Database Security
Authentication
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management

Vulnerabilities / Threats

News & Commentary
How Businesses Should Respond to the Ransomware Surge
Kelly Sheridan, Associate Editor, Dark ReadingNews
Modern endpoint security tools and incident response plans will be key in the fight against ransomware.
By Kelly Sheridan Associate Editor, Dark Reading, 10/5/2017
Comment0 comments  |  Read  |  Post a Comment
Equifax Lands $7.25 Million Contract with IRS
Dark Reading Staff, Quick Hits
The embattled credit monitoring agency will provide taxpayer identification verification and fraud prevention services to the federal tax agency.
By Dark Reading Staff , 10/5/2017
Comment0 comments  |  Read  |  Post a Comment
Private, Public, or Hybrid? Finding the Right Fit in a Bug Bounty Program
Jason Haddix, Head of Trust & Security, BugcrowdCommentary
How can a bug bounty not be a bug bounty? There are several reasons. Here's why you need to understand the differences.
By Jason Haddix Head of Trust & Security, Bugcrowd, 10/5/2017
Comment1 Comment  |  Read  |  Post a Comment
Nation-State Attackers Steal, Copy Each Other's Tools
Kelly Sheridan, Associate Editor, Dark ReadingNews
When advanced actors steal and re-use tools and infrastructure from other attack groups, it makes it harder to attribute cybercrime.
By Kelly Sheridan Associate Editor, Dark Reading, 10/4/2017
Comment0 comments  |  Read  |  Post a Comment
DNS a 'Victim of its Own Success'
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Why securing the Domain Name System remains an afterthought at many organizations.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/4/2017
Comment0 comments  |  Read  |  Post a Comment
What Security Teams Need to Know about the NIAC Report
Mike Shultz, CEO of CybernanceCommentary
Which of the recommendations made by the NIAC working group will affect security teams the most, and how should they prepare?
By Mike Shultz CEO of Cybernance, 10/4/2017
Comment0 comments  |  Read  |  Post a Comment
Ransomware Will Target Backups: 4 Ways to Protect Your Data
Rod Mathews, Senior VP and General Manager of Data ProtectionCommentary
Backups are the best way to take control of your defense against ransomware, but they need protecting as well.
By Rod Mathews Senior VP and General Manager of Data Protection, 10/4/2017
Comment1 Comment  |  Read  |  Post a Comment
New Standards Will Shore up Internet Router Security
Jai Vijayan, Freelance writerNews
The BGP Path Validation draft standards were designed to ensure that Internet traffic flows only along digitally signed, authorized paths.
By Jai Vijayan Freelance writer, 10/3/2017
Comment0 comments  |  Read  |  Post a Comment
DevOpsSec: A Big Step in Cloud Application Security
Jeff Schilling, Chief Security Officer, ArmorCommentary
Why it's time for DevOps and security teams to bury the hatchet -- and not in each other's back.
By Jeff Schilling Chief Security Officer, Armor, 10/3/2017
Comment0 comments  |  Read  |  Post a Comment
70% of US Employees Lack Security and Privacy Awareness
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Acceptable use of social media and adherence to workplace physical security drops, new survey shows.
By Dawn Kawamoto Associate Editor, Dark Reading, 10/3/2017
Comment3 comments  |  Read  |  Post a Comment
5 IT Practices That Put Enterprises at Risk
Darren McCue, President of Dunbar Security SolutionsCommentary
No one solution will keep you 100% protected, but if you avoid these common missteps, you can shore up your security posture.
By Darren McCue President of Dunbar Security Solutions, 10/2/2017
Comment4 comments  |  Read  |  Post a Comment
Weakness In Windows Defender Lets Malware Slip Through Via SMB Shares
Jai Vijayan, Freelance writerNews
CyberArk says the manner in which Defender scans for malicious executables in SMB shares gives attackers an opening.
By Jai Vijayan Freelance writer, 10/2/2017
Comment0 comments  |  Read  |  Post a Comment
Apple Shares More Data with US in First Half of 2017
Dark Reading Staff, Quick Hits
Device-based data requests from government agencies dropped in the first half over last year, but Apple fulfilled a higher percentage of those requests, according to its transparency report.
By Dark Reading Staff , 9/29/2017
Comment0 comments  |  Read  |  Post a Comment
Whole Foods Reports Credit Card Breach
Dark Reading Staff, Quick Hits
The breach affects customers of certain Whole Foods taprooms and table-service restaurants.
By Dark Reading Staff , 9/29/2017
Comment0 comments  |  Read  |  Post a Comment
Apple Mac Models Vulnerable to Targeted Attacks
Kelly Sheridan, Associate Editor, Dark ReadingNews
Several updated Mac models don't receive EFI security fixes, putting machines at risk for targeted cyberattacks.
By Kelly Sheridan Associate Editor, Dark Reading, 9/29/2017
Comment0 comments  |  Read  |  Post a Comment
Analyzing Cybersecurity's Fractured Educational Ecosystem
Chaim Sanders, Security Lead at ZeroFOXCommentary
We have surprisingly little data on how to evaluate infosec job candidates academic qualifications. That needs to change.
By Chaim Sanders Security Lead at ZeroFOX, 9/29/2017
Comment5 comments  |  Read  |  Post a Comment
CISOs Offer Soup-to-Nuts C-Suite Strategy
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Chief information security officers from Dell, RCB Bank and other organizations share what it takes to become a security exec, sit in the C-Suite, and keep the job.
By Dawn Kawamoto Associate Editor, Dark Reading, 9/29/2017
Comment0 comments  |  Read  |  Post a Comment
Report: Bank Email Fraud Increases since Equifax Breach
Dark Reading Staff, Quick Hits
Cyberthieves are impersonating banks to send bogus "secure" bank email messages.
By Dark Reading Staff , 9/28/2017
Comment1 Comment  |  Read  |  Post a Comment
Ransomware Numbers Continue to Look Abysmal
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Ransomware is one of the fastest-growing concerns among IT pros, according to several studies out this week.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/28/2017
Comment0 comments  |  Read  |  Post a Comment
Equihax: Identifying & Wrangling Vulnerabilities
Nick Deshpande, VP, Product Development, ZenedgeCommentary
Now that we know what was taken from Equifax, how it was taken, and what is being sold, what more do we need to learn before the next time?
By Nick Deshpande VP, Product Development, Zenedge, 9/28/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Products & Releases
New McAfee Report Highlights Global Impact of Changing Data Protection Landscape
Dover Microsystems Launches CoreGuard
Gemalto and Ledger Join Forces to Provide Security Infrastructure for Cryptocurrency Based Activities
Finance Industry Faces Major Security Risks from Outdated Vendor Systems
RefleXion Medical Chooses MedCrypt to Secure Radiotherapy Tech
Cryptomathic Granted New Patent for Strong Non-Repudiation with eSignatures
Aruba Modernizes Network Security to Reduce Risk
Attivo Networks Tackles Cloud Threat Detection Gaps
More Products & Releases
PR Newswire
Analyzing Cybersecurity's Fractured Educational Ecosystem
Chaim Sanders, Security Lead at ZeroFOX,  9/29/2017
Best and Worst Security Functions to Outsource
Kelly Sheridan, Associate Editor, Dark Reading,  9/29/2017
5 IT Practices That Put Enterprises at Risk
Darren McCue, President of Dunbar Security Solutions,  10/2/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "These erectile dysfunction ads are really getting intrusive."
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.