News & Commentary
'Stack Clash' Smashed Security Fix in Linux
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Linux, OpenBSD, Free BSD, Solaris security updates available to thwart newly discovered attack by researchers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/21/2017
Comment0 comments  |  Read  |  Post a Comment
Trusted IDs Gain Acceptance in Smart Building Environment
Dark Reading Staff, Quick Hits
A majority of survey respondents believe identities can be connected across multiple systems and devices through a single ID card or mobile phone.
By Dark Reading Staff , 6/20/2017
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Fact vs. Fiction
Marc Laliberte, Information Security Threat Analyst, WatchGuard TechnologiesCommentary
Based on popular media, it's easy to be concerned about the security of smart cars, homes, medical devices, and public utilities. But how truly likely are such attacks?
By Marc Laliberte Information Security Threat Analyst, WatchGuard Technologies, 6/20/2017
Comment2 comments  |  Read  |  Post a Comment
Invisible Invaders: Why Detecting Bot Attacks Is Becoming More Difficult
Ido Safruti,  Founder and CTO at PerimeterXCommentary
Traditional methods can't block the latest attackers, but a behavioral approach can tell the difference between bots and humans.
By Ido Safruti Founder and CTO at PerimeterX, 6/19/2017
Comment0 comments  |  Read  |  Post a Comment
First Malware Designed Solely for Electric Grids Caused 2016 Ukraine Outage
Jai Vijayan, Freelance writerNews
Attackers used CrashOverride/Industroyer to cause a partial power outage in Kiev, Ukraine, but it can be used anywhere, say researchers at Dragos and ESET.
By Jai Vijayan Freelance writer, 6/12/2017
Comment1 Comment  |  Read  |  Post a Comment
Move Over, Mirai: Persirai Now the Top IP Camera Botnet
Jai Vijayan, Freelance writerNews
Mirai's success has spawned a flurry of similar IoT malware.
By Jai Vijayan Freelance writer, 6/8/2017
Comment0 comments  |  Read  |  Post a Comment
Balancing the Risks of the Internet of Things
Darren Anstee, Chief Technology Officer at Arbor NetworksCommentary
Do the benefits of an Internet-connected coffee maker really outweigh its security issues?
By Darren Anstee Chief Technology Officer at Arbor Networks, 6/7/2017
Comment0 comments  |  Read  |  Post a Comment
Number of CISOs Rose 15% This Year
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Although the number of CISOs increased to 65% of organizations, it could just be a case of "window dressing," new ISACA report shows.
By Dawn Kawamoto Associate Editor, Dark Reading, 6/5/2017
Comment0 comments  |  Read  |  Post a Comment
Internet Society Takes On IoT, Website Security, Incident Response via OTA Merger
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
What happens now that the Online Trust Alliance - which includes Microsoft, Symantec, Twitter, and other big names - will be under the umbrella of the global Internet organization?
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/1/2017
Comment2 comments  |  Read  |  Post a Comment
Most Security Pros Expect to Suffer Cyberattacks via Unsecured IoT
Dawn Kawamoto, Associate Editor, Dark ReadingNews
A new report shows the majority of security professionals believe within the next two years they will be victims of DDoS and other attacks due to unsecured IoT devices.
By Dawn Kawamoto Associate Editor, Dark Reading, 5/31/2017
Comment0 comments  |  Read  |  Post a Comment
Rethinking Vulnerabilities: Network Infrastructure as a Software System
Brighten Godfrey, Co-founder and CTO, VeriflowCommentary
Increasing complexity is putting networks at risk. It's time to shift our security approach and take some lessons from software development.
By Brighten Godfrey Co-founder and CTO, Veriflow, 5/31/2017
Comment0 comments  |  Read  |  Post a Comment
Cybercrime Costs to Reach $8 Trillion by 2022
Dark Reading Staff, Quick Hits
Some 2.8 billion data records expected to be breached in 2017, according to a report released today by Juniper Research.
By Dark Reading Staff , 5/30/2017
Comment2 comments  |  Read  |  Post a Comment
Securing IoT Devices Requires a Change in Thinking
Dr. Phillip Hallam-Baker, VP, Principal Scientist, ComodoCommentary
There's no magic bullet for IoT security, but there are ways to help detect and mitigate problems.
By Dr. Phillip Hallam-Baker VP, Principal Scientist, Comodo, 5/30/2017
Comment0 comments  |  Read  |  Post a Comment
4 Reasons the Vulnerability Disclosure Process Stalls
Lawrence Munro, Worldwide Vice President of SpiderLabs at TrustwaveCommentary
The relationship between manufacturers and researchers is often strained. Here's why, along with some resources to help.
By Lawrence Munro Worldwide Vice President of SpiderLabs at Trustwave, 5/24/2017
Comment1 Comment  |  Read  |  Post a Comment
Emerging Threats to Add to Your Security Radar Screen
Kelly Sheridan, Associate Editor, Dark ReadingNews
The cybersecurity threat landscape is poised to grow in size and complexity - what to look out for.
By Kelly Sheridan Associate Editor, Dark Reading, 5/22/2017
Comment0 comments  |  Read  |  Post a Comment
The Fundamental Flaw in TCP/IP: Connecting Everything
Jeff Hussey, President & CEO, Tempered NetworksCommentary
Almost 30 years after its inception, it's time to fix the engine that both fuels the modern day Internet and is the root cause of its most vexing security challenges.
By Jeff Hussey President & CEO, Tempered Networks, 5/17/2017
Comment4 comments  |  Read  |  Post a Comment
Microsoft Calls for IoT Cybersecurity Policy Development
Dark Reading Staff, Quick Hits
Microsoft emphasizes the need for new security policies as IoT growth heightens the consequences of cyberattacks.
By Dark Reading Staff , 5/15/2017
Comment1 Comment  |  Read  |  Post a Comment
Your IoT Baby Isn't as Beautiful as You Think It Is
Andrew Howard, Chief Technology Officer for Kudelski SecurityCommentary
Both development and evaluation teams have been ignoring security problems in Internet-connected devices for too long. That must stop.
By Andrew Howard Chief Technology Officer for Kudelski Security, 5/10/2017
Comment0 comments  |  Read  |  Post a Comment
New IoT Botnet Discovered, 120K IP Cameras At Risk of Attack
Kelly Sheridan, Associate Editor, Dark ReadingNews
The Persirai IoT botnet, which targets IP cameras, arrives hot on the heels of Mirai and highlights the growing threat of IoT botnets.
By Kelly Sheridan Associate Editor, Dark Reading, 5/9/2017
Comment0 comments  |  Read  |  Post a Comment
Hyundai Blue Link Vulnerability Allows Remote Start of Cars
Dark Reading Staff, Quick Hits
Car maker Hyundai patched a vulnerability in its Blue Link software, which could potentially allow attackers to remotely unlock a vehicle and start it.
By Dark Reading Staff , 4/25/2017
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: just wondering...Thanx
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.