Network Computing Darkreading

Advertise

Risk

News & Commentary

What's Next after the SEC 'Insider Trading' Breach?

David L. Axelrod and Terence M. Grugan, Partner, Ballard Spahr

Commentary

Last month's hack of the Security Exchange Commission may prove to be the most high-profile corporate gatekeeper attack to date. But it definitely won't be the last.

By David L. Axelrod and Terence M. Grugan Partner, Ballard Spahr, 10/19/2017

0 comments | Read | Post a Comment

What's Next After HTTPS: A Fully Encrypted Web?

Commentary

As the rate of HTTPS adoption grows faster by the day, it's only a matter of time before a majority of websites turn on SSL. Here's why.

By Guy Podjarny CEO & Cofounder, Snyk, 10/18/2017

0 comments | Read | Post a Comment

Banks Start Broad Use of Blockchain, as JP Morgan, IBM Lead Way

Ericka Chickowski, Contributing Writer, Dark Reading

News

Two major players announced cross-border payment networks built on blockchain technologies Monday, and more financial services will follow soon, despite opinions about Bitcoin.

By Ericka Chickowski Contributing Writer, Dark Reading, 10/17/2017

0 comments | Read | Post a Comment

Reuters: Microsoft's 2013 Breach Hit Bug Repository, Insiders Say

Quick Hits

Five anonymous former Microsoft employees tell Reuters that Microsoft's database of internally discovered vulnerabilities was compromised in 2013, but Microsoft will not confirm it occurred.

By Dark Reading Staff , 10/17/2017

0 comments | Read | Post a Comment

ATM Machine Malware Sold on Dark Web

Quick Hits

Cybercriminals are advertising ATM malware that's designed to exploit hardware and software vulnerabilities on the cash-dispensing machines.

By Dark Reading Staff , 10/17/2017

0 comments | Read | Post a Comment

Google Bolsters Security for Select Groups

Quick Hits

Business leaders, political campaign teams, journalists, and other high-risk groups will receive advanced email and account protection.

By Dark Reading Staff , 10/17/2017

0 comments | Read | Post a Comment

InfoSec Pros Among Worst Offenders of Employer Snooping

Dawn Kawamoto, Associate Editor, Dark Reading

News

A majority of IT security professionals admit to trolling through company information unrelated to their work -- even sensitive material.

By Dawn Kawamoto Associate Editor, Dark Reading, 10/17/2017

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, Hardly IF you browse your company's data JUST to find out interesting stuff. ...

Why Security Leaders Can't Afford to Be Just 'Left-Brained'

Bill Bradley, SVP, Cyber Engineering and Technical Services, CenturyLink

Commentary

The left side of the brain is logical and linear; the right side, creative. You have to use both sides of the brain to connect to your audience in your business.

By Bill Bradley SVP, Cyber Engineering and Technical Services, CenturyLink, 10/17/2017

2 comments | Read | Post a Comment

Latest Comment: Joe Stanganelli, This left-brainedness -- and stereotypes of it -- are also part of why a lot...

New Cybercrime Campaign a 'Clear and Imminent' Threat to Banks Worldwide

Kelly Jackson Higgins, Executive Editor at Dark Reading

News

Hundreds of millions of dollars stolen from banks via an sophisticated attack that blended cyber and physical elements.

By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/16/2017

0 comments | Read | Post a Comment

GDPR Compliance: 5 Early Steps to Get Laggards Going

If you're just getting on the EU General Data Protection Regulation bandwagon, here's where you should begin.

By Sara Peters Senior Editor at Dark Reading, 10/16/2017

0 comments | Read | Post a Comment

Hyatt Hit With Another Credit Card Breach

Quick Hits

Payment card information stolen when cards were either swiped or manually entered into registration systems at some Hyatt hotels.

By Dark Reading Staff , 10/13/2017

2 comments | Read | Post a Comment

Latest Comment: REISEN1955, In the old days of Watergate, this would be called a "non-dential denial." ...

Coalition to Offer Free Business Email Compromise Workshops

Quick Hits

A coalition of federal law enforcement agencies, ISACs, and Symantec will offer BEC workshops in a dozen cities.

By Dark Reading Staff , 10/12/2017

0 comments | Read | Post a Comment

Equifax Now Faces Potential Breach of Customer Help Page

Quick Hits

Embattled credit-monitoring company takes down help page that reportedly redirects users to download a bogus software update.

By Dark Reading Staff , 10/12/2017

2 comments | Read | Post a Comment

Latest Comment: RyanSepe, This is good advice. I feel that more of the burden however will fall on leadership...

Olympic Games Face Greater Cybersecurity Risks

News

Cybercriminals may alter score results and engage in launching physical attacks at future Olympic Games, a recently released report warns.

By Dawn Kawamoto Associate Editor, Dark Reading, 10/12/2017

0 comments | Read | Post a Comment

IoT: Insecurity of Things or Internet of Threats?

Kelly Sheridan, Associate Editor, Dark Reading

News

Security leaders call for device manufacturers to buckle down on device security as the Internet of Things evolves.

By Kelly Sheridan Associate Editor, Dark Reading, 10/11/2017

0 comments | Read | Post a Comment

New Dark Reading Conference Will Focus on Defense

Commentary

The INsecurity Conference, Nov. 29-30 at the Gaylord National Harbor in Maryland is all about helping infosecurity pros mitigate threats -- from hot topics to basic hygiene.

By Dark Reading Staff , 10/11/2017

0 comments | Read | Post a Comment

Ransomware Sales on the Dark Web Spike 2,502% in 2017

News

Sales soar to $6.2 million as do-it-yourself kits, ransomware-as-a-service, and distribution offerings take hold.

By Dawn Kawamoto Associate Editor, Dark Reading, 10/11/2017

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, No surprise really at least for the Dark Web and where else are hackers and...

GDPR Concerns Include 'Where's My Data Stored?'

News

European data protection regulations are coming like a freight train and many firms are still unprepared.

By Ericka Chickowski Contributing Writer, Dark Reading, 10/11/2017

0 comments | Read | Post a Comment

DevOpsSec: A Big Step in Cloud Application Security

Jeff Schilling, Chief Security Officer, Armor

Commentary

Why it's time for DevOps and security teams to bury the hatchet -- and not in each other's back.

By Jeff Schilling Chief Security Officer, Armor, 10/3/2017

0 comments | Read | Post a Comment

70% of US Employees Lack Security and Privacy Awareness

News

Acceptable use of social media and adherence to workplace physical security drops, new survey shows.

By Dawn Kawamoto Associate Editor, Dark Reading, 10/3/2017

3 comments | Read | Post a Comment

Latest Comment: imfrom51, I agree with the fact that this should now be taught in schools. However every...

More Stories

Current Conversations

Posted by REISEN1955

Hardly IF you browse your company's data JUST to find out interesting stuff. Doing so with a purpose - to see if walls can be breached - is entirely different.

In reply to: Security Pro?
Post Your Own Reply

Posted by Joe Stanganelli

This left-brainedness -- and stereotypes of it -- are also part of why a lot of business execs aren't fond of their legal and compliance teams. The former often feel that the latter exist just to tell them "no".And if that's...

In reply to: The relativity of good advice
Post Your Own Reply

Posted by REISEN1955

In the old days of Watergate, this would be called a "non-dential denial." Nothing important WAS compromised of course, only critical sensitive data. Nothing to see here, move along. (And BTW probably...

In reply to: Re: Well, then. Phew!
Post Your Own Reply

Posted by HardenStance

Facebook's Alex Stamos made much the same point in his BlackHat keynote in July. A function of human nature that it has to be repeated over and over again and will likely need to be forever more.

In reply to: Facebook's Alex Stamos
Post Your Own Reply

Posted by Joe Stanganelli

"I want to assure you that there is no indication that information beyond that gained from payment cards – cardholder name, card number, expiration date and internal verification code – was involved."Oh, good....

In reply to: Well, then. Phew!
Post Your Own Reply

Posted by Joe Stanganelli

> When the CEO criticizes the leadership openly in end of the year meetings, the end is near.Bad leadership begets bad leadership, sounds like to me.

In reply to: Re: Outsource?
Post Your Own Reply

Posted by REISEN1955

Glassdoor review of IT at Abbott Laboratories --- 10 year veteran of the trench wrote this and it is ruthless to the extreme but I agree with it fully. Core IT is a disaster. The old, tired women leading the BTS...

In reply to: Re: Outsource?
Post Your Own Reply

Posted by Joe Stanganelli

@REISEN: Wipro is a particularly apt example for you to bring up, given how workers there allegedly scammed TalkTalk customers, as reported here and elsewhere: bbc.com/news/technology-39177981

In reply to: Re: Outsource?
Post Your Own Reply

Posted by Joe Stanganelli

Moreover, @REISEN, I'm not even speaking of American outsourcing to dirt-cheap Asian vendors. Even intranational outsourcing can be deleterious if you're talking about a large country with a vendor in a totally different...

In reply to: Re: Outsource IT Projects
Post Your Own Reply

Posted by Mr Phen375

Where can I find the list to help hone down the possibilities for vulnerable devices?

In reply to: Where to find the list?
Post Your Own Reply

Posted by RyanSepe

This is good advice. I feel that more of the burden however will fall on leadership as the technical IT folks take direction from them.

In reply to: Re: Equifax - Career Ending job
Post Your Own Reply

Posted by REISEN1955

Vendor location is important but how many American firms have huge footprints for their offices in India? Wipro, Tata, Infosys and now IBM of all things. That implies time issues and also knowledge content. ...

In reply to: Re: Outsource IT Projects
Post Your Own Reply

More Conversations

Products & Releases

Fake Insurance Tax Form Scam Aims at Stealing Data from Tax Pros, Clients

Cryptomathic Granted New Patent for Strong Non-Repudiation with eSignatures

Aruba Modernizes Network Security to Reduce Risk

3 Companies to Settle FTC Charges They Falsely Claimed Participation in EU-US Privacy Shield Framework

81% of Infosec Pros Say Required Job Skills Have Changed

Nearly 25% of Companies Haven’t Hired a Data Protection Officer: Imperva

NIST, DHS Join Forces to Create Cybersecure Communities Around the Globe

Rohde & Schwarz Cybersecurity Launches DNS Tunneling Detection

More Products & Releases

PR Newswire

Hot Topics

Editors' Choice

Hyatt Hit With Another Credit Card Breach

Dark Reading Staff 10/13/2017

20 Questions to Ask Yourself before Giving a Security Conference Talk

Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRA, 10/16/2017

Printers: The Weak Link in Enterprise Security

Kelly Sheridan, Associate Editor, Dark Reading, 10/16/2017

Live Events

Webinars

More UBM Tech
Live Events

INsecurity - A Dark Reading Conference: Join Us November 29-30 In The D.C. Area

Enterprise Connect Conference and Expo: March 12-15

Speech Technologies - New Track at Enterprise Connect!

White Papers

Accelerate Deep Learning

Is Someone Listening In? Protecting Against Mobile Audio Surveillance

GDPR Readiness: A Privileged Account Security Approach

GDPR: What Executives & Board Members Need to Know

[Strategy] Overcoming Your Biggest Cybersecurity Challenges

More White Papers

Video

All Risk Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: "Hey Susan, I think I finally found someone to fill that cybersecurity position!"

Cartoon Archive

Current Issue

Security Vulnerabilities: The Next Wave

Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

The State of Ransomware

Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!

Download Now!

[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem

0 comments

The Impact of a Security Breach 2017

0 comments

[Strategic Security Report] Assessing Cybersecurity Risk

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading OR #DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2017-0290

Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Terms of Service
Privacy Statement
Legal Entities