Vulnerabilities / Threats // Advanced Threats
News & Commentary
Recovering from Bad Decisions in the Cloud
Jeff Schilling, Chief Security Officer, ArmorCommentary
The cloud makes it much easier to make changes to security controls than in traditional networks.
By Jeff Schilling Chief Security Officer, Armor, 6/26/2017
Comment0 comments  |  Read  |  Post a Comment
FireEye CEO Shares State of IT Threat Landscape
InformationWeek Staff, CommentaryVideo
FireEye CEO Kevin Mandia talks about the state of the IT threat landscape and where enterprises should focus their attention when it comes to cybersecurity.
By InformationWeek Staff , 6/23/2017
Comment0 comments  |  Read  |  Post a Comment
The Folly of Vulnerability & Patch Management for ICS Networks
Galina Antova & Patrick McBride, Co-founder & Chief Marketing Officer, ClarotyCommentary
Yes, such efforts matter. But depending on them can give a false sense of security.
By Galina Antova & Patrick McBride Co-founder & Chief Marketing Officer, Claroty, 6/21/2017
Comment1 Comment  |  Read  |  Post a Comment
Feds Call on Contractors to Play Ball in Mitigating Insider Threats
Thomas Jones, Federal Systems Engineer at Bay DynamicsCommentary
It's said that you're only as strong as your weakest player. That's as true in security as it is in sports.
By Thomas Jones Federal Systems Engineer at Bay Dynamics, 6/20/2017
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Fact vs. Fiction
Marc Laliberte, Information Security Threat Analyst, WatchGuard TechnologiesCommentary
Based on popular media, it's easy to be concerned about the security of smart cars, homes, medical devices, and public utilities. But how truly likely are such attacks?
By Marc Laliberte Information Security Threat Analyst, WatchGuard Technologies, 6/20/2017
Comment2 comments  |  Read  |  Post a Comment
Rise of Nation State Threats: How Can Businesses Respond?
Kelly Sheridan, Associate Editor, Dark ReadingNews
Cybersecurity experts discuss nation-state threats of greatest concerns, different types of attacks, and how organization can prepare.
By Kelly Sheridan Associate Editor, Dark Reading, 6/19/2017
Comment0 comments  |  Read  |  Post a Comment
Invisible Invaders: Why Detecting Bot Attacks Is Becoming More Difficult
Ido Safruti,  Founder and CTO at PerimeterXCommentary
Traditional methods can't block the latest attackers, but a behavioral approach can tell the difference between bots and humans.
By Ido Safruti Founder and CTO at PerimeterX, 6/19/2017
Comment0 comments  |  Read  |  Post a Comment
Why Your AppSec Program Is Doomed to Fail & How to Save It
Rohit Sethi, COO of Security CompassCommentary
With these measures in place, organizations can avoid common pitfalls.
By Rohit Sethi COO of Security Compass, 6/16/2017
Comment0 comments  |  Read  |  Post a Comment
Trumps Executive Order: What It Means for US Cybersecurity
Carson Sweet, Co-Founder & CTO, CloudPassageCommentary
The provisions are all well and good, but its hardly the first time theyve been ordered by the White House.
By Carson Sweet Co-Founder & CTO, CloudPassage, 6/15/2017
Comment0 comments  |  Read  |  Post a Comment
How Smart Cities Can Minimize the Threat of Cyberattacks
Todd Thibodeaux, President & CEO, CompTIACommentary
As cities face the digital future, governments must prioritize cybersecurity protocols to mitigate attacks that could cripple entire communities.
By Todd Thibodeaux President & CEO, CompTIA, 6/14/2017
Comment0 comments  |  Read  |  Post a Comment
The Detection Trap: Improving Cybersecurity by Learning from the Secret Service
Nathaniel Gleicher, Head of Cybersecurity Strategy, IllumioCommentary
Intruders often understand the networks they target better than their defenders do.
By Nathaniel Gleicher Head of Cybersecurity Strategy, Illumio, 6/12/2017
Comment2 comments  |  Read  |  Post a Comment
Your Information Isn't Being Hacked, It's Being Neglected
Mike Baukes, Co-Founder & Co-CEO, UpGuardCommentary
To stop customer information from being compromised, we must shore up the most vulnerable parts first, the day-to-day IT operations work that builds, configures, and changes systems.
By Mike Baukes Co-Founder & Co-CEO, UpGuard, 6/9/2017
Comment1 Comment  |  Read  |  Post a Comment
Balancing the Risks of the Internet of Things
Darren Anstee, Chief Technology Officer at Arbor NetworksCommentary
Do the benefits of an Internet-connected coffee maker really outweigh its security issues?
By Darren Anstee Chief Technology Officer at Arbor Networks, 6/7/2017
Comment0 comments  |  Read  |  Post a Comment
Rethinking Vulnerabilities: Network Infrastructure as a Software System
Brighten Godfrey, Co-founder and CTO, VeriflowCommentary
Increasing complexity is putting networks at risk. It's time to shift our security approach and take some lessons from software development.
By Brighten Godfrey Co-founder and CTO, Veriflow, 5/31/2017
Comment0 comments  |  Read  |  Post a Comment
Securing IoT Devices Requires a Change in Thinking
Dr. Phillip Hallam-Baker, VP, Principal Scientist, ComodoCommentary
There's no magic bullet for IoT security, but there are ways to help detect and mitigate problems.
By Dr. Phillip Hallam-Baker VP, Principal Scientist, Comodo, 5/30/2017
Comment0 comments  |  Read  |  Post a Comment
Elections, Deceptions & Political Breaches
John Bambenek , Senior Threat Researcher, Fidelis CybersecurityCommentary
Political hacks have many lessons for the business world.
By John Bambenek Senior Threat Researcher, Fidelis Cybersecurity, 5/26/2017
Comment0 comments  |  Read  |  Post a Comment
Threat Lifecycle Management
Dark Reading, CommentaryVideo
Principal Sales Engineer for LogRhythm Chris Martin stops by the InformationWeek News Desk.
By Dark Reading , 5/24/2017
Comment0 comments  |  Read  |  Post a Comment
Staying a Step Ahead of Internet Attacks
Markus Jakobsson, Chief Scientist at AgariCommentary
There's no getting around the fact that targeted attacks, such as spearphishing, will happen. But you can figure out the type of attack to expect next.
By Markus Jakobsson Chief Scientist at Agari, 5/23/2017
Comment2 comments  |  Read  |  Post a Comment
All Generations, All Risks, All Contained: A How-To Guide
Stan Black, CSO, CitrixCommentary
Organizations must have a security plan that considers all of their employees.
By Stan Black CSO, Citrix, 5/18/2017
Comment1 Comment  |  Read  |  Post a Comment
WannaCry: Ransomware Catastrophe or Failure?
Gary Warner, Chief Threat ScientistCommentary
Using Bitcoin payments as a measure, the WannaCry attack is not nearly as profitable as the headlines suggest. But you should still patch your Windows systems and educate users.
By Gary Warner Chief Threat Scientist, 5/18/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by hypumysidiv
Current Conversations now thats my boiiiii Blinkbest  
In reply to: sx
Post Your Own Reply
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: just wondering...Thanx
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.