Content posted in March 2017
Customized Malware: Confronting an Invisible Threat
Commentary  |  3/31/2017
Hackers are gaining entry to networks through a targeted approach. It takes a rigorous defense to keep them out.
The Business of Security: How your Organization Is Changing beneath You
Commentary  |  3/30/2017
And why its your job to change with it and skate where the puck is headed.
Payment Card Industry Security Compliance: What You Need to Know
Commentary  |  3/30/2017
A quick refresher on all the different PCI SSC security standards that are relevant for organizations that accept electronic payments.
Privacy Babel: Making Sense of Global Privacy Regulations
Commentary  |  3/29/2017
Countries around the world are making their own privacy laws. How can a global company possibly keep up?
To Gain Influence, CISOs Must Get Security's Human Element Right
Commentary  |  3/29/2017
Focusing on certain elements of security in isolation can cause a false sense of security.
Commercial IoT: Big Trouble in Small Devices
Commentary  |  3/28/2017
There are endless scenarios where hackers could wreak havoc on the industrial Internet of Things. Theres also a readily available solution called HIP.
How Identity Deception Increases the Success of Ransomware
Commentary  |  3/28/2017
As scammers hone their skills, their handiwork looks more credible to intended victims, making a successful ransomware scam more likely.
This Week On Dark Reading: Event Calendar
Commentary  |  3/27/2017
Ransomware remediation and recovery this week, with clouds on the horizon.
Data Visualization: Keeping an Eye on Security
Commentary  |  3/27/2017
Visualization can be one of the most powerful approaches a security team can use to make sense of vast quantities of data. So why does it end up as an afterthought?
Prioritizing Threats: Why Most Companies Get It Wrong
Commentary  |  3/24/2017
To stay safer, focus on multiple-threat attack chains rather than on individual threats.
5 Ways CISOs Could Work Better with Their Cyber Insurers
Commentary  |  3/23/2017
Risk management has become increasingly important, making it crucial companies have good relationships with their insurance company.
Phishing Your Employees for Schooling & Security
Commentary  |  3/22/2017
Your education program isn't complete until you test your users with fake phishing emails.
Report: OilRig' Attacks Expanding Across Industries, Geographies
Commentary  |  3/21/2017
Malware targets Middle Eastern airlines, government, financial industries and critical infrastructure with a simple but powerful backdoor created by infected Excel files attached to phishing emails.
Getting Beyond the Buzz & Hype of Threat Hunting
Commentary  |  3/20/2017
When harnessed properly, threat hunting can be one of the most useful techniques for finding attackers in your network. But it wont happen overnight.
Embrace the Machine & Other Goals for CISOs
Commentary  |  3/17/2017
Here are five ways we can become more effective for our organizations.
In Cyber, Who Do We Trust to Protect the Business?
Commentary  |  3/16/2017
If business leaders and directors continue to view cybersecurity as mainly a matter for the IT department, they will leave their companies exposed to significant risks.
Ethical Hacking: The Most Important Job No One Talks About
Commentary  |  3/16/2017
If your company doesn't have an ethical hacker on the security team, it's playing a one-sided game of defense against attackers.
Trust Begins With Layer 1 Encryption
Commentary  |  3/15/2017
In todays distributed environment, cloud and communication service providers can play a key role in providing organizations with a scalable and secure platform for the connection of everything to everything. Heres how.
Security in the Age of Open Source
Commentary  |  3/15/2017
Dramatic changes in the use of open source software over the past decade demands major changes in security testing regimens today. Here's what you need to know and do about it.
Debunking 5 Myths About DNS
Commentary  |  3/14/2017
From the boardroom to IT and the end user, the Domain Name System is often misunderstood, which can leave organizations vulnerable to attacks.
The Industrial Revolution of Application Security
Commentary  |  3/14/2017
DevOps is driving big changes in the industry, but a cultural shift is needed.
What Your SecOps Team Can (and Should) Do
Commentary  |  3/13/2017
If your organization has all of these pieces in place, congratulations!
This Week On Dark Reading: Events Calendar
Commentary  |  3/13/2017
How to become a threat hunter, how to build a cybersecurity architecture that actually defends against today's risks, and much more...
IoT & Liability: How Organizations Can Hold Themselves Accountable
Commentary  |  3/10/2017
To avoid a lawsuit, your company needs to better understand the state of your infrastructure and the devices and applications within it. Here are five areas on which to focus.
Mobile (In)security: Dark Reading Cartoon Caption Contest Winners
Commentary  |  3/9/2017
Clever word play on mobile ransomware, cloud and the Internet of Things. And the winners are
Securing Todays 'Elastic Attack Surface'
Commentary  |  3/9/2017
The foundation of good cybersecurity is knowing your network. But as organizations embrace new technologies, that simple task has gotten incredibly difficult.
In a Cybersecurity Vendor War, the End User Loses
Commentary  |  3/8/2017
When vulnerability information is disclosed without a patch available, users are the ones really being punished.
Trust, Cloud & the Quest for a Glass Wall around Security
Commentary  |  3/8/2017
In the next year, were going to see a leap towards strategic, business-level objectives that can be resolved by simplifying infrastructure and granting greater visibility in real time.
Googles SHA-1 Countdown Clock Could Undermine Enterprise Security
Commentary  |  3/7/2017
In the wake of a recently documented 'collision' attack, Google researchers should consider delaying the release of the code behind the crack until companies can roll out adequate patches. Here's why
A Real-Life Look into Responsible Disclosure for Security Vulnerabilities
Commentary  |  3/7/2017
A researcher gives us a glimpse into what happened when he found a problem with an IoT device.
New Yorks Cyber Regulations: How to Take Action & Whos Next
Commentary  |  3/6/2017
Even if your company isnt directly subject to these new rules, you can assume that the approach will be adopted by regulatory agencies at home and abroad eventually.
Threats Converge: IoT Meets Ransomware
Commentary  |  3/6/2017
Ransomware is already a problem. The Internet of Things has had a number of security issues. What happens when the two combine?
How to Use & Share Customer Data without Damaging Trust
Commentary  |  3/3/2017
These five tips for protecting consumer privacy will ensure that your customers will stay customers for the long run.
Three Years after Heartbleed, How Vulnerable Are You?
Commentary  |  3/2/2017
You may have a problem lurking in your open source components and not know it. Start making a list...
Best Practices for Lowering Ransomware Risk
Commentary  |  3/1/2017
The first step is to avoid falling prey in the first place. That means teaching your entire organization - from IT staff to executive management - how not to be a victim.

Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
Trump Administration Slaps Sanctions on Russian Hackers, Operatives
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/15/2018
The Case for Integrating Physical Security & Cybersecurity
Paul Kurtz, CEO & Cofounder, TruSTAR Technology,  3/20/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.