Database Security
Authentication
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Dark Reading News Desk Live at Black Hat USA 2017
Best of Black Hat: 20 Epic Talks in 20 Years
Dark Reading INsecurity Conference Registration Now Open
20 Questions for Improving SMB Security
IoT Security Incidents Rampant and Costly
News & Commentary
Voter Registration Data from 9 States Available for Sale on Dark Web
Jai Vijayan, Freelance writerNews
Nearly 10 million voter records sold for just $4 over last few days, according to LookingGlass Cyber Solutions.
By Jai Vijayan Freelance writer, 7/24/2017
Comment0 comments  |  Read  |  Post a Comment
Weather.com, Fusion Expose Data Via Google Groups Config Error
Kelly Sheridan, Associate Editor, Dark ReadingNews
Companies that leaked data accidentally chose the sharing setting "public on the Internet," which enabled anyone on the Web to access all information contained in the messages
By Kelly Sheridan Associate Editor, Dark Reading, 7/24/2017
Comment0 comments  |  Read  |  Post a Comment
7 Hardware & Firmware Hacks Highlighted at Black Hat 2017
Ericka Chickowski, Contributing Writer, Dark Reading
Researchers will hammer home potentially devastating attacks, and demo a range of vulnerabilities, techniques and tools.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/24/2017
Comment0 comments  |  Read  |  Post a Comment
Majority of Security Pros Let Productivity Trump Security
Dawn Kawamoto, Associate Editor, Dark ReadingNews
A survey found that 64% of IT security professionals will tweak security to give workers more flexibility to be productive when asked to make that move by top executives.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/24/2017
Comment1 Comment  |  Read  |  Post a Comment
Bots Make Lousy Dates, But Not Cheap Ones
Inbar Raz, Principal Researcher at PerimeterXCommentary
The danger of dating sites: If a beautiful woman asks men to click on malware, they'll probably click.
By Inbar Raz Principal Researcher at PerimeterX, 7/24/2017
Comment0 comments  |  Read  |  Post a Comment
Microsoft Rolls Out AI-based Security Risk Detection Tool
Kelly Sheridan, Associate Editor, Dark ReadingNews
Microsoft Security Risk Detection leverages artificial intelligence to root out bugs in software before it's released.
By Kelly Sheridan Associate Editor, Dark Reading, 7/21/2017
Comment7 comments  |  Read  |  Post a Comment
Dark Reading News Desk Live at Black Hat USA 2017
Dark Reading Staff, Commentary
Over 40 interviews streaming live right from Black Hat USA, July 26-27, from 2 p.m. - 7 p.m. Eastern Time (11 - 4 P.T.).
By Dark Reading Staff , 7/21/2017
Comment3 comments  |  Read  |  Post a Comment
Speed of Windows 10 Adoption Not Affected by WannaCry
Kelly Sheridan, Associate Editor, Dark ReadingNews
WannaCry has motivated security teams to stay current on patching but Windows 10 adoption remains the same.
By Kelly Sheridan Associate Editor, Dark Reading, 7/21/2017
Comment1 Comment  |  Read  |  Post a Comment
20 Questions for Improving SMB Security
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRACommentary
Security leaders in small and medium-sized business who want to up their game need to first identify where they are now, then, where they want to go.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDDRA, 7/21/2017
Comment1 Comment  |  Read  |  Post a Comment
Using DevOps to Move Faster than Attackers
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Black Hat USA talk will discuss the practicalities of adjusting appsec tooling and practices in the age of DevOps.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/20/2017
Comment0 comments  |  Read  |  Post a Comment
Russian National Receives 5 Years In Jail For Role In 'Citadel' Attacks
Jai Vijayan, Freelance writerNews
Mark Vartanyan is the second individual to be sent to prison in connection with Citadel.
By Jai Vijayan Freelance writer, 7/20/2017
Comment0 comments  |  Read  |  Post a Comment
#HackTor: Tor Opens up its Bug Bounty Program
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The popular identity-cloaking service has expanded its private, invite-only vulnerability discovery program to an open one via HackerOne.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/20/2017
Comment0 comments  |  Read  |  Post a Comment
Healthcare Industry Lacks Awareness of IoT Threat, Survey Says
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Three-quarters of IT decision makers report they are "confident" or "very confident" that portable and connected medical devices are secure on their networks.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/20/2017
Comment0 comments  |  Read  |  Post a Comment
US Banks Targeted with Trickbot Trojan
Kelly Sheridan, Associate Editor, Dark ReadingNews
Necurs botnet spreads Trickbot malware to US financial institutions, while new Emotet banking Trojan attacks discovered - signalling increasingly complex attacks on the industry.
By Kelly Sheridan Associate Editor, Dark Reading, 7/20/2017
Comment0 comments  |  Read  |  Post a Comment
Major Online Criminal Marketplaces AlphaBay and Hansa Shut Down
Dawn Kawamoto, Associate Editor, Dark ReadingNews
International law enforcement operations result in AlphaBay, the largest online marketplace for selling illegal goods from malware to herion, and Hansa, going dark.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/20/2017
Comment0 comments  |  Read  |  Post a Comment
BEC Attacks Far More Lucrative than Ransomware over Past 3 Years
Dawn Kawamoto, Associate Editor, Dark ReadingNews
BEC fraud netted cyberthieves five times more profit than ransomware over a three-year period, according to Cisco's midyear report released today.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/20/2017
Comment0 comments  |  Read  |  Post a Comment
Microsoft Office 365 Users Targeted in Brute Force Attacks
Dark Reading Staff, Quick Hits
Attackers leveraged popular cloud service platforms to conduct persistent - and stealthy - login attempts on corporate Office 365 accounts.
By Dark Reading Staff , 7/20/2017
Comment7 comments  |  Read  |  Post a Comment
DevOps & Security: Butting Heads for Years but Integration is Happening
Zeus Kerravala, Founder and Principal Analyst, ZK ResearchCommentary
A combination of culture change, automation, tools and processes can bring security into the modern world where it can be as agile as other parts of IT.
By Zeus Kerravala Founder and Principal Analyst, ZK Research, 7/20/2017
Comment7 comments  |  Read  |  Post a Comment
Profile of a Hacker: The Real Sabu
David Holmes, World-Wide Security Evangelist, F5
There are multiple stories about how the capture of the infamous Anonymous leader Sabu went down. Here’s one, and another about what he is doing today.
By David Holmes World-Wide Security Evangelist, F5, 7/20/2017
Comment0 comments  |  Read  |  Post a Comment
'AVPass' Sneaks Malware Past Android Antivirus Apps
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers at Black Hat USA will release a toolset that studies and then cheats specific Android AV apps.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/19/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
FireEye Assisting National Police of Ukraine with Recent EternalPetya Investigation
Checkmarx Acquires Codebashing to Redefine Secure Coding Education
Nyotron Raises $21 Million Funding Round
Internet Bug Bounty Receives New Funding to Expand Internet Safety Program
BlackRidge Technology Advisor Whitfield Diffie Elected to Join The Royal Society
BlackRidge Technology Advisor Whitfield Diffie Elected to Join The Royal Society
TeamLogic IT Helps Small Businesses Develop Cybersecurity Roadmap
New RiskSense Service Detects IoT and OT Network Security Threats/Vulnerabilities
More Products & Releases
PR Newswire
DevOps & Security: Butting Heads for Years but Integration is Happening
Zeus Kerravala, Founder and Principal Analyst, ZK Research,  7/20/2017
Microsoft Rolls Out AI-based Security Risk Detection Tool
Kelly Sheridan, Associate Editor, Dark Reading,  7/21/2017
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
A Cybersecurity Christmas Story
Automation and orchestration will be essential components of security in 2017. Read >>
Partner Perspectives
What's This?
'Insider Sabotage' among Top 3 Threats CISOs Can't yet Handle
These five steps can help your organizations limit the risks from disgruntled employees and user errors. Read >>
Partner Perspectives
What's This?
Securing your Cloud Stack from Ransomware
Poor configuration, lack of policies, and permissive behaviors are three factors that can leave your cloud infrastructure vulnerable to ransomware threats. Read >>
Partner Perspectives
What's This?
Profile of a Hacker: The Real Sabu
There are multiple stories about how the capture of the infamous Anonymous leader Sabu went down. Here's one, and another about what he is doing today. Read >>
Partner Perspectives
What's This?
Breach Defense Playbook: Cybersecurity Governance
Time to leave the island: Integrate cybersecurity into your risk management strategy. Read >>
Partner Perspectives
What's This?
Let's Get Smarter About Security By Working Together
We all need help, and only by working together can we move the needle on security. Read >>
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While “red team” conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the “blue team” will be the focus.
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Tell the sysadmin that we have a situation.
White Papers
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

[Strategic Security Report] Assessing Cybersecurity Risk
[Strategic Security Report] Assessing Cybersecurity Risk
As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
Flash Poll
Video
Slideshows
Twitter Feed