Attacks/Breaches
News & Commentary
TRITON Attacker Disrupts ICS Operations, While Botching Attempt to Cause Physical Damage
Jai Vijayan, Freelance writerNews
TRITON malware is discovered after an attack on a safety monitoring system accidentally triggered the shutdown of an industrial process at an undisclosed organization.
By Jai Vijayan Freelance writer, 12/14/2017
Comment0 comments  |  Read  |  Post a Comment
Why Hackers Are in Such High Demand, and How They're Affecting Business Culture
Jaime Blasco, Vice President and Chief Scientist at AlienVaultCommentary
White hat hackers bring value to organizations and help them defend against today's advanced threats.
By Jaime Blasco Vice President and Chief Scientist at AlienVault, 12/14/2017
Comment1 Comment  |  Read  |  Post a Comment
Is a Good Offense the Best Defense Against Hackers?
Raymond Pompon, Principal Threat Research Evangelist at F5 Networks
A proposed new law could make it legal for companies to hack back against attacker. But will it work?
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 12/14/2017
Comment0 comments  |  Read  |  Post a Comment
2 Million Fake Net Neutrality Comments Stole American Identities
Dark Reading Staff, Quick Hits
New York Attorney General Eric Schneiderman updates the investigation into fake content submitted during the net neutrality comment process.
By Dark Reading Staff , 12/14/2017
Comment0 comments  |  Read  |  Post a Comment
Malware Decompiler Tool Goes Open Source
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Avast's RetDec machine-code decompiler now available for free on Github.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/13/2017
Comment0 comments  |  Read  |  Post a Comment
Google Sheds Light on Data Encryption Practices
Kelly Sheridan, Associate Editor, Dark ReadingNews
Google explains the details of how it secures information in the cloud and encrypts data in transit.
By Kelly Sheridan Associate Editor, Dark Reading, 12/13/2017
Comment0 comments  |  Read  |  Post a Comment
Former Rutgers Student, Two Others Plead Guilty to Operating Mirai Botnet
Jai Vijayan, Freelance writerNews
Trio faces up to five years in federal prison and fines of up to $250,000
By Jai Vijayan Freelance writer, 12/13/2017
Comment0 comments  |  Read  |  Post a Comment
80% of Americans Admit to Risky Cybersecurity Behaviors
Dark Reading Staff, Quick Hits
Nearly half of survey respondents use unsecured WiFi networks and a third open unsolicited email attachment, a report finds.
By Dark Reading Staff , 12/13/2017
Comment0 comments  |  Read  |  Post a Comment
Healthcare Faces Poor Cybersecurity Prognosis
Kelly Sheridan, Associate Editor, Dark ReadingNews
Experts say the healthcare industry is underestimating security threats as attackers continue to seek data and monetary gain.
By Kelly Sheridan Associate Editor, Dark Reading, 12/13/2017
Comment1 Comment  |  Read  |  Post a Comment
Google Play Offered Fewer Blacklisted Mobile Apps in Q3
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Third-party AndroidAPKDescargar store carried the most blacklisted mobile apps.
By Dawn Kawamoto Associate Editor, Dark Reading, 12/13/2017
Comment0 comments  |  Read  |  Post a Comment
8 Steps for Building an IT Security Career Path Program
Dawn Kawamoto, Associate Editor, Dark Reading
A cybersecurity career-path program can help with talent retention and recruitment.
By Dawn Kawamoto Associate Editor, Dark Reading, 12/13/2017
Comment0 comments  |  Read  |  Post a Comment
Automation Could Be Widening the Cybersecurity Skills Gap
Gary Golomb, Co-Founder & Chief Research Officer at Awake SecurityCommentary
Sticking workers with tedious jobs that AI can't do leads to burnout, but there is a way to achieve balance.
By Gary Golomb Co-Founder & Chief Research Officer at Awake Security, 12/13/2017
Comment0 comments  |  Read  |  Post a Comment
8 Out of 10 Employees Use Unencrypted USB Devices
Dark Reading Staff, Quick Hits
Security policies for USB drivers are severely outdated or inadequate, a report finds.
By Dark Reading Staff , 12/12/2017
Comment0 comments  |  Read  |  Post a Comment
Only 5% of Business Leaders Rethought Security After Equifax
Dark Reading Staff, Quick Hits
Corporate leaders know little about common security threats like ransomware and phishing, driving their risk for attack.
By Dark Reading Staff , 12/12/2017
Comment1 Comment  |  Read  |  Post a Comment
Employees on Public WiFi Rarely Face Man-in-the-Middle Attacks
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Employees' corporate mobile devices are connected to WiFi networks on average 74% of the time.
By Dawn Kawamoto Associate Editor, Dark Reading, 12/12/2017
Comment0 comments  |  Read  |  Post a Comment
Russian-Speaking 'MoneyTaker' Group Helps Itself to Millions from US Banks
Jai Vijayan, Freelance writerNews
Banks in Latin America appear to be next big target, Group-IB says.
By Jai Vijayan Freelance writer, 12/11/2017
Comment0 comments  |  Read  |  Post a Comment
Romanian Nationals Admit to Racketeering Conspiracy, ATM Skimming
Dark Reading Staff, Quick Hits
Seven Romanian nationals pleaded guilty in connection with an ATM skimming scheme and RICO conspiracy, in addition to other crimes.
By Dark Reading Staff , 12/11/2017
Comment0 comments  |  Read  |  Post a Comment
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity VenturesCommentary
The number of unfilled jobs in our industry continues to grow. Here's why.
By Steve Morgan Founder & CEO, Cybersecurity Ventures, 12/11/2017
Comment6 comments  |  Read  |  Post a Comment
Post-Breach Carnage: Worst Ways The Axe Fell in 2017
Ericka Chickowski, Contributing Writer, Dark Reading
Executive firings, stock drops, and class action settlements galore, this year was a study in real-world repercussions for cybersecurity lapses.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/11/2017
Comment0 comments  |  Read  |  Post a Comment
What Slugs in a Garden Can Teach Us About Security
Chris Nelson, Senior Director of Security and IT at Distil NetworksCommentary
Design principles observed in nature serve as a valuable model to improve organizations' security approaches.
By Chris Nelson Senior Director of Security and IT at Distil Networks, 12/8/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity Ventures,  12/11/2017
Oracle Product Rollout Underscores Need for Trust in the Cloud
Kelly Sheridan, Associate Editor, Dark Reading,  12/11/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.