Vulnerabilities / Threats //

Advanced Threats

News & Commentary
Cyber Crooks Diversify Business with Multi-Intent Malware
Avi Chesla, CEO and Founder, empowCommentary
The makers of malware have realized that if they're going to invest time and money in compromising cyber defenses, they should do everything they can to monetize their achievement.
By Avi Chesla CEO and Founder, empow, 11/15/2018
Comment1 Comment  |  Read  |  Post a Comment
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard TechnologiesCommentary
The attack surface remains largely unprotected from Wi-Fi threats that can result in stolen credentials and sensitive information as well as backdoor/malware payload drops.
By Ryan Orsi Director of Product Management for Wi-Fi at WatchGuard Technologies, 11/14/2018
Comment2 comments  |  Read  |  Post a Comment
User Behavior Analytics Could Find a Home in the OT World of the IIoT
Satish Gannu, Chief Security Officer, ABBCommentary
The technology never really took off in IT, but it could be very helpful in the industrial world.
By Satish Gannu Chief Security Officer, ABB, 11/8/2018
Comment0 comments  |  Read  |  Post a Comment
5 Things the Most Secure Software Companies Do (and How You Can Be Like Them)
Oege de Moor, CEO and Co-Founder at SemmleCommentary
What sets apart the largest and most innovative software engineering organizations? These five approaches are a good way to start, and they won't break the bank.
By Oege de Moor CEO and Co-Founder at Semmle, 11/8/2018
Comment1 Comment  |  Read  |  Post a Comment
IT-to-OT Solutions That Can Bolster Security in the IIoT
Satish Gannu, Chief Security Officer, ABBCommentary
Industrial companies can use the hard-won, long-fought lessons of IT to leapfrog to an advanced state of Industrial Internet of Things security.
By Satish Gannu Chief Security Officer, ABB, 11/7/2018
Comment0 comments  |  Read  |  Post a Comment
5 Reasons Why Threat Intelligence Doesn't Work
Jonathan Zhang, CEO/Founder of WhoisXML API and TIPCommentary
Cybersecurity folks often struggle to get threat intelligence's benefits. Fortunately, there are ways to overcome these problems.
By Jonathan Zhang CEO/Founder of WhoisXML API and TIP, 11/7/2018
Comment2 comments  |  Read  |  Post a Comment
Hidden Costs of IoT Vulnerabilities
Carl Nerup, Co-Founder and Chief Marketing Officer at CogCommentary
IoT devices have become part of our work and personal lives. Unfortunately, building security into these devices was largely an afterthought.
By Carl Nerup Co-Founder and Chief Marketing Officer at Cog, 11/6/2018
Comment1 Comment  |  Read  |  Post a Comment
Tackling Cybersecurity from the Inside Out
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
New online threats require new solutions.
By Marc Wilczek Digital Strategist & CIO Advisor, 11/2/2018
Comment0 comments  |  Read  |  Post a Comment
Chinese Intel Agents Indicted for 5-Year IP Theft Campaign
Sara Peters, Senior Editor at Dark ReadingNews
Intelligence agents aimed for aerospace manufacturing targets, with help of cyberattackers, corporate insiders, and one IT security manager.
By Sara Peters Senior Editor at Dark Reading, 10/31/2018
Comment1 Comment  |  Read  |  Post a Comment
10 Steps for Creating Strong Customer Authentication
Marco Lafrentz, VP of ICMS and CPaaS Business Line at tyntecCommentary
Between usability goals and security/regulatory pressures, setting up customer-facing security is difficult. These steps and best practices can help.
By Marco Lafrentz VP of ICMS and CPaaS Business Line at tyntec, 10/30/2018
Comment0 comments  |  Read  |  Post a Comment
AppSec Is Dead, but Software Security Is Alive & Well
Matt Rose, Global Director Application Security Strategy, at CheckmarxCommentary
Application security must be re-envisioned to support software security. It's time to shake up your processes.
By Matt Rose Global Director Application Security Strategy, at Checkmarx, 10/29/2018
Comment2 comments  |  Read  |  Post a Comment
3 Keys to Reducing the Threat of Ransomware
Joe Merces, CEO at Cloud DaddyCommentary
Following these steps could mean the difference between an inconvenience and a multimillion-dollar IT system rebuild -- for the public and private sectors alike.
By Joe Merces CEO at Cloud Daddy, 10/26/2018
Comment9 comments  |  Read  |  Post a Comment
Tackling Supply Chain Threats
Ang Cui, Founder & CEO, Red Balloon SecurityCommentary
Vendor-supplied malware is a threat that has been largely overlooked. That has to change.
By Ang Cui Founder & CEO, Red Balloon Security, 10/24/2018
Comment0 comments  |  Read  |  Post a Comment
Benefits of DNS Service Locality
Paul Vixie, Chairman & CEO, Farsight Security, Inc.Commentary
Operating one's own local DNS resolution servers is one of the simplest and lowest-cost things an IT administrator can do to monitor and protect applications, services, and users from potential risks.
By Paul Vixie Chairman & CEO, Farsight Security, Inc., 10/24/2018
Comment0 comments  |  Read  |  Post a Comment
Cybercrime-as-a-Service: No End in Sight
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Cybercrime is easy and rewarding, making it a perfect arena for criminals everywhere.
By Marc Wilczek Digital Strategist & CIO Advisor, 10/17/2018
Comment0 comments  |  Read  |  Post a Comment
A Cybersecurity Weak Link: Linux and IoT
Migo Kedem, Senior Director of Products and Marketing at SentinelOneCommentary
Linux powers many of the IoT devices on which we've come to rely -- something that enterprises must address.
By Migo Kedem Senior Director of Products and Marketing at SentinelOne, 10/16/2018
Comment0 comments  |  Read  |  Post a Comment
Spies Among Us: Tracking, IoT & the Truly Inside Threat
Amit Sethi, Senior Principal Consultant at SynopsysCommentary
In today's ultra-connected world, it's important for users to understand how to safeguard security while browsing the web and using electronic devices.
By Amit Sethi Senior Principal Consultant at Synopsys, 10/16/2018
Comment0 comments  |  Read  |  Post a Comment
4 Ways to Fight the Email Security Threat
Asaf Cidon, Vice President, Content Security Services, at Barracuda NetworksCommentary
It's time to reimagine employee training with fresh, more aggressive approaches that better treat email security as a fundamentally human problem.
By Asaf Cidon Vice President, Content Security Services, at Barracuda Networks, 10/15/2018
Comment2 comments  |  Read  |  Post a Comment
Not All Multifactor Authentication Is Created Equal
Alexandre Cagnoni, Director of Authentication at WatchGuard TechnologiesCommentary
Users should be aware of the strengths and weaknesses of the various MFA methods.
By Alexandre Cagnoni Director of Authentication at WatchGuard Technologies, 10/11/2018
Comment0 comments  |  Read  |  Post a Comment
Security Researchers Struggle with Bot Management Programs
Kaan Onarlioglu, Senior Security Researcher, AkamaiCommentary
Bots are a known problem, but researchers will tell you that bot defenses create problems of their own when it comes to valuable data.
By Kaan Onarlioglu Senior Security Researcher, Akamai, 10/10/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by RobertBetancourtt
Current Conversations great
In reply to: great
Post Your Own Reply
More Conversations
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
To Click or Not to Click: The Answer Is Easy
Kowsik Guruswamy, Chief Technology Officer at Menlo Security,  11/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19301
PUBLISHED: 2018-11-15
tp4a TELEPORT 3.1.0 allows XSS via the login page because a crafted username is mishandled when an administrator later views the system log.
CVE-2018-5407
PUBLISHED: 2018-11-15
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
CVE-2018-14934
PUBLISHED: 2018-11-15
The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device microphone.
CVE-2018-14935
PUBLISHED: 2018-11-15
The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS.
CVE-2018-16619
PUBLISHED: 2018-11-15
Sonatype Nexus Repository Manager before 3.14 allows XSS.