Dark Reading | Security | Protect The Business

Network Computing Darkreading

Advertise

About Us

2018 Pwnie Awards: Who Pwned, Who Got Pwned

Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms

Breaking Down the PROPagate Code Injection Attack

Top Stories

2018 Pwnie Awards: Who Pwned, Who Got Pwned

Election Websites, Back-End Systems Most ...

6 Eye-Raising Third-Party Breaches

10 Threats Lurking on the Dark Web

Breaking Down the PROPagate Code ...

News & Commentary

Make a Wish: Dark Reading Caption Contest Winners

Marilyn Cohodas, Managing Editor, Dark Reading

Commentary

Certification, endpoint security, 2FA, phishing, and PII were among the themes and puns offered by readers in our latest cartoon caption competition. And the winners are ...

By Marilyn Cohodas Managing Editor, Dark Reading, 8/18/2018

0 comments | Read | Post a Comment

Researchers Find New Fast-Acting Side-Channel Vulnerability

Curtis Franklin Jr., Senior Editor at Dark Reading

News

A group of researchers from Georgia Tech have discovered a method for pulling encryption keys from mobile devices without ever touching the phones, themselves.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/17/2018

0 comments | Read | Post a Comment

Malicious Cryptomining & Other Shifting Threats

Commentary Video

Skybox Security CMO Michelle Johnson Cobb discloses research results that include a spike in malicious cryptomining during Bitcoin’s peak, a shift to outside-the-perimeter mobile threats, and more.

By Dark Reading Staff , 8/17/2018

0 comments | Read | Post a Comment

The Economics of AI-Enabled Security

Commentary Video

While AI greatly enhances security, Securonix CTO Tanuj Gulati points out the need for predictable cost models that insulate SOCs from the variables of massive data volume and intense real-time processing.

By Dark Reading Staff , 8/17/2018

0 comments | Read | Post a Comment

Using Threat Deception on Malicious Insiders

Commentary Video

Illusive Networks CEO Ofer Israeli reveals how distributed deception technology can be as effective against insider threats as it is against outsiders, since it thwarts the lateral movement common to both.

By Dark Reading Staff , 8/17/2018

0 comments | Read | Post a Comment

Filtering the Threat Intelligence Tsunami

Commentary Video

Reversing Labs CEO Mario Vuksan contends that SOCs are overwhelmed by global threat intelligence, and can benefit more from a targeted "pull" model that focuses on YARA-type binary pattern matching.

By Dark Reading Staff , 8/17/2018

0 comments | Read | Post a Comment

Ensuring Web Applications Are Hardened, Secure

Commentary Video

Ofer Maor of Synopsys Software Integrity Group describes how automated testing can non-intrusively pinpoint where developers may be inadvertently exposing data and/or violating compliance mandates.

By Dark Reading Staff , 8/17/2018

0 comments | Read | Post a Comment

Marap Malware Appears, Targeting Financial Sector

Quick Hits

A new form of modular downloader packs the ability to download other modules and payloads.

By Dark Reading Staff , 8/17/2018

1 Comment | Read | Post a Comment

Latest Comment: RyanSepe, I can see modular malware being problematic for traditional AV systems that...

Building Security into the DevOps Pipeline

Commentary Video

As companies pump more code into production at a faster pace, CA Veracode VP of Security Research Chris Eng stresses the importance of avoiding vulnerabilities by building security directly into the DevOps pipeline.

By Dark Reading Staff , 8/17/2018

0 comments | Read | Post a Comment

Supplementing the SOC with Cyber-as-a-Service

Commentary Video

Raytheon Cyber Protection Solutions CTO Mark Orlando suggests under-resourced SOCs enhance their effectiveness at-scale by tapping the advanced cyber defense automation his company has developed.

By Dark Reading Staff , 8/17/2018

0 comments | Read | Post a Comment

Exploring, Exploiting Active Directory Admin Flaws

Kelly Sheridan, Staff Editor, Dark Reading

News

Common methods AD administrators use to protect their environments can easily be exploited. Here's how.

By Kelly Sheridan Staff Editor, Dark Reading, 8/17/2018

0 comments | Read | Post a Comment

Assessing & Mitigating Increased Exposure to Third-Party Risk

Commentary Video

As we increasingly connect with each other digitally, CyberGRX CRO Scott Schneider believes we need to be much more diligent about sharing validated insight into the infosec maturity of our organizations.

By Dark Reading Staff , 8/17/2018

0 comments | Read | Post a Comment

Australian Teen Hacked Apple Network

Quick Hits

The 16-year-old made off with 90 gigs of sensitive data.

By Dark Reading Staff , 8/17/2018

2 comments | Read | Post a Comment

Latest Comment: RyanSepe, I definitely concur. I feel like the days of crack my security for your interview...

Leveraging the Power of your End-Users’ Human Cognition

Commentary Video

Cofense CEO Rohyt Belani makes a case for more aggressively leveraging the unique ability of your most perceptive and well-trained end-users to help you more quickly spot and stop email threats.

By Dark Reading Staff , 8/17/2018

0 comments | Read | Post a Comment

How Orchestration, Automation Help SOCs Do More With Less

Commentary Video

Splunk’s Haiyan Song and Oliver Friedrichs - co-founder of recently acquired Phantom - explain how security orchestration, automation, and response (SOAR) can empower SOCs to do more with less.

By Dark Reading Staff , 8/17/2018

0 comments | Read | Post a Comment

Crowd-sourcing Threat Intelligence & Response Guidance

Commentary Video

AlienVault SVP Russ Spitler encourages participation in the large-scale crowdsourced OTX threat intelligence community — as well as the rich expertise of “crowd-curated” response guidance.

By Dark Reading Staff , 8/17/2018

0 comments | Read | Post a Comment

Simplifying Endpoint Hardening, Defense & Response

Commentary Video

Ziften CEO Mike Hamilton advocates taking complexity, time, and cost out of multi-faceted endpoint protection, with a single-agent solution for laptops, desktops, servers, and cloud VMs.

By Dark Reading Staff , 8/17/2018

0 comments | Read | Post a Comment

The 5 Challenges of Detecting Fileless Malware Attacks

Travis Rosiek, Chief Technology and Strategy Officer, BluVector

Commentary

Simply applying file-based tools and expectations to fileless attacks is a losing strategy. Security teams must also understand the underlying distinctions between the two.

By Travis Rosiek Chief Technology and Strategy Officer, BluVector , 8/17/2018

1 Comment | Read | Post a Comment

Simplifying Defense Across the MITRE ATT&CK Matrix

Commentary Video

Endgame’s Mark Dufresne says SOCs can achieve better results within their existing staff and budget constraints with AI- and visualization-empowered, unified defense across the MITRE ATT&CK™ matrix.

By Dark Reading Staff , 8/17/2018

0 comments | Read | Post a Comment

The Rise of Bespoke Ransomware

Commentary Video

Drawing from a recent study by SophosLabs, Principal Research Scientist Chester Wisniewski highlights a shift to the rise of more targeted and sophisticated ransomware threats, such as SamSam.

By Dark Reading Staff , 8/17/2018

0 comments | Read | Post a Comment

More Stories

Current Conversations

Posted by RyanSepe

I definitely concur. I feel like the days of crack my security for your interview are over and now it goes into harsh sentencing.

In reply to: Re: Admiral Kirk was right
Post Your Own Reply

Posted by ClaJones

Man, "I wish you to complete my GDPR compliance for me" Genie... "aaaaaa... no habla englis"

In reply to: Man with Genie
Post Your Own Reply

Posted by RyanSepe

I can see modular malware being problematic for traditional AV systems that deal with signature based analysis but what about ones that deal with process execution such as a Cylance or Carbon Black? With this marap downloader...

In reply to: Modular Malware against BA or Signatures
Post Your Own Reply

Posted by REISEN1955

"Galavanting around the universe is a game for the young." The Wrath of Khan - and Apple should hire this young wizard to monitor defence from the inside. In exchange for light sentence.

In reply to: Admiral Kirk was right
Post Your Own Reply

Posted by gif-washco

I have worked with and reported to female coworkers and leaders. The leaders in this article seem to have a common trait of being extroverts, no difference in comparison to their male counterparts. However, a lot of unsung...

In reply to: Extroverts?
Post Your Own Reply

Posted by tdsan

I enjoyed reading the post, it seems that ADFS has some issues but it if someone with the right influence, money, and power wanted to make a go at getting a person's credentials, they could. So this goes beyond the ADFS...

In reply to: Very good article
Post Your Own Reply

Posted by tdsan

It is interesting how companys try to save face when someone from the outside identified this vulnerability or the Spectre vulnerability. It seems that my trust in Intel has diminished. I will provide examples: 1. This...

In reply to: Really, was it already there and we just did not know about it
Post Your Own Reply

Posted by REISEN1955

Let's look a few years down the road (no pun) and we start to have self-flying commercial aircraft. It's out there and can happen, we already have auto-pilots. Now put terrorist into this mix and you have something...

In reply to: The horror of it all
Post Your Own Reply

Posted by REISEN1955

Much of the architecture of contemporary systems still hold their lines back to the original IBM-AT 286 processor and config. It was such a solid standard that everything today is still flagged back to it and the original...

In reply to: Interesting note for history
Post Your Own Reply

Posted by AdelaidaP

It is always Russia for the last decade... This is geting suspicious.

In reply to: suspicious
Post Your Own Reply

Posted by AdelaidaP

I think you can't be 100% prepared for all.

In reply to: just
Post Your Own Reply

Posted by websitemonkey

I'll need you to first enable Android's option to install programs from unknown sources.

In reply to: Name That Toon: Mobile Threat
Post Your Own Reply

More Conversations

Products & Releases

4th Annual Global Cybersecurity Forum, HackIT 4.0: Exploit Blockchain will be held October 8 – 11 in Kyiv, Ukraine

Exabeam Raises $50 Million in Series D, Targets SIEM Market

Gigamon and Endace Partner to Provide Complete Visibility Into Network Traffic for Performance and Security Analytics

Imperva Completes the Acquisition of Prevoty

Spam and Phishing in Q2: Financial sector customers top targets of phishing attacks

Venafi Study: 93% of Security Professionals Say Election Infrastructure Is at Risk

Illusive Networks Expands FirstMove Services to Drive Adoption of Deception-based Security

Faxploit: Attackers Use Fax Machines to Take over Networks, Spread Malware, Check Point Finds

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms

Kelly Jackson Higgins, Executive Editor at Dark Reading, 8/14/2018

Intel Reveals New Spectre-Like Vulnerability

Curtis Franklin Jr., Senior Editor at Dark Reading, 8/15/2018

Australian Teen Hacked Apple Network

Dark Reading Staff 8/17/2018

Partner Perspectives

What's This?

A Cybersecurity Christmas Story

Automation and orchestration will be essential components of security in 2017. Read >>

Investments In Security Operations Centers Are Paying Off, Study Finds

0 comments

Are Unconscious Biases Weakening Your Security Posture?

0 comments

More Stories

Partner Perspectives

What's This?

'Insider Sabotage' among Top 3 Threats CISOs Can't yet Handle

These five steps can help your organizations limit the risks from disgruntled employees and user errors. Read >>

Report: Only 2 in 3 Cyber Attacks Can Be Stopped with Current Defenses

3 comments

How to Secure Hyperconverged Infrastructures & Why It Is Different

0 comments

More Stories

Partner Perspectives

What's This?

A Sneak Peek at the New NIST Cybersecurity Framework

Key focus areas include supply chain risks, identity management, and cybersecurity risk assessment and measurement. Read >>

Misleading Cyber Foes with Deception Technology

0 comments

Enabling Better Risk Mitigation with Threat Intelligence

0 comments

More Stories

Partner Perspectives

What's This?

Cloud Misconceptions Are Pervasive Across Enterprises

Shadow IT is rampant at many organizations that rely upon cloud-delivered tools and services to enable remote work, according to a new study. Here's what security teams need to do about it. Read >>

How to Leverage Artificial Intelligence for Cybersecurity

0 comments

Avoiding the Ransomware Mistakes that Crippled Atlanta

8 comments

More Stories

Partner Perspectives

What's This?

An Industry In Transition: Key Tech Trends In 2018

Read >>

Get Smart About Network Segmentation & Traffic Routing

0 comments

Report: More Breaches Despite Increasing Security Budgets

0 comments

More Stories

Partner Perspectives

What's This?

Continuous Compliance and Effective Audit Preparation for the Cloud

Why audits are a necessary evil, and how they can actually help you improve your brand value. Read >>

5 Factors to Secure & Streamline Your Cloud Deployment

0 comments

Cloud Complexity Mandates Security Visibility

0 comments

More Stories

Partner Perspectives

What's This?

Boosting Security Effectiveness with 'Adjuvants'

How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program. Read >>

Electroneum Cryptomining Targets Microsoft IIS 6.0 Vulnerability

0 comments

4 Critical Applications and How to Protect Them

0 comments

More Stories

Partner Perspectives

What's This?

Breach Defense Playbook: Cybersecurity Governance

Time to leave the island: Integrate cybersecurity into your risk management strategy. Read >>

Breach Defense Playbook: Incident Response Readiness (Part 2)

0 comments

Breach Defense Playbook: Incident Response Readiness (Part 1)

0 comments

More Stories

Partner Perspectives

What's This?

Let's Get Smarter About Security By Working Together

We all need help, and only by working together can we move the needle on security. Read >>

Cybersecurity Self-Esteem: 4 Things Confident Teams Are Doing

0 comments

How the Adoption of EDR Transforms a SOC’s Effectiveness

0 comments

More Stories

Partner Perspectives

What's This?

WanaCrypt0r Hits Worldwide

Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>

Malspam Causing Havoc for Mac & Windows

0 comments

OSX.Bella: Mac Malware Strikes Again

1 Comment

More Stories

Partner Perspectives

What's This?

Endpoint Security: Putting The Focus On What Matters

Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>

Are You Making This Endpoint Security Mistake?

0 comments

Asset Segmentation: The Key To Control

0 comments

More Stories

Live Events

Webinars

More UBM Tech
Live Events

INsecurity Conference - An Event Like No Other

Black Hat Trainings - October 22 & 23

Are You Looking to Learn About New Cybersecurity Threats & Challenges? Then INsecurity Is For You!

Dark Reading Live EVENTS

INsecurity 2018 A Dark Reading Conference | October 23-25 at the Sheraton Grand Chicago

INsecurity is for the defenders of enterprise security—the IT team members tasked with protecting critical data from cyber threats—and will offer real-world case studies, peer sharing and practical, actionable content for IT teams and professionals seeking better, more effective practices for defending enterprise data.

Learn More

Cartoon