
Curtis Franklin Jr., Senior Editor at Dark Reading,  3/20/2018
City of Atlanta Hit with Ransomware Attack
Dark Reading Staff 3/23/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.