Vulnerabilities / Threats

News & Commentary
93% of Cloud Applications Aren't Enterprise-Ready
Kelly Sheridan, Associate Editor, Dark ReadingNews
The average business uses 1,181 cloud services, and most don't meet all recommended security requirements, Netskope says.
By Kelly Sheridan Associate Editor, Dark Reading, 2/23/2018
Comment1 Comment  |  Read  |  Post a Comment
'OMG': New Mirai Variant Converts IoT Devices into Proxy Servers
Jai Vijayan, Freelance writerNews
The new malware also can turn bots into DDoS attack machines, says Fortinet.
By Jai Vijayan Freelance writer, 2/23/2018
Comment0 comments  |  Read  |  Post a Comment
10 Can't-Miss Talks at Black Hat Asia
Kelly Sheridan, Associate Editor, Dark Reading
With threats featuring everything from nation-states to sleep states, the sessions taking place from March 20-23 in Singapore are relevant to security experts around the world.
By Kelly Sheridan Associate Editor, Dark Reading, 2/23/2018
Comment0 comments  |  Read  |  Post a Comment
Leveraging Security to Enable Your Business
Jackson Shaw, VP of Product Management, One IdentityCommentary
When done right, security doesn't have to be the barrier to employee productivity that many have come to expect. Here's how.
By Jackson Shaw VP of Product Management, One Identity, 2/23/2018
Comment0 comments  |  Read  |  Post a Comment
Criminals Obtain Code-Signing Certificates Using Stolen Corporate IDs
Jai Vijayan, Freelance writerNews
The certificates are available on demand at prices ranging from $299 to $1,599, says Recorded Future.
By Jai Vijayan Freelance writer, 2/22/2018
Comment0 comments  |  Read  |  Post a Comment
It's Not What You Know, It's What You Can Prove That Matters to Investigators
Yaron Galant, Chief Product Officer at AccellionCommentary
Achieving the data visibility to ensure you can provide auditors with the information they need after a breach, and do so in just a few days, has never been more difficult.
By Yaron Galant Chief Product Officer at Accellion, 2/22/2018
Comment0 comments  |  Read  |  Post a Comment
IRS Warns of Spike in W-2 Phishing Emails
Dark Reading Staff, Quick Hits
The IRS reports an increase in reports of phishing emails asking for W-2 information.
By Dark Reading Staff , 2/22/2018
Comment0 comments  |  Read  |  Post a Comment
Anatomy of an Attack on the Industrial IoT
Eddie Habibi, Founder & CEO of PAS GlobalCommentary
How cyber vulnerabilities on sensors can lead to production outage and financial loss.
By Eddie Habibi Founder & CEO of PAS Global, 2/22/2018
Comment0 comments  |  Read  |  Post a Comment
The Mobile Threat: 4 out of 10 Businesses Report 'Significant' Risk
Kelly Sheridan, Associate Editor, Dark ReadingNews
Organizations put efficiency and profit before security, leading to system downtime and data loss, according to inaugural research from Verizon.
By Kelly Sheridan Associate Editor, Dark Reading, 2/21/2018
Comment0 comments  |  Read  |  Post a Comment
Takeaways from the Russia-Linked US Senate Phishing Attacks
Tom Kemp, CEOCommentary
The Zero Trust Security approach could empower organizations and protect their customers in ways that go far beyond typical security concerns.
By Tom Kemp CEO, 2/21/2018
Comment1 Comment  |  Read  |  Post a Comment
7 Cryptominers & Cryptomining Botnets You Can't Ignore
Jai Vijayan, Freelance writer
Cryptominers have emerged as a major threat to organizations worldwide. Here are seven you cannot afford to ignore.
By Jai Vijayan Freelance writer, 2/21/2018
Comment0 comments  |  Read  |  Post a Comment
Researcher to Release Free Attack Obfuscation Tool
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Cybercrime gang FIN7, aka Carbanak, spotted hiding behind another Windows function, according to research to be presented at Black Hat Asia next month.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/20/2018
Comment0 comments  |  Read  |  Post a Comment
Meltdown/Spectre: The First Large-Scale Example of a 'Genetic' Threat
Michael Lines, Vice President, Strategy, Risk, and Compliance Services at  OptivCommentary
These vulnerabilities mark an evolutionary leap forward, and companies must make fighting back a priority.
By Michael Lines Vice President, Strategy, Risk, and Compliance Services at Optiv, 2/20/2018
Comment0 comments  |  Read  |  Post a Comment
Vulnerabilities Broke Records Yet Again in 2017
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Meanwhile, organizations still struggle to manage remediation.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/20/2018
Comment0 comments  |  Read  |  Post a Comment
Rise of the 'Hivenet': Botnets That Think for Themselves
Derek Manky, Global Security Strategist, FortinetCommentary
These intelligent botnet clusters swarm compromised devices to identify and assault different attack vectors all at once.
By Derek Manky Global Security Strategist, Fortinet, 2/16/2018
Comment0 comments  |  Read  |  Post a Comment
North Korea-Linked Cyberattacks Spread Out of Control: Report
Kelly Sheridan, Associate Editor, Dark ReadingNews
New details on old cyberattacks originating from North Korea indicate several forms of malware unintentionally spread wider than authors intended.
By Kelly Sheridan Associate Editor, Dark Reading, 2/15/2018
Comment0 comments  |  Read  |  Post a Comment
Democracy & DevOps: What Is the Proper Role for Security?
PJ Kirner, CTO & Founder, IllumioCommentary
Security experts need a front-row seat in the application development process but not at the expense of the business.
By PJ Kirner CTO & Founder, Illumio, 2/15/2018
Comment0 comments  |  Read  |  Post a Comment
Air Force Awards $12,500 for One Bug
Dark Reading Staff, Quick Hits
The highest single bounty of any federal bug bounty program yet is awarded through Hack the Air Force 2.0.
By Dark Reading Staff , 2/15/2018
Comment1 Comment  |  Read  |  Post a Comment
From DevOps to DevSecOps: Structuring Communication for Better Security
Robert Hawk, Privacy & Security Lead at xMattersCommentary
A solid approach to change management can help prevent problems downstream.
By Robert Hawk Privacy & Security Lead at xMatters, 2/15/2018
Comment3 comments  |  Read  |  Post a Comment
Windows 10 Critical Vulnerability Reports Grew 64% in 2017
Kelly Sheridan, Associate Editor, Dark ReadingNews
The launch and growth of new operating systems is mirrored by an increase in reported vulnerabilities.
By Kelly Sheridan Associate Editor, Dark Reading, 2/14/2018
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Facebook Aims to Make Security More Social
Kelly Sheridan, Associate Editor, Dark Reading,  2/20/2018
SEC: Companies Must Disclose More Info on Cybersecurity Attacks & Risks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  2/22/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.