Vulnerabilities / Threats

News & Commentary
Biometrics Are Coming & So Are Security Concerns
Michael Fauscette, Chief Research Officier at G2 CrowdCommentary
Could these advanced technologies be putting user data at risk?
By Michael Fauscette Chief Research Officier at G2 Crowd, 4/20/2018
Comment0 comments  |  Read  |  Post a Comment
At RSAC, SOC 'Sees' User Behaviors
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Instruments at the RSA Security Operations Center give analysts insight into attendee behavior on an open network.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/20/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft CISO Talks Threat Intel, 'Data Inclusion'
Kelly Sheridan, Staff Editor, Dark ReadingNews
Dark Reading caught up with Microsoft's Bret Arsenault to discuss intelligence, identity, and the need to leverage more diverse datasets.
By Kelly Sheridan Staff Editor, Dark Reading, 4/19/2018
Comment2 comments  |  Read  |  Post a Comment
Firms More Likely to Tempt Security Pros With Big Salaries than Invest in Training
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Booz Allen survey shows most organizations' answer to the security skills shortage may be unsustainable.
By Sara Peters Senior Editor at Dark Reading, 4/19/2018
Comment2 comments  |  Read  |  Post a Comment
Securing Social Media: National Safety, Privacy Concerns
Kelly Sheridan, Staff Editor, Dark ReadingNews
It's a critical time for social media platforms and the government agencies and private businesses and individuals using them.
By Kelly Sheridan Staff Editor, Dark Reading, 4/19/2018
Comment2 comments  |  Read  |  Post a Comment
First Public Demo of Data Breach via IoT Hack Comes to RSAC
Sara Peters, Senior Editor at Dark ReadingNews
At RSA Conference, senior researchers will show how relatively unskilled attackers can steal personally identifiable information without coming into contact with endpoint security tools.
By Sara Peters Senior Editor at Dark Reading, 4/19/2018
Comment0 comments  |  Read  |  Post a Comment
How to Protect Industrial Control Systems from State-Sponsored Hackers
Matt Cauthorn, VP of Security, ExtraHopCommentary
US-CERT recently issued an alert about Russian threat activity against infrastructure sectors. Is there a way to fight back?
By Matt Cauthorn VP of Security, ExtraHop, 4/19/2018
Comment0 comments  |  Read  |  Post a Comment
Researchers Discover Second rTorrent Vulnerability Campaign
Andrey Shalnev, F5 Security Researcher
This time attackers appears to have spoofed the Recording Industry Association of America (RIAA) and New York University (NYU) user-agents.
By Andrey Shalnev F5 Security Researcher, 4/19/2018
Comment0 comments  |  Read  |  Post a Comment
The Role of KPIs in Incident Response
John Moran, Senior Product Manager, DFLabsCommentary
Using KPIs can have a positive impact on the tactical and strategic functions of a security operations program.
By John Moran Senior Product Manager, DFLabs, 4/18/2018
Comment1 Comment  |  Read  |  Post a Comment
Latest News from RSAC 2018
Dark Reading Staff, News
Check out Dark Reading's exclusive coverage of the news and security themes that are dominating RSA Conference 2018 this week in San Francisco.
By Dark Reading Staff , 4/18/2018
Comment0 comments  |  Read  |  Post a Comment
Data Visibility, Control Top Cloud Concerns at RSA
Kelly Sheridan, Staff Editor, Dark ReadingNews
As the traditional perimeter dissolves and sensitive data moves to the cloud, security experts at RSA talk about how they're going to protect it.
By Kelly Sheridan Staff Editor, Dark Reading, 4/18/2018
Comment0 comments  |  Read  |  Post a Comment
NIST Seeking Comments on New AppSec Practices Standards
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Working in conjunction with SAFECode, NIST is opening the floor to suggestions at RSA about secure software development life cycle guidelines.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/17/2018
Comment0 comments  |  Read  |  Post a Comment
8 Ways Hackers Monetize Stolen Data
Steve Zurier, Freelance Writer
Hackers are craftier than ever, pilfering PII piecemeal so bad actors can combine data to set up schemes to defraud medical practices, steal military secrets and hijack R&D product information.
By Steve Zurier Freelance Writer, 4/17/2018
Comment2 comments  |  Read  |  Post a Comment
Why We Need Privacy Solutions That Scale Across Borders
Chris Babel, CEO, TrustArcCommentary
New privacy solutions are becoming scalable, smarter, and easier to address compliance across industries and geographies.
By Chris Babel CEO, TrustArc, 4/17/2018
Comment0 comments  |  Read  |  Post a Comment
New Malware Adds RAT to a Persistent Loader
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A newly discovered variant of a long-known malware loader adds the ability to control the victim from afar.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/17/2018
Comment0 comments  |  Read  |  Post a Comment
DevOps May Be Cause of and Solution to Open Source Component Chaos
Ericka Chickowski, Contributing Writer, Dark ReadingNews
DevOps is accelerating the trend of componentized development approaches, but its automation can also help enforce better governance and security.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/16/2018
Comment1 Comment  |  Read  |  Post a Comment
Companies Still Suffering From Poor Credential Hygiene: New Report
Dark Reading Staff, Quick Hits
Credentials are being mis-handled and it's hurting most companies, according to a new report out today.
By Dark Reading Staff , 4/16/2018
Comment0 comments  |  Read  |  Post a Comment
INsecurity Conference Seeks Security Pros to Speak on Best Practices
Tim Wilson, Editor in Chief, Dark Reading, News
Dark Reading's second annual data defense conference will be held Oct. 23-25 in Chicago; call for speakers is issued.
By Tim Wilson, Editor in Chief, Dark Reading , 4/16/2018
Comment0 comments  |  Read  |  Post a Comment
How GDPR Forces Marketers to Rethink Data & Security
Roger Kjensrud, CTO, ImpactCommentary
The European regulation is making marketing technology companies re-examine their security, and that's a good thing.
By Roger Kjensrud CTO, Impact, 4/16/2018
Comment0 comments  |  Read  |  Post a Comment
Large Majority of Businesses Store Sensitive Data in Cloud Despite Lack of Trust
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers report 97% of survey respondents use some type of cloud service but continue to navigate issues around visibility and control.
By Kelly Sheridan Staff Editor, Dark Reading, 4/16/2018
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
8 Ways Hackers Monetize Stolen Data
Steve Zurier, Freelance Writer,  4/17/2018
Securing Social Media: National Safety, Privacy Concerns
Kelly Sheridan, Staff Editor, Dark Reading,  4/19/2018
Firms More Likely to Tempt Security Pros With Big Salaries than Invest in Training
Sara Peters, Senior Editor at Dark Reading,  4/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.