Database Security
Authentication
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Cybersecurity Buzz Phrase Bingo
Latest News from RSAC 2018
8 Ways Hackers Monetize Stolen Data
The Role of KPIs in Incident Response
7 Non-Financial Data Types to Secure
News & Commentary
North Korea Ramps Up 'Operation GhostSecret' Cyber Espionage Campaign
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Critical infrastructure, entertainment, finance, healthcare, telecoms, among recent targets of the Lazarus Group, aka Hidden Cobra.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/26/2018
Comment0 comments  |  Read  |  Post a Comment
Routing Security Gets Boost with New Set of MANRS for IXPs
Dark Reading Staff, Quick Hits
The Internet Society debuts a new mutually agreed norms initiative for IXPs.
By Dark Reading Staff , 4/26/2018
Comment0 comments  |  Read  |  Post a Comment
How Microsoft, Amazon, Alphabet Are Reshaping Security
Kelly Sheridan, Staff Editor, Dark ReadingNews
Tech's biggest giants are shifting the cybersecurity landscape as they incorporate security into their products and services.
By Kelly Sheridan Staff Editor, Dark Reading, 4/26/2018
Comment0 comments  |  Read  |  Post a Comment
12 Trends Shaping Identity Management
Sara Peters, Senior Editor at Dark Reading
As IAM companies try to stretch 'identity context' into all points of the cybersecurity market, identity is becoming 'its own solar system.'
By Sara Peters Senior Editor at Dark Reading, 4/26/2018
Comment0 comments  |  Read  |  Post a Comment
MyEtherWallet DNS Attack Offers Opt-In Lessons
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Attackers poisoned BGP route tables to redirect Amazon's Route 53 name servers to their malicious servers.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/26/2018
Comment0 comments  |  Read  |  Post a Comment
New Phishing Attack Targets 550M Email Users Worldwide
Dark Reading Staff, Quick Hits
In an attempt to steal financial data, the attack bribes users with coupons in exchange for taking an online quiz.
By Dark Reading Staff , 4/26/2018
Comment1 Comment  |  Read  |  Post a Comment
Why Hackers Love Healthcare
Allan Alford, Chief Information Security OfficerCommentary
The migration of valuable data to the cloud is piquing the interest of cybercrimimals. But there are ways to fight back.
By Allan Alford Chief Information Security Officer, 4/26/2018
Comment0 comments  |  Read  |  Post a Comment
US Healthcare Firms Among Dozens Hit in 'Orangeworm' Cyberattack Campaign
Jai Vijayan, Freelance writerNews
Attackers target healthcare organizations in apparent data theft mission, but could do far more damage, according to Symantec researchers.
By Jai Vijayan Freelance writer, 4/26/2018
Comment1 Comment  |  Read  |  Post a Comment
Europe and Asia Take on More DDoS Attacks
Sara Boddy, Principal Threat Research Evangelist
While North American targets have historically been on the receiving end of the majority of DDoS attacks since their inception, that trend changed in 2017.
By Sara Boddy Principal Threat Research Evangelist, 4/26/2018
Comment1 Comment  |  Read  |  Post a Comment
The Default SAP Configuration That Every Enterprise Needs to Fix
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Nine out of ten organizations are vulnerable to a 13-year-old flaw that puts their most critical business systems at risk of complete criminal takeover.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/26/2018
Comment1 Comment  |  Read  |  Post a Comment
Free New Tool for Building Blockchain Skills
Dark Reading Staff, Quick Hits
Blockchain CTF helps pros build skills with simulations.
By Dark Reading Staff , 4/25/2018
Comment0 comments  |  Read  |  Post a Comment
Yahoo to Pay SEC Fine of $35 Million
Dark Reading Staff, Quick Hits
While Yahoo senior management and legal team knew of the breach, the company failed to conduct due diligence for disclosing it to investors, the agency rules.
By Dark Reading Staff , 4/25/2018
Comment1 Comment  |  Read  |  Post a Comment
Google Adds Security Features to Gmail Face-lift
Kelly Sheridan, Staff Editor, Dark ReadingNews
A redesigned Gmail brings new security measures to improve data protection and applications for artificial intelligence.
By Kelly Sheridan Staff Editor, Dark Reading, 4/25/2018
Comment1 Comment  |  Read  |  Post a Comment
Despite Risks, Nearly Half of IT Execs Don't Rethink Cybersecurity after an Attack
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
A recent survey reveals a troubling degree of security inertia lurking among scores of organizations. But there are a few bright spots.
By Marc Wilczek Digital Strategist & CIO Advisor, 4/25/2018
Comment1 Comment  |  Read  |  Post a Comment
'Webstresser' DDoS Attack Site Shut Down in International Operation
Kelly Sheridan, Staff Editor, Dark ReadingNews
Investigators arrested the admins of Webstresser, the world's largest DDoS marketplace reportedly responsible for more than four million attacks.
By Kelly Sheridan Staff Editor, Dark Reading, 4/25/2018
Comment0 comments  |  Read  |  Post a Comment
Why Information Integrity Attacks Pose New Security Challenges
Tamer Hassan, Co-Founder & CTO, White OpsCommentary
To fight information integrity attacks like the ones recently perpetrated by bots on the FCC's website, we need to change our stance and look for the adversaries hiding in plain sight.
By Tamer Hassan Co-Founder & CTO, White Ops, 4/25/2018
Comment0 comments  |  Read  |  Post a Comment
Low-Cost Crimeware Kit Gaining Popularity in Underground Markets
Jai Vijayan, Freelance writerNews
At $150 for a three-month subscription, Rubella Malware Builder presents a threat to enterprises, Flashpoint says.
By Jai Vijayan Freelance writer, 4/25/2018
Comment1 Comment  |  Read  |  Post a Comment
Diversity: It's About Inclusion
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Unrealistic entry-level job requirements, black-hoodie hacker image problems are among the 'uncomfortable conversations' needed to remedy cybersecurity's diversity gap.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/25/2018
Comment5 comments  |  Read  |  Post a Comment
Cloud Misconceptions Are Pervasive Across Enterprises
Paul Martini, The CEO, co-founder and chief architect of iboss
Shadow IT is rampant at many organizations that rely upon cloud-delivered tools and services to enable remote work, according to a new study. Here's what security teams need to do about it.
By Paul Martini The CEO, co-founder and chief architect of iboss, 4/25/2018
Comment0 comments  |  Read  |  Post a Comment
Latest News from RSAC 2018
Dark Reading Staff, News
Check out Dark Reading's updated, exclusive coverage of the news and security themes that dominated RSA Conference 2018 in San Francisco.
By Dark Reading Staff , 4/25/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Calligo & Corent Partner to Automate Cloud Migration, Data Privac
Kaspersky Lab DDoS Intelligence Report: Long-lasting Attacks, Amplification Attacks, Old Botnets Make a Comeback
70% of Security Pros Think Governments Should Regulate Social Media Data Collection: Venafi Survey
Protecting Confidential Information Remains No. 1 Problem for End Users: Wombat Security
Splunk Customers Accelerate Business Value through Artificial Intelligence
CompTIA Offers Free Cybersecurity Mini Boot Camps at Upcoming AFCEA Defensive Cyber Operations Symposium
SAP Security Tool Now Enables Automated QA & Security Checks for SAPUI5
RedLock Enhances Visibility, Compliance Assurance, and Threat Detection with Azure
More Products & Releases
PR Newswire
Diversity: It's About Inclusion
Kelly Jackson Higgins, Executive Editor at Dark Reading,  4/25/2018
Threat Intel: Finding Balance in an Overcrowded Market
Kelly Sheridan, Staff Editor, Dark Reading,  4/23/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
A Cybersecurity Christmas Story
Automation and orchestration will be essential components of security in 2017. Read >>
Partner Perspectives
What's This?
'Insider Sabotage' among Top 3 Threats CISOs Can't yet Handle
These five steps can help your organizations limit the risks from disgruntled employees and user errors. Read >>
Partner Perspectives
What's This?
A Sneak Peek at the New NIST Cybersecurity Framework
Key focus areas include supply chain risks, identity management, and cybersecurity risk assessment and measurement. Read >>
Partner Perspectives
What's This?
Cloud Misconceptions Are Pervasive Across Enterprises
Shadow IT is rampant at many organizations that rely upon cloud-delivered tools and services to enable remote work, according to a new study. Here's what security teams need to do about it. Read >>
Partner Perspectives
What's This?
IDS & IPS: Two Essential Security Measures
To protect business networks, one line of security isn't enough. Read >>
Partner Perspectives
What's This?
Continuous Compliance and Effective Audit Preparation for the Cloud
Why audits are a necessary evil, and how they can actually help you improve your brand value. Read >>
Partner Perspectives
What's This?
Europe and Asia Take on More DDoS Attacks
While North American targets have historically been on the receiving end of the majority of DDoS attacks since their inception, that trend changed in 2017. Read >>
Partner Perspectives
What's This?
Breach Defense Playbook: Cybersecurity Governance
Time to leave the island: Integrate cybersecurity into your risk management strategy. Read >>
Partner Perspectives
What's This?
Let's Get Smarter About Security By Working Together
We all need help, and only by working together can we move the needle on security. Read >>
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Dark Reading Live EVENTS
Dark Reading Security Pro Summit at Interop ITX 2018
Produced by the Dark Reading Team - The Security Pro Summit is an opportunity for IT security professionals to take a deeper dive into cyber security defense, learning from experts about advanced methods for detecting and responding to new threats.
Topics that will be discussed:
  • Improving Threat Analysis and Implement Threat Hunting Practices
  • Optimizing Vulnerability Detection & Remediation
  • Getting Better Performance From Your Security Operations Center
  • Plus, much more
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Flash Poll
Video
Slideshows
Twitter Feed