News & Commentary

Five anonymous former Microsoft employees tell Reuters that Microsoft's database of internally discovered vulnerabilities was compromised in 2013, but Microsoft will not confirm it occurred.

Adobe Patches Flash ZeroDay Used To Plant Surveillance Software

Quick Hits | 10/16/2017 |

Second time in four weeks FINSPY "lawful intercept" tool and a zero-day found together.

Unstructured Data: The Threat You Cannot See

Commentary | 10/10/2017 |

Why security teams needs to take a cognitive approach to the increasing volumes of data flowing from sources they don't control.

What Security Teams Need to Know about the NIAC Report

Commentary | 10/4/2017 |

Which of the recommendations made by the NIAC working group will affect security teams the most, and how should they prepare?

Why Your Business Must Care about Privacy

Commentary | 9/26/2017 |

It might not have something to hide, but it definitely has something to protect.

FBI's Freese Shares Risk Management Tips

News | 9/26/2017 |

Deputy Assistant Director Donald Freese advises enterprises to lead with a business case and not fear addressing the C-suite on risk management.

After DHS Notice, 21 States Reveal They Were Targeted During Election

Quick Hits | 9/25/2017 |

18 comments

Election officials in swing states Florida, Ohio, and Pennsylvania among those who report Russian state-sponsored attackers targeted their systems.

Security's #1 Problem: Economic Incentives

Commentary | 9/25/2017 |

15 comments

The industry rewards cutting corners rather than making software safe. Case in point: the Equifax breach.

Why Size Doesn't Matter in DDoS Attacks

Commentary | 9/21/2017 |

Companies both large and small are targets. Never think "I'm not big enough for a hacker's attention."

Get Serious about IoT Security

Commentary | 9/20/2017 |

4 comments

These four best practices will help safeguard your organization in the Internet of Things.

How Apple's New Facial Recognition Technology Will Change Enterprise Security

Commentary | 9/19/2017 |

Expect a trickle-down effect, as tech similar to Face ID becomes offered outside of Apple.

To Be Ready for the Security Future, Pay Attention to the Security Past

Commentary | 9/18/2017 |

5 comments

It's easy to just move on to the next problem, ignoring what's happened -- but that's a mistake.

5 Problems That Keep CISOs Awake at Night

Commentary | 9/13/2017 |

The last few years have shown a big difference in the way cyber-risks are acknowledged, but progress still needs to be made.

The 'Team of Teams' Model for Cybersecurity

Commentary | 9/12/2017 |

Security leaders can learn some valuable lessons from a real-life military model.

Deception: A Convincing New Approach to Cyber Defense

Commentary | 9/12/2017 |

How defenders in a US national security agency capture-the-flag exercise used an endless stream of false data across the network to thwart attackers and contain damage.

Attacking Data Integrity & Hacking Radiation Monitoring Devices

Dark Reading Videos | 9/8/2017 |

Ruben Santamarta shows radio-based vulnerabilities and investigates how the integrity of critical data can be manipulated to simulate, complicate or exacerbate emergency situations.

Is Public Sector Cybersecurity Adequate?

Commentary | 9/7/2017 |

7 comments

Many governmental organizations are unstaffed, underfunded, and unprepared to fight common attacks, and they could learn a thing or two from the private sector.

Is Your Organization Merely PCI-Compliant or Is It Actually Secure?

Commentary | 9/6/2017 |

The Host Identity Protocol might be the answer to inadequate check-the-box security standards.

Activists Beware: The Latest In 3G & 4G Spying

Dark Reading Videos | 9/5/2017 |

Ravi Borgaonkar describes new 3G & 4G vulnerabilities that enable IMSI catchers to be smarter, stealthier snoopers.

3 Ways AI Could Help Resolve the Cybersecurity Talent Crisis

Commentary | 9/5/2017 |

There's no escaping the fact that there's a skills shortage, and companies aren't doing enough to cultivate talent. AI could relieve some of the pressure.

Automated Lateral Movement: Targeted Attack Tools for the Masses

Dark Reading Videos | 9/1/2017 |

Tal Be'ery and Tal Maor explain that the most pervasive, worst defended tactic of sophisticated attackers will soon be ready for script kiddies, and release GoFetch: a new lateral movement automation tool.

Training Courses for Aspiring Cybercriminals Put Security Education To Shame

Dark Reading Videos | 8/29/2017 |

Reasonably priced, module-based training courses and helpful forums will train a beginner in all the tools and techniques of the successful cybercriminal, Rick Holland of Digital Shadows explains.

How Hackers Hide Their Malware: The Basics

Commentary | 8/29/2017 |

Malware depends on these four basic techniques to avoid detection.

Cybersecurity: An Asymmetrical Game of War

Commentary | 8/28/2017 |

To stay ahead of the bad guys, security teams need to think like criminals, leverage AI’s ability to find malicious threats, and stop worrying that machine learning will take our jobs.

Insecure IoT Devices Pose Physical Threat to General Public

Dark Reading Videos | 8/24/2017 |

At the car wash, look out for attack robots. Billy Rios discusses how IoT devices could be hacked to physically attack people -- not just on factory floors, but in everyday public settings.

GDPR Compliance Preparation: A High-Stakes Guessing Game

Commentary | 8/24/2017 |

It's difficult to tell if your company is meeting the EU's data privacy and security standards -- or US standards, for that matter.

The Changing Face & Reach of Bug Bounties

Commentary | 8/23/2017 |

HackerOne CEO Mårten Mickos reflects on the impact of vulnerability disclosure on today's security landscape and leadership.

Why You Need to Study Nation-State Attacks

Commentary | 8/23/2017 |

Want to know what attacks against businesses will look like soon? Examine nation-state attacks now.

Comparing Private and Public Cloud Threat Vectors

Commentary | 8/22/2017 |

Many companies moving from a private cloud to a cloud service are unaware of increased threats.

The Pitfalls of Cyber Insurance

Commentary | 8/21/2017 |

6 comments

Cyber insurance is 'promising' but it won't totally protect your company against hacks.

Critical Infrastructure, Cybersecurity & the 'Devil’s Rope'

Commentary | 8/17/2017 |

How hackers today are engaging in a modern 'Fence Cutter War' against industrial control systems, and what security professionals need to do about it.

The Shadow Brokers: How They Changed 'Cyber Fear'

Dark Reading Videos | 8/17/2017 |

At Black Hat USA, Matt Suiche, founder of Comae Technologies, describes what we know about the Shadow Brokers and how they have changed the business of cyber fear.

Kill Switches, Vaccines & Everything in Between

Commentary | 8/17/2017 |

The language can be a bit fuzzy at times, but there are real differences between the various ways of disabling malware.

Discover a Data Breach? Try Compassion First

Commentary | 8/16/2017 |

The reactions to a big data breach often resemble the five stages of grief, so a little empathy is needed.

Cybersecurity: The Responsibility of Everyone

Commentary | 8/15/2017 |

The battle against cybercrime can only be won if we're all focused on the same goals. Here are four ways you can get involved.

What CISOs Need to Know about the Psychology behind Security Analysis

Commentary | 8/14/2017 |

Bandwidth, boredom and cognitive bias are three weak spots that prevent analysts from identifying threats. Here's how to compensate.

Taking Down the Internet Has Never Been Easier

Commentary | 8/10/2017 |

Is there a reason why the Internet is so vulnerable? Actually, there are many, and taking steps to remain protected is crucial.

Uptick in Malware Targets the Banking Community

Commentary | 8/9/2017 |

A number of recent attacks, using tactics old and new, have made off with an astonishing amount of money. How can financial institutions fight back?

Automating Defenses Against Assembly-Line Attacks

Commentary | 8/8/2017 |

A manual approach just won't cut it anymore. Here's a toolset to defeat automation and unify control across all attack vectors to stop automated attacks.

Digital Crime-Fighting: The Evolving Role of Law Enforcement

Commentary | 8/1/2017 |

Law enforcement, even on a local level, has a new obligation to establish an effective framework for combating online crime.

DevOps Security & the Culture of 'Yes'

Commentary | 7/31/2017 |

Communication, collaboration, and the use of production data to drive decisions are essential for security work in a DevOps world.

Dark Reading News Desk Live at Black Hat USA 2017

Commentary | 7/27/2017 |

4 comments

Over 40 interviews streaming live right from Black Hat USA, July 26-27, from 2 p.m. - 7 p.m. Eastern Time (11 - 4 P.T.).

Facebook Offers $1 Million for New Security Defenses

News | 7/26/2017 |

The social media giant has increased the size of its Internet Defense Prize program in order to spur more research into ways to defend users against the more prevalent and common methods of attack.

10 Critical Steps to Create a Culture of Cybersecurity

Commentary | 7/26/2017 |

Businesses are more vulnerable than they need to be. Here's what you should do about it.

SIEM Training Needs a Better Focus on the Human Factor

Commentary | 7/18/2017 |

The problem with security information and event management systems isn't the solutions themselves but the training that people receive.

How Security Pros Can Help Protect Patients from Medical Data Theft

Commentary | 7/13/2017 |

The healthcare industry has been slow to address the dangers of hacking, and breaches are on the rise. Security pros must be more proactive in keeping people safe.

Dealing with Due Diligence

Commentary | 7/12/2017 |

3 comments

Companies will find themselves evaluating third-party cybersecurity more than ever -- and being subject to scrutiny themselves. Here's how to handle it.

The SOC Is Dead…Long Live the SOC

Commentary | 7/7/2017 |

The traditional security operations center can't deal with present reality. We must rethink the concept in a way that prepares for the future.

The Growing Danger of IP Theft and Cyber Extortion

Commentary | 7/6/2017 |

The recent hacks of Disney and Netflix show the jeopardy that intellectual property and company secrets are in, fueled by cheap hacking tools and cryptocurrencies.

The Problem with Data

Commentary | 7/3/2017 |