News & Commentary
Latest Content
Page 1 / 2   >   >>
Kill Switches, Vaccines, & Everything in Between
Commentary  |  8/17/2017  | 
The language can be a bit fuzzy at times, but there are real differences between the various ways of disabling malware.
70% of DevOps Pros Say They Didn't Get Proper Security Training in College
News  |  8/17/2017  | 
Veracode survey shows majority of DevOps pros mostly learn on the job about security.
How to Avoid the 6 Most Common Audit Failures
Partner Perspectives  |  8/17/2017  | 
In a security audit, the burden is on you to provide the evidence that youve done the right things.
Behind the Briefings: How Black Hat Sessions Get Chosen
Behind the Briefings: How Black Hat Sessions Get Chosen
Dark Reading Videos  |  8/17/2017  | 
Daniel Cuthbert and Stefano Zanero explain what the Black Hat review board is looking for in an abstract submission for the Briefings.
Cerber Fights Anti-Ransomware Tools
News  |  8/16/2017  | 
Deception technology is the popular ransomware's latest target.
Old Flaws, New Tricks: CVE-2017-0199 and PowerPoint Abuse
News  |  8/16/2017  | 
Researchers discover attackers are using a patched Microsoft vulnerability to abuse PowerPoint files and distribute malware.
Websites Selling DDoS Services and Tools on the Rise in China
News  |  8/16/2017  | 
Researchers detect an increase in Chinese websites offering online DDoS services within the past six months.
Insider Threats Loom Large for Security Pros
Quick Hits  |  8/16/2017  | 
Insider threats pose a greater challenge to security pros than external threats, according to a recent survey.
The Day of Reckoning: Cybercrimes Impact on Brand
Commentary  |  8/16/2017  | 
Why the security industry needs to invest in architecture that defends against reputational damage as well as other, more traditional threats.
Gartner: Cybersecurity Spending Worldwide to Hit $86.4 Billion This Year
Quick Hits  |  8/16/2017  | 
Security services sector still the fastest-growing segment, new forecast says.
Discover a Data Breach? Try Compassion First
Commentary  |  8/16/2017  | 
The reactions to a big data breach often resemble the five stages of grief, so a little empathy is needed.
Cloud Complexity Mandates Security Visibility
Partner Perspectives  |  8/16/2017  | 
The cloud is flexible, but security should be the top priority.
Server Management Software Discovered Harboring Backdoor
News  |  8/15/2017  | 
ShadowPad backdoor found embedded in a software product used by major organizations around the globe to manage their Linux, Windows, and Unix servers.
BEC Attacks Don't Always Require Sophistication
News  |  8/15/2017  | 
Simple business email compromise scams can con companies out of huge sums of money and don't require much hacking or even social engineering know-how.
Webroot Acquires Security Training Platform
Quick Hits  |  8/15/2017  | 
Endpoint security company snaps up the assets of Securecast in a move to build out a training program to test users' ability to recognize a phishing attack.
20 Tactical Questions SMB Security Teams Should Ask Themselves
Commentary  |  8/15/2017  | 
Or why it pays for small- and medium-sized businesses to plan strategically but act tactically.
IoT Medical Devices a Major Security Worry in Healthcare, Survey Shows
News  |  8/15/2017  | 
Healthcare providers, manufacturers, and regulators say cybersecurity risks of IoT medical devices and connected legacy systems a top concern.
Cybersecurity: The Responsibility of Everyone
Commentary  |  8/15/2017  | 
The battle against cybercrime can only be won if we're all focused on the same goals. Here are four ways you can get involved.
In Search of the Security Unicorn: Unified, Adaptive Defense
Partner Perspectives  |  8/15/2017  | 
How enterprises can get an edge over innovative cybercriminals by creating a cycle of continual security posture adjustment within their own organizations.
Amazon Tackles Security of Data in S3 Storage
News  |  8/14/2017  | 
Amazon Macie is a new security service built to protect AWS S3 data from accidental leaks and breaches.
Cybersecurity's Ceiling
News  |  8/14/2017  | 
Security spending and staffing are rising, but restrained resources are tempering market growth.
WannaCry Hero Hutchins Pleads Not Guilty
Quick Hits  |  8/14/2017  | 
Lawyers for MalwareTech 'confident he will be fully vindicated.'
What CISOs Need to Know about the Psychology behind Security Analysis
Commentary  |  8/14/2017  | 
Bandwidth, boredom and cognitive bias are three weak spots that prevent analysts from identifying threats. Here's how to compensate.
HBO Offers Hackers $250,000 as 'Show Of Good Faith' on $6 Million Ransom Request
Quick Hits  |  8/11/2017  | 
The offer was reportedly designed to stall for time, with no plans to ever pay it.
APT28 Uses EternalBlue to Spy on Hotel Wifi Networks
News  |  8/11/2017  | 
Hacker group APT28 is using the EternalBlue hacking tool to spread throughout hotel networks and collect guests' information.
9 of the Biggest Bug Bounty Programs
Slideshows  |  8/11/2017  | 
These programs stand out for the size of their rewards and how much they have paid in total to security researchers in bounties over the last several years.
Breaches Are Coming: What Game of Thrones Teaches about Cybersecurity
Commentary  |  8/11/2017  | 
Whether youre Lord Commander of the Nights Watch or the CISO of a mainstream business, its not easy to defend against a constantly evolving threat that is as deadly as an army of White Walkers.
SonicSpy Authors Spin Out Over 1,000 Spyware Apps
Quick Hits  |  8/10/2017  | 
The actors behind this new malware family created a sizable selection of malicious apps in just over seven months, some of which appeared on Google Play.
60% of Infosec Execs Are Boosting SOC Deployments
Quick Hits  |  8/10/2017  | 
A survey of security executives and managers finds a majority are expanding or upgrading their current SOC readiness.
White Hats Take Aim in 'Hack the Air Force' Bug Bounty Program
News  |  8/10/2017  | 
The inaugural Air Force bug bounty program involved 272 vetted hackers, who submitted 207 valid flaws in 24 days.
Air Gap FAILs, Configuration Mistakes Causing ICS/SCADA Cyberattacks
News  |  8/10/2017  | 
A utility's cautionary tale, and how a popular ICS/SCADA network protocol failed a fuzzing test miserably.
Taking Down the Internet Has Never Been Easier
Commentary  |  8/10/2017  | 
Is there a reason why the Internet is so vulnerable? Actually, there are many, and taking steps to remain protected is crucial.
6 Ways CISOs Can Play a Role in Selling Security
Partner Perspectives  |  8/10/2017  | 
When customers ask tough questions about data security, business service resilience, privacy, regulatory, and reputational risk its best to remain upbeat and positive. Heres how.
SMBs Practice Better IoT Security Than Large Enterprises Do
News  |  8/9/2017  | 
Small-to midsized businesses are more prepared than big ones to face the next IoT attack: good news given the sharp rise in IoT botnet attacks in the first half of 2017, new reports released today show.
Carbon Black Refutes Claims of Flaw in its EDR Product
News  |  8/9/2017  | 
Endpoint security firm responds to DirectDefense's report, noting that the information was shared voluntarily via a feature in the product that comes disabled by default.
Two Iranians Face Charges for Computer Hacking, Credit Card Fraud
Quick Hits  |  8/9/2017  | 
Federal prosecutors charged two Iranian nationals with identity theft and use of stolen credit card numbers as well as threatening to expose the breach to one of the victim's customers.
Microsoft Fixes 27 Remote Code Execution Flaws
News  |  8/9/2017  | 
Microsoft issued patches for 48 vulnerabilities as part of its monthly Patch Tuesday update, 25 of which were 'critical.'
Uptick in Malware Targets the Banking Community
Commentary  |  8/9/2017  | 
A number of recent attacks, using tactics old and new, have made off with an astonishing amount of money. How can financial institutions fight back?
New Consortium Promotes Proper Data Sanitization Practices
News  |  8/8/2017  | 
The International Data Sanitization Consortium (IDSC) will create guidelines and best practices for sanitizing data on hardware devices.
Konni Malware Campaign Targets North Korean Organizations
News  |  8/8/2017  | 
For at least three years, an unknown threat actor has used the RAT to steal data and profile organizations in North Korea.
The Patching Dilemma: Should Microsoft Fix Flaws in Older Tech?
News  |  8/8/2017  | 
When researchers find vulnerabilities that leave older systems exposed, should the software giant create patches or encourage upgrades? Experts weigh in.
67% of Malware Attacks Came via Phishing in Second Quarter
News  |  8/8/2017  | 
During the second quarter, cyberattacks soared 24% worldwide with phishing attacks playing a large role and Adobe Flash one of the favorite attack targets.
WatchGuard Acquires Authentication Provider Datablink
Quick Hits  |  8/8/2017  | 
WatchGuard looks to expand its security offerings into authentication solutions for small- to midsize businesses and enterprises with a distributed workforce.
HBO Data Dumped, Hackers Demand Millions
Quick Hits  |  8/8/2017  | 
Attackers who reportedly stole 1.5TB of data from HBO release a second data dump and demand millions in ransom.
Automating Defenses Against Assembly-Line Attacks
Commentary  |  8/8/2017  | 
A manual approach just won't cut it anymore. Here's a toolset to defeat automation and unify control across all attack vectors to stop automated attacks.
NIST Releases Cybersecurity Definitions for the Workforce
News  |  8/7/2017  | 
In an effort to bring consistency when describing the tasks, duties, roles, and titles of cybersecurity professionals, the National Institute of Standards and Technology released the finalized draft version of its framework.
Voting System Hacks Prompt Push for Paper-Based Voting
News  |  8/7/2017  | 
DEF CON's Voting Machine Hacker Village hacks confirmed security experts' worst fears.
WannaCry Hero Garners Security Industry Support Following Arrest
News  |  8/7/2017  | 
US law enforcement arrested British security researcher Marcus Hutchins for allegedly developing and selling the Kronos banking Trojan.
Optimizing Online Defenses Through Crowdsourcing
Optimizing Online Defenses Through Crowdsourcing
Dark Reading Videos  |  8/7/2017  | 
With limited time and money, many organizations are hamstrung when it comes to cyber defense. AlienVaults CTO Roger Thornton discusses how the companys crowdsourced, open-source community product, the Open Threat Exchange (OTX), can help.
Man Who Hacked his Former Employer Gets 18-Month Prison Sentence
Quick Hits  |  8/7/2017  | 
A Tennessee man also must pay restitution of nearly $172,400 to his former employer after hacking into its systems to gain an edge for his new company.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: No, no, no! Have a Unix CRON do the pop-up reminders!
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The Impact of a Security Breach 2017
The Impact of a Security Breach 2017
Despite the escalation of cybersecurity staffing and technology, enterprises continue to suffer data breaches and compromises at an alarming rate. How do these breaches occur? How are enterprises responding, and what is the impact of these compromises on the business? This report offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.