Perimeter
News & Commentary
Tunneling Through The "Walls" Of IoT In The Enterprise
Jose Nazario, Director of Security Research at FastlyCommentary
The movie "Die Hard" has a thing or two to teach us about the pitfalls of the Internet of Things.
By Jose Nazario Director of Security Research at Fastly, 2/22/2017
Comment1 Comment  |  Read  |  Post a Comment
Why We Need To Reinvent How We Catalogue Malware
Paul Shomo,  Technical Manager Strategic Partnerships, Guidance SoftwareCommentary
One obvious trend: crimeware technologies that come with simple user consoles and functionality to create unique binaries at the click of a button.
By Paul Shomo Technical Manager Strategic Partnerships, Guidance Software, 2/22/2017
Comment1 Comment  |  Read  |  Post a Comment
IoT Security: A Ways To Go, But Some Interim Steps For Safety
Terry Sweeney, Contributing EditorNews
The Internet of Things remains vulnerable to botnets and malware, but Cisco's Anthony Grieco offers some tips to keep networks and users more secure
By Terry Sweeney Contributing Editor, 2/15/2017
Comment0 comments  |  Read  |  Post a Comment
Verizon Data Breach Digest Triangulates Humanity Inside Security
Terry Sweeney, Contributing EditorNews
The 99-page report breaks out 16 different attack scenarios and specifies the target, sophistication level, attributes, and attack patterns, along with their times to discovery and containment.
By Terry Sweeney Contributing Editor, 2/13/2017
Comment4 comments  |  Read  |  Post a Comment
How Cybercriminals Turn Employees Into Rogue Insiders
Kelly Sheridan, Associate Editor, InformationWeekNews
The Dark Web is a growing threat to organizations as hackers recruit insiders with access to corporate networks.
By Kelly Sheridan Associate Editor, InformationWeek, 1/31/2017
Comment2 comments  |  Read  |  Post a Comment
How I Would Hack Your Network (If I Woke Up Evil)
John Strand, SANS Senior Instructor & Owner, Black Hills Information SecurityCommentary
How would an attacker target your company? Here's a first-person account of what might happen.
By John Strand SANS Senior Instructor & Owner, Black Hills Information Security, 1/26/2017
Comment18 comments  |  Read  |  Post a Comment
4 Reasons Why You Should Take Ransomware Seriously
Dan Larson,  Technical Director at CrowdStrikeCommentary
The threats keep getting more sophisticated and the stakes keep getting higher. Is your organization ready to meet the challenge?
By Dan Larson Technical Director at CrowdStrike, 1/24/2017
Comment0 comments  |  Read  |  Post a Comment
3 Lessons From The Yahoo Breach
Cemal Dikmen, Chief Security Officer for SS8Commentary
Your organization must address these blind spots to detect sophisticated attacks.
By Cemal Dikmen Chief Security Officer for SS8, 1/20/2017
Comment1 Comment  |  Read  |  Post a Comment
Cyber Lessons From NSAs Admiral Michael Rogers
Nathaniel Gleicher, Head of Cybersecurity Strategy, IllummioCommentary
Security teams must get better at catching intruders where we have the advantage: on our own networks.
By Nathaniel Gleicher Head of Cybersecurity Strategy, Illummio, 1/19/2017
Comment2 comments  |  Read  |  Post a Comment
Close The Gap Between IT & Security To Reduce The Impact Of Cyber Threats
Travis Rosiek, Chief Technology Officer at TychonCommentary
IT and security teams work more effectively together than apart.
By Travis Rosiek Chief Technology Officer at Tychon, 1/17/2017
Comment0 comments  |  Read  |  Post a Comment
Crowdsourcing 20 Answers To Security Ops & IR Questions
Joshua Goldfarb, VP & CTO - Emerging Technologies, FireEyeCommentary
Those who know do not speak. Those who speak do not know. Why it pays to take a hard look at our own incident response functions and operations.
By Joshua Goldfarb VP & CTO - Emerging Technologies, FireEye, 1/12/2017
Comment1 Comment  |  Read  |  Post a Comment
What To Watch For With Ransomware: 2017 Edition
Kelly Sheridan, Associate Editor, InformationWeek
Ransomware will continue to evolve in 2017, bringing new and diverse threats to businesses. What changes are in store?
By Kelly Sheridan Associate Editor, InformationWeek, 1/7/2017
Comment0 comments  |  Read  |  Post a Comment
Another Massive DDoS Closes Out 2016, But Mirai Not To Blame
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Using a new malware variant called Leet, the 650 Gbps DDoS attack matched Mirai's floods of traffic.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/28/2016
Comment0 comments  |  Read  |  Post a Comment
Network Security: An Ounce Of Prevention Is Worth A Pound Of Reaction
Jon Kim, Director of NextGen Networking, Force 3Commentary
For humans ailments, prevention might begin with an allergist. In security, it's the network engineer.
By Jon Kim Director of NextGen Networking, Force 3, 12/22/2016
Comment2 comments  |  Read  |  Post a Comment
California Grad Student Arrested In International DDoS Crackdown
Dark Reading Staff, Quick Hits
Sean Sharma is charged with carrying out distributed denial-of-service attacks against a San Francisco chat website.
By Dark Reading Staff , 12/14/2016
Comment0 comments  |  Read  |  Post a Comment
Bangladesh Police Say Some Bank Officials Involved In Cyberheist
Dark Reading Staff, Quick Hits
Mid-ranking officials of Bangladesh Bank deliberately exposed banks network to allow theft of $81 million, says top investigator.
By Dark Reading Staff , 12/14/2016
Comment0 comments  |  Read  |  Post a Comment
Avalanche Botnet Comes Tumbling Down In Largest-Ever Sinkholing Operation
Sara Peters, Senior Editor at Dark ReadingNews
800,000 domains seized, sinkholed, or blocked, and five individuals arrested, in international effort to bring down botnet linked to 17 major malware families.
By Sara Peters Senior Editor at Dark Reading, 12/1/2016
Comment8 comments  |  Read  |  Post a Comment
Windows Malware Infections Spiked 106% From Black Friday To Cyber Monday
Kelly Sheridan, Associate Editor, InformationWeekNews
The number of infected PCs jumped some 106% during the holiday season's first shopping weekend and 118% above normal on Cyber Monday.
By Kelly Sheridan Associate Editor, InformationWeek, 11/30/2016
Comment1 Comment  |  Read  |  Post a Comment
The Rise Of SecBizOps & Why It Matters
Kevin O'Brien, Co-Founder and CEO, GreatHornCommentary
By aligning security dollars and technology with core business requirements, infosec can become a business enabler, not a business impediment.
By Kevin O'Brien Co-Founder and CEO, GreatHorn, 11/30/2016
Comment1 Comment  |  Read  |  Post a Comment
European Commission Hit By DDoS Attack
Dark Reading Staff, Quick Hits
The cyberattack lasted for several hours and affected output but no loss of data was reported.
By Dark Reading Staff , 11/29/2016
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.