News & Commentary
Close The Gap Between IT & Security To Reduce The Impact Of Cyber Threats
Travis Rosiek, Chief Technology Officer at TychonCommentary
IT and security teams work more effectively together than apart.
By Travis Rosiek Chief Technology Officer at Tychon, 1/17/2017
Comment0 comments  |  Read  |  Post a Comment
Crowdsourcing 20 Answers To Security Ops & IR Questions
Joshua Goldfarb, VP & CTO - Emerging Technologies, FireEyeCommentary
Those who know do not speak. Those who speak do not know. Why it pays to take a hard look at our own incident response functions and operations.
By Joshua Goldfarb VP & CTO - Emerging Technologies, FireEye, 1/12/2017
Comment1 Comment  |  Read  |  Post a Comment
What To Watch For With Ransomware: 2017 Edition
Kelly Sheridan, Associate Editor, InformationWeek
Ransomware will continue to evolve in 2017, bringing new and diverse threats to businesses. What changes are in store?
By Kelly Sheridan Associate Editor, InformationWeek, 1/7/2017
Comment2 comments  |  Read  |  Post a Comment
Another Massive DDoS Closes Out 2016, But Mirai Not To Blame
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Using a new malware variant called Leet, the 650 Gbps DDoS attack matched Mirai's floods of traffic.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/28/2016
Comment2 comments  |  Read  |  Post a Comment
Network Security: An Ounce Of Prevention Is Worth A Pound Of Reaction
Jon Kim, Director of NextGen Networking, Force 3Commentary
For humans ailments, prevention might begin with an allergist. In security, it's the network engineer.
By Jon Kim Director of NextGen Networking, Force 3, 12/22/2016
Comment2 comments  |  Read  |  Post a Comment
California Grad Student Arrested In International DDoS Crackdown
Dark Reading Staff, Quick Hits
Sean Sharma is charged with carrying out distributed denial-of-service attacks against a San Francisco chat website.
By Dark Reading Staff , 12/14/2016
Comment0 comments  |  Read  |  Post a Comment
Bangladesh Police Say Some Bank Officials Involved In Cyberheist
Dark Reading Staff, Quick Hits
Mid-ranking officials of Bangladesh Bank deliberately exposed banks network to allow theft of $81 million, says top investigator.
By Dark Reading Staff , 12/14/2016
Comment0 comments  |  Read  |  Post a Comment
Avalanche Botnet Comes Tumbling Down In Largest-Ever Sinkholing Operation
Sara Peters, Senior Editor at Dark ReadingNews
800,000 domains seized, sinkholed, or blocked, and five individuals arrested, in international effort to bring down botnet linked to 17 major malware families.
By Sara Peters Senior Editor at Dark Reading, 12/1/2016
Comment8 comments  |  Read  |  Post a Comment
Windows Malware Infections Spiked 106% From Black Friday To Cyber Monday
Kelly Sheridan, Associate Editor, InformationWeekNews
The number of infected PCs jumped some 106% during the holiday season's first shopping weekend and 118% above normal on Cyber Monday.
By Kelly Sheridan Associate Editor, InformationWeek, 11/30/2016
Comment1 Comment  |  Read  |  Post a Comment
The Rise Of SecBizOps & Why It Matters
Kevin O'Brien, Co-Founder and CEO, GreatHornCommentary
By aligning security dollars and technology with core business requirements, infosec can become a business enabler, not a business impediment.
By Kevin O'Brien Co-Founder and CEO, GreatHorn, 11/30/2016
Comment1 Comment  |  Read  |  Post a Comment
European Commission Hit By DDoS Attack
Dark Reading Staff, Quick Hits
The cyberattack lasted for several hours and affected output but no loss of data was reported.
By Dark Reading Staff , 11/29/2016
Comment1 Comment  |  Read  |  Post a Comment
German Telco Probes Possible Hack Of 900,000 Customers
Dark Reading Staff, Quick Hits
Network outages bring down services of many Deutsche Telekom customers raising suspicion that external parties may be involved.
By Dark Reading Staff , 11/29/2016
Comment1 Comment  |  Read  |  Post a Comment
Learning To Trust Cloud Security
Larry Biagini, Chief Technology Evangelist, ZscalerCommentary
Cloud-centric computing is inevitable, so you need to face your concerns and be realistic about risks.
By Larry Biagini Chief Technology Evangelist, Zscaler, 11/14/2016
Comment1 Comment  |  Read  |  Post a Comment
The Big Lesson We Must Learn From The Dyn DDoS Attack
Nathaniel Gleicher, Head of Cybersecurity Strategy, IllummioCommentary
The vulnerabilities that make IoT devices susceptible to being used in a botnet also make them the perfect avenue into our data centers and clouds.
By Nathaniel Gleicher, , 11/9/2016
Comment0 comments  |  Read  |  Post a Comment
Stay Vigilant To The Evolving Threat Of Social Engineering
Dan Cuddeford, Director of Sales Engineering, WanderaCommentary
Even the most cyber-savvy individuals can easily get tripped up by a social engineering attack. But users can trip-up a threat simply by paying attention.
By Dan Cuddeford Director of Sales Engineering, Wandera, 11/8/2016
Comment0 comments  |  Read  |  Post a Comment
The 7 Types Of Security Jobs, According To NIST
Steve Zurier, Freelance Writer
NISTs Cybersecurity Workforce Framework gives the security industry a way to classify specific specialty areas and work roles and identify a path for career growth.
By Steve Zurier Freelance Writer, 11/8/2016
Comment4 comments  |  Read  |  Post a Comment
Synopsys Expands Software Security With Cigital, Codiscope Acquisitions
Dark Reading Staff, Quick Hits
Deal is expected to close by December 2016 and will be funded with combination of US cash and debt.
By Dark Reading Staff , 11/8/2016
Comment0 comments  |  Read  |  Post a Comment
New Free Mirai Scanner Tools Spot Infected, Vulnerable IoT Devices
Kelly Sheridan, Associate Editor, InformationWeekNews
Imperva and Rapid7 have built scanners to discover IoT devices vulnerable or infected with Mirai malware.
By Kelly Sheridan Associate Editor, InformationWeek, 11/8/2016
Comment0 comments  |  Read  |  Post a Comment
China Passes Controversial Cybersecurity Law
Dark Reading Staff, Quick Hits
Global business and rights groups raise concern about the censorship that could impact foreign business interests.
By Dark Reading Staff , 11/8/2016
Comment0 comments  |  Read  |  Post a Comment
Changing IoT Passwords Won't Stop Attacks. Here's What Will.
Paul Madsen, Senior Technical Architect, Ping IdentityCommentary
The solution will take an industry-wide effort, it won't happen overnight, and the problem is not the users' fault!
By Paul Madsen Senior Technical Architect, Ping Identity, 11/7/2016
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
Secure Application Development - New Best Practices
Secure Application Development - New Best Practices
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.