Security Geek Gift Guide
6 Personality Profiles of White-Hat Hackers
Ransomware Meets 'Grey's Anatomy'
8 Low or No-Cost Sources of Threat Intelligence
Name That Toon: 'Tis the Season
News & Commentary
Telegram RAT Escapes Detection via Cloud Apps
Dark Reading Staff, Quick Hits
Netskope discovers a new RAT using Dropbox for its payload host and Telegram Messenger for command and control.
By Dark Reading Staff , 12/18/2017
Comment0 comments  |  Read  |  Post a Comment
Kaspersky Lab Files Lawsuit Over DHS Ban of its Products
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Security firm petitions US District Court to rescind decision to prohibit its products on US federal government systems.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/18/2017
Comment0 comments  |  Read  |  Post a Comment
Businesses Fail in Risk Modeling and Management: Report
Kelly Sheridan, Associate Editor, Dark ReadingNews
Businesses struggle to quantify and manage risk, leading to wasted resources and oversight of major problems.
By Kelly Sheridan Associate Editor, Dark Reading, 12/18/2017
Comment0 comments  |  Read  |  Post a Comment
US Government Pays $10,650 Bug Bounty in 'Hack the Air Force' Event
Dark Reading Staff, Quick Hits
The bounty, split between two researchers, is the largest single reward by any government bug bounty program to date.
By Dark Reading Staff , 12/18/2017
Comment0 comments  |  Read  |  Post a Comment
Top 8 Cybersecurity Skills IT Pros Need in 2018
Dawn Kawamoto, Associate Editor, Dark Reading
Cloud security architecture skills to customer-service savvy are among the key IT security skills needed next year as CIOs ramp up hiring.
By Dawn Kawamoto Associate Editor, Dark Reading, 12/18/2017
Comment0 comments  |  Read  |  Post a Comment
Advanced Deception: How It Works & Why Attackers Hate It
Carolyn Crandall, Chief Deception Officer at Attivo NetworksCommentary
While cyberattacks continue to grow, deception-based technology is providing accurate and scalable detection and response to in-network threats.
By Carolyn Crandall Chief Deception Officer at Attivo Networks, 12/18/2017
Comment0 comments  |  Read  |  Post a Comment
19 M California Voter Records Held for Ransom in MongoDB Attack
Dark Reading Staff, Quick Hits
The records were first exposed in an unsecured MongoDB database, continuing a cyber-extortion trend.
By Dark Reading Staff , 12/15/2017
Comment1 Comment  |  Read  |  Post a Comment
Lazarus Group Targets Bitcoin Company
Dark Reading Staff, Quick Hits
The cybercrime group blamed for attacks on the SWIFT financial network launches a spearphishing campaign to steal employee credentials at a London cryptocurrency company.
By Dark Reading Staff , 12/15/2017
Comment0 comments  |  Read  |  Post a Comment
Mobile Device Makers Increasingly Embrace Bug Bounty Programs
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Samsung is the latest to join a small group of smartphone makers to cast their net wide on catching vulnerabilities in their devices.
By Dawn Kawamoto Associate Editor, Dark Reading, 12/15/2017
Comment0 comments  |  Read  |  Post a Comment
Is Your Security Workflow Backwards?
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRACommentary
The pace at which information security evolves means organizations must work smarter, not harder. Here's how to stay ahead of the threats.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDDRA, 12/15/2017
Comment0 comments  |  Read  |  Post a Comment
TRITON Attacker Disrupts ICS Operations, While Botching Attempt to Cause Physical Damage
Jai Vijayan, Freelance writerNews
TRITON malware is discovered after an attack on a safety monitoring system accidentally triggered the shutdown of an industrial process at an undisclosed organization.
By Jai Vijayan Freelance writer, 12/14/2017
Comment0 comments  |  Read  |  Post a Comment
BlueBorne Attack Highlights Flaws in Linux, IoT Security
Kelly Sheridan, Associate Editor, Dark ReadingNews
Bluetooth vulnerabilities let attackers control devices running Linux or any OS derived from it, putting much of the Internet of Things at risk, including popular consumer products.
By Kelly Sheridan Associate Editor, Dark Reading, 12/14/2017
Comment2 comments  |  Read  |  Post a Comment
Why Hackers Are in Such High Demand, and How They're Affecting Business Culture
Jaime Blasco, Vice President and Chief Scientist at AlienVaultCommentary
White hat hackers bring value to organizations and help them defend against today's advanced threats.
By Jaime Blasco Vice President and Chief Scientist at AlienVault, 12/14/2017
Comment1 Comment  |  Read  |  Post a Comment
Is a Good Offense the Best Defense Against Hackers?
Raymond Pompon, Principal Threat Research Evangelist at F5 Networks
A proposed new law could make it legal for companies to hack back against attacker. But will it work?
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 12/14/2017
Comment0 comments  |  Read  |  Post a Comment
2 Million Fake Net Neutrality Comments Stole American Identities
Dark Reading Staff, Quick Hits
New York Attorney General Eric Schneiderman updates the investigation into fake content submitted during the net neutrality comment process.
By Dark Reading Staff , 12/14/2017
Comment3 comments  |  Read  |  Post a Comment
Malware Decompiler Tool Goes Open Source
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Avast's RetDec machine-code decompiler now available for free on Github.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/13/2017
Comment1 Comment  |  Read  |  Post a Comment
Google Sheds Light on Data Encryption Practices
Kelly Sheridan, Associate Editor, Dark ReadingNews
Google explains the details of how it secures information in the cloud and encrypts data in transit.
By Kelly Sheridan Associate Editor, Dark Reading, 12/13/2017
Comment0 comments  |  Read  |  Post a Comment
Former Rutgers Student, Two Others Plead Guilty to Operating Mirai Botnet
Jai Vijayan, Freelance writerNews
Trio faces up to five years in federal prison and fines of up to $250,000
By Jai Vijayan Freelance writer, 12/13/2017
Comment0 comments  |  Read  |  Post a Comment
80% of Americans Admit to Risky Cybersecurity Behaviors
Dark Reading Staff, Quick Hits
Nearly half of survey respondents use unsecured WiFi networks and a third open unsolicited email attachment, a report finds.
By Dark Reading Staff , 12/13/2017
Comment2 comments  |  Read  |  Post a Comment
Healthcare Faces Poor Cybersecurity Prognosis
Kelly Sheridan, Associate Editor, Dark ReadingNews
Experts say the healthcare industry is underestimating security threats as attackers continue to seek data and monetary gain.
By Kelly Sheridan Associate Editor, Dark Reading, 12/13/2017
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
BlueBorne Attack Highlights Flaws in Linux, IoT Security
Kelly Sheridan, Associate Editor, Dark Reading,  12/14/2017
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Can Machine Learning Outsmart Malware?
Using machine learning in the cybersecurity domain is a growing trend with many advantages, but it also has its risks. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
Cartoon Contest
White Papers
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

[Strategic Security Report] Cloud Security's Changing Landscape
[Strategic Security Report] Cloud Security's Changing Landscape
Cloud services are increasingly becoming the platform for mission-critical apps and data. Heres how enterprises are adapting their security strategies!
Flash Poll
Video
Slideshows
Twitter Feed