Risk
News & Commentary
Is Your Security Workflow Backwards?
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRACommentary
The pace at which information security evolves means organizations must work smarter, not harder. Here's how to stay ahead of the threats.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDDRA, 12/15/2017
Comment0 comments  |  Read  |  Post a Comment
8 Steps for Building an IT Security Career Path Program
Dawn Kawamoto, Associate Editor, Dark Reading
A cybersecurity career-path program can help with talent retention and recruitment.
By Dawn Kawamoto Associate Editor, Dark Reading, 12/13/2017
Comment0 comments  |  Read  |  Post a Comment
Security Compliance: The Less You Spend the More You Pay
Jai Vijayan, Freelance writerNews
The costs of complying with data protection requirements are steep, but the costs of non-compliance are even higher, a new study shows.
By Jai Vijayan Freelance writer, 12/12/2017
Comment1 Comment  |  Read  |  Post a Comment
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity VenturesCommentary
The number of unfilled jobs in our industry continues to grow. Here's why.
By Steve Morgan Founder & CEO, Cybersecurity Ventures, 12/11/2017
Comment7 comments  |  Read  |  Post a Comment
What Slugs in a Garden Can Teach Us About Security
Chris Nelson, Senior Director of Security and IT at Distil NetworksCommentary
Design principles observed in nature serve as a valuable model to improve organizations' security approaches.
By Chris Nelson Senior Director of Security and IT at Distil Networks, 12/8/2017
Comment0 comments  |  Read  |  Post a Comment
Microsoft Issues Emergency Patch for 'Critical' Flaw in Windows Security
Dark Reading Staff, Quick Hits
Remote code execution vulnerability in Microsoft Malware Protection Engine was found by UK spy agency's National Cyber Security Centre (NCSC).
By Dark Reading Staff , 12/8/2017
Comment0 comments  |  Read  |  Post a Comment
Uber Used $100K Bug Bounty to Pay, Silence Florida Hacker: Report
Dark Reading Staff, Quick Hits
Uber also performed a forensic analysis of the man's computer to ensure he had deleted the stolen information, Reuters said.
By Dark Reading Staff , 12/7/2017
Comment1 Comment  |  Read  |  Post a Comment
Ransomware Meets 'Grey's Anatomy'
Tom & Natalie Pageler, Neustar CRO & CSO, and MD Stanford UniversityCommentary
Fictional Grey Sloan Memorial Hospital is locked out of its electronic medical records, but in the real world, healthcare organizations face even greater risks.
By Tom & Natalie Pageler Neustar CRO & CSO, and MD Stanford University, 12/7/2017
Comment0 comments  |  Read  |  Post a Comment
Attacker 'Dwell Time' Average Dips Slightly to 86 Days
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Real-world incident response investigation data from CrowdStrike reveals attacker trends with fileless malware, ransomware, and other weapons.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/7/2017
Comment0 comments  |  Read  |  Post a Comment
Nearly 2/3 of Industrial Companies Lack Security Monitoring
Dark Reading Staff, Quick Hits
New Honeywell survey shows more than half of industrial sector organizations have suffered cyberattacks.
By Dark Reading Staff , 12/6/2017
Comment1 Comment  |  Read  |  Post a Comment
Most Retailers Haven't Fully Tested Their Breach Response Plans
Dark Reading Staff, Quick Hits
More than 20% lack a breach response plan altogether, a new survey shows.
By Dark Reading Staff , 12/6/2017
Comment0 comments  |  Read  |  Post a Comment
Why Cybersecurity Must Be an International Effort
Kelly Sheridan, Associate Editor, Dark ReadingNews
The former head of cyber for the US State Department calls for agreements across countries to improve government cybersecurity.
By Kelly Sheridan Associate Editor, Dark Reading, 12/6/2017
Comment1 Comment  |  Read  |  Post a Comment
How the Major Intel ME Firmware Flaw Lets Attackers Get 'God Mode' on a Machine
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers at Black Hat Europe today revealed how a buffer overflow they discovered in the chip's firmware can be abused to take control of a machine - even when it's turned 'off.'
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/6/2017
Comment0 comments  |  Read  |  Post a Comment
Cyberattack: It Can't Happen to Us (Until It Does)
Todd Thibodeaux, President & CEO, CompTIACommentary
Just because your small or medium-sized business isn't as well known as Equifax or Yahoo doesn't mean you're immune to becoming a cybercrime victim.
By Todd Thibodeaux President & CEO, CompTIA, 12/6/2017
Comment0 comments  |  Read  |  Post a Comment
Improve Signal-to-Noise Ratio with 'Content Curation:' 5 Steps
Justin Monti, CTO, MKACyberCommentary
By intelligently managing signatures, correlation rules, filters and searches, you can see where your security architecture falls down, and how your tools can better defend the network.
By Justin Monti CTO, MKACyber, 12/5/2017
Comment0 comments  |  Read  |  Post a Comment
The Rising Dangers of Unsecured IoT Technology
Danielle Jackson, Chief Information Security Officer, SecureAuthCommentary
As government regulation looms, the security industry must take a leading role in determining whether the convenience of the Internet of Things is worth the risk and compromise of unsecured devices.
By Danielle Jackson Chief Information Security Officer, SecureAuth, 12/4/2017
Comment1 Comment  |  Read  |  Post a Comment
Tips for Writing Better Infosec Job Descriptions
Kelly Sheridan, Associate Editor, Dark ReadingNews
Security leaders frustrated with their talent search may be searching for the wrong skills and qualifications.
By Kelly Sheridan Associate Editor, Dark Reading, 12/4/2017
Comment1 Comment  |  Read  |  Post a Comment
Sallie Mae CISO: 4 Technologies That Will Shape IT Security
Dawn Kawamoto, Associate Editor, Dark ReadingNews
'The world as we know it will vanish,' according to Jerry Archer.
By Dawn Kawamoto Associate Editor, Dark Reading, 12/1/2017
Comment0 comments  |  Read  |  Post a Comment
'Blocking and Tackling' in the New Age of Security
Kelly Sheridan, Associate Editor, Dark ReadingNews
In a pep talk to CISOs, the chief security strategist at PSCU advises teams to prioritize resilience in addition to security.
By Kelly Sheridan Associate Editor, Dark Reading, 12/1/2017
Comment1 Comment  |  Read  |  Post a Comment
The Critical Difference Between Vulnerabilities Equities & Threat Equities
Adam Shostack, Founder, Stealth StartupCommentary
Why the government has an obligation to share its knowledge of flaws in software and hardware to strengthen digital infrastructure in the face of growing cyberthreats.
By Adam Shostack Founder, Stealth Startup, 11/30/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity Ventures,  12/11/2017
BlueBorne Attack Highlights Flaws in Linux, IoT Security
Kelly Sheridan, Associate Editor, Dark Reading,  12/14/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.