Database Security
Authentication
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Risk
News & Commentary
KPMG: Cybersecurity Has Reached a ‘Tipping Point’ from Tech to CEO Business Issue
Tony Buffomante, KPMG, U.S. Cyber Security Services LeaderCommentary
Still, a majority of US-based chief execs say they will be maintaining and not investing in security technology over the next three years, a recent study shows.
By Tony Buffomante KPMG, U.S. Cyber Security Services Leader, 6/22/2017
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Launches New Conference on Cyber Defense
Tim Wilson, Editor in Chief, Dark Reading, Commentary
November event will focus on attendee interaction, "blue team" best practices
By Tim Wilson, Editor in Chief, Dark Reading , 6/21/2017
Comment2 comments  |  Read  |  Post a Comment
Cyber Insurance: Read the Fine Print!
Sara Boddy, Principal Threat Research Evangelist
Applying for insurance is a grueling process involving detailed questionnaires and lengthy technical interviews that can still leave you without an adequate safety net.
By Sara Boddy Principal Threat Research Evangelist, 6/15/2017
Comment1 Comment  |  Read  |  Post a Comment
By the Numbers: Parsing the Cybersecurity Challenge
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Why your CEO should rethink company security priorities in the drive for digital business growth.
By Marc Wilczek Digital Strategist & CIO Advisor, 6/14/2017
Comment3 comments  |  Read  |  Post a Comment
Europol Operation Busts Payment Card Identity Theft Ring
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Members of an international crime ring of payment card skimmers who stole more than $500,000 were arrested by a joint multi-national law enforcement operation.
By Dawn Kawamoto Associate Editor, Dark Reading, 6/13/2017
Comment0 comments  |  Read  |  Post a Comment
Businesses Spend 1,156 Hours Per Week on Endpoint Security
Kelly Sheridan, Associate Editor, Dark ReadingNews
Insecure endpoints cost businesses millions of dollars, and hours of productivity, as they struggle to detect and contain threats.
By Kelly Sheridan Associate Editor, Dark Reading, 6/13/2017
Comment1 Comment  |  Read  |  Post a Comment
Ditch the Big Ass Spreadsheet with Continuous Security Compliance
Tim Prendergast, Founder & CEO, Evident.io
Replacing outdated spreadsheets with automated, continuous monitoring reduces workload and increases reliability, making compliance easy.
By Tim Prendergast Founder & CEO, Evident.io, 6/13/2017
Comment0 comments  |  Read  |  Post a Comment
Security in the Cloud: Pitfalls and Potential of CASB Systems
Kelly Sheridan, Associate Editor, Dark ReadingNews
The transition to cloud has driven a demand for CASB systems, but today's systems lack the full breadth of functionality businesses need.
By Kelly Sheridan Associate Editor, Dark Reading, 6/7/2017
Comment2 comments  |  Read  |  Post a Comment
Cybersecurity Stands as Big Sticking Point in Software M&A
Ericka Chickowski, Contributing Writer, Dark ReadingNews
The breach that was the fly in the ointment of the Yahoo-Verizon deal is one of many now surfacing as security of acquired firms starts to become a point of negotiation.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/7/2017
Comment0 comments  |  Read  |  Post a Comment
Sensitive DoD Data Discovered on Unprotected Server
Dark Reading Staff, Quick Hits
Researcher found unsecured repository of 60,000 documents of sensitive US data on a publicly exposed Amazon Web Services "S3" bucket used by government contractor Booz Allen Hamilton.
By Dark Reading Staff , 6/1/2017
Comment2 comments  |  Read  |  Post a Comment
SMB Security: Don’t Leave the Smaller Companies Behind
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRACommentary
Helping improve the security posture of small and medium-sized businesses should be a priority for security organizations of all sizes.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDDRA, 6/1/2017
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Insurance Lacking at 50% of US Companies
Dark Reading Staff, Quick Hits
While half of US security professionals say their companies passed on cybersecurity insurance, the figure is far higher in healthcare, according to a survey released today.
By Dark Reading Staff , 5/31/2017
Comment0 comments  |  Read  |  Post a Comment
Mobile App Back-End Servers, Databases at Risk
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Mobile app developers'casual use of back-end technology like Elasticsearch without security-hardening puts unsuspecting enterprises at grave risk of exposure.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/31/2017
Comment0 comments  |  Read  |  Post a Comment
Securing the Human a Full-Time Commitment
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Encouraging the people in your organization to make safer cyber decisions requires dedicated brainpower to pull off, SANS study shows.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/30/2017
Comment0 comments  |  Read  |  Post a Comment
Going Beyond Checkbox Security
Dark Reading, CommentaryVideo
Terry Barbounis, cybersecurity evangelist for CenturyLink, stops by the InformationWeek News Desk.
By Dark Reading , 5/24/2017
Comment0 comments  |  Read  |  Post a Comment
Data Security & Privacy: The Risks of Not Playing by the Rules
Peter Merkulov, VP, Product Strategy & Technology AlliancesCommentary
Achieving compliance is a complex and challenging process. But with the right systems and policies, you can stay ahead of the next data breach — and the regulators.
By Peter Merkulov VP, Product Strategy & Technology Alliances, 5/24/2017
Comment1 Comment  |  Read  |  Post a Comment
Target Reaches Breach Settlement: $18.5 Million Fine, Security Controls
Kelly Sheridan, Associate Editor, Dark ReadingNews
Target to cough up $18.5 million to 47 states in a settlement following its 2013 security breach, which exposed data of millions of customers.
By Kelly Sheridan Associate Editor, Dark Reading, 5/24/2017
Comment3 comments  |  Read  |  Post a Comment
9 Ways Organizations Sabotage Their Own Security: Lessons from the Verizon DBIR
Dawn Kawamoto, Associate Editor, Dark Reading
Mistakes and missteps plague enterprise security. The Verizon 2017 Data Breach Investigations Report (DBIR) offers nuggets on what organizations must stop doing – now.
By Dawn Kawamoto Associate Editor, Dark Reading, 5/23/2017
Comment0 comments  |  Read  |  Post a Comment
5 Security Lessons WannaCry Taught Us the Hard Way
Ericka Chickowski, Contributing Writer, Dark ReadingNews
There is a lot more our industry should be doing to protect its systems and data from cyber blackmail.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/18/2017
Comment8 comments  |  Read  |  Post a Comment
Survey: Unpatched Windows OS on the Rise
Dark Reading Staff, Quick Hits
Despite the rise in vulnerabilities, the percentage of unpatched Windows operating systems grew in the first quarter compared to the previous year.
By Dark Reading Staff , 5/17/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
Weak DevOps Cryptographic Policies Increase Financial Services Cyber Risk: Venafi
Nominum Introduces DNS-based SaaS Solution
Optiv Security Improves Third-Party Risk Intelligence for Risk Monitoring
Convicted Russian Cyber Criminal Roman Seleznev Faces Charges in Atlanta
International Consortium Launches to Prevent Criminal Use of Dark Web and Virtual Currencies
House Bill to Help Small Businesses Facing Cybersecurity Risks
Less Than Half of Organizations are Preparing for GDPR Despite Awareness
Sword & Shield Enterprise Security Offers Purple Team Assessment Services
More Products & Releases
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Wow, they weren't lying! Emacs does have a command for everything..."
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.