News & Commentary

Latest Content tagged with Threat Intelligence
Page 1 / 2   >   >>
Curbing the Cybersecurity Workforce Shortage with AI
Commentary  |  8/18/2017  | 
By using cognitive technologies, an organization can address the talent shortage by getting more productivity from current employees and improving processes.
How Bad Teachers Ruin Good Machine Learning
How Bad Teachers Ruin Good Machine Learning
Dark Reading Videos  |  8/18/2017  | 
Sophos data scientist Hillary Sanders explains how security suffers when good machine learning models are trained on bad testing data.
Microsoft Report: User Account Attacks Jumped 300% Since 2016
News  |  8/17/2017  | 
Most of these Microsoft user account compromises can be attributed to weak, guessable passwords and poor password management, researchers found.
The Shadow Brokers: How They Changed 'Cyber Fear'
The Shadow Brokers: How They Changed 'Cyber Fear'
Dark Reading Videos  |  8/17/2017  | 
At Black Hat USA, Matt Suiche, founder of Comae Technologies, describes what we know about the Shadow Brokers and how they have changed the business of cyber fear.
70% of DevOps Pros Say They Didn't Get Proper Security Training in College
News  |  8/17/2017  | 
Veracode survey shows majority of DevOps pros mostly learn on the job about security.
Insider Threats Loom Large for Security Pros
Quick Hits  |  8/16/2017  | 
Insider threats pose a greater challenge to security pros than external threats, according to a recent survey.
Gartner: Cybersecurity Spending Worldwide to Hit $86.4 Billion This Year
Quick Hits  |  8/16/2017  | 
Security services sector still the fastest-growing segment, new forecast says.
Server Management Software Discovered Harboring Backdoor
News  |  8/15/2017  | 
ShadowPad backdoor found embedded in a software product used by major organizations around the globe to manage their Linux, Windows, and Unix servers.
Webroot Acquires Security Training Platform
Quick Hits  |  8/15/2017  | 
Endpoint security company snaps up the assets of Securecast in a move to build out a training program to test users' ability to recognize a phishing attack.
IoT Medical Devices a Major Security Worry in Healthcare, Survey Shows
News  |  8/15/2017  | 
Healthcare providers, manufacturers, and regulators say cybersecurity risks of IoT medical devices and connected legacy systems a top concern.
Cybersecurity's Ceiling
News  |  8/14/2017  | 
Security spending and staffing are rising, but restrained resources are tempering market growth.
WannaCry Hero Hutchins Pleads Not Guilty
Quick Hits  |  8/14/2017  | 
Lawyers for MalwareTech 'confident he will be fully vindicated.'
HBO Offers Hackers $250,000 as 'Show Of Good Faith' on $6 Million Ransom Request
Quick Hits  |  8/11/2017  | 
The offer was reportedly designed to stall for time, with no plans to ever pay it.
SonicSpy Authors Spin Out Over 1,000 Spyware Apps
Quick Hits  |  8/10/2017  | 
The actors behind this new malware family created a sizable selection of malicious apps in just over seven months, some of which appeared on Google Play.
60% of Infosec Execs Are Boosting SOC Deployments
Quick Hits  |  8/10/2017  | 
A survey of security executives and managers finds a majority are expanding or upgrading their current SOC readiness.
White Hats Take Aim in 'Hack the Air Force' Bug Bounty Program
News  |  8/10/2017  | 
The inaugural Air Force bug bounty program involved 272 vetted hackers, who submitted 207 valid flaws in 24 days.
SMBs Practice Better IoT Security Than Large Enterprises Do
News  |  8/9/2017  | 
Small-to midsized businesses are more prepared than big ones to face the next IoT attack: good news given the sharp rise in IoT botnet attacks in the first half of 2017, new reports released today show.
Two Iranians Face Charges for Computer Hacking, Credit Card Fraud
Quick Hits  |  8/9/2017  | 
Federal prosecutors charged two Iranian nationals with identity theft and use of stolen credit card numbers as well as threatening to expose the breach to one of the victim's customers.
New Consortium Promotes Proper Data Sanitization Practices
News  |  8/8/2017  | 
The International Data Sanitization Consortium (IDSC) will create guidelines and best practices for sanitizing data on hardware devices.
67% of Malware Attacks Came via Phishing in Second Quarter
News  |  8/8/2017  | 
During the second quarter, cyberattacks soared 24% worldwide with phishing attacks playing a large role and Adobe Flash one of the favorite attack targets.
WatchGuard Acquires Authentication Provider Datablink
Quick Hits  |  8/8/2017  | 
WatchGuard looks to expand its security offerings into authentication solutions for small- to midsize businesses and enterprises with a distributed workforce.
NIST Releases Cybersecurity Definitions for the Workforce
News  |  8/7/2017  | 
In an effort to bring consistency when describing the tasks, duties, roles, and titles of cybersecurity professionals, the National Institute of Standards and Technology released the finalized draft version of its framework.
Man Who Hacked his Former Employer Gets 18-Month Prison Sentence
Quick Hits  |  8/7/2017  | 
A Tennessee man also must pay restitution of nearly $172,400 to his former employer after hacking into its systems to gain an edge for his new company.
What Women in Cybersecurity Really Think About Their Careers
News  |  8/4/2017  | 
New survey conducted by a female security pro of other female security pros dispels a few myths.
Russian Botnet Creator Receives 46-Month Prison Sentence
Quick Hits  |  8/4/2017  | 
Federal court sentences the Ebury botnet creator and operator to prison for infecting tens of thousands of servers worldwide.
WannaCry 'Kill Switch' Creator Arrested in Vegas
News  |  8/3/2017  | 
Federal authorities indicted and nabbed Marcus Hutchins, aka MalwareTech, for allegedly creating and distributing the Kronos banking Trojan.
Making Infosec Meetings More Inclusive
News  |  8/3/2017  | 
Diversity and inclusion experts explain how to avoid meeting pitfalls that preclude the voices of underrepresented members of the team.
Why Cybersecurity Needs a Human in the Loop
Commentary  |  8/3/2017  | 
It's no longer comparable to Kasparov versus Deep Blue. When security teams use AI, it's like Kasparov consulting with Deep Blue before deciding on his next move.
Chinese Telecom DDoS Attack Breaks Record
News  |  8/2/2017  | 
A distributed denial of service siege spanning more than 11 days broke a DDoS record for the year, according to a report from Kaspersky Lab.
Staying in Front of Cybersecurity Innovation
Commentary  |  8/2/2017  | 
Innovation is challenging for security teams because it encompasses two seemingly contradictory ideas: it's happening too slowly and too quickly.
US Senators Propose IoT Security Legislation
Quick Hits  |  8/1/2017  | 
A new bill aims to prohibit the production of IoT devices if they can't be patched or have their password changed.
Digital Crime-Fighting: The Evolving Role of Law Enforcement
Commentary  |  8/1/2017  | 
Law enforcement, even on a local level, has a new obligation to establish an effective framework for combating online crime.
Anthem Hit with Data Breach of 18,580 Medicare Members
Quick Hits  |  7/31/2017  | 
Third-party service provider for the insurer discovered one of its employees allegedly engaged in identity theft of thousands of Anthem Medicare members.
Healthcare Execs Report Rise in Data Breaches and HIPAA Violations
Quick Hits  |  7/31/2017  | 
IT executives, however, increasingly believe they are "completely ready" to withstand a cybersecurity attack on their healthcare system.
Broadcom Chipset Bug in Android, iOS Smartphones Allows Remote Attack
News  |  7/27/2017  | 
Security researcher found a common flaw in Android and iOS smartphone chipsets that could allow a remote exploit to be unleashed on millions of devices.
Inside the Investigation and Trial of Roman Seleznev
News  |  7/27/2017  | 
The officials who convicted the credit card thief discussed the investigation, evidence, trial, and challenges involved in his case.
Get Ready for the 2038 'Epocholypse' (and Worse)
News  |  7/27/2017  | 
A leading security researcher predicts a sea of technology changes that will rock our world, including the Internet of Things, cryptocurrency, SSL encryption and national security.
Dark Reading News Desk Live at Black Hat USA 2017
Commentary  |  7/27/2017  | 
Over 40 interviews streaming live right from Black Hat USA, July 26-27, from 2 p.m. - 7 p.m. Eastern Time (11 - 4 P.T.).
How to Build a Path Toward Diversity in Information Security
News  |  7/27/2017  | 
Hiring women and minorities only addresses half the issue for the IT security industry -- the next step is retaining these workers.
Facebook Offers $1 Million for New Security Defenses
News  |  7/26/2017  | 
The social media giant has increased the size of its Internet Defense Prize program in order to spur more research into ways to defend users against the more prevalent and common methods of attack.
Majority of Consumers Believe IoT Needs Security Built In
Quick Hits  |  7/26/2017  | 
Respondents to a global survey say Internet of Things security is a shared responsibility between consumers and manufacturers.
How 'Postcript' Exploits Networked Printers
News  |  7/25/2017  | 
At Black Hat 2017, a university researcher will demo how attackers can drill into networked printers by way of the ubiquitous PostScript programming language.
Using AI to Break Detection Models
News  |  7/25/2017  | 
Pitting machine learning bots against one another is the new spy vs. spy battle in cybersecurity today.
Regulators Question Wells Fargo Regarding Data Breach
Quick Hits  |  7/25/2017  | 
Scrutiny a result of a lawyer's unauthorized release of sensitive information on tens of thousands of wealthy Well Fargo customers.
Custom Source Code Accounts for 93% of App Vulnerabilities
Quick Hits  |  7/25/2017  | 
A new study finds that third-party libraries account for 79% of the code found in apps, but only 7% of the vulnerabilities found in the software.
Majority of Security Pros Let Productivity Trump Security
News  |  7/24/2017  | 
A survey found that 64% of IT security professionals will tweak security to give workers more flexibility to be productive when asked to make that move by top executives.
Healthcare Industry Lacks Awareness of IoT Threat, Survey Says
News  |  7/20/2017  | 
Three-quarters of IT decision makers report they are "confident" or "very confident" that portable and connected medical devices are secure on their networks.
Major Online Criminal Marketplaces AlphaBay and Hansa Shut Down
News  |  7/20/2017  | 
International law enforcement operations result in AlphaBay, the largest online marketplace for selling illegal goods from malware to herion, and Hansa, going dark.
BEC Attacks Far More Lucrative than Ransomware over Past 3 Years
News  |  7/20/2017  | 
BEC fraud netted cyberthieves five times more profit than ransomware over a three-year period, according to Cisco's midyear report released today.
98% of Companies Favor Integrating Security with DevOps
News  |  7/19/2017  | 
A majority of companies are either planning or have launched an integrated DevOps and security team, a new report shows.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: No, no, no! Have a Unix CRON do the pop-up reminders!
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.