IoT
News & Commentary
Modern Cybersecurity Demands a Different Corporate Mindset
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Very few organizations have fully incorporated all relevant risks and threats into their current digital strategy, research finds.
By Marc Wilczek Digital Strategist & CIO Advisor, 6/15/2018
Comment0 comments  |  Read  |  Post a Comment
Mobile App Threats Continue to Grow
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Criminals looking to profit from corporate resources and information keep going after mobile devices, two new reports confirm.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/14/2018
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Launches Second INsecurity Conference
Tim Wilson, Editor in Chief, Dark Reading, News
To be held in Chicago Oct. 23-25, defense-focused conference will feature closed-door discussions, co-resident Black Hat Training sessions
By Tim Wilson, Editor in Chief, Dark Reading , 6/5/2018
Comment0 comments  |  Read  |  Post a Comment
Building a Safe, Efficient, Cost-Effective Security Infrastructure
Ken Mills, General Manager of IoT, Surveillance and Security, Dell EMCCommentary
The Industrial Internet of Things allows organizations to address both physical and digital security concerns.
By Ken Mills General Manager of IoT, Surveillance and Security, Dell EMC, 6/4/2018
Comment0 comments  |  Read  |  Post a Comment
New Federal Report Gives Guidance on Beating Botnets
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A report from the Departments of Commerce and Homeland Security provides five goals for protecting infrastructure from botnets and other automated threats.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/31/2018
Comment1 Comment  |  Read  |  Post a Comment
Over 5K Gas Station Tank Gauges Sit Exposed on the Public Net
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
One gas station failed its PCI compliance test due to security holes in its automated gas tank gauge configuration, researcher says.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/29/2018
Comment0 comments  |  Read  |  Post a Comment
Alexa Mishap Hints at Potential Enterprise Security Risk
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
When Alexa mailed a copy of a couple's conversation to a contact, it raised warning flags for security professionals in organizations.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/29/2018
Comment7 comments  |  Read  |  Post a Comment
Wicked Mirai Brings New Exploits to IoT Botnets
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The latest variant of the venerable Mirai botnet malware combines approaches and brings new exploits to the world of IoT security challenges.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/25/2018
Comment0 comments  |  Read  |  Post a Comment
DOJ Sinkholes VPNFilter Control Servers Found in US
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The US Department of Justice said the move aims to thwart the spread of the botnet as part of its investigation into Russian nation-state hacking group APT28 aka Fancy Bear.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/24/2018
Comment0 comments  |  Read  |  Post a Comment
Pet Tracker Flaws Expose Pets and Their Owners to Cybercrime
Dark Reading Staff, Quick Hits
Hackers can exploit vulnerabilities in popular pet trackers to intercept location coordinates and access owners' personal data.
By Dark Reading Staff , 5/22/2018
Comment1 Comment  |  Read  |  Post a Comment
7 Tools for Stronger IoT Security, Visibility
Curtis Franklin Jr., Senior Editor at Dark Reading
If you don't know what's on your IoT network, you don't know what to protect -- or protect from. These tools provide visibility into your network so you can be safe with (and from) what you see.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/16/2018
Comment0 comments  |  Read  |  Post a Comment
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
Charlie Miller, Senior Vice President, The Santa Fe GroupCommentary
There's a major disconnect between Internet of Things governance and risk management, according to a new report. Follow these five steps to address the risks.
By Charlie Miller Senior Vice President, The Santa Fe Group, 5/14/2018
Comment2 comments  |  Read  |  Post a Comment
Hide and Seek Brings Persistence to IoT Botnets
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The rapidly evolving Hide and Seek botnet is now persistent on a wide range of infected IoT devices.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/11/2018
Comment1 Comment  |  Read  |  Post a Comment
8 Ways Hackers Can Game Air Gap Protections
Ericka Chickowski, Contributing Writer, Dark Reading
Isolating critical systems from connectivity isn't a guarantee they can't be hacked.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/11/2018
Comment0 comments  |  Read  |  Post a Comment
17 Zero-Days Found & Fixed in OPC-UA Industrial Protocol Implementations
Dark Reading Staff, Quick Hits
Vulnerabilities in the framework used for secure data transfer in industrial systems were all fixed by March, says Kaspersky Lab.
By Dark Reading Staff , 5/10/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft's Patch Tuesday Fixes Two CVEs Under Active Attack
Kelly Sheridan, Staff Editor, Dark ReadingNews
This month's updates addressed vulnerabilities in Windows, Office, Edge, Internet Explorer, .Net Framework, Exchange Server, and other services.
By Kelly Sheridan Staff Editor, Dark Reading, 5/8/2018
Comment0 comments  |  Read  |  Post a Comment
10 Lessons From an IoT Demo Lab
Curtis Franklin Jr., Senior Editor at Dark Reading
The Demo Lab at InteropITX 2018 was all about IoT and the traffic - legitimate and malicious - it adds to an enterprise network.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/7/2018
Comment0 comments  |  Read  |  Post a Comment
Defending Against an Automated Attack Chain: Are You Ready?
Derek Manky, Global Security Strategist, FortinetCommentary
Recent threats like AutoSploit bring malware-as-a-service to a whole new level. Here are four ways to be prepared.
By Derek Manky Global Security Strategist, Fortinet, 5/7/2018
Comment0 comments  |  Read  |  Post a Comment
12 Trends Shaping Identity Management
Sara Peters, Senior Editor at Dark Reading
As IAM companies try to stretch 'identity context' into all points of the cybersecurity market, identity is becoming 'its own solar system.'
By Sara Peters Senior Editor at Dark Reading, 4/26/2018
Comment1 Comment  |  Read  |  Post a Comment
Deconstructing the Possibilities and Realities of Enterprise IoT Security
Bill Kleyman, Writer/Blogger/SpeakerCommentary
Organizations are rushing to leverage Internet of Things solutions but struggle to design the information technology architectures that will lock down the data these devices create.
By Bill Kleyman Writer/Blogger/Speaker, 4/24/2018
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Four Faces of Fraud: Identity, 'Fake' Identity, Ransomware & Digital
David Shefter, Chief Technology Officer at Ziften Technologies,  6/14/2018
Meet 'Bro': The Best-Kept Secret of Network Security
Greg Bell, CEO, Corelight,  6/14/2018
Containerized Apps: An 8-Point Security Checklist
Jai Vijayan, Freelance writer,  6/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-9036
PUBLISHED: 2018-06-20
CheckSec Canopy 3.x before 3.0.7 has stored XSS via the Login Page Disclaimer, allowing attacks by low-privileged users against higher-privileged users.
CVE-2018-12327
PUBLISHED: 2018-06-20
Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq ...
CVE-2018-12558
PUBLISHED: 2018-06-20
The parse() method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. Prepared special input that caused this problem contained 30 form-field characters ("\f").
CVE-2018-6563
PUBLISHED: 2018-06-20
Multiple cross-site request forgery (CSRF) vulnerabilities in totemomail Encryption Gateway before 6.0.0_Build_371 allow remote attackers to hijack the authentication of users for requests that (1) change user settings, (2) send emails, or (3) change contact information by leveraging lack of an anti...
CVE-2018-1120
PUBLISHED: 2018-06-20
A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call t...