News & Commentary

Latest Content
Page 1 / 2   >   >>
Russian-Speaking 'MoneyTaker' Group Helps Itself to Millions from US Banks
News  |  12/11/2017  | 
Banks in Latin America appear to be next big target, Group-IB says.
Romanian Nationals Admit to Racketeering Conspiracy, ATM Skimming
Quick Hits  |  12/11/2017  | 
Seven Romanian nationals pleaded guilty in connection with an ATM skimming scheme and RICO conspiracy, in addition to other crimes.
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Commentary  |  12/11/2017  | 
The number of unfilled jobs in our industry continues to grow. Here's why.
Oracle Product Rollout Underscores Need for Trust in the Cloud
News  |  12/11/2017  | 
Oracle updates its Identity SOC and management cloud with security tools to verify and manage users trusted with access to cloud-based data and applications.
Post-Breach Carnage: Worst Ways The Axe Fell in 2017
Slideshows  |  12/11/2017  | 
Executive firings, stock drops, and class action settlements galore, this year was a study in real-world repercussions for cybersecurity lapses.
Gartner: IT Security Spending to Reach $96 Billion in 2018
News  |  12/8/2017  | 
Identity access management and security services to drive worldwide spending growth.
What Slugs in a Garden Can Teach Us About Security
Commentary  |  12/8/2017  | 
Design principles observed in nature serve as a valuable model to improve organizations' security approaches.
Microsoft Issues Emergency Patch for 'Critical' Flaw in Windows Security
Quick Hits  |  12/8/2017  | 
Remote code execution vulnerability in Microsoft Malware Protection Engine was found by UK spy agency's National Cyber Security Centre (NCSC).
Conficker: The Worm That Won't Die
News  |  12/7/2017  | 
More than nine years after it infected millions of systems worldwide, the malware continues to be highly active, according to a Trend Micro report.
Android Ransomware Kits on the Rise in the Dark Web
News  |  12/7/2017  | 
More than 5,000 Android ransomware kit listings have been spotted so far this year, with the median price range hitting $200.
Rutkowska: Trust Makes Us Vulnerable
News  |  12/7/2017  | 
Offensive security researcher Joanna Rutkowska explains why trust in technology can put users at risk.
Man-in-the-Middle Flaw in Major Banking, VPN Apps Exposes Millions
News  |  12/7/2017  | 
New research from University of Birmingham emphasizes importance of securing high-risk mobile apps.
Bitcoin Miner NiceHash Hacked, Possibly Losing $62 Million in Bitcoin
Quick Hits  |  12/7/2017  | 
Breach occurred just prior to bitcoin's debut on two major US exchanges, the AP reports.
Uber Used $100K Bug Bounty to Pay, Silence Florida Hacker: Report
Quick Hits  |  12/7/2017  | 
Uber also performed a forensic analysis of the man's computer to ensure he had deleted the stolen information, Reuters said.
Ransomware Meets 'Grey's Anatomy'
Commentary  |  12/7/2017  | 
Fictional Grey Sloan Memorial Hospital is locked out of its electronic medical records, but in the real world, healthcare organizations face even greater risks.
Attacker 'Dwell Time' Average Dips Slightly to 86 Days
News  |  12/7/2017  | 
Real-world incident response investigation data from CrowdStrike reveals attacker trends with fileless malware, ransomware, and other weapons.
Why Third-Party Security is your Security
Partner Perspectives  |  12/7/2017  | 
Managing third-party risk isn't just a good idea, in many cases, it's the law. This security framework can help you minimize the threat.
NIST Releases New Cybersecurity Framework Draft
News  |  12/6/2017  | 
Updated version includes changes to some existing guidelines - and adds some new ones.
Nearly 2/3 of Industrial Companies Lack Security Monitoring
Quick Hits  |  12/6/2017  | 
New Honeywell survey shows more than half of industrial sector organizations have suffered cyberattacks.
Most Retailers Haven't Fully Tested Their Breach Response Plans
Quick Hits  |  12/6/2017  | 
More than 20% lack a breach response plan altogether, a new survey shows.
Why Cybersecurity Must Be an International Effort
News  |  12/6/2017  | 
The former head of cyber for the US State Department calls for agreements across countries to improve government cybersecurity.
How the Major Intel ME Firmware Flaw Lets Attackers Get 'God Mode' on a Machine
News  |  12/6/2017  | 
Researchers at Black Hat Europe today revealed how a buffer overflow they discovered in the chip's firmware can be abused to take control of a machine - even when it's turned 'off.'
Cyberattack: It Can't Happen to Us (Until It Does)
Commentary  |  12/6/2017  | 
Just because your small or medium-sized business isn't as well known as Equifax or Yahoo doesn't mean you're immune to becoming a cybercrime victim.
Study: Simulated Attacks Uncover Real-World Problems in IT Security
News  |  12/5/2017  | 
Some 70% of simulated attacks on real networks were able to move laterally within the network, while more than half infiltrated the perimeter and exfiltrated data.
Bitcoin Sites Become Hot Targets for DDoS Attacks
News  |  12/5/2017  | 
The Bitcoin industry is now one of the top 10 most-targeted industries for DDoS campaigns. Price manipulation could be one goal, Imperva says.
6 Personality Profiles of White-Hat Hackers
Slideshows  |  12/5/2017  | 
From making the Internet safer to promoting their security careers, bug bounty hunters have a broad range of motivators for hacking most just like the challenge.
Android Developer Tools Contain Vulnerabilities
Quick Hits  |  12/5/2017  | 
Several of the most popular cloud-based and downloadable tools Android developers use are affected.
Improve Signal-to-Noise Ratio with 'Content Curation:' 5 Steps
Commentary  |  12/5/2017  | 
By intelligently managing signatures, correlation rules, filters and searches, you can see where your security architecture falls down, and how your tools can better defend the network.
FBI, Europol, Microsoft, ESET Team Up, Dismantle One of World's Largest Malware Operations
News  |  12/4/2017  | 
Avalanche, aka Gamarue, aka Wauchos, malware enterprise spanned hundreds of botnets and 88 different malware families.
NSA Employee Pleads Guilty to Illegally Retaining National Defense Secrets
News  |  12/4/2017  | 
Nghia Hoang Pho faces up to eight years in prison for removing highly classified NSA data from workplace and storing it at home.
PayPal's TIO Networks Suffered Data Breach Exposing Data on 1.6 Million Customers
Quick Hits  |  12/4/2017  | 
PayPal states TIO Networks, a payment processing company it acquired this summer, is not part of its network and PayPal remains unaffected by the breach.
The Rising Dangers of Unsecured IoT Technology
Commentary  |  12/4/2017  | 
As government regulation looms, the security industry must take a leading role in determining whether the convenience of the Internet of Things is worth the risk and compromise of unsecured devices.
Tips for Writing Better Infosec Job Descriptions
News  |  12/4/2017  | 
Security leaders frustrated with their talent search may be searching for the wrong skills and qualifications.
Hacked IV Pumps and Digital Smart Pens Can Lead to Data Breaches
News  |  12/4/2017  | 
Researcher to reveal IoT medical device dangers at Black Hat Europe this week.
Deception: Why It's Not Just Another Honeypot
Commentary  |  12/1/2017  | 
The technology has made huge strides in evolving from limited, static capabilities to adaptive, machine learning deception.
Security Geek Gift Guide
Slideshows  |  12/1/2017  | 
Fun gifts for cybersecurity co-workers and bosses alike.
Sallie Mae CISO: 4 Technologies That Will Shape IT Security
News  |  12/1/2017  | 
'The world as we know it will vanish,' according to Jerry Archer.
'Blocking and Tackling' in the New Age of Security
News  |  12/1/2017  | 
In a pep talk to CISOs, the chief security strategist at PSCU advises teams to prioritize resilience in addition to security.
Lawsuits Pile Up on Uber
News  |  11/30/2017  | 
Washington AG files multimillion-dollar consumer protection lawsuit; multiple states also confirm they are investigating the Uber breach, which means more lawsuits may follow.
The Critical Difference Between Vulnerabilities Equities & Threat Equities
Commentary  |  11/30/2017  | 
Why the government has an obligation to share its knowledge of flaws in software and hardware to strengthen digital infrastructure in the face of growing cyberthreats.
5 Free or Low-Cost Security Tools for Defenders
News  |  11/30/2017  | 
Not all security tools are pricey.
Qualys Buys NetWatcher Assets for Cloud-based Threat Intel
Quick Hits  |  11/30/2017  | 
The cloud security company plans to add threat detection, incident response, and compliance management to its platform.
The Good News about Breaches: It Wasn't You this Time
Partner Perspectives  |  11/30/2017  | 
Somewhere in every application there is a vulnerability waiting to be exploited. You can attack the problem by having the right mindset and answering two simple questions
First US Federal CISO Shares Security Lessons Learned
News  |  11/29/2017  | 
Greg Touhill's advice for security leaders includes knowing the value of information, hardening their workforce, and prioritizing security by design.
Big Apple Flaw Allows Root Access to Macs without Password
News  |  11/29/2017  | 
Vulnerability affects machines running High Sierra operating system.
Why Security Depends on Usability -- and How to Achieve Both
Commentary  |  11/29/2017  | 
Any initiative that reduces usability will have consequences that make security less effective.
Samsung's Mobile Device Bug Bounty Program Gets a Boost
Quick Hits  |  11/29/2017  | 
Samsung Electronics partners with Bugcrowd to deliver timely payments for its Mobile Security Rewards Program.
Suspect in Yahoo Breach Case Pleads Guilty
Quick Hits  |  11/28/2017  | 
Karim Baratov admits he worked on behalf of Russia's FSB.
Git Some Security: Locking Down GitHub Hygiene
News  |  11/28/2017  | 
In the age of DevOps and agile development practices that lean heavily on GitHub and other cloud resources, strong controls are more important than ever.
Retail and Hospitality Breaches Declined Over Past 2 Years
News  |  11/28/2017  | 
A drop in publicly disclosed breaches for the two industries is due in part to fewer point-of-sale breaches.
Page 1 / 2   >   >>


Why Cybersecurity Must Be an International Effort
Kelly Sheridan, Associate Editor, Dark Reading,  12/6/2017
NIST Releases New Cybersecurity Framework Draft
Jai Vijayan, Freelance writer,  12/6/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Managing Cyber-Risk
An online breach could have a huge impact on your organization. Here are some strategies for measuring and managing that risk.
Flash Poll
[Strategic Security Report] Cloud Security's Changing Landscape
[Strategic Security Report] Cloud Security's Changing Landscape
Cloud services are increasingly becoming the platform for mission-critical apps and data. Heres how enterprises are adapting their security strategies!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.