10 Major Cloud Storage Security Slip-Ups (So Far) this Year
New Dark Reading Conference Will Focus on Defense
Key New Security Features in Android Oreo
10 Steps for Writing a Secure Mobile App
Best and Worst Security Functions to Outsource
News & Commentary
Google Bolsters Security for Select Groups
Dark Reading Staff, Quick Hits
Business leaders, political campaign teams, journalists, and other high-risk groups will receive advanced email and account protection.
By Dark Reading Staff , 10/17/2017
Comment0 comments  |  Read  |  Post a Comment
InfoSec Pros Among Worst Offenders of Employer Snooping
Dawn Kawamoto, Associate Editor, Dark ReadingNews
A majority of IT security professionals admit to trolling through company information unrelated to their work -- even sensitive material.
By Dawn Kawamoto Associate Editor, Dark Reading, 10/17/2017
Comment0 comments  |  Read  |  Post a Comment
Why Security Leaders Can't Afford to Be Just 'Left-Brained'
Bill Bradley, SVP, Cyber Engineering and Technical Services, CenturyLinkCommentary
The left side of the brain is logical and linear; the right side, creative. You have to use both sides of the brain to connect to your audience in your business.
By Bill Bradley SVP, Cyber Engineering and Technical Services, CenturyLink, 10/17/2017
Comment1 Comment  |  Read  |  Post a Comment
Secure Wifi Hijacked by KRACK Vulns in WPA2
Jai Vijayan, Freelance writerNews
All modern WiFi access points and devices that have implemented the protocol vulnerable to attacks that allow decryption, traffic hijacking other attacks. Second, unrelated crypto vulnerability also found in RSA code library in TPM chips.
By Jai Vijayan Freelance writer, 10/16/2017
Comment1 Comment  |  Read  |  Post a Comment
US Supreme Court to Hear Microsoft-DOJ Email Case
Dark Reading Staff, Quick Hits
High court to rule on email privacy case, pitting Redmond giant against DOJ over access to its foreign-based email servers.
By Dark Reading Staff , 10/16/2017
Comment0 comments  |  Read  |  Post a Comment
DHS to Require All Fed Agencies to Use DMARC, HTTPS, and STARTTLS
Dawn Kawamoto, Associate Editor, Dark ReadingNews
The move follows a DHS review of federal government agencies' steps to secure email and deploy authentication technologies.
By Dawn Kawamoto Associate Editor, Dark Reading, 10/16/2017
Comment0 comments  |  Read  |  Post a Comment
New Cybercrime Campaign a 'Clear and Imminent' Threat to Banks Worldwide
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Hundreds of millions of dollars stolen from banks via an sophisticated attack that blended cyber and physical elements.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/16/2017
Comment0 comments  |  Read  |  Post a Comment
Adobe Patches Flash ZeroDay Used To Plant Surveillance Software
Dark Reading Staff, Quick Hits
Second time in four weeks FINSPY "lawful intercept" tool and a zero-day found together.
By Dark Reading Staff , 10/16/2017
Comment0 comments  |  Read  |  Post a Comment
GDPR Compliance: 5 Early Steps to Get Laggards Going
Sara Peters, Senior Editor at Dark Reading
If you're just getting on the EU General Data Protection Regulation bandwagon, here's where you should begin.
By Sara Peters Senior Editor at Dark Reading, 10/16/2017
Comment0 comments  |  Read  |  Post a Comment
20 Questions to Ask Yourself before Giving a Security Conference Talk
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRACommentary
As cybersecurity continues to become more of a mainstream concern, those of us who speak at industry events must learn how to truly connect with our audience.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDDRA, 10/16/2017
Comment2 comments  |  Read  |  Post a Comment
Printers: The Weak Link in Enterprise Security
Kelly Sheridan, Associate Editor, Dark ReadingNews
Organizations frequently overlook printer security, leaving systems exposed to malware and theft. New tools aim to lessen the risk.
By Kelly Sheridan Associate Editor, Dark Reading, 10/16/2017
Comment2 comments  |  Read  |  Post a Comment
DoubleLocker Delivers Unique Two-Punch Hit to Android
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Combines Android ransomware with capability to change users device PINs.
By Dawn Kawamoto Associate Editor, Dark Reading, 10/13/2017
Comment0 comments  |  Read  |  Post a Comment
Hyatt Hit With Another Credit Card Breach
Dark Reading Staff, Quick Hits
Payment card information stolen when cards were either swiped or manually entered into registration systems at some Hyatt hotels.
By Dark Reading Staff , 10/13/2017
Comment2 comments  |  Read  |  Post a Comment
Getting the Most Out of Cyber Threat Intelligence
Robert M. Lee, SANS Instructor & CEO, Dragos, Inc.Commentary
How security practitioners can apply structured analysis and move from putting out fires to fighting the arsonists.
By Robert M. Lee SANS Instructor & CEO, Dragos, Inc., 10/13/2017
Comment0 comments  |  Read  |  Post a Comment
10 Major Cloud Storage Security Slip-Ups (So Far) this Year
Kelly Sheridan, Associate Editor, Dark Reading
Accenture is the latest in a string of major companies to expose sensitive cloud data this year, following Verizon, Deloitte, and Dow Jones.
By Kelly Sheridan Associate Editor, Dark Reading, 10/13/2017
Comment1 Comment  |  Read  |  Post a Comment
Kaspersky Lab and the AV Security Hole
Jai Vijayan, Freelance writerNews
It's unclear what happened in the reported theft of NSA data by Russian spies, but an attacker would need little help to steal if he or she had privileged access to an AV vendor's network, security experts say.
By Jai Vijayan Freelance writer, 10/12/2017
Comment1 Comment  |  Read  |  Post a Comment
Coalition to Offer Free Business Email Compromise Workshops
Dark Reading Staff, Quick Hits
A coalition of federal law enforcement agencies, ISACs, and Symantec will offer BEC workshops in a dozen cities.
By Dark Reading Staff , 10/12/2017
Comment0 comments  |  Read  |  Post a Comment
Equifax Now Faces Potential Breach of Customer Help Page
Dark Reading Staff, Quick Hits
Embattled credit-monitoring company takes down help page that reportedly redirects users to download a bogus software update.
By Dark Reading Staff , 10/12/2017
Comment2 comments  |  Read  |  Post a Comment
Security No. 1 Inhibitor to Microsoft Office 365 Adoption
Kelly Sheridan, Associate Editor, Dark ReadingNews
More businesses are switching to Office 365 despite fear of social engineering and ransomware attacks, but some remain wary.
By Kelly Sheridan Associate Editor, Dark Reading, 10/12/2017
Comment0 comments  |  Read  |  Post a Comment
Olympic Games Face Greater Cybersecurity Risks
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Cybercriminals may alter score results and engage in launching physical attacks at future Olympic Games, a recently released report warns.
By Dawn Kawamoto Associate Editor, Dark Reading, 10/12/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Cybersecurity's 'Broken' Hiring Process
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/11/2017
How Systematic Lying Can Improve Your Security
Lance Cottrell, Chief Scientist, Ntrepid,  10/11/2017
Ransomware Grabs Headlines but BEC May Be a Bigger Threat
Marc Wilczek, Digital Strategist & CIO Advisor,  10/12/2017
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Can Machine Learning Outsmart Malware?
Using machine learning in the cybersecurity domain is a growing trend with many advantages, but it also has its risks. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
6 Steps to Finding Honey in the OWASP
The most famous project of the Open Web Application Security Project is getting an update. Here's what you need to know, and how you can get involved. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
White Papers
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Flash Poll
Video
Slideshows
Twitter Feed