News & Commentary

Latest Content tagged with Advanced Threats
Page 1 / 2   >   >>
Segmentation: The Neglected (Yet Essential) Control
Commentary  |  3/14/2018
Failure to deploy measures to contain unauthorized intruders is a recipe for digital disaster.
What's the C-Suite Doing About Mobile Security?
Commentary  |  3/13/2018
While most companies have security infrastructure for on-premises servers, networks, and endpoints, too many are ignoring mobile security. They'd better get moving.
7 University-Connected Cyber Ranges to Know Now
Slideshows  |  3/9/2018
Universities are beginning to add cyber ranges to the facilities for teaching cyber security to students and professionals.
Connected Cars Pose New Security Challenges
Commentary  |  3/6/2018
The auto industry should seize the opportunity and get in front of this issue. Goes Away, Panic Ensues
Quick Hits  |  3/5/2018
Turns out the Carnegie Mellon CERT just moved to a newly revamped CMU Software Engineering Institute website.
How & Why the Cybersecurity Landscape Is Changing
Commentary  |  3/1/2018
A comprehensive new report from Cisco should "scare the pants off" enterprise security leaders.
Why Cryptocurrencies Are Dangerous for Enterprises
Commentary  |  2/28/2018
When employees mine coins with work computers, much can go wrong. But there are some ways to stay safe.
6 Cybersecurity Trends to Watch
Commentary  |  2/26/2018
Expect more as the year goes on: more breaches, more IoT attacks, more fines
SWIFT Network Used in $2 Million Heist at Indian Bank
Quick Hits  |  2/20/2018
The theft at India's City Union Bank comes on the heels of news that attackers stole $6 million from a Russian bank via SWIFT network last year.
Meltdown/Spectre: The First Large-Scale Example of a 'Genetic' Threat
Commentary  |  2/20/2018
These vulnerabilities mark an evolutionary leap forward, and companies must make fighting back a priority.
13 Russians Indicted for Massive Operation to Sway US Election
News  |  2/16/2018
Russian nationals reportedly used stolen American identities and infrastructure to influence the 2016 election outcome.
Air Force Awards $12,500 for One Bug
Quick Hits  |  2/15/2018
The highest single bounty of any federal bug bounty program yet is awarded through Hack the Air Force 2.0.
Fileless Malware: Not Just a Threat, but a Super-Threat
Commentary  |  2/14/2018
Exploits are getting more sophisticated by the day, and cybersecurity technology just isn't keeping up.
As Primaries Loom, Election Security Efforts Behind Schedule
Quick Hits  |  2/13/2018
While federal agencies lag on vulnerability assessments and security clearance requests, the bipartisan Defending Digital Democracy Project releases three new resources to help state and local election agencies with cybersecurity, incident response.
Fake News: Could the Next Major Cyberattack Cause a Cyberwar?
Commentary  |  2/13/2018
In the way it undercuts trust, fake news is a form of cyberattack. Governments must work to stop it.
Better Security Analytics? Clean Up the Data First!
Commentary  |  2/12/2018
Even the best analytics algorithms using incomplete and unclean data won't yield useful results.
Tracking Bitcoin Wallets as IOCs for Ransomware
Commentary  |  2/12/2018
By understanding how cybercriminals use bitcoin, threat analysts can connect the dots between cyber extortion, wallet addresses, shared infrastructure, TTPs, and attribution.
Ukraine Power Distro Plans $20 Million Cyber Defense System
Quick Hits  |  2/6/2018
After NotPetya and severe blackouts, Ukrenergo responds with an investment in cybersecurity.
Securing Cloud-Native Apps
Commentary  |  2/1/2018
A useful approach for securing cloud-native platforms can be adapted for securing apps running on top of the platform as well.
Breach-Proofing Your Data in a GDPR World
Commentary  |  1/30/2018
Here are six key measures for enterprises to prioritize over the next few months.
DNS Hijacking: The Silent Threat That's Putting Your Network at Risk
Commentary  |  1/30/2018
The technique is easy to carry out and can cause much damage. Here's what you need to know about fighting back.
Intel CEO: New Products that Tackle Meltdown, Spectre Threats Coming this Year
Quick Hits  |  1/26/2018
In an earnings call yesterday, Intel CEO Brian Krzanich says security remains a 'priority' for the microprocessor company.
Meltdown & Spectre: Computing's 'Unsafe at Any Speed' Problem
Commentary  |  1/25/2018
Ralph Nader's book shook up the automotive world over 50 years ago. It's time to take a similar look at computer security.
Security Automation: Time to Start Thinking More Strategically
Commentary  |  1/24/2018
To benefit from automation, we need to review incident response processes to find the areas where security analysts can engage in more critical thought and problem-solving.
Understanding Supply Chain Cyber Attacks
Commentary  |  1/19/2018
While the attack surface has increased exponentially because of the cloud and everything-as-a-service providers, there are still ways in which host companies can harden supply chain security.
Feds Team with Foreign Policy Experts to Assess US Election Security
News  |  1/18/2018
Expert panel lays out potential risks for the 2018 election cycle and beyond
How AI Would Have Caught the Forever 21 Breach
Commentary  |  1/17/2018
Companies must realize that the days of the desktop/server model are over and focus on "nontraditional" devices.
What Can We Learn from Counterterrorism and National Security Efforts?
Commentary  |  1/12/2018
The best practices and technologies that originated in the intelligence realm can help businesses stay safer, too.
Privacy: The Dark Side of the Internet of Things
Commentary  |  1/11/2018
Before letting an IoT device into your business or home, consider what data is being collected and where it is going.
'Back to Basics' Might Be Your Best Security Weapon
Commentary  |  1/10/2018
A company's ability to successfully reduce risk starts with building a solid security foundation.
CISOs' Cyber War: How Did We Get Here?
Commentary  |  1/9/2018
We're fighting the good fight -- but, ultimately, losing the war.
The Nightmare Before Christmas: Security Flaws Inside our Computers
Commentary  |  1/5/2018
How an Intel design decision with no review by industry security consultants led to one of the biggest vulnerabilities in recent history.
The Internet of (Secure) Things Checklist
Commentary  |  1/4/2018
Insecure devices put your company at jeopardy. Use this checklist to stay safer.
In Mobile, It's Back to the Future
Commentary  |  1/3/2018
The mobile industry keeps pushing forward while overlooking some security concerns of the past.
The Cybersecurity 'Upside Down'
Commentary  |  1/2/2018
There is no stranger thing than being breached. Here are a few ways to avoid the horror.
Avoiding Micro-Segmentation Pitfalls: A Phased Approach to Implementation
Commentary  |  12/29/2017
Micro-segmentation is very achievable. While it can feel daunting, you can succeed by proactively being aware of and avoiding these roadblocks.
The Financial Impact of Cyber Threats
Commentary  |  12/27/2017
Determining the financial impact of specific IT vulnerabilities is a good way to prioritize remediation and prevent attacks.
Block Threats Faster: Pattern Recognition in Exploit Kits
Commentary  |  12/22/2017
When analysts investigate an indicator of compromise, our primary goal is to determine if it is malicious as quickly as possible. Identifying attack patterns helps you mitigate quicker.
Advanced Deception: How It Works & Why Attackers Hate It
Commentary  |  12/18/2017
While cyberattacks continue to grow, deception-based technology is providing accurate and scalable detection and response to in-network threats.
Why Hackers Are in Such High Demand, and How They're Affecting Business Culture
Commentary  |  12/14/2017
White hat hackers bring value to organizations and help them defend against today's advanced threats.
Cyberattack: It Can't Happen to Us (Until It Does)
Commentary  |  12/6/2017
Just because your small or medium-sized business isn't as well known as Equifax or Yahoo doesn't mean you're immune to becoming a cybercrime victim.
Deception: Why It's Not Just Another Honeypot
Commentary  |  12/1/2017
The technology has made huge strides in evolving from limited, static capabilities to adaptive, machine learning deception.
Lawsuits Pile Up on Uber
News  |  11/30/2017
Washington AG files multimillion-dollar consumer protection lawsuit; multiple states also confirm they are investigating the Uber breach, which means more lawsuits may follow.
Why Security Depends on Usability -- and How to Achieve Both
Commentary  |  11/29/2017
Any initiative that reduces usability will have consequences that make security less effective.
Git Some Security: Locking Down GitHub Hygiene
News  |  11/28/2017
In the age of DevOps and agile development practices that lean heavily on GitHub and other cloud resources, strong controls are more important than ever.
8 Low or No-Cost Sources of Threat Intelligence
Slideshows  |  11/27/2017
Heres a list of sites that for little or no cost give you plenty of ideas for where to find first-rate threat intelligence.
Tips to Protect the DNS from Data Exfiltration
Commentary  |  11/17/2017
If hackers break in via the Domain Name System, most business wouldn't know until it's too late. These tips can help you prepare.
Forget APTs: Let's Talk about Advanced Persistent Infrastructure
Commentary  |  11/16/2017
Understanding how bad guys reuse infrastructure will show you the areas of your network to target when investigating new threats and reiteration of old malware.
Deception Technology: Prevention Reimagined
Commentary  |  11/15/2017
How state-of-the-art tools make it practical and cost-effective to identify and engage attackers in early lateral movement stages to prevent them from reaching critical systems and data.
What the NFL Teaches Us about Fostering a Champion Security Team
Commentary  |  11/14/2017
Cybersecurity experts can learn how to do a better job by keeping a close eye on the gridiron.
Page 1 / 2   >   >>

Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
New 'Mac-A-Mal' Tool Automates Mac Malware Hunting & Analysis
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/14/2018
IoT Product Safety: If It Appears Too Good to Be True, It Probably Is
Pat Osborne, Principal - Executive Consultant at Outhaul Consulting, LLC, & Cybersecurity Advisor for the Security Innovation Center,  3/12/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.