News & Commentary

Latest Content
Page 1 / 2   >   >>
13 Russians Indicted for Massive Operation to Sway US Election
News  |  2/16/2018  | 
Russian nationals reportedly used stolen American identities and infrastructure to influence the 2016 election outcome.
Siemens Leads Launch of Global Cybersecurity Initiative
News  |  2/16/2018  | 
The new 'Charter of Trust' aims to make security a key element of the digital economy, critical infrastructure.
FedEx Customer Data Exposed on Unsecured S3 Server
Quick Hits  |  2/16/2018  | 
Thousands of documents from US and international citizens were exposed on an Amazon S3 bucket configured for public access.
Rise of the 'Hivenet': Botnets That Think for Themselves
Commentary  |  2/16/2018  | 
These intelligent botnet clusters swarm compromised devices to identify and assault different attack vectors all at once.
Russian Hackers Sentenced in Heartland Payment Systems Breach Case
News  |  2/16/2018  | 
Two more men involved in the massive payment card theft from multiple major US corporations that began in 2007 now sent to federal prison.
Cybercrime Gang Ramps up Ransomware Campaign
News  |  2/15/2018  | 
In the last few weeks, Gold Lowell group has collected over $350K after infecting victims with SamSam crypto malware, researchers at Secureworks found.
White House: Russian Military Behind NotPetya Attacks
Quick Hits  |  2/15/2018  | 
Trump administration statement comes on the heels of UK government calling out Russia for the cyberattacks that spread through Europe and elsewhere.
IRS Reports Steep Decline in Tax-Related ID Theft
News  |  2/15/2018  | 
Research group Javelin confirms that the numbers are trending in the right direction, with total fraud losses dropping more than 14% to $783 million.
North Korea-Linked Cyberattacks Spread Out of Control: Report
News  |  2/15/2018  | 
New details on old cyberattacks originating from North Korea indicate several forms of malware unintentionally spread wider than authors intended.
Democracy & DevOps: What Is the Proper Role for Security?
Commentary  |  2/15/2018  | 
Security experts need a front-row seat in the application development process but not at the expense of the business.
Air Force Awards $12,500 for One Bug
Quick Hits  |  2/15/2018  | 
The highest single bounty of any federal bug bounty program yet is awarded through Hack the Air Force 2.0.
Oracle Buys Zenedge for Cloud Security
Quick Hits  |  2/15/2018  | 
Oracle announces its acquisition of Zenedge, which focuses on cloud-based network and infrastructure security.
From DevOps to DevSecOps: Structuring Communication for Better Security
Commentary  |  2/15/2018  | 
A solid approach to change management can help prevent problems downstream.
The Mirai Botnet Is Attacking Again
Partner Perspectives  |  2/15/2018  | 
And the spinoff bots and all their command and control hostnames buried in the morass of digital data are hilarious.
Windows 10 Critical Vulnerability Reports Grew 64% in 2017
News  |  2/14/2018  | 
The launch and growth of new operating systems is mirrored by an increase in reported vulnerabilities.
Filing Deadline for New Infosec Law Hits NY Finance Firms Thursday
Quick Hits  |  2/14/2018  | 
Banks and financial services companies in New York must file by tomorrow to certify they are compliant with the state Department of Financial Services new cybersecurity regulation, 23 NYCRR 500.
Intel Expands Bug Bounty Program, Offers up to $250K
News  |  2/14/2018  | 
Microprocessor giant adds vulnerability-finding category for Meltdown, Spectre-type flaws.
3 Tips to Keep Cybersecurity Front & Center
Commentary  |  2/14/2018  | 
In today's environment, a focus on cybersecurity isn't a luxury. It's a necessity, and making sure that focus is achieved starts with the company's culture.
Cybercrime Costs for Financial Sector up 40% Since 2014
Quick Hits  |  2/14/2018  | 
A 9.6% increase just in the past year, and denial-of-service attacks are partly to blame.
Encrypted Attacks Continue to Dog Perimeter Defenses
Slideshows  |  2/14/2018  | 
Attacks using SSL to obfuscate malicious traffic finding fertile ground for growth.
Fileless Malware: Not Just a Threat, but a Super-Threat
Commentary  |  2/14/2018  | 
Exploits are getting more sophisticated by the day, and cybersecurity technology just isn't keeping up.
The GDPR Clock Is Running Out. Now What?
Partner Perspectives  |  2/14/2018  | 
Many organizations impacted by new European Union data privacy rules that go into effect May 25 are still blind to some of the basics.
AI and Machine Learning: Breaking Down Buzzwords
News  |  2/13/2018  | 
Security experts explain two of today's trendiest technologies to explain what they mean and where you need them.
As Primaries Loom, Election Security Efforts Behind Schedule
Quick Hits  |  2/13/2018  | 
While federal agencies lag on vulnerability assessments and security clearance requests, the bipartisan Defending Digital Democracy Project releases three new resources to help state and local election agencies with cybersecurity, incident response.
Microsoft Fixes Two Security Flaws in Outlook
News  |  2/13/2018  | 
February security patches include updates for 50 vulnerabilities, 14 of which are critical.
Lazarus Group Attacks Banks, Bitcoin Users in New Campaign
News  |  2/13/2018  | 
A new Lazarus Group cyberattack campaign combines spear-phishing techniques with a cryptocurrency scanner designed to scan for Bitcoin wallets.
Can Android for Work Redefine Enterprise Mobile Security?
Commentary  |  2/13/2018  | 
Google's new mobility management framework makes great strides in addressing security and device management concerns while offering diverse deployment options. Here are the pros and cons.
Fake News: Could the Next Major Cyberattack Cause a Cyberwar?
Commentary  |  2/13/2018  | 
In the way it undercuts trust, fake news is a form of cyberattack. Governments must work to stop it.
Equifax Names New CISO
Quick Hits  |  2/13/2018  | 
Former Home Depot CISO takes the reins in the wake of Equifax's massive data breach and fallout.
Cyberattack Aimed to Disrupt Opening of Winter Olympics
News  |  2/12/2018  | 
Researchers who identified malware targeting the 2018 Winter Olympics say the attackers had previously compromised the Games' infrastructure.
Attackers Use Infected Plug-In to Install Cryptomining Tool on Over 4200 Websites
News  |  2/12/2018  | 
Victims include UK's ICO, and National Health Service and USCourts.gov.
One in Three SOC Analysts Now Job-Hunting
News  |  2/12/2018  | 
The more experienced a SOC analyst gets, the more his or her job satisfaction declines, a new survey of security operations center staffers shows.
Better Security Analytics? Clean Up the Data First!
Commentary  |  2/12/2018  | 
Even the best analytics algorithms using incomplete and unclean data won't yield useful results.
Microsoft Adds Windows Defender ATP Support to Windows 7, 8.1
Quick Hits  |  2/12/2018  | 
Microsoft brings Windows Defender ATP down-level support to older versions of Windows for businesses transitioning to Windows 10.
Google to Mark All HTTP Websites 'Not Secure'
Quick Hits  |  2/12/2018  | 
Google will push websites to adopt HTTPS encryption by marking all HTTP sites as 'not secure' starting in July 2018.
Tracking Bitcoin Wallets as IOCs for Ransomware
Commentary  |  2/12/2018  | 
By understanding how cybercriminals use bitcoin, threat analysts can connect the dots between cyber extortion, wallet addresses, shared infrastructure, TTPs, and attribution.
Google Paid $2.9M for Vulnerabilities in 2017
News  |  2/9/2018  | 
The Google Vulnerability Reward Program issued a total of 1,230 rewards in 2017. The single largest payout was $112,500.
Cyber Warranties: What to Know, What to Ask
News  |  2/9/2018  | 
The drivers and details behind the growth of cyber warranties, which more businesses are using to guarantee their products.
8 Nation-State Hacking Groups to Watch in 2018
Slideshows  |  2/9/2018  | 
The aliases, geographies, famous attacks, and behaviors of some of the most prolific threat groups.
Sacramento Bee Databases Hit with Ransomware Attack
Quick Hits  |  2/9/2018  | 
The Bee did not pay ransom and deleted its databases to prevent future attacks, according to its publisher.
Russian Authorities Arrest Engineers for Cryptocurrency Mining at Nuclear Weapons Site
Quick Hits  |  2/9/2018  | 
The nuclear weapons facility employees reportedly tried to mine cryptocurrency via a supercomputer.
Back to Basics: AI Isn't the Answer to What Ails Us in Cyber
Commentary  |  2/9/2018  | 
The irony behind just about every headline-grabbing data breach we've seen in recent years is that they all could have been prevented with simple cyber hygiene.
New POS Malware Steals Data via DNS Traffic
News  |  2/8/2018  | 
UDPoS is disguised to appear like a LogMeIn service pack, Forcepoint says.
Apple iOS iBoot Secure Bootloader Code Leaked Online
Quick Hits  |  2/8/2018  | 
Lawyers for Apple called for the source code to be removed from GitHub.
Tennessee Hospital Hit With Cryptocurrency Mining Malware
Quick Hits  |  2/8/2018  | 
Decatur County General Hospital is notifying 24,000 patients of cryptocurrency mining software on its EMR system.
20 Signs You Need to Introduce Automation into Security Ops
Commentary  |  2/8/2018  | 
Far too often, organizations approach automation as a solution looking for a problem rather than the other way around.
BrickerBot: Internet Vigilantism Ends Don't Justify the Means
Partner Perspectives  |  2/8/2018  | 
However noble the intention, obtaining unauthorized access to devices and making them unusable is illegal and undermines the work of ethical researchers.
North Korean APT Group Employed Rare Zero-Day Attack
News  |  2/7/2018  | 
Recent Adobe Flash exploit discovered against South Korean targets likely purchased, not developed by the hacking group.
US, International Law Enforcement Shut Down Massive Cybercrime Marketplace
News  |  2/7/2018  | 
The Infraud Organization was responsible for over $500 million in losses to institutions and individuals worldwide, the US Department of Justice says.
Cisco Issues New Patch for Critical ASA Vulnerability
Quick Hits  |  2/7/2018  | 
Cisco engineers discover that the flaw in Adaptive Security Appliance devices is worse than they initially understood.
Page 1 / 2   >   >>


One in Three SOC Analysts Now Job-Hunting
Kelly Jackson Higgins, Executive Editor at Dark Reading,  2/12/2018
Encrypted Attacks Continue to Dog Perimeter Defenses
Ericka Chickowski, Contributing Writer, Dark Reading,  2/14/2018
Can Android for Work Redefine Enterprise Mobile Security?
Satish Shetty, CEO, Codeproof Technologies,  2/13/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: One agent too many was installed on Bob's desktop.
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.