News & Commentary
Facebook Doles Out $100K for Internet Defense Prize
Dark Reading Staff, Quick Hits
Winners developed a new method of detecting spearphishing in corporate networks.
By Dark Reading Staff , 8/17/2017
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Report: User Account Attacks Jumped 300% Since 2016
Kelly Sheridan, Associate Editor, Dark ReadingNews
Most of these Microsoft user account compromises can be attributed to weak, guessable passwords and poor password management, researchers found.
By Kelly Sheridan Associate Editor, Dark Reading, 8/17/2017
Comment0 comments  |  Read  |  Post a Comment
70% of DevOps Pros Say They Didn't Get Proper Security Training in College
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Veracode survey shows majority of DevOps pros mostly learn on the job about security.
By Dawn Kawamoto Associate Editor, Dark Reading, 8/17/2017
Comment2 comments  |  Read  |  Post a Comment
Cloud Complexity Mandates Security Visibility
Tim Prendergast, Founder & CEO,
The cloud is flexible, but security should be the top priority.
By Tim Prendergast Founder & CEO,, 8/16/2017
Comment0 comments  |  Read  |  Post a Comment
20 Tactical Questions SMB Security Teams Should Ask Themselves
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRACommentary
Or why it pays for small- and medium-sized businesses to plan strategically but act tactically.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDDRA, 8/15/2017
Comment2 comments  |  Read  |  Post a Comment
Amazon Tackles Security of Data in S3 Storage
Kelly Sheridan, Associate Editor, Dark ReadingNews
Amazon Macie is a new security service built to protect AWS S3 data from accidental leaks and breaches.
By Kelly Sheridan Associate Editor, Dark Reading, 8/14/2017
Comment0 comments  |  Read  |  Post a Comment
Two Iranians Face Charges for Computer Hacking, Credit Card Fraud
Dark Reading Staff, Quick Hits
Federal prosecutors charged two Iranian nationals with identity theft and use of stolen credit card numbers as well as threatening to expose the breach to one of the victim's customers.
By Dark Reading Staff , 8/9/2017
Comment1 Comment  |  Read  |  Post a Comment
WatchGuard Acquires Authentication Provider Datablink
Dark Reading Staff, Quick Hits
WatchGuard looks to expand its security offerings into authentication solutions for small- to midsize businesses and enterprises with a distributed workforce.
By Dark Reading Staff , 8/8/2017
Comment1 Comment  |  Read  |  Post a Comment
Automating Defenses Against Assembly-Line Attacks
Derek Manky, Global Security Strategist, FortinetCommentary
A manual approach just won't cut it anymore. Here's a toolset to defeat automation and unify control across all attack vectors to stop automated attacks.
By Derek Manky Global Security Strategist, Fortinet, 8/8/2017
Comment0 comments  |  Read  |  Post a Comment
Risky Business: Why Enterprises Cant Abdicate Cloud Security
John Moynihan, President, Minuteman GovernanceCommentary
It's imperative for public and private sector organizations to recognize the essential truth that governance of data entrusted to them cannot be relinquished, regardless of where the data is maintained.
By John Moynihan President, Minuteman Governance, 8/7/2017
Comment1 Comment  |  Read  |  Post a Comment
Qualys to Acquire Assets of Nevis Networks
Dark Reading Staff, Quick Hits
The transaction aims to bolster Qualys' efforts in network traffic analysis and speeds up its move into the endpoint attack-mitigation and incident response market.
By Dark Reading Staff , 8/1/2017
Comment0 comments  |  Read  |  Post a Comment
Iranian Hackers Ensnared Targets via Phony Female Photographer
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
US, Indian, Saudi Arabian, Israeli, Iraqi IT, security, executives in oil/gas and aerospace swept up in elaborate social media ruse used for cyber espionage operations.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/31/2017
Comment3 comments  |  Read  |  Post a Comment
DevOps Security & the Culture of 'Yes'
Michael Feiertag, CEO and Co-Founder, tCellCommentary
Communication, collaboration, and the use of production data to drive decisions are essential for security work in a DevOps world.
By Michael Feiertag CEO and Co-Founder, tCell, 7/31/2017
Comment1 Comment  |  Read  |  Post a Comment
Inside the Investigation and Trial of Roman Seleznev
Kelly Sheridan, Associate Editor, Dark ReadingNews
The officials who convicted the credit card thief discussed the investigation, evidence, trial, and challenges involved in his case.
By Kelly Sheridan Associate Editor, Dark Reading, 7/27/2017
Comment0 comments  |  Read  |  Post a Comment
Dark Reading News Desk Live at Black Hat USA 2017
Dark Reading Staff, Commentary
Over 40 interviews streaming live right from Black Hat USA, July 26-27, from 2 p.m. - 7 p.m. Eastern Time (11 - 4 P.T.).
By Dark Reading Staff , 7/27/2017
Comment4 comments  |  Read  |  Post a Comment
Majority of Consumers Believe IoT Needs Security Built In
Dark Reading Staff, Quick Hits
Respondents to a global survey say Internet of Things security is a shared responsibility between consumers and manufacturers.
By Dark Reading Staff , 7/26/2017
Comment5 comments  |  Read  |  Post a Comment
10 Critical Steps to Create a Culture of Cybersecurity
Edward J. McAndrew, Partner & Co-Chair, Privacy & Data Security  Group, Ballard Spahr LLP, Faculty Member of the Compliance, Governance &  Oversight CouncilCommentary
Businesses are more vulnerable than they need to be. Here's what you should do about it.
By Edward J. McAndrew Partner & Co-Chair, Privacy & Data Security Group, Ballard Spahr LLP, Faculty Member of the Compliance, Governance & Oversight Council, 7/26/2017
Comment2 comments  |  Read  |  Post a Comment
How 'Postcript' Exploits Networked Printers
Dawn Kawamoto, Associate Editor, Dark ReadingNews
At Black Hat 2017, a university researcher will demo how attackers can drill into networked printers by way of the ubiquitous PostScript programming language.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/25/2017
Comment0 comments  |  Read  |  Post a Comment
Lessons from Verizon: Managing Cloud Security for Partners
Tim Prendergast, Founder & CEO,
The recent Verizon breach data exposed by an insecure Amazon S3 bucket highlights the need for enterprises to have visibility into how partners and other stakeholders keep their data secure.
By Tim Prendergast Founder & CEO,, 7/25/2017
Comment0 comments  |  Read  |  Post a Comment, Fusion Expose Data Via Google Groups Config Error
Kelly Sheridan, Associate Editor, Dark ReadingNews
Companies that leaked data accidentally chose the sharing setting "public on the Internet," which enabled anyone on the Web to access all information contained in the messages
By Kelly Sheridan Associate Editor, Dark Reading, 7/24/2017
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by salynage
Current Conversations really its good
In reply to: Re: Pending Review
Post Your Own Reply
Posted by recomasa
Current Conversations thank you 
In reply to: thanks
Post Your Own Reply
More Conversations
PR Newswire
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: No, no, no! Have a Unix CRON do the pop-up reminders!
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.