News & Commentary

Latest Content
Page 1 / 2   >   >>
ROPEMAKER Attack Turns Benign Emails Hostile Post-Delivery
News  |  8/22/2017  | 
The intersection of email and Web technologies has given attackers a way to mess with your email after it has been delivered to your inbox, Mimecast says.
Why Most Security Awareness Training Fails (And What To Do About It)
Why Most Security Awareness Training Fails (And What To Do About It)
Dark Reading Videos  |  8/22/2017  | 
Arun Vishwanath discusses why awareness training shouldn't apply the same cure to every ailment then blame the patient when the treatment doesn't work.
Coming Soon to Dark Reading...
Commentary  |  8/22/2017  | 
Event calendar: Dark Reading brings you threat intelligence tomorrow, boardroom communication next week, and coming in November, a brand new conference in the D.C. area.
Battle of the AIs: Don't Build a Better Box, Put Your Box in a Better Loop
Commentary  |  8/22/2017  | 
Powered by big data and machine learning, next-gen attacks will include perpetual waves of malware, phishes, and false websites nearly indistinguishable from the real things. Here's how to prepare.
Yahoo Hack Suspect to be Extradited to US
Quick Hits  |  8/22/2017  | 
Karim Baratov, accused of working with Russian intelligence for the 2014 Yahoo breach, has waived an extradition hearing.
The Benefits of Exploiting Attackers' Favorite Tools
The Benefits of Exploiting Attackers' Favorite Tools
Dark Reading Videos  |  8/22/2017  | 
Symantec senior threat researcher Waylon Grange explains that attackers write vulnerable code, too.
Comparing Private and Public Cloud Threat Vectors
Commentary  |  8/22/2017  | 
Many companies moving from a private cloud to a cloud service are unaware of increased threats.
How to Hack a Robot
News  |  8/22/2017  | 
Forget 'killer robots:' researchers demonstrate how collaborative robots, or 'cobots,' can be hacked and dangerous.
Cybersecurity Firm root9B's Assets Up for Sale
News  |  8/21/2017  | 
Move to foreclose comes after company defaulted on repayment terms for over $10.7 millions in loans it owes creditors.
How To Avoid Legal Trouble When Protecting Client Data
How To Avoid Legal Trouble When Protecting Client Data
Dark Reading Videos  |  8/21/2017  | 
Attorneys discuss how cybersecurity consultants can manage conflicts between e-discovery demands and client agreements.
Tuesday: Spammers' Favorite Day of the Week
News  |  8/21/2017  | 
Spammers are most active when their targets are online, with the highest level of activity on Tuesday, Wednesday, and Thursday.
Trump Makes US Cyber Command an Official Combat Arm
Quick Hits  |  8/21/2017  | 
Move seen as step one in spinning off the command from the NSA.
The Pitfalls of Cyber Insurance
Commentary  |  8/21/2017  | 
Cyber insurance is 'promising' but it won't totally protect your company against hacks.
5 Factors to Secure & Streamline Your Cloud Deployment
Partner Perspectives  |  8/21/2017  | 
How a Midwestern credit union overcame the challenges of speed, cost, security, compliance and automation to grow its footprint in the cloud.
Russian-Speaking APT Engaged in G20 Themed Attack
News  |  8/18/2017  | 
A newly discovered dropper for the KopiLuwak backdoor suggests that the Turla group is back at it again, Proofpoint says.
50% of Ex-Employees Can Still Access Corporate Apps
News  |  8/18/2017  | 
Businesses drive the risk for data breaches when they fail to terminate employees' access to corporate apps after they leave.
ShieldFS Hits 'Rewind' on Ransomware
ShieldFS Hits 'Rewind' on Ransomware
Dark Reading Videos  |  8/18/2017  | 
Federico Maggi and Andrea Continella discuss a new tool to protect filesystems by disrupting and undoing ransomware's encryption activities.
14 Social Media-Savvy CISOs to Follow on Twitter
Slideshows  |  8/18/2017  | 
A roundup of some of the more social media-engaged security leaders to follow for updates on industry news, trends, and events.
Curbing the Cybersecurity Workforce Shortage with AI
Commentary  |  8/18/2017  | 
By using cognitive technologies, an organization can address the talent shortage by getting more productivity from current employees and improving processes.
How Bad Teachers Ruin Good Machine Learning
How Bad Teachers Ruin Good Machine Learning
Dark Reading Videos  |  8/18/2017  | 
Sophos data scientist Hillary Sanders explains how security suffers when good machine learning models are trained on bad testing data.
Facebook Doles Out $100K for Internet Defense Prize
Quick Hits  |  8/17/2017  | 
Winners developed a new method of detecting spearphishing in corporate networks.
Microsoft Report: User Account Attacks Jumped 300% Since 2016
News  |  8/17/2017  | 
Most of these Microsoft user account compromises can be attributed to weak, guessable passwords and poor password management, researchers found.
Critical Infrastructure, Cybersecurity & the 'Devils Rope'
Commentary  |  8/17/2017  | 
How hackers today are engaging in a modern 'Fence Cutter War' against industrial control systems, and what security professionals need to do about it.
The Shadow Brokers: How They Changed 'Cyber Fear'
The Shadow Brokers: How They Changed 'Cyber Fear'
Dark Reading Videos  |  8/17/2017  | 
At Black Hat USA, Matt Suiche, founder of Comae Technologies, describes what we know about the Shadow Brokers and how they have changed the business of cyber fear.
'Pulse Wave' DDoS Attacks Emerge As New Threat
News  |  8/17/2017  | 
DDoS botnets are launching short but successive bursts of attack traffic to pin down multiple targets, Imperva says.
70% of DevOps Pros Say They Didn't Get Proper Security Training in College
News  |  8/17/2017  | 
Veracode survey shows majority of DevOps pros mostly learn on the job about security.
Kill Switches, Vaccines & Everything in Between
Commentary  |  8/17/2017  | 
The language can be a bit fuzzy at times, but there are real differences between the various ways of disabling malware.
How to Avoid the 6 Most Common Audit Failures
Partner Perspectives  |  8/17/2017  | 
In a security audit, the burden is on you to provide the evidence that youve done the right things.
Behind the Briefings: How Black Hat Sessions Get Chosen
Behind the Briefings: How Black Hat Sessions Get Chosen
Dark Reading Videos  |  8/17/2017  | 
Daniel Cuthbert and Stefano Zanero explain what the Black Hat review board is looking for in an abstract submission for the Briefings.
Cerber Fights Anti-Ransomware Tools
News  |  8/16/2017  | 
Deception technology is the popular ransomware's latest target.
Old Flaws, New Tricks: CVE-2017-0199 and PowerPoint Abuse
News  |  8/16/2017  | 
Researchers discover attackers are using a patched Microsoft vulnerability to abuse PowerPoint files and distribute malware.
Websites Selling DDoS Services and Tools on the Rise in China
News  |  8/16/2017  | 
Researchers detect an increase in Chinese websites offering online DDoS services within the past six months.
Insider Threats Loom Large for Security Pros
Quick Hits  |  8/16/2017  | 
Insider threats pose a greater challenge to security pros than external threats, according to a recent survey.
The Day of Reckoning: Cybercrimes Impact on Brand
Commentary  |  8/16/2017  | 
Why the security industry needs to invest in architecture that defends against reputational damage as well as other, more traditional threats.
Gartner: Cybersecurity Spending Worldwide to Hit $86.4 Billion This Year
Quick Hits  |  8/16/2017  | 
Security services sector still the fastest-growing segment, new forecast says.
Discover a Data Breach? Try Compassion First
Commentary  |  8/16/2017  | 
The reactions to a big data breach often resemble the five stages of grief, so a little empathy is needed.
Cloud Complexity Mandates Security Visibility
Partner Perspectives  |  8/16/2017  | 
The cloud is flexible, but security should be the top priority.
Server Management Software Discovered Harboring Backdoor
News  |  8/15/2017  | 
ShadowPad backdoor found embedded in a software product used by major organizations around the globe to manage their Linux, Windows, and Unix servers.
BEC Attacks Don't Always Require Sophistication
News  |  8/15/2017  | 
Simple business email compromise scams can con companies out of huge sums of money and don't require much hacking or even social engineering know-how.
Webroot Acquires Security Training Platform
Quick Hits  |  8/15/2017  | 
Endpoint security company snaps up the assets of Securecast in a move to build out a training program to test users' ability to recognize a phishing attack.
20 Tactical Questions SMB Security Teams Should Ask Themselves
Commentary  |  8/15/2017  | 
Or why it pays for small- and medium-sized businesses to plan strategically but act tactically.
IoT Medical Devices a Major Security Worry in Healthcare, Survey Shows
News  |  8/15/2017  | 
Healthcare providers, manufacturers, and regulators say cybersecurity risks of IoT medical devices and connected legacy systems a top concern.
Cybersecurity: The Responsibility of Everyone
Commentary  |  8/15/2017  | 
The battle against cybercrime can only be won if we're all focused on the same goals. Here are four ways you can get involved.
In Search of the Security Unicorn: Unified, Adaptive Defense
Partner Perspectives  |  8/15/2017  | 
How enterprises can get an edge over innovative cybercriminals by creating a cycle of continual security posture adjustment within their own organizations.
Amazon Tackles Security of Data in S3 Storage
News  |  8/14/2017  | 
Amazon Macie is a new security service built to protect AWS S3 data from accidental leaks and breaches.
Cybersecurity's Ceiling
News  |  8/14/2017  | 
Security spending and staffing are rising, but restrained resources are tempering market growth.
WannaCry Hero Hutchins Pleads Not Guilty
Quick Hits  |  8/14/2017  | 
Lawyers for MalwareTech 'confident he will be fully vindicated.'
What CISOs Need to Know about the Psychology behind Security Analysis
Commentary  |  8/14/2017  | 
Bandwidth, boredom and cognitive bias are three weak spots that prevent analysts from identifying threats. Here's how to compensate.
HBO Offers Hackers $250,000 as 'Show Of Good Faith' on $6 Million Ransom Request
Quick Hits  |  8/11/2017  | 
The offer was reportedly designed to stall for time, with no plans to ever pay it.
APT28 Uses EternalBlue to Spy on Hotel Wifi Networks
News  |  8/11/2017  | 
Hacker group APT28 is using the EternalBlue hacking tool to spread throughout hotel networks and collect guests' information.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.