News & Commentary

Latest Content
Page 1 / 2   >   >>
Cybercrime Economy Generates $1.5 Trillion a Year
News  |  4/20/2018
Threat actors generate, launder, spend, and reinvest more than $1.5 trillion in illicit funds, according to a new study on cybercrime's 'web of profit.'
Trust: The Secret Ingredient to DevSecOps Success
News  |  4/20/2018
Security practitioners must build trusted relationships with developers and within cross-functional DevOps teams to get themselves embedded into continuous software delivery processes.
SunTrust Ex-Employee May Have Stolen Data on 1.5 Million Bank Clients
Quick Hits  |  4/20/2018
Names, addresses, phone numbers, account balances, may have been exposed.
DNC Sues Guccifer 2.0, Russian Federation & Trump Campaign for Election Conspiracy
Quick Hits  |  4/20/2018
DNC first hacked by Russians in 2015, according to the filing.
Biometrics Are Coming & So Are Security Concerns
Commentary  |  4/20/2018
Could these advanced technologies be putting user data at risk?
At RSAC, SOC 'Sees' User Behaviors
News  |  4/20/2018
Instruments at the RSA Security Operations Center give analysts insight into attendee behavior on an open network.
Microsoft CISO Talks Threat Intel, 'Data Inclusion'
News  |  4/19/2018
Dark Reading caught up with Microsoft's Bret Arsenault to discuss intelligence, identity, and the need to leverage more diverse datasets.
Firms More Likely to Tempt Security Pros With Big Salaries than Invest in Training
Quick Hits  |  4/19/2018
Booz Allen survey shows most organizations' answer to the security skills shortage may be unsustainable.
Free endpoint scanning service powered by Open Threat Exchange
Free endpoint scanning service powered by Open Threat Exchange
Dark Reading Videos  |  4/19/2018
Russ Spitler, AlienVaults SVP of product strategy, explains how security pros can leverage the community-powered threat intelligence of OTX which sees more than 19 million IoCs contributed daily by a global community of 80,000 peers to quickly protect themselves against emerging attacks.
Can AI improve your endpoint detection and response?
Can AI improve your endpoint detection and response?
Dark Reading Videos  |  4/19/2018
To intervene with optimum efficiency, response team needs to zero in on the most potentially dangerous endpoint anomalies first. And according to Harish Agastya, VP of Enterprise Solutions at Bitdefender, machine learning-assisted EDR can help you do exactly that.
Should CISOs Be Hackers?
Should CISOs Be Hackers?
Dark Reading Videos  |  4/19/2018
Justin Calmus, Chief Security Officer at OneLogin, believes that cybersecurity professionals including CISOs and other security team leaders can be much more effective at their jobs if they stay actively engaged with hacking communities that keep them on their toes and give them deep insight into attack trends.
Successfully Using Deception Against APTs
Successfully Using Deception Against APTs
Dark Reading Videos  |  4/19/2018
According to Illusive CEO Ofer Israeli, deception technology can provide a vital layer of protection from advanced persistent threats (APTs) by presenting attackers with seemingly genuine servers that both divert them from high-value digital assets and make it easier to pinpoint malicious network activity.
Securing Social Media: National Safety, Privacy Concerns
News  |  4/19/2018
It's a critical time for social media platforms and the government agencies and private businesses and individuals using them.
Protecting Data Anywhere and Everywhere
Protecting Data Anywhere and Everywhere
Dark Reading Videos  |  4/19/2018
SecurityFirst CEO Jim Varner explains how resellers and MSPs can work with their clients to ensure that all of their business-critical data everywhere can be kept safe from attackers and readily available for disaster recovery even as threats intensify and digital assets are dispersed across multiple clouds.
Addressing the Skills Shortfall on Your Infosec Team
Addressing the Skills Shortfall on Your Infosec Team
Dark Reading Videos  |  4/19/2018
Given intensifying threats and limited infosec budgets, Endgame CTO Jamie Butler suggests that security leaders deploy tools that leverage machine learning, chatbots, and other technologies to make Tier 1/Tier 2 staff much more effective at stopping even relatively sophisticated attacks.
Using Carrier Intelligence to Validate Mobile User Identity
Using Carrier Intelligence to Validate Mobile User Identity
Dark Reading Videos  |  4/19/2018
To confidently validate the identity of mobile users without adding business-killing friction to login and on-boarding processes, Lea Tarnowski and Wendell Brown of Averon suggest leveraging the intelligence mobile carriers already have about their customers.
First Public Demo of Data Breach via IoT Hack Comes to RSAC
News  |  4/19/2018
At RSA Conference, senior researchers will show how relatively unskilled attackers can steal personally identifiable information without coming into contact with endpoint security tools.
How to Protect Industrial Control Systems from State-Sponsored Hackers
Commentary  |  4/19/2018
US-CERT recently issued an alert about Russian threat activity against infrastructure sectors. Is there a way to fight back?
Researchers Discover Second rTorrent Vulnerability Campaign
Partner Perspectives  |  4/19/2018
This time attackers appears to have spoofed the Recording Industry Association of America (RIAA) and New York University (NYU) user-agents.
DHS Helps Shop Android IPS Prototype
News  |  4/18/2018
A MITRE-developed intrusion prevention system for mobile technology is showcased here this week at the RSA Conference.
70% of Energy Firms Worry About Physical Damage from Cyberattacks
Quick Hits  |  4/18/2018
High-profile ICS attacks Triton/Trisis, Industroyer/CrashOverride, and Stuxnet have driven energy firms to invest more in cybersecurity, survey shows.
The Role of KPIs in Incident Response
Commentary  |  4/18/2018
Using KPIs can have a positive impact on the tactical and strategic functions of a security operations program.
Cyber War Game Shows How Federal Agencies Disagree on Incident Response
News  |  4/18/2018
Former officials at DHS, DOJ, and DOD diverge on issues of attribution and defining what constitutes an act of cyber war.
Stopping Bots and Credential Stuffing: A Smarter Strategy
Stopping Bots and Credential Stuffing: A Smarter Strategy
Dark Reading Videos  |  4/18/2018
Patrick Sullivan, Senior Director Security Strategy at Akamai Technologies, explains why cybersecurity teams need better mechanisms for controlling bot activity and why all bots are not created equal.
Leveraging Threat Intelligence across Infosec Roles
Leveraging Threat Intelligence across Infosec Roles
Dark Reading Videos  |  4/18/2018
Allan Liska, Senior Security Architect at Recorded Future, believes everyone in the infosec team including vulnerability management and threat response staff can take greater advantage of available threat intelligence to more effectively and efficiently mitigate risk.
Practically Applying Threat Intelligence to Your Business
Practically Applying Threat Intelligence to Your Business
Dark Reading Videos  |  4/18/2018
Travis Farral, Director of Security Strategy at Anomali, believes cybersecurity teams can operate much more efficiently by better identifying the specific threats that endanger their environment and by better understanding the potential impacts of those specific threats.
Enabling Appropriate User Access in a Zero Trust World
Enabling Appropriate User Access in a Zero Trust World
Dark Reading Videos  |  4/18/2018
Bill Mann, Chief Product Officer at Centrify, suggests some strategies for securing todays perimeter-less enterprise environments including stronger enforcement of well-defined policies for user access, integration of security into DevOps processes, and smarter use of ML for anomaly detection.
Keeping the Business Safe Across Hybrid Cloud Environments
Keeping the Business Safe Across Hybrid Cloud Environments
Dark Reading Videos  |  4/18/2018
Aggressive cloud adoption increases threat surface and makes it more difficult for infosec teams to keep track of what the business is doing. Donald Meyer, Head of Data Center and Cloud at Check Point Software, explains how infosec teams can more effectively mitigate risk without hampering business agility.
Beating Zero-Payload/Fileless Attacks with Unified EPP/EDR
Beating Zero-Payload/Fileless Attacks with Unified EPP/EDR
Dark Reading Videos  |  4/18/2018
To cope with todays fileless endpoint attacks especially those that arent precisely similar to previously known exploits Tomer Weingarten and Nicholas Warner of SentinelOne suggest a unified EPP/EDR approach that includes visibility into the dangers lurking within encrypted network traffic.
Optimizing the Security Awareness of Your End-Users
Optimizing the Security Awareness of Your End-Users
Dark Reading Videos  |  4/18/2018
End-users can be the weakest link in your infosec defense. But according to KnowBe4 founder and CEO Stu Sjouwerman, there is something you can do about that if you implement the right behavioral diagnostics and focus your training needs on individual users actual weaknesses.
Latest News from RSAC 2018
News  |  4/18/2018
Check out Dark Reading's exclusive coverage of the news and security themes that are dominating RSA Conference 2018 this week in San Francisco.
How to Leverage Artificial Intelligence for Cybersecurity
Partner Perspectives  |  4/18/2018
AI and predictive analytics should be used to augment a companys security team, not replace it. Here's why.
Data Visibility, Control Top Cloud Concerns at RSA
News  |  4/18/2018
As the traditional perimeter dissolves and sensitive data moves to the cloud, security experts at RSA talk about how they're going to protect it.
2018 RSA Conference: Execs Push Cooperation, Culture & Civilian Safety
News  |  4/17/2018
On the keynote stage, execs from Microsoft and McAfee introduced a new Cybersecurity Tech Accord.
Trump Administration Cyber Czar Rob Joyce to Return to the NSA
News  |  4/17/2018
First year of Trump White House's cybersecurity policy mostly followed in the footsteps of the Obama administration.
NIST Seeking Comments on New AppSec Practices Standards
News  |  4/17/2018
Working in conjunction with SAFECode, NIST is opening the floor to suggestions at RSA about secure software development life cycle guidelines.
8 Ways Hackers Monetize Stolen Data
Slideshows  |  4/17/2018
Hackers are craftier than ever, pilfering PII piecemeal so bad actors can combine data to set up schemes to defraud medical practices, steal military secrets and hijack R&D product information.
Why We Need Privacy Solutions That Scale Across Borders
Commentary  |  4/17/2018
New privacy solutions are becoming scalable, smarter, and easier to address compliance across industries and geographies.
New Malware Adds RAT to a Persistent Loader
News  |  4/17/2018
A newly discovered variant of a long-known malware loader adds the ability to control the victim from afar.
Microsoft to Roll Out Azure Sphere for IoT Security
News  |  4/16/2018
Azure Sphere, now in preview, is a three-part program designed to secure the future of connected devices and powered by its own custom version of Linux.
DevOps May Be Cause of and Solution to Open Source Component Chaos
News  |  4/16/2018
DevOps is accelerating the trend of componentized development approaches, but its automation can also help enforce better governance and security.
Companies Still Suffering From Poor Credential Hygiene: New Report
Quick Hits  |  4/16/2018
Credentials are being mis-handled and it's hurting most companies, according to a new report out today.
INsecurity Conference Seeks Security Pros to Speak on Best Practices
News  |  4/16/2018
Dark Reading's second annual data defense conference will be held Oct. 23-25 in Chicago; call for speakers is issued.
How GDPR Forces Marketers to Rethink Data & Security
Commentary  |  4/16/2018
The European regulation is making marketing technology companies re-examine their security, and that's a good thing.
Symantec Now Offers Threat Detection Tools Used by its Researchers
Quick Hits  |  4/16/2018
TAA now is part of Symantec's Integrated Cyber Defense Platform.
Large Majority of Businesses Store Sensitive Data in Cloud Despite Lack of Trust
News  |  4/16/2018
Researchers report 97% of survey respondents use some type of cloud service but continue to navigate issues around visibility and control.
7 Non-Financial Data Types to Secure
Slideshows  |  4/14/2018
Credit card and social security numbers aren't the only sensitive information that requires protection.
Power Line Vulnerability Closes Air Gap
Quick Hits  |  4/13/2018
A new demonstration of malware shows that air-gapped computers may still be at risk.
Cisco, ISARA to Test Hybrid Classic, Quantum-Safe Digital Certificates
News  |  4/13/2018
Goal is to make it easier for organizations to handle the migration to quantum computing when it becomes available.
Page 1 / 2   >   >>


8 Ways Hackers Monetize Stolen Data
Steve Zurier, Freelance Writer,  4/17/2018
Securing Social Media: National Safety, Privacy Concerns
Kelly Sheridan, Staff Editor, Dark Reading,  4/19/2018
Firms More Likely to Tempt Security Pros With Big Salaries than Invest in Training
Sara Peters, Senior Editor at Dark Reading,  4/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.