Attacks/Breaches
News & Commentary
WannaCry? Youre Not Alone: The 5 Stages of Security Grief
Eric Thomas, Director of Solutions Architecture, ExtraHopCommentary
As breach after breach hits the news, security professionals cope with the classic experiences of denial, anger, bargaining, depression, and acceptance.
By Eric Thomas Director of Solutions Architecture, ExtraHop, 6/22/2017
Comment2 comments  |  Read  |  Post a Comment
'Stack Clash' Smashed Security Fix in Linux
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Linux, OpenBSD, Free BSD, Solaris security updates available to thwart newly discovered attack by researchers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/21/2017
Comment0 comments  |  Read  |  Post a Comment
WannaCry Forces Honda to Take Production Plant Offline
Jai Vijayan, Freelance writerNews
Work on over 1,000 vehicles affected at automaker's Sayama plant in Japan while systems were restored.
By Jai Vijayan Freelance writer, 6/21/2017
Comment1 Comment  |  Read  |  Post a Comment
Russian Hackers Focused on Election Systems in 21 States
Dark Reading Staff, Quick Hits
A Department of Homeland Security official testified today that hackers tied to the Russian government attempted to infiltrate election systems in nearly two dozen states.
By Dark Reading Staff , 6/21/2017
Comment0 comments  |  Read  |  Post a Comment
Consumer Businesses Have False Confidence in their Security: Deloitte
Dark Reading Staff, Quick Hits
Consumer business executives are confident in their ability to respond to cyberattacks but fail to document and test response plans.
By Dark Reading Staff , 6/21/2017
Comment1 Comment  |  Read  |  Post a Comment
The Folly of Vulnerability & Patch Management for ICS Networks
Galina Antova & Patrick McBride, Co-founder & Chief Marketing Officer, ClarotyCommentary
Yes, such efforts matter. But depending on them can give a false sense of security.
By Galina Antova & Patrick McBride Co-founder & Chief Marketing Officer, Claroty, 6/21/2017
Comment0 comments  |  Read  |  Post a Comment
Trusted IDs Gain Acceptance in Smart Building Environment
Dark Reading Staff, Quick Hits
A majority of survey respondents believe identities can be connected across multiple systems and devices through a single ID card or mobile phone.
By Dark Reading Staff , 6/20/2017
Comment0 comments  |  Read  |  Post a Comment
Organizations Are Detecting Intrusions More Quickly
Jai Vijayan, Freelance writerNews
But almost every other metric in Trustwave's 2017 global cybersecurity report card is headed in the wrong direction.
By Jai Vijayan Freelance writer, 6/20/2017
Comment0 comments  |  Read  |  Post a Comment
Data Breach Costs Drop Globally But Increase in US
Kelly Sheridan, Associate Editor, Dark ReadingNews
The average total cost of a data breach declined 10% year-over-year around the world, but in the US edged upward by 5%.
By Kelly Sheridan Associate Editor, Dark Reading, 6/20/2017
Comment0 comments  |  Read  |  Post a Comment
Apple iOS Threats Fewer Than Android But More Deadly
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Data leakage and corruption haunt iOS and Android mobile apps the most, a new study shows.
By Dawn Kawamoto Associate Editor, Dark Reading, 6/20/2017
Comment2 comments  |  Read  |  Post a Comment
Feds Call on Contractors to Play Ball in Mitigating Insider Threats
Thomas Jones, Federal Systems Engineer at Bay DynamicsCommentary
It's said that you're only as strong as your weakest player. That's as true in security as it is in sports.
By Thomas Jones Federal Systems Engineer at Bay Dynamics, 6/20/2017
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Fact vs. Fiction
Marc Laliberte, Information Security Threat Analyst, WatchGuard TechnologiesCommentary
Based on popular media, it's easy to be concerned about the security of smart cars, homes, medical devices, and public utilities. But how truly likely are such attacks?
By Marc Laliberte Information Security Threat Analyst, WatchGuard Technologies, 6/20/2017
Comment1 Comment  |  Read  |  Post a Comment
RNC Voter Data on 198 Million Americans Exposed in the Cloud
Dawn Kawamoto, Associate Editor, Dark ReadingNews
One of the largest known US voter data leaks compromised personal information via an unsecured public-storage cloud account set up on behalf of the Republican National Committee.
By Dawn Kawamoto Associate Editor, Dark Reading, 6/19/2017
Comment0 comments  |  Read  |  Post a Comment
Rise of Nation State Threats: How Can Businesses Respond?
Kelly Sheridan, Associate Editor, Dark ReadingNews
Cybersecurity experts discuss nation-state threats of greatest concerns, different types of attacks, and how organization can prepare.
By Kelly Sheridan Associate Editor, Dark Reading, 6/19/2017
Comment0 comments  |  Read  |  Post a Comment
Accused Yahoo Hacker May Comply with US Extradition
Dark Reading Staff, Quick Hits
A Canadian hacker accused of collaborating with Russian cybercriminals in the 2014 Yahoo breach, may waive his right to fight US extradition.
By Dark Reading Staff , 6/19/2017
Comment0 comments  |  Read  |  Post a Comment
Invisible Invaders: Why Detecting Bot Attacks Is Becoming More Difficult
Ido Safruti,  Founder and CTO at PerimeterXCommentary
Traditional methods can't block the latest attackers, but a behavioral approach can tell the difference between bots and humans.
By Ido Safruti Founder and CTO at PerimeterX, 6/19/2017
Comment0 comments  |  Read  |  Post a Comment
Hacker Bypasses Microsoft ATA for Admin Access
Kelly Sheridan, Associate Editor, Dark ReadingNews
Microsoft's Advanced Threat Analytics defense platform can be cheated, a researcher will show at Black Hat USA next month.
By Kelly Sheridan Associate Editor, Dark Reading, 6/16/2017
Comment2 comments  |  Read  |  Post a Comment
Engineer Sentenced to Prison for Hacking Utility, Disabling Water Meter-Readers
Dark Reading Staff, Quick Hits
A Pennsylvania man is sentenced to more than a year in prison after hacking into a remote water meter reading system run by his former employer.
By Dark Reading Staff , 6/16/2017
Comment0 comments  |  Read  |  Post a Comment
FIN10 Threat Actors Hack and Extort Canadian Mining, Casino Industries
Jai Vijayan, Freelance writerNews
Previously unknown threat actor has extracted hundreds of thousands of dollars from Canadian companies in a vicious cyberattack campaign that dates back to 2013, FireEye says.
By Jai Vijayan Freelance writer, 6/16/2017
Comment0 comments  |  Read  |  Post a Comment
Lack of Experience Biggest Obstacle for InfoSec Career
Dark Reading Staff, Quick Hits
A majority of wanna-be infosec professionals find they need more experience to be a contender to enter this career, according to a recent Tripwire poll.
By Dark Reading Staff , 6/16/2017
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.