Vulnerabilities / Threats //

Advanced Threats

News & Commentary
Why Hackers Are in Such High Demand, and How They're Affecting Business Culture
Jaime Blasco, Vice President and Chief Scientist at AlienVaultCommentary
White hat hackers bring value to organizations and help them defend against today's advanced threats.
By Jaime Blasco Vice President and Chief Scientist at AlienVault, 12/14/2017
Comment1 Comment  |  Read  |  Post a Comment
Cyberattack: It Can't Happen to Us (Until It Does)
Todd Thibodeaux, President & CEO, CompTIACommentary
Just because your small or medium-sized business isn't as well known as Equifax or Yahoo doesn't mean you're immune to becoming a cybercrime victim.
By Todd Thibodeaux President & CEO, CompTIA, 12/6/2017
Comment0 comments  |  Read  |  Post a Comment
Deception: Why It's Not Just Another Honeypot
Carolyn Crandall, Chief Deception Officer at Attivo NetworksCommentary
The technology has made huge strides in evolving from limited, static capabilities to adaptive, machine learning deception.
By Carolyn Crandall Chief Deception Officer at Attivo Networks, 12/1/2017
Comment0 comments  |  Read  |  Post a Comment
Lawsuits Pile Up on Uber
Steve Zurier, Freelance WriterNews
Washington AG files multimillion-dollar consumer protection lawsuit; multiple states also confirm they are investigating the Uber breach, which means more lawsuits may follow.
By Steve Zurier Freelance Writer, 11/30/2017
Comment2 comments  |  Read  |  Post a Comment
Why Security Depends on Usability -- and How to Achieve Both
Tyler Shields,  VP of Marketing, Strategy & Partnerships,  Signal SciencesCommentary
Any initiative that reduces usability will have consequences that make security less effective.
By Tyler Shields VP of Marketing, Strategy & Partnerships, Signal Sciences, 11/29/2017
Comment1 Comment  |  Read  |  Post a Comment
Git Some Security: Locking Down GitHub Hygiene
Ericka Chickowski, Contributing Writer, Dark ReadingNews
In the age of DevOps and agile development practices that lean heavily on GitHub and other cloud resources, strong controls are more important than ever.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/28/2017
Comment0 comments  |  Read  |  Post a Comment
8 Low or No-Cost Sources of Threat Intelligence
Steve Zurier, Freelance Writer
Heres a list of sites that for little or no cost give you plenty of ideas for where to find first-rate threat intelligence.
By Steve Zurier Freelance Writer, 11/27/2017
Comment2 comments  |  Read  |  Post a Comment
Tips to Protect the DNS from Data Exfiltration
Herv Dhlin, VP of Strategy at EfficientIPCommentary
If hackers break in via the Domain Name System, most business wouldn't know until it's too late. These tips can help you prepare.
By Herv Dhlin VP of Strategy at EfficientIP, 11/17/2017
Comment0 comments  |  Read  |  Post a Comment
Forget APTs: Let's Talk about Advanced Persistent Infrastructure
Curtis Jordan, Lead Security Engineer, TruSTARCommentary
Understanding how bad guys reuse infrastructure will show you the areas of your network to target when investigating new threats and reiteration of old malware.
By Curtis Jordan Lead Security Engineer, TruSTAR, 11/16/2017
Comment1 Comment  |  Read  |  Post a Comment
Deception Technology: Prevention Reimagined
Ofer Israeli, CEO & Founder, Illusive NetworksCommentary
How state-of-the-art tools make it practical and cost-effective to identify and engage attackers in early lateral movement stages to prevent them from reaching critical systems and data.
By Ofer Israeli CEO & Founder, Illusive Networks, 11/15/2017
Comment1 Comment  |  Read  |  Post a Comment
What the NFL Teaches Us about Fostering a Champion Security Team
Richard Henderson, Global Security Strategist, AbsoluteCommentary
Cybersecurity experts can learn how to do a better job by keeping a close eye on the gridiron.
By Richard Henderson Global Security Strategist, Absolute, 11/14/2017
Comment1 Comment  |  Read  |  Post a Comment
How to Leverage the Rosetta Stone of Information Sharing
Stephen Horvath, Vice President, Strategy & Vision, at Telos CorporationCommentary
A common framework will help in the development of cyber-risk management efforts.
By Stephen Horvath Vice President, Strategy & Vision, at Telos Corporation, 11/13/2017
Comment0 comments  |  Read  |  Post a Comment
6 Steps for Sharing Threat Intelligence
Steve Zurier, Freelance Writer
Industry experts offer specific reasons to share threat information, why it's important - and how to get started.
By Steve Zurier Freelance Writer, 11/10/2017
Comment1 Comment  |  Read  |  Post a Comment
Hypervisors: Now a Tool to Protect against Security Blind Spots
Shaun Donaldson, Director of Strategic Alliances, Bitdefender EnterpriseCommentary
By facilitating live introspection of virtual machine memory, the Xen Project is striving to eliminate stealthy attack techniques like EternalBlue.
By Shaun Donaldson Director of Strategic Alliances, Bitdefender Enterprise, 11/9/2017
Comment0 comments  |  Read  |  Post a Comment
4 Proactive Steps to Avoid Being the Next Data Breach Victim
Joshua Bevitz, Partner at Newmeyer & DillionCommentary
Despite highly publicized data breaches, most companies are not taking the necessary actions to prevent them.
By Joshua Bevitz Partner at Newmeyer & Dillion, 11/7/2017
Comment0 comments  |  Read  |  Post a Comment
When Ransomware Strikes: 7 Steps You Can Take Now to Prepare
Patrick Hill, Atlassian SRE Solutions LeadCommentary
Ransomware is still on the rise. These operational tips can help lessen the blow if you're hit.
By Patrick Hill Atlassian SRE Solutions Lead, 11/6/2017
Comment1 Comment  |  Read  |  Post a Comment
How AI Can Help Prevent Data Breaches in 2018 and Beyond
Rick Grinnell, Managing Partner of Glasswing VenturesCommentary
Artificial intelligence startups are tackling four key areas that will help companies avoid becoming the next Equifax.
By Rick Grinnell Managing Partner of Glasswing Ventures, 11/1/2017
Comment0 comments  |  Read  |  Post a Comment
A Checklist for Securing the Internet of Things
Naresh Persaud,  Senior Director, Security, for CA TechnologiesCommentary
IoT devices promise endless benefits, but they also come with serious security issues. Use this checklist to make sure your company stays safe.
By Naresh Persaud Senior Director, Security, for CA Technologies, 10/26/2017
Comment9 comments  |  Read  |  Post a Comment
Why Patching Software Is Hard: Organizational Challenges
Teri Radichel, Director of Security Strategy and Research  at WatchGuard TechnologiesCommentary
The Equifax breach shows how large companies can stumble when it comes to patching. Organizational problems can prevent best practices from being enforced.
By Teri Radichel Director of Security Strategy and Research at WatchGuard Technologies, 10/25/2017
Comment0 comments  |  Read  |  Post a Comment
Why Patching Software Is Hard: Technical Challenges
Teri Radichel, Director of Security Strategy and Research  at WatchGuard TechnologiesCommentary
Huge companies like Equifax can stumble over basic technical issues. Here's why.
By Teri Radichel Director of Security Strategy and Research at WatchGuard Technologies, 10/24/2017
Comment6 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity Ventures,  12/11/2017
BlueBorne Attack Highlights Flaws in Linux, IoT Security
Kelly Sheridan, Associate Editor, Dark Reading,  12/14/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.