IoT
News & Commentary
Microsoft's Azure 'Confidential Computing' Encrypts Data in Use
Kelly Sheridan, Associate Editor, Dark ReadingNews
Early Access program under way for new Azure cloud security feature.
By Kelly Sheridan Associate Editor, Dark Reading, 9/14/2017
Comment0 comments  |  Read  |  Post a Comment
The Hunt for IoT: The Rise of Thingbots
Sara Boddy, Principal Threat Research Evangelist
Across all of our research, every indication is that todays "thingbots" botnets built exclusively from Internet of Things devices will become the infrastructure for a future Darknet.
By Sara Boddy Principal Threat Research Evangelist, 9/14/2017
Comment0 comments  |  Read  |  Post a Comment
Tesla Hacks: The Good, The Bad, & The Ugly
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Keen Security Lab found multiple holes in the isolation layer Tesla uses to protect drive systems from infotainment systems, but were impressed by the auto company's security in other ways.
By Sara Peters Senior Editor at Dark Reading, 9/12/2017
Comment0 comments  |  Read  |  Post a Comment
Attacking Data Integrity & Hacking Radiation Monitoring Devices
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Ruben Santamarta shows radio-based vulnerabilities and investigates how the integrity of critical data can be manipulated to simulate, complicate or exacerbate emergency situations.
By Sara Peters Senior Editor at Dark Reading, 9/8/2017
Comment0 comments  |  Read  |  Post a Comment
10% of Ransomware Attacks on SMBs Targeted IoT Devices
Dawn Kawamoto, Associate Editor, Dark ReadingNews
IoT ransomware attacks are expected to ramp up in the coming years, a new survey shows.
By Dawn Kawamoto Associate Editor, Dark Reading, 9/7/2017
Comment0 comments  |  Read  |  Post a Comment
Workplace IoT Puts Companies on Notice for Smarter Security
Robert Clyde, CISM, Vice-Chair of ISACA Board of Directors, Executive Chair of White Cloud Security and Executive Advisor to BullGuard SoftwareCommentary
Blacklisting every "thing" in sight and banning connections to the corporate network may sound tempting, but it's not a realistic strategy.
By Robert Clyde CISM, Vice-Chair of ISACA Board of Directors, Executive Chair of White Cloud Security and Executive Advisor to BullGuard Software, 9/6/2017
Comment0 comments  |  Read  |  Post a Comment
Mikko Hypponen's Vision of the Cybersecurity Future
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Twenty years from now, will everything be in the Internet of Things, and if so, how does the security industry need to prepare? F-Secure's chief research officer weighs in on this and what else the future promises (and threatens).
By Sara Peters Senior Editor at Dark Reading, 9/4/2017
Comment2 comments  |  Read  |  Post a Comment
Using Market Pressures to Improve Cybersecurity
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Post-MedSec, Chris Wysopal discusses what impact the investor community -- if not consumers -- can have on squashing vulnerabilities and improving cybersecurity.
By Sara Peters Senior Editor at Dark Reading, 8/31/2017
Comment0 comments  |  Read  |  Post a Comment
St. Jude Pacemaker Gets Firmware Update 'Intended as a Recall'
Sara Peters, Senior Editor at Dark ReadingNews
The devices that were the subject of a vulnerability disclosure debate last summer now have an FDA-approved fix.
By Sara Peters Senior Editor at Dark Reading, 8/30/2017
Comment2 comments  |  Read  |  Post a Comment
7 Things to Know About Today's DDoS Attacks
Jai Vijayan, Freelance writer
DDoS attacks are no longer something that just big companies in a few industries need to worry about. They have become a threat to every business.
By Jai Vijayan Freelance writer, 8/30/2017
Comment1 Comment  |  Read  |  Post a Comment
IoTCandyJar: A HoneyPot for any IoT Device
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Palo Alto Networks researchers explain how they designed an affordable, behavior-based honeypot to detect attacks on an IoT device -- any kind of IoT device.
By Sara Peters Senior Editor at Dark Reading, 8/29/2017
Comment0 comments  |  Read  |  Post a Comment
Insecure IoT Devices Pose Physical Threat to General Public
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
At the car wash, look out for attack robots. Billy Rios discusses how IoT devices could be hacked to physically attack people -- not just on factory floors, but in everyday public settings.
By Sara Peters Senior Editor at Dark Reading, 8/24/2017
Comment0 comments  |  Read  |  Post a Comment
IoT Medical Devices a Major Security Worry in Healthcare, Survey Shows
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Healthcare providers, manufacturers, and regulators say cybersecurity risks of IoT medical devices and connected legacy systems a top concern.
By Dawn Kawamoto Associate Editor, Dark Reading, 8/15/2017
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity: The Responsibility of Everyone
Ger Daly & Kevin O'Brien, Senior Managing Director, Defense and Public  Safety, Accenture Global & Senior Managing Director,  Defense and Public Safety, Accenture GlobalCommentary
The battle against cybercrime can only be won if we're all focused on the same goals. Here are four ways you can get involved.
By Ger Daly & Kevin O'Brien Senior Managing Director, Defense and Public Safety, Accenture Global & Senior Managing Director, Defense and Public Safety, Accenture Global, 8/15/2017
Comment0 comments  |  Read  |  Post a Comment
Taking Down the Internet Has Never Been Easier
Bogdan Botezatu, Senior E-threat Analyst, BitdefenderCommentary
Is there a reason why the Internet is so vulnerable? Actually, there are many, and taking steps to remain protected is crucial.
By Bogdan Botezatu Senior E-threat Analyst, Bitdefender, 8/10/2017
Comment0 comments  |  Read  |  Post a Comment
SMBs Practice Better IoT Security Than Large Enterprises Do
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Small-to midsized businesses are more prepared than big ones to face the next IoT attack: good news given the sharp rise in IoT botnet attacks in the first half of 2017, new reports released today show.
By Dawn Kawamoto Associate Editor, Dark Reading, 8/9/2017
Comment0 comments  |  Read  |  Post a Comment
Uptick in Malware Targets the Banking Community
Geoffrey Pamerleau, senior ethical hacker, Threat  Resistance Unit, ArmorCommentary
A number of recent attacks, using tactics old and new, have made off with an astonishing amount of money. How can financial institutions fight back?
By Geoffrey Pamerleau senior ethical hacker, Threat Resistance Unit, Armor, 8/9/2017
Comment0 comments  |  Read  |  Post a Comment
Automating Defenses Against Assembly-Line Attacks
Derek Manky, Global Security Strategist, FortinetCommentary
A manual approach just won't cut it anymore. Here's a toolset to defeat automation and unify control across all attack vectors to stop automated attacks.
By Derek Manky Global Security Strategist, Fortinet, 8/8/2017
Comment0 comments  |  Read  |  Post a Comment
Voting System Hacks Prompt Push for Paper-Based Voting
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
DEF CON's Voting Machine Hacker Village hacks confirmed security experts' worst fears.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/7/2017
Comment5 comments  |  Read  |  Post a Comment
Proposed IoT Security Bill Well-Intentioned But Likely Hard To Enforce
Jai Vijayan, Freelance writerNews
Internet of Things Cybersecurity Improvement Act of 2017 proposes minimum set of security controls for IoT products sold to government.
By Jai Vijayan Freelance writer, 8/2/2017
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Cloud Security's Shared Responsibility Is Foggy
Ben Johnson, Co-founder and CTO, Obsidian Security,  9/14/2017
To Be Ready for the Security Future, Pay Attention to the Security Past
Liz Maida, Co-founder, CEO & CTO, Uplevel Security,  9/18/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.