Perimeter
News & Commentary
Healthcare Industry Lacks Awareness of IoT Threat, Survey Says
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Three-quarters of IT decision makers report they are "confident" or "very confident" that portable and connected medical devices are secure on their networks.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/20/2017
Comment7 comments  |  Read  |  Post a Comment
Zero-Day Exploit Surfaces that May Affect Millions of IoT Users
Dark Reading Staff, Quick Hits
A zero-day vulnerability dubbed Devil's Ivy is discovered in a widely used third-party toolkit called gSOAP.
By Dark Reading Staff , 7/18/2017
Comment0 comments  |  Read  |  Post a Comment
How Active Intrusion Detection Can Seek and Block Attacks
Kelly Sheridan, Associate Editor, Dark ReadingNews
Researchers at Black Hat USA will demonstrate how active intrusion detection strategies can help administrators detect hackers who are overly reliant on popular attack tools and techniques.
By Kelly Sheridan Associate Editor, Dark Reading, 7/12/2017
Comment0 comments  |  Read  |  Post a Comment
The SOC Is DeadLong Live the SOC
Dan Koloski, Vice President, Oracle's Systems Management and Security  products groupCommentary
The traditional security operations center can't deal with present reality. We must rethink the concept in a way that prepares for the future.
By Dan Koloski Vice President, Oracle's Systems Management and Security products group, 7/7/2017
Comment1 Comment  |  Read  |  Post a Comment
Hacking the State of the ISIS Cyber Caliphate
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers say Islamic State's United Cyber Caliphate remains in its infancy when it comes to cyberattack expertise.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/6/2017
Comment0 comments  |  Read  |  Post a Comment
Avoiding the Dark Side of AI-Driven Security Awareness
Tom Pendergast, Chief Strategist, Security, Privacy, & Compliance, MediaProCommentary
Can artificial intelligence bring an end to countless hours of boring, largely ineffective user training? Or will it lead to a surveillance state within our information infrastructures?
By Tom Pendergast Chief Strategist, Security, Privacy, & Compliance, MediaPro, 7/5/2017
Comment0 comments  |  Read  |  Post a Comment
Why Enterprise Security Needs a New Focus
Kirsten Bay, President and CEO, Cyber adAPTCommentary
The WannaCry ransomware attack shows patching and perimeter defenses aren't enough. Enterprises should combine preventative measures with threat detection tactics.
By Kirsten Bay President and CEO, Cyber adAPT, 6/29/2017
Comment7 comments  |  Read  |  Post a Comment
Defining Security: The Difference Between Safety & Privacy
Lysa Myers, Security Researcher, ESETCommentary
Words matter, especially if you are making a case for new security measures, state-of-the-art technology or personnel.
By Lysa Myers Security Researcher, ESET, 6/28/2017
Comment1 Comment  |  Read  |  Post a Comment
WannaCry Blame Game: Why Delayed Patching is Not the Problem
T. Frank Downs, Senior Manager, Cyber/Information Security, ISACACommentary
While post mortems about patching, updating, and backups have some value, the best preventative security controls are increased understanding and knowledge.
By T. Frank Downs Senior Manager, Cyber/Information Security, ISACA, 6/27/2017
Comment0 comments  |  Read  |  Post a Comment
Recovering from Bad Decisions in the Cloud
Jeff Schilling, Chief Security Officer, ArmorCommentary
The cloud makes it much easier to make changes to security controls than in traditional networks.
By Jeff Schilling Chief Security Officer, Armor, 6/26/2017
Comment1 Comment  |  Read  |  Post a Comment
WannaCry? Youre Not Alone: The 5 Stages of Security Grief
Eric Thomas, Director of Solutions Architecture, ExtraHopCommentary
As breach after breach hits the news, security professionals cope with the classic experiences of denial, anger, bargaining, depression, and acceptance.
By Eric Thomas Director of Solutions Architecture, ExtraHop, 6/22/2017
Comment10 comments  |  Read  |  Post a Comment
'Stack Clash' Smashed Security Fix in Linux
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Linux, OpenBSD, Free BSD, Solaris security updates available to thwart newly discovered attack by researchers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/21/2017
Comment0 comments  |  Read  |  Post a Comment
The Folly of Vulnerability & Patch Management for ICS Networks
Galina Antova & Patrick McBride, Co-founder & Chief Marketing Officer, ClarotyCommentary
Yes, such efforts matter. But depending on them can give a false sense of security.
By Galina Antova & Patrick McBride Co-founder & Chief Marketing Officer, Claroty, 6/21/2017
Comment1 Comment  |  Read  |  Post a Comment
How Smart Cities Can Minimize the Threat of Cyberattacks
Todd Thibodeaux, President & CEO, CompTIACommentary
As cities face the digital future, governments must prioritize cybersecurity protocols to mitigate attacks that could cripple entire communities.
By Todd Thibodeaux President & CEO, CompTIA, 6/14/2017
Comment0 comments  |  Read  |  Post a Comment
The Detection Trap: Improving Cybersecurity by Learning from the Secret Service
Nathaniel Gleicher, Head of Cybersecurity Strategy, IllumioCommentary
Intruders often understand the networks they target better than their defenders do.
By Nathaniel Gleicher Head of Cybersecurity Strategy, Illumio, 6/12/2017
Comment2 comments  |  Read  |  Post a Comment
Your Information Isn't Being Hacked, It's Being Neglected
Mike Baukes, Co-Founder & Co-CEO, UpGuardCommentary
To stop customer information from being compromised, we must shore up the most vulnerable parts first, the day-to-day IT operations work that builds, configures, and changes systems.
By Mike Baukes Co-Founder & Co-CEO, UpGuard, 6/9/2017
Comment1 Comment  |  Read  |  Post a Comment
Security Orchestration Fine-Tunes the Incident Response Process
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Emerging orchestration technology can cut labor-intensive tasks for security analysts.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/8/2017
Comment2 comments  |  Read  |  Post a Comment
The Economics of Software Security: What Car Makers Can Teach Enterprises
Jim Routh, Chief Security Officer, AetnaCommentary
Embedding security controls early in the application development process will go a long way towards driving down the total cost of software ownership.
By Jim Routh Chief Security Officer, Aetna, 6/8/2017
Comment0 comments  |  Read  |  Post a Comment
Security in the Cloud: Pitfalls and Potential of CASB Systems
Kelly Sheridan, Associate Editor, Dark ReadingNews
The transition to cloud has driven a demand for CASB systems, but today's systems lack the full breadth of functionality businesses need.
By Kelly Sheridan Associate Editor, Dark Reading, 6/7/2017
Comment2 comments  |  Read  |  Post a Comment
Cloud, Hackers, Trump Presidency, Drive Security Spend
Kelly Sheridan, Associate Editor, Dark ReadingNews
Businesses reevaluate their security spending in response to the growth of cloud, fear of malicious hackers, and the Trump presidency, research finds.
By Kelly Sheridan Associate Editor, Dark Reading, 6/7/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: " I think Google Doodle is getting a little out of control"
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] Assessing Cybersecurity Risk
[Strategic Security Report] Assessing Cybersecurity Risk
As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.