9 Ways Organizations Sabotage Their Own Security: Lessons from the Verizon DBIR
5 Security Lessons WannaCry Taught Us the Hard Way
8 Notorious Russian Hackers Arrested in the Past 8 Years
WannaCry Hit Windows 7 Machines Most
WannaCry: Ransomware Catastrophe or Failure?
News & Commentary
FTC: It Takes Criminals Just 9 Minutes to Use Stolen Consumer Info
Dark Reading Staff, Quick Hits
Federal Trade Commission experiment lured hackers to learn about how they use stolen consumer information.
By Dark Reading Staff , 5/26/2017
Comment2 comments  |  Read  |  Post a Comment
Elections, Deceptions & Political Breaches
John Bambenek , Senior Threat Researcher, Fidelis CybersecurityCommentary
Political hacks have many lessons for the business world.
By John Bambenek Senior Threat Researcher, Fidelis Cybersecurity, 5/26/2017
Comment0 comments  |  Read  |  Post a Comment
8 Most Overlooked Security Threats
Kelly Sheridan, Associate Editor, Dark Reading
Businesses know the obvious security threats to watch for, but some of the biggest dangers may not at top-of-mind.
By Kelly Sheridan Associate Editor, Dark Reading, 5/26/2017
Comment1 Comment  |  Read  |  Post a Comment
New Samba Bug Dangerous But No WannaCry
Jai Vijayan, Freelance writerNews
The administrators of the open-source Samba software have fixed a newly discovered vulnerability that lets attackers upload malicious files to vulnerable systems and servers.
By Jai Vijayan Freelance writer, 5/25/2017
Comment0 comments  |  Read  |  Post a Comment
In the Cloud, Evolving Infrastructure Means Evolving Alliances
Mike Convertino, CISO & VP, Information Security, F5 NetworksCommentary
New opportunities make for unusual bedfellows. Here's how to navigate the shift in organizational dynamics between security operations, line-of-business managers, and developers.
By Mike Convertino CISO & VP, Information Security, F5 Networks, 5/25/2017
Comment0 comments  |  Read  |  Post a Comment
3 Nigerian Cyberthieves Sentenced to Total of 235 Years in Prison
Dark Reading Staff, Quick Hits
Using love-struck girlfriends found on the Internet to help them carry out their schemes, three Nigerian cyberthieves and their cohorts made off with tens of millions of dollars in pilfered goods before they were ultimately sentenced to a collective total of 235 years in prison.
By Dark Reading Staff , 5/25/2017
Comment1 Comment  |  Read  |  Post a Comment
WannaCry Ransom Notes Penned by Chinese-Speaking Authors, Analysis Shows
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
But a Chinese-language link doesn't shoot down theories of the North Korean Lazarus Group's involvement in the ransomware worm attacks, say language experts at Flashpoint.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/25/2017
Comment0 comments  |  Read  |  Post a Comment
WannaCry Gives Consumers a First Look into Ransomware
Dark Reading Staff, Quick Hits
Although ransomware has been around for two years, it took the fast-moving and expansive WannaCry to provide a majority of consumers their first glimpse, according to a study released today.
By Dark Reading Staff , 5/25/2017
Comment1 Comment  |  Read  |  Post a Comment
You Have One Year to Make GDPR Your Biggest Security Victory Ever
Sara Peters, Senior Editor at Dark ReadingNews
The EU's new razor-toothed data privacy law could either rip you apart or help you create the best security program you've ever had. Here's how.
By Sara Peters Senior Editor at Dark Reading, 5/25/2017
Comment3 comments  |  Read  |  Post a Comment
Medical Devices Fall Short in Security Best Practices
Dawn Kawamoto, Associate Editor, Dark ReadingNews
More than half of medical device makers and healthcare delivery organizations anticipate an attack on their medical devices within the next 12 months, but only a smattering take significant steps to prevent it, according to a survey released today.
By Dawn Kawamoto Associate Editor, Dark Reading, 5/25/2017
Comment0 comments  |  Read  |  Post a Comment
Ransomware: Carding's Replacement for the Criminal Masses
Levi Gundert, Vice President, Threat Intelligence, Recorded FutureCommentary
Ransomware is not only here to stay, it's going to proliferate by orders of magnitude and cause substantial risk to businesses for the foreseeable future.
By Levi Gundert Vice President, Threat Intelligence, Recorded Future, 5/25/2017
Comment0 comments  |  Read  |  Post a Comment
82% of Databases Left Unencrypted in Public Cloud
Kelly Sheridan, Associate Editor, Dark ReadingNews
Personal health information and other sensitive data is left exposed as businesses overlook encryption and network security.
By Kelly Sheridan Associate Editor, Dark Reading, 5/25/2017
Comment2 comments  |  Read  |  Post a Comment
Split Tunnel SMTP Exploit Bypasses Email Security Gateways
Jai Vijayan, Freelance writerNews
Attackers can inject malicious payloads directly to email server via email encryption appliances, Securolytics says.
By Jai Vijayan Freelance writer, 5/25/2017
Comment3 comments  |  Read  |  Post a Comment
WannaCry: The North Korea Debate
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers split over whether an infamous North Korean hacking group, an affiliate, or another attacker altogether, is behind the epic ransomware worm.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/24/2017
Comment0 comments  |  Read  |  Post a Comment
Unsanctioned Computer Support Costs Companies $88K per Year
Dark Reading Staff, Quick Hits
A new survey of security professionals says that 83% of respondents help colleagues in other departments fix their privately-owned computers on company time.
By Dark Reading Staff , 5/24/2017
Comment1 Comment  |  Read  |  Post a Comment
Data Security & Privacy: The Risks of Not Playing by the Rules
Peter Merkulov, VP, Product Strategy & Technology AlliancesCommentary
Achieving compliance is a complex and challenging process. But with the right systems and policies, you can stay ahead of the next data breach and the regulators.
By Peter Merkulov VP, Product Strategy & Technology Alliances, 5/24/2017
Comment1 Comment  |  Read  |  Post a Comment
DDoS Attacks Fell 23% in First Quarter, Grew in Size
Dark Reading Staff, Quick Hits
Although the number of DDoS attacks dropped in the first three months of the year, the average size of each attack grew, according to a Verisign report released Tuesday.
By Dark Reading Staff , 5/24/2017
Comment2 comments  |  Read  |  Post a Comment
Target Reaches Breach Settlement: $18.5 Million Fine, Security Controls
Kelly Sheridan, Associate Editor, Dark ReadingNews
Target to cough up $18.5 million to 47 states in a settlement following its 2013 security breach, which exposed data of millions of customers.
By Kelly Sheridan Associate Editor, Dark Reading, 5/24/2017
Comment3 comments  |  Read  |  Post a Comment
4 Reasons the Vulnerability Disclosure Process Stalls
Lawrence Munro, Worldwide Vice President of SpiderLabs at TrustwaveCommentary
The relationship between manufacturers and researchers is often strained. Here's why, along with some resources to help.
By Lawrence Munro Worldwide Vice President of SpiderLabs at Trustwave, 5/24/2017
Comment1 Comment  |  Read  |  Post a Comment
Data Breach, Vulnerability Data on Track to Set New Records in 2017
Jai Vijayan, Freelance writerNews
There are so far 1,254 publicly reported data breaches and 4,837 published vulnerabilities in the first quarter of this year.
By Jai Vijayan Freelance writer, 5/23/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Joe Stanganelli
Current Conversations "I think we should hire this one."
In reply to: ntt4
Post Your Own Reply
More Conversations
PR Newswire
With Billions Spent on Cybersecurity, Why Are Problems Getting Worse?
Grant Elliott, CEO and Co-Founder of Ostendio,  5/23/2017
You Have One Year to Make GDPR Your Biggest Security Victory Ever
Sara Peters, Senior Editor at Dark Reading,  5/25/2017
Target Reaches Breach Settlement: $18.5 Million Fine, Security Controls
Kelly Sheridan, Associate Editor, Dark Reading,  5/24/2017
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.
White Papers
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Flash Poll
Video
Slideshows
Twitter Feed