Database Security
Authentication
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
9 Ways to Protect Your Cloud Environment from Ransomware
8 Hot Hacking Tools to Come out of Black Hat USA
Dark Reading Launches New Conference on Cyber Defense
Android Security Apps for BYOD Users
The Rising Tide of Crimeware-as-a-Service
News & Commentary
Doxing, DoS & Defacement: Today’s Mainstream Hacktivism Tools
Raymond Pompon, Principal Threat Research Evangelist at F5 Networks
Anyone can get angry at you and become a hacktivist. Here’s how to protect your organization from these increasingly common cyber attacks.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 6/29/2017
Comment0 comments  |  Read  |  Post a Comment
Why Enterprise Security Needs a New Focus
Kirsten Bay, President and CEO, Cyber adAPTCommentary
The WannaCry ransomware attack shows patching and perimeter defenses aren't enough. Enterprises should combine preventative measures with threat detection tactics.
By Kirsten Bay President and CEO, Cyber adAPT, 6/29/2017
Comment0 comments  |  Read  |  Post a Comment
IoT Vulns Draw Biggest Bug Bounty Payouts
Dawn Kawamoto, Associate Editor, Dark ReadingNews
As bug bounty programs become more popular outside of the technology sector, IoT vulnerabilities are yielding the highest payouts for bug hunters, according to two reports released Wednesday.
By Dawn Kawamoto Associate Editor, Dark Reading, 6/29/2017
Comment0 comments  |  Read  |  Post a Comment
How To (And Not To) Make the Online Trust Honor Roll
Dawn Kawamoto, Associate Editor, Dark Reading
Five websites generated the highest score in their sector for the 2017 Online Trust Audit & Honor Roll. Here is what it takes to get there and be listed among the Online Trust Alliance's Top 50
By Dawn Kawamoto Associate Editor, Dark Reading, 6/29/2017
Comment0 comments  |  Read  |  Post a Comment
$71 Million Restitution Owed for Hacking, Fraud Scheme
Dark Reading Staff, Quick Hits
Convicted money launderer Muhammad Sohail Qasmani is sentenced to 4 years in prison, and will share the hefty payout with other co-conspirators convicted in the conspiracy.
By Dark Reading Staff , 6/28/2017
Comment1 Comment  |  Read  |  Post a Comment
Half of Ransomware Victims Suffer Repeat Attacks
Kelly Sheridan, Associate Editor, Dark ReadingNews
Half of ransomware victims are likely to get hit again as threat actors change their strategies to target servers and accelerate the spread of ransomware.
By Kelly Sheridan Associate Editor, Dark Reading, 6/28/2017
Comment0 comments  |  Read  |  Post a Comment
Telegram Agrees to Register Messaging App With Russia
Dark Reading Staff, Quick Hits
The messaging app company will comply with Russia's registration mandate but not share confidential user data, founder says.
By Dark Reading Staff , 6/28/2017
Comment0 comments  |  Read  |  Post a Comment
After Cyber Attack, FedEx Temporarily Halts Trading of Its Shares
Dark Reading Staff, Quick Hits
An attack at subsidiary TNT Express may disrupt FedEx's push to hit a record-high share price.
By Dark Reading Staff , 6/28/2017
Comment0 comments  |  Read  |  Post a Comment
Researchers Find 'Vaccine' for Global Ransomware Attack
Dark Reading Staff, Quick Hits
A vaccine, not a killswitch, has been discovered to prevent the Petya/NotPetya ransomware from infecting machines.
By Dark Reading Staff , 6/28/2017
Comment1 Comment  |  Read  |  Post a Comment
Defining Security: The Difference Between Safety & Privacy
Lysa Myers, Security Researcher, ESETCommentary
Words matter, especially if you are making a case for new security measures, state-of-the-art technology or personnel.
By Lysa Myers Security Researcher, ESET, 6/28/2017
Comment0 comments  |  Read  |  Post a Comment
Massive Skype Zero-Day Enables Remote Crashes
Kelly Sheridan, Associate Editor, Dark ReadingNews
A security researcher uncovered a Skype vulnerability that could allow hackers to remotely execute code and crash software if exploited.
By Kelly Sheridan Associate Editor, Dark Reading, 6/27/2017
Comment0 comments  |  Read  |  Post a Comment
Petya Or Not? Global Ransomware Outbreak Hits Europe's Industrial Sector, Thousands More
Jai Vijayan, Freelance writerNews
With echoes of WannaCry, infections spread fast. Some security researchers describe malware as variant of Petya; others say it's a brand new sample.
By Jai Vijayan Freelance writer, 6/27/2017
Comment0 comments  |  Read  |  Post a Comment
No-Name Security Incidents Caused as Many Tears as WannaCry, Pros Say
Dark Reading Staff, Quick Hits
Half of security pros say they've worked just as frantically this year to fix other incidents that the public never heard about.
By Dark Reading Staff , 6/27/2017
Comment1 Comment  |  Read  |  Post a Comment
WannaCry Blame Game: Why Delayed Patching is Not the Problem
T. Frank Downs, Senior Manager, Cyber/Information Security, ISACACommentary
While post mortems about patching, updating, and backups have some value, the best preventative security controls are increased understanding and knowledge.
By T. Frank Downs Senior Manager, Cyber/Information Security, ISACA, 6/27/2017
Comment0 comments  |  Read  |  Post a Comment
Microsoft Integrates EMET into Fall Windows 10 Update
Kelly Sheridan, Associate Editor, Dark ReadingNews
The Windows 10 Creators Update, slated to launch this fall, will include components from the Enhanced Mitigation Experience Toolkit (EMET).
By Kelly Sheridan Associate Editor, Dark Reading, 6/27/2017
Comment0 comments  |  Read  |  Post a Comment
Compliance in the Cloud Needs To Be Continuous & Automated
Tim Prendergast, Founder & CEO, Evident.io
Complex IT environments require timely visibility into risk and compliance.
By Tim Prendergast Founder & CEO, Evident.io, 6/27/2017
Comment7 comments  |  Read  |  Post a Comment
9 Ways to Protect Your Cloud Environment from Ransomware
Kelly Sheridan, Associate Editor, Dark Reading
The same technology driving faster collaboration and data transfer also enables cybercriminals to quickly spread ransomware.
By Kelly Sheridan Associate Editor, Dark Reading, 6/27/2017
Comment0 comments  |  Read  |  Post a Comment
Anthem Agrees to $115 Million Settlement for 2015 Breach
Dark Reading Staff, Quick Hits
If approved, it will dwarf settlements paid by Target, Home Depot, and Ashley Madison.
By Dark Reading Staff , 6/26/2017
Comment14 comments  |  Read  |  Post a Comment
FBI Highlights BEC, Tech Support Scams, Ransomware Concerns
Kelly Sheridan, Associate Editor, Dark ReadingNews
The 2016 Internet Crime Report found tech support fraud, business email compromise, and ransomware were major fraud categories last year.
By Kelly Sheridan Associate Editor, Dark Reading, 6/26/2017
Comment0 comments  |  Read  |  Post a Comment
Look, But Don't Touch: One Key to Better ICS Security
Sara Peters, Senior Editor at Dark ReadingNews
Better visibility is essential to improving the cybersecurity of industrial control systems and critical infrastructure, but the OT-IT cultural divide must be united.
By Sara Peters Senior Editor at Dark Reading, 6/26/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Security Summit Warns of New Phishing Email Targeting Tax Pros
Critical Vulnerability Found in Avaya AES Management Console
VASCO Bolsters DIGIPASS to Aid Mobile App Protection
SailPoint Lays Out Its Vision for the Next Frontier in Identity with IdentityAI
How Safe Is Your Online Behavior?
Global Cybersecurity Summit Spans Cyber Human Rights to AI
Farsight Security and Infoblox Provide Zero-Hour Protection Against Cyberattacks Due to New Domains
Prevalent Acquires Datum Security for SMB Third-Party Risk Management Platform
More Products & Releases
PR Newswire
Talking Cyber-Risk with Executives
Raymond Pompon, Principal Threat Research Evangelist at F5 Networks,  6/23/2017
Threat Intelligence Sharing: The New Normal?
Danelle Au, VP Strategy, SafeBreach,  6/23/2017
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
A Cybersecurity Christmas Story
Automation and orchestration will be essential components of security in 2017. Read >>
Partner Perspectives
What's This?
'Insider Sabotage' among Top 3 Threats CISOs Can't yet Handle
These five steps can help your organizations limit the risks from disgruntled employees and user errors. Read >>
Partner Perspectives
What's This?
Compliance in the Cloud Needs To Be Continuous & Automated
Complex IT environments require timely visibility into risk and compliance. Read >>
Partner Perspectives
What's This?
Doxing, DoS & Defacement: Today's Mainstream Hacktivism Tools
Anyone can get angry at you and become a hacktivist. Here's how to protect your organization from these increasingly common cyber attacks. Read >>
Partner Perspectives
What's This?
Breach Defense Playbook: Cybersecurity Governance
Time to leave the island: Integrate cybersecurity into your risk management strategy. Read >>
Partner Perspectives
What's This?
Let's Get Smarter About Security By Working Together
We all need help, and only by working together can we move the needle on security. Read >>
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.
White Papers
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Flash Poll
Video
Slideshows
Twitter Feed