Vulnerabilities / Threats // Advanced Threats
News & Commentary
Discover a Data Breach? Try Compassion First
Daniel Schwalbe, Deputy Chief Information Security Officer, Farsight  Security, Inc.Commentary
The reactions to a big data breach often resemble the five stages of grief, so a little empathy is needed.
By Daniel Schwalbe Deputy Chief Information Security Officer, Farsight Security, Inc., 8/16/2017
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity: The Responsibility of Everyone
Ger Daly & Kevin O'Brien, Senior Managing Director, Defense and Public  Safety, Accenture Global & Senior Managing Director,  Defense and Public Safety, Accenture GlobalCommentary
The battle against cybercrime can only be won if we're all focused on the same goals. Here are four ways you can get involved.
By Ger Daly & Kevin O'Brien Senior Managing Director, Defense and Public Safety, Accenture Global & Senior Managing Director, Defense and Public Safety, Accenture Global, 8/15/2017
Comment0 comments  |  Read  |  Post a Comment
What CISOs Need to Know about the Psychology behind Security Analysis
Kumar Saurabh, CEO and co-founder of LogicHubCommentary
Bandwidth, boredom and cognitive bias are three weak spots that prevent analysts from identifying threats. Here's how to compensate.
By Kumar Saurabh CEO and co-founder of LogicHub, 8/14/2017
Comment0 comments  |  Read  |  Post a Comment
Taking Down the Internet Has Never Been Easier
Bogdan Botezatu, Senior E-threat Analyst, BitdefenderCommentary
Is there a reason why the Internet is so vulnerable? Actually, there are many, and taking steps to remain protected is crucial.
By Bogdan Botezatu Senior E-threat Analyst, Bitdefender, 8/10/2017
Comment0 comments  |  Read  |  Post a Comment
Uptick in Malware Targets the Banking Community
Geoffrey Pamerleau, senior ethical hacker, Threat  Resistance Unit, ArmorCommentary
A number of recent attacks, using tactics old and new, have made off with an astonishing amount of money. How can financial institutions fight back?
By Geoffrey Pamerleau senior ethical hacker, Threat Resistance Unit, Armor, 8/9/2017
Comment0 comments  |  Read  |  Post a Comment
Automating Defenses Against Assembly-Line Attacks
Derek Manky, Global Security Strategist, FortinetCommentary
A manual approach just won't cut it anymore. Here's a toolset to defeat automation and unify control across all attack vectors to stop automated attacks.
By Derek Manky Global Security Strategist, Fortinet, 8/8/2017
Comment0 comments  |  Read  |  Post a Comment
Digital Crime-Fighting: The Evolving Role of Law Enforcement
Travis Farral, Director of Security Strategy​ ​at AnomaliCommentary
Law enforcement, even on a local level, has a new obligation to establish an effective framework for combating online crime.
By Travis Farral Director of Security Strategy​ ​at Anomali, 8/1/2017
Comment2 comments  |  Read  |  Post a Comment
DevOps Security & the Culture of 'Yes'
Michael Feiertag, CEO and Co-Founder, tCellCommentary
Communication, collaboration, and the use of production data to drive decisions are essential for security work in a DevOps world.
By Michael Feiertag CEO and Co-Founder, tCell, 7/31/2017
Comment1 Comment  |  Read  |  Post a Comment
Dark Reading News Desk Live at Black Hat USA 2017
Dark Reading Staff, Commentary
Over 40 interviews streaming live right from Black Hat USA, July 26-27, from 2 p.m. - 7 p.m. Eastern Time (11 - 4 P.T.).
By Dark Reading Staff , 7/27/2017
Comment4 comments  |  Read  |  Post a Comment
Facebook Offers $1 Million for New Security Defenses
Dawn Kawamoto, Associate Editor, Dark ReadingNews
The social media giant has increased the size of its Internet Defense Prize program in order to spur more research into ways to defend users against the more prevalent and common methods of attack.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/26/2017
Comment0 comments  |  Read  |  Post a Comment
10 Critical Steps to Create a Culture of Cybersecurity
Edward J. McAndrew, Partner & Co-Chair, Privacy & Data Security  Group, Ballard Spahr LLP, Faculty Member of the Compliance, Governance &  Oversight CouncilCommentary
Businesses are more vulnerable than they need to be. Here's what you should do about it.
By Edward J. McAndrew Partner & Co-Chair, Privacy & Data Security Group, Ballard Spahr LLP, Faculty Member of the Compliance, Governance & Oversight Council, 7/26/2017
Comment2 comments  |  Read  |  Post a Comment
SIEM Training Needs a Better Focus on the Human Factor
Justin Henderson, SANS Instructor and CEO of H & A Security SolutionsCommentary
The problem with security information and event management systems isn't the solutions themselves but the training that people receive.
By Justin Henderson SANS Instructor and CEO of H & A Security Solutions, 7/18/2017
Comment1 Comment  |  Read  |  Post a Comment
How Security Pros Can Help Protect Patients from Medical Data Theft
Reza Chapman, Managing Director, Cybersecurity, for Accenture's Global  Healthcare BusinessCommentary
The healthcare industry has been slow to address the dangers of hacking, and breaches are on the rise. Security pros must be more proactive in keeping people safe.
By Reza Chapman Managing Director, Cybersecurity, for Accenture's Global Healthcare Business, 7/13/2017
Comment0 comments  |  Read  |  Post a Comment
Dealing with Due Diligence
Eldon Sprickerhoff, Founder and Chief Security Strategist,  eSentireCommentary
Companies will find themselves evaluating third-party cybersecurity more than ever -- and being subject to scrutiny themselves. Here's how to handle it.
By Eldon Sprickerhoff Founder and Chief Security Strategist, eSentire, 7/12/2017
Comment3 comments  |  Read  |  Post a Comment
The SOC Is DeadLong Live the SOC
Dan Koloski, Vice President, Oracle's Systems Management and Security  products groupCommentary
The traditional security operations center can't deal with present reality. We must rethink the concept in a way that prepares for the future.
By Dan Koloski Vice President, Oracle's Systems Management and Security products group, 7/7/2017
Comment1 Comment  |  Read  |  Post a Comment
The Growing Danger of IP Theft and Cyber Extortion
Robert McFarlane, Chief Revenue OfficerCommentary
The recent hacks of Disney and Netflix show the jeopardy that intellectual property and company secrets are in, fueled by cheap hacking tools and cryptocurrencies.
By Robert McFarlane Chief Revenue Officer, 7/6/2017
Comment1 Comment  |  Read  |  Post a Comment
The Problem with Data
Mike Baukes, Co-Founder & Co-CEO, UpGuardCommentary
The sheer amount of data that organizations collect makes it both extremely valuable and dangerous. Business leaders must do everything possible to keep it safe.
By Mike Baukes Co-Founder & Co-CEO, UpGuard, 7/3/2017
Comment1 Comment  |  Read  |  Post a Comment
Recovering from Bad Decisions in the Cloud
Jeff Schilling, Chief Security Officer, ArmorCommentary
The cloud makes it much easier to make changes to security controls than in traditional networks.
By Jeff Schilling Chief Security Officer, Armor, 6/26/2017
Comment1 Comment  |  Read  |  Post a Comment
FireEye CEO Shares State of IT Threat Landscape
InformationWeek Staff, CommentaryVideo
FireEye CEO Kevin Mandia talks about the state of the IT threat landscape and where enterprises should focus their attention when it comes to cybersecurity.
By InformationWeek Staff , 6/23/2017
Comment0 comments  |  Read  |  Post a Comment
The Folly of Vulnerability & Patch Management for ICS Networks
Galina Antova & Patrick McBride, Co-founder & Chief Marketing Officer, ClarotyCommentary
Yes, such efforts matter. But depending on them can give a false sense of security.
By Galina Antova & Patrick McBride Co-founder & Chief Marketing Officer, Claroty, 6/21/2017
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: No, no, no! Have a Unix CRON do the pop-up reminders!
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The Impact of a Security Breach 2017
The Impact of a Security Breach 2017
Despite the escalation of cybersecurity staffing and technology, enterprises continue to suffer data breaches and compromises at an alarming rate. How do these breaches occur? How are enterprises responding, and what is the impact of these compromises on the business? This report offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.