News & Commentary
Latest Content
Page 1 / 2   >   >>
Doxing, DoS & Defacement: Todays Mainstream Hacktivism Tools
Partner Perspectives  |  6/29/2017  | 
Anyone can get angry at you and become a hacktivist. Heres how to protect your organization from these increasingly common cyber attacks.
Why Enterprise Security Needs a New Focus
Commentary  |  6/29/2017  | 
The WannaCry ransomware attack shows patching and perimeter defenses aren't enough. Enterprises should combine preventative measures with threat detection tactics.
IoT Vulns Draw Biggest Bug Bounty Payouts
News  |  6/29/2017  | 
As bug bounty programs become more popular outside of the technology sector, IoT vulnerabilities are yielding the highest payouts for bug hunters, according to two reports released Wednesday.
How To (And Not To) Make the Online Trust Honor Roll
Slideshows  |  6/29/2017  | 
Five websites generated the highest score in their sector for the 2017 Online Trust Audit & Honor Roll. Here is what it takes to get there and be listed among the Online Trust Alliance's Top 50
$71 Million Restitution Owed for Hacking, Fraud Scheme
Quick Hits  |  6/28/2017  | 
Convicted money launderer Muhammad Sohail Qasmani is sentenced to 4 years in prison, and will share the hefty payout with other co-conspirators convicted in the conspiracy.
Half of Ransomware Victims Suffer Repeat Attacks
News  |  6/28/2017  | 
Half of ransomware victims are likely to get hit again as threat actors change their strategies to target servers and accelerate the spread of ransomware.
Telegram Agrees to Register Messaging App With Russia
Quick Hits  |  6/28/2017  | 
The messaging app company will comply with Russia's registration mandate but not share confidential user data, founder says.
After Cyber Attack, FedEx Temporarily Halts Trading of Its Shares
Quick Hits  |  6/28/2017  | 
An attack at subsidiary TNT Express may disrupt FedEx's push to hit a record-high share price.
Researchers Find 'Vaccine' for Global Ransomware Attack
Quick Hits  |  6/28/2017  | 
A vaccine, not a killswitch, has been discovered to prevent the Petya/NotPetya ransomware from infecting machines.
Defining Security: The Difference Between Safety & Privacy
Commentary  |  6/28/2017  | 
Words matter, especially if you are making a case for new security measures, state-of-the-art technology or personnel.
Massive Skype Zero-Day Enables Remote Crashes
News  |  6/27/2017  | 
A security researcher uncovered a Skype vulnerability that could allow hackers to remotely execute code and crash software if exploited.
Petya Or Not? Global Ransomware Outbreak Hits Europe's Industrial Sector, Thousands More
News  |  6/27/2017  | 
With echoes of WannaCry, infections spread fast. Some security researchers describe malware as variant of Petya; others say it's a brand new sample.
No-Name Security Incidents Caused as Many Tears as WannaCry, Pros Say
Quick Hits  |  6/27/2017  | 
Half of security pros say they've worked just as frantically this year to fix other incidents that the public never heard about.
WannaCry Blame Game: Why Delayed Patching is Not the Problem
Commentary  |  6/27/2017  | 
While post mortems about patching, updating, and backups have some value, the best preventative security controls are increased understanding and knowledge.
Microsoft Integrates EMET into Fall Windows 10 Update
News  |  6/27/2017  | 
The Windows 10 Creators Update, slated to launch this fall, will include components from the Enhanced Mitigation Experience Toolkit (EMET).
Compliance in the Cloud Needs To Be Continuous & Automated
Partner Perspectives  |  6/27/2017  | 
Complex IT environments require timely visibility into risk and compliance.
9 Ways to Protect Your Cloud Environment from Ransomware
Slideshows  |  6/27/2017  | 
The same technology driving faster collaboration and data transfer also enables cybercriminals to quickly spread ransomware.
Anthem Agrees to $115 Million Settlement for 2015 Breach
Quick Hits  |  6/26/2017  | 
If approved, it will dwarf settlements paid by Target, Home Depot, and Ashley Madison.
FBI Highlights BEC, Tech Support Scams, Ransomware Concerns
News  |  6/26/2017  | 
The 2016 Internet Crime Report found tech support fraud, business email compromise, and ransomware were major fraud categories last year.
Look, But Don't Touch: One Key to Better ICS Security
News  |  6/26/2017  | 
Better visibility is essential to improving the cybersecurity of industrial control systems and critical infrastructure, but the OT-IT cultural divide must be united.
Recovering from Bad Decisions in the Cloud
Commentary  |  6/26/2017  | 
The cloud makes it much easier to make changes to security controls than in traditional networks.
Virginia Consultant Charged with Espionage
Quick Hits  |  6/23/2017  | 
Federal authorities charged a consultant with espionage for transmitting top secret and secret documents to China.
Android Marcher Variant Makes Rounds as Adobe Flash Player Update
Quick Hits  |  6/23/2017  | 
Zscaler researchers discover a new variant of the Android Marcher malware, which aims to steal online banking credentials and credit card information.
$12B in Fraud Loss Came from Data Breach Victims in 2016
Quick Hits  |  6/23/2017  | 
Three-quarters of the total fraud losses for 2016 arose from victims who had been victims of a data breach within the previous six years.
RAT Vulnerabilities Turn Hackers into Victims
News  |  6/23/2017  | 
A small number of Remote Administration Tools have vulnerabilities which can enable attack targets to turn the tables on threat actors.
Threat Intelligence Sharing: The New Normal?
Commentary  |  6/23/2017  | 
The spirit of cooperation seems to be taking hold as demonstrated by the growing number of thriving services and organizations whose sole purpose is to analyze specific threats against specific communities.
Talking Cyber-Risk with Executives
Partner Perspectives  |  6/23/2017  | 
Explaining risk can be difficult since CISOs and execs dont speak the same language. The key is to tailor your message for the audience.
8 Hot Hacking Tools to Come out of Black Hat USA
Slideshows  |  6/23/2017  | 
High-impact tools for white hats that will be revealed and released next month at Black Hat USA in Las Vegas.
'GhostHook' Foils Windows 10 64-bit's Kernel Protection
News  |  6/22/2017  | 
Microsoft says an attacker needs kernel-level access before they can use the 'GhostHook' technique to install a rootkit.
Nuclear Plants, Hospitals at Risk of Hacked Radiation Monitoring Devices
News  |  6/22/2017  | 
Security researcher discovers major security flaws that can't be patched or fixed.
Two Arrested for Microsoft Network Intrusion
Quick Hits  |  6/22/2017  | 
UK authorities arrest two men for allegedly breaking into Microsoft's network with the intent to steal customer data from the software giant.
Most General Counsels Fret over Data Security
Quick Hits  |  6/22/2017  | 
An overwhelming percentage of in-house attorneys say cyberattacks and the impact on their business keeps them up at night, a recent survey shows.
Cloud Security Lessons from the Voter Data Leak
News  |  6/22/2017  | 
A poorly configured Amazon S3 bucket that led to a massive data leak could easily happen to any organization not adopting proper cloud security measures.
KPMG: Cybersecurity Has Reached a Tipping Point from Tech to CEO Business Issue
Commentary  |  6/22/2017  | 
Still, a majority of US-based chief execs say they will be maintaining and not investing in security technology over the next three years, a recent study shows.
WannaCry? Youre Not Alone: The 5 Stages of Security Grief
Commentary  |  6/22/2017  | 
As breach after breach hits the news, security professionals cope with the classic experiences of denial, anger, bargaining, depression, and acceptance.
'Stack Clash' Smashed Security Fix in Linux
News  |  6/21/2017  | 
Linux, OpenBSD, Free BSD, Solaris security updates available to thwart newly discovered attack by researchers.
WannaCry Forces Honda to Take Production Plant Offline
News  |  6/21/2017  | 
Work on over 1,000 vehicles affected at automaker's Sayama plant in Japan while systems were restored.
Russian Hackers Focused on Election Systems in 21 States
Quick Hits  |  6/21/2017  | 
A Department of Homeland Security official testified today that hackers tied to the Russian government attempted to infiltrate election systems in nearly two dozen states.
Consumer Businesses Have False Confidence in their Security: Deloitte
Quick Hits  |  6/21/2017  | 
Consumer business executives are confident in their ability to respond to cyberattacks but fail to document and test response plans.
The Folly of Vulnerability & Patch Management for ICS Networks
Commentary  |  6/21/2017  | 
Yes, such efforts matter. But depending on them can give a false sense of security.
Dark Reading Launches New Conference on Cyber Defense
Commentary  |  6/21/2017  | 
November event will focus on attendee interaction, "blue team" best practices
Trusted IDs Gain Acceptance in Smart Building Environment
Quick Hits  |  6/20/2017  | 
A majority of survey respondents believe identities can be connected across multiple systems and devices through a single ID card or mobile phone.
Organizations Are Detecting Intrusions More Quickly
News  |  6/20/2017  | 
But almost every other metric in Trustwave's 2017 global cybersecurity report card is headed in the wrong direction.
Data Breach Costs Drop Globally But Increase in US
News  |  6/20/2017  | 
The average total cost of a data breach declined 10% year-over-year around the world, but in the US edged upward by 5%.
Apple iOS Threats Fewer Than Android But More Deadly
News  |  6/20/2017  | 
Data leakage and corruption haunt iOS and Android mobile apps the most, a new study shows.
Feds Call on Contractors to Play Ball in Mitigating Insider Threats
Commentary  |  6/20/2017  | 
It's said that you're only as strong as your weakest player. That's as true in security as it is in sports.
Cloud Security & the Power of Shared Responsibility
Partner Perspectives  |  6/20/2017  | 
When you and your CSP jointly embrace the shared security responsibility model you can achieve greater success than you or your provider can achieve alone.
Cybersecurity Fact vs. Fiction
Commentary  |  6/20/2017  | 
Based on popular media, it's easy to be concerned about the security of smart cars, homes, medical devices, and public utilities. But how truly likely are such attacks?
RNC Voter Data on 198 Million Americans Exposed in the Cloud
News  |  6/19/2017  | 
One of the largest known US voter data leaks compromised personal information via an unsecured public-storage cloud account set up on behalf of the Republican National Committee.
Rise of Nation State Threats: How Can Businesses Respond?
News  |  6/19/2017  | 
Cybersecurity experts discuss nation-state threats of greatest concerns, different types of attacks, and how organization can prepare.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.