7 Cryptominers & Cryptomining Botnets You Can't Ignore
Encrypted Attacks Continue to Dog Perimeter Defenses
Tracking Bitcoin Wallets as IOCs for Ransomware
20 Signs You Need to Introduce Automation into Security Ops
Name That Toon: Disappearing Act
News & Commentary
93% of Cloud Applications Aren't Enterprise-Ready
Kelly Sheridan, Associate Editor, Dark ReadingNews
The average business uses 1,181 cloud services, and most don't meet all recommended security requirements, Netskope says.
By Kelly Sheridan Associate Editor, Dark Reading, 2/23/2018
Comment2 comments  |  Read  |  Post a Comment
'OMG': New Mirai Variant Converts IoT Devices into Proxy Servers
Jai Vijayan, Freelance writerNews
The new malware also can turn bots into DDoS attack machines, says Fortinet.
By Jai Vijayan Freelance writer, 2/23/2018
Comment0 comments  |  Read  |  Post a Comment
10 Can't-Miss Talks at Black Hat Asia
Kelly Sheridan, Associate Editor, Dark Reading
With threats featuring everything from nation-states to sleep states, the sessions taking place from March 20-23 in Singapore are relevant to security experts around the world.
By Kelly Sheridan Associate Editor, Dark Reading, 2/23/2018
Comment0 comments  |  Read  |  Post a Comment
Visa: EMV Cards Drove 70% Decline in Fraud
Dark Reading Staff, Quick Hits
Merchants who adopted chip technology saw a sharp decline in counterfeit fraud between 2015 and 2017, Visa reports.
By Dark Reading Staff , 2/23/2018
Comment0 comments  |  Read  |  Post a Comment
Leveraging Security to Enable Your Business
Jackson Shaw, VP of Product Management, One IdentityCommentary
When done right, security doesn't have to be the barrier to employee productivity that many have come to expect. Here's how.
By Jackson Shaw VP of Product Management, One Identity, 2/23/2018
Comment0 comments  |  Read  |  Post a Comment
Enabling Better Risk Mitigation with Threat Intelligence
Laurence Pitt, Strategic Security Director EMEA Juniper Networks
In order to get the maximum benefit from threat intel you need to be able to operationalize it. Here's how.
By Laurence Pitt Strategic Security Director EMEA Juniper Networks, 2/23/2018
Comment0 comments  |  Read  |  Post a Comment
Best Practices for Recruiting & Retaining Women in Security
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Gender diversity can help fill the security talent gap, new Forrester Research report says.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/22/2018
Comment0 comments  |  Read  |  Post a Comment
Criminals Obtain Code-Signing Certificates Using Stolen Corporate IDs
Jai Vijayan, Freelance writerNews
The certificates are available on demand at prices ranging from $299 to $1,599, says Recorded Future.
By Jai Vijayan Freelance writer, 2/22/2018
Comment1 Comment  |  Read  |  Post a Comment
It's Not What You Know, It's What You Can Prove That Matters to Investigators
Yaron Galant, Chief Product Officer at AccellionCommentary
Achieving the data visibility to ensure you can provide auditors with the information they need after a breach, and do so in just a few days, has never been more difficult.
By Yaron Galant Chief Product Officer at Accellion, 2/22/2018
Comment0 comments  |  Read  |  Post a Comment
SEC: Companies Must Disclose More Info on Cybersecurity Attacks & Risks
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
New agency guidance statement also says company officials, execs can't trade stocks if they have unannounced information on a security breach at the company.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/22/2018
Comment6 comments  |  Read  |  Post a Comment
IRS Warns of Spike in W-2 Phishing Emails
Dark Reading Staff, Quick Hits
The IRS reports an increase in reports of phishing emails asking for W-2 information.
By Dark Reading Staff , 2/22/2018
Comment0 comments  |  Read  |  Post a Comment
Anatomy of an Attack on the Industrial IoT
Eddie Habibi, Founder & CEO of PAS GlobalCommentary
How cyber vulnerabilities on sensors can lead to production outage and financial loss.
By Eddie Habibi Founder & CEO of PAS Global, 2/22/2018
Comment0 comments  |  Read  |  Post a Comment
Security Liability in an 'Assume Breach' World
Raymond Pompon, Principal Threat Research Evangelist at F5 Networks
Cybersecurity today is more than an IT issue. It's a product quality issue, a customer service issue, an operational issue, and an executive issue. Here's why.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 2/22/2018
Comment0 comments  |  Read  |  Post a Comment
Global Cybercrime Costs Top $600 Billion
Jai Vijayan, Freelance writerNews
More than 50% of attacks result in damages of over $500K, two reports show.
By Jai Vijayan Freelance writer, 2/21/2018
Comment0 comments  |  Read  |  Post a Comment
The Mobile Threat: 4 out of 10 Businesses Report 'Significant' Risk
Kelly Sheridan, Associate Editor, Dark ReadingNews
Organizations put efficiency and profit before security, leading to system downtime and data loss, according to inaugural research from Verizon.
By Kelly Sheridan Associate Editor, Dark Reading, 2/21/2018
Comment0 comments  |  Read  |  Post a Comment
Trucking Industry Launches Info Sharing, Cybercrime Reporting Service
Dark Reading Staff, Quick Hits
American Trucking Associations developed new Fleet CyWatch threat reporting, information sharing service in conjunction with FBI.
By Dark Reading Staff , 2/21/2018
Comment0 comments  |  Read  |  Post a Comment
Takeaways from the Russia-Linked US Senate Phishing Attacks
Tom Kemp, CEOCommentary
The Zero Trust Security approach could empower organizations and protect their customers in ways that go far beyond typical security concerns.
By Tom Kemp CEO, 2/21/2018
Comment6 comments  |  Read  |  Post a Comment
7 Cryptominers & Cryptomining Botnets You Can't Ignore
Jai Vijayan, Freelance writer
Cryptominers have emerged as a major threat to organizations worldwide. Here are seven you cannot afford to ignore.
By Jai Vijayan Freelance writer, 2/21/2018
Comment0 comments  |  Read  |  Post a Comment
C-Suite Divided Over Security Concerns
Steve Zurier, Freelance WriterNews
Survey shows 60% of CEOs plan to invest the most resources in malware prevention, but CISOs, CIOs, and CTOs are on a different page.
By Steve Zurier Freelance Writer, 2/21/2018
Comment0 comments  |  Read  |  Post a Comment
Getting Started with IoT Security in Healthcare
Chris Park, Chris Park, CIO, iboss
Theres a hazard that comes with introducing any new element into patient care whether it's a new drug or a connected device. These four steps will help keep patients safe.
By Chris Park Chris Park, CIO, iboss, 2/21/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
SEC: Companies Must Disclose More Info on Cybersecurity Attacks & Risks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  2/22/2018
Facebook Aims to Make Security More Social
Kelly Sheridan, Associate Editor, Dark Reading,  2/20/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Getting Started with IoT Security in Healthcare
There's a hazard that comes with introducing any new element into patient care whether it's a new drug or a connected device. These four steps will help keep patients safe. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Security Liability in an 'Assume Breach' World
Cybersecurity today is more than an IT issue. It's a product quality issue, a customer service issue, an operational issue, and an executive issue. Here's why. Read >>
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Dark Reading Live EVENTS
Dark Reading Security Pro Summit at Interop ITX 2018
Produced by the Dark Reading Team - The Security Pro Summit is an opportunity for IT security professionals to take a deeper dive into cyber security defense, learning from experts about advanced methods for detecting and responding to new threats.
Topics that will be discussed:
  • Improving Threat Analysis and Implement Threat Hunting Practices
  • Optimizing Vulnerability Detection & Remediation
  • Getting Better Performance From Your Security Operations Center
  • Plus, much more
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Flash Poll
Video
Slideshows
Twitter Feed