News & Commentary
WannaCry? Youre Not Alone: The 5 Stages of Security Grief
Eric Thomas, Director of Solutions Architecture, ExtraHopCommentary
As breach after breach hits the news, security professionals cope with the classic experiences of denial, anger, bargaining, depression, and acceptance.
By Eric Thomas Director of Solutions Architecture, ExtraHop, 6/22/2017
Comment0 comments  |  Read  |  Post a Comment
'Stack Clash' Smashed Security Fix in Linux
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Linux, OpenBSD, Free BSD, Solaris security updates available to thwart newly discovered attack by researchers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/21/2017
Comment0 comments  |  Read  |  Post a Comment
The Folly of Vulnerability & Patch Management for ICS Networks
Galina Antova & Patrick McBride, Co-founder & Chief Marketing Officer, ClarotyCommentary
Yes, such efforts matter. But depending on them can give a false sense of security.
By Galina Antova & Patrick McBride Co-founder & Chief Marketing Officer, Claroty, 6/21/2017
Comment0 comments  |  Read  |  Post a Comment
How Smart Cities Can Minimize the Threat of Cyberattacks
Todd Thibodeaux, President & CEO, CompTIACommentary
As cities face the digital future, governments must prioritize cybersecurity protocols to mitigate attacks that could cripple entire communities.
By Todd Thibodeaux President & CEO, CompTIA, 6/14/2017
Comment0 comments  |  Read  |  Post a Comment
The Detection Trap: Improving Cybersecurity by Learning from the Secret Service
Nathaniel Gleicher, Head of Cybersecurity Strategy, IllumioCommentary
Intruders often understand the networks they target better than their defenders do.
By Nathaniel Gleicher Head of Cybersecurity Strategy, Illumio, 6/12/2017
Comment2 comments  |  Read  |  Post a Comment
Your Information Isn't Being Hacked, It's Being Neglected
Mike Baukes, Co-Founder & Co-CEO, UpGuardCommentary
To stop customer information from being compromised, we must shore up the most vulnerable parts first, the day-to-day IT operations work that builds, configures, and changes systems.
By Mike Baukes Co-Founder & Co-CEO, UpGuard, 6/9/2017
Comment1 Comment  |  Read  |  Post a Comment
Security Orchestration Fine-Tunes the Incident Response Process
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Emerging orchestration technology can cut labor-intensive tasks for security analysts.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/8/2017
Comment2 comments  |  Read  |  Post a Comment
The Economics of Software Security: What Car Makers Can Teach Enterprises
Jim Routh, Chief Security Officer, AetnaCommentary
Embedding security controls early in the application development process will go a long way towards driving down the total cost of software ownership.
By Jim Routh Chief Security Officer, Aetna, 6/8/2017
Comment0 comments  |  Read  |  Post a Comment
Security in the Cloud: Pitfalls and Potential of CASB Systems
Kelly Sheridan, Associate Editor, Dark ReadingNews
The transition to cloud has driven a demand for CASB systems, but today's systems lack the full breadth of functionality businesses need.
By Kelly Sheridan Associate Editor, Dark Reading, 6/7/2017
Comment2 comments  |  Read  |  Post a Comment
Cloud, Hackers, Trump Presidency, Drive Security Spend
Kelly Sheridan, Associate Editor, Dark ReadingNews
Businesses reevaluate their security spending in response to the growth of cloud, fear of malicious hackers, and the Trump presidency, research finds.
By Kelly Sheridan Associate Editor, Dark Reading, 6/7/2017
Comment0 comments  |  Read  |  Post a Comment
Securely Managing Employee Turnover: 3 Tips
Greg Kushto, Senior Director of Security & Solutions Engineering at Force 3Commentary
Don't let the process spiral into organizational chaos. Here are steps you can take to keep your company safe.
By Greg Kushto Senior Director of Security & Solutions Engineering at Force 3, 6/5/2017
Comment1 Comment  |  Read  |  Post a Comment
OneLogin Breach Reignites Concerns over Password Managers
Jai Vijayan, Freelance writerNews
Entrusting all your passwords to a single organization creates a single point of failure, experts say in the wake of a new data breach at OneLogin.
By Jai Vijayan Freelance writer, 6/1/2017
Comment1 Comment  |  Read  |  Post a Comment
Internet Society Takes On IoT, Website Security, Incident Response via OTA Merger
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
What happens now that the Online Trust Alliance - which includes Microsoft, Symantec, Twitter, and other big names - will be under the umbrella of the global Internet organization?
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/1/2017
Comment2 comments  |  Read  |  Post a Comment
A Nation State-Looking Cyberattack that Wasn't
Jai Vijayan, Freelance writerNews
Symantec researchers uncover a cybercrime campaign with all the hallmarks of a state-sponsored campaign that didn't even make much money for the attackers.
By Jai Vijayan Freelance writer, 5/31/2017
Comment1 Comment  |  Read  |  Post a Comment
Going Beyond Checkbox Security
Dark Reading, CommentaryVideo
Terry Barbounis, cybersecurity evangelist for CenturyLink, stops by the InformationWeek News Desk.
By Dark Reading , 5/24/2017
Comment0 comments  |  Read  |  Post a Comment
The Fundamental Flaw in TCP/IP: Connecting Everything
Jeff Hussey, President & CEO, Tempered NetworksCommentary
Almost 30 years after its inception, it's time to fix the engine that both fuels the modern day Internet and is the root cause of its most vexing security challenges.
By Jeff Hussey President & CEO, Tempered Networks, 5/17/2017
Comment4 comments  |  Read  |  Post a Comment
New 'Bondnet' Botnet Mines Cryptocurrencies
Kelly Sheridan, Associate Editor, Dark ReadingNews
The botnet has infected more than 15,000 machines at major institutions, including high-profile companies, universities, and city councils.
By Kelly Sheridan Associate Editor, Dark Reading, 5/4/2017
Comment0 comments  |  Read  |  Post a Comment
DDoS Attacks Surge, Organizations Struggle to Respond
Jai Vijayan, Freelance writerNews
Organizations often discover a DDoS attack only after being alerted to the fact by a third-party or customer, Neustar survey shows.
By Jai Vijayan Freelance writer, 5/2/2017
Comment0 comments  |  Read  |  Post a Comment
New Global Resilience Federation Will Share Threat Intel Across Industries
Dark Reading Staff, Quick Hits
Born out of a partnership of information sharing and analysis centers and organizations, Global Resilience Federation launches today to share intelligence and information across a number of industry sectors.
By Dark Reading Staff , 5/2/2017
Comment0 comments  |  Read  |  Post a Comment
CenturyLink, Medina Capital Deal Closes with Launch of Cyxtera Technologies
Dark Reading Staff, Quick Hits
CenturyLink's former data centers and colocation business were combined with Medina Capital's cybersecurity and analytics holdings to create new secure data center infrastructure firm.
By Dark Reading Staff , 5/2/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.