IoT
News & Commentary
Oracle Fixes 20 Remotely Exploitable Java SE Vulns
Jai Vijayan, Freelance writerNews
Quarterly update for October is the smallest of the year: only 252 flaws to fix! Oracle advises to apply patches 'without delay.'
By Jai Vijayan Freelance writer, 10/18/2017
Comment0 comments  |  Read  |  Post a Comment
The Future of Democratic Threats is Digital
Kelly Sheridan, Associate Editor, Dark ReadingNews
Public policy and technological challenges take center stage as security leaders discuss digital threats to democracy.
By Kelly Sheridan Associate Editor, Dark Reading, 10/18/2017
Comment0 comments  |  Read  |  Post a Comment
Banks Start Broad Use of Blockchain, as JP Morgan, IBM Lead Way
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Two major players announced cross-border payment networks built on blockchain technologies Monday, and more financial services will follow soon, despite opinions about Bitcoin.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/17/2017
Comment0 comments  |  Read  |  Post a Comment
Printers: The Weak Link in Enterprise Security
Kelly Sheridan, Associate Editor, Dark ReadingNews
Organizations frequently overlook printer security, leaving systems exposed to malware and theft. New tools aim to lessen the risk.
By Kelly Sheridan Associate Editor, Dark Reading, 10/16/2017
Comment2 comments  |  Read  |  Post a Comment
IoT: Insecurity of Things or Internet of Threats?
Kelly Sheridan, Associate Editor, Dark ReadingNews
Security leaders call for device manufacturers to buckle down on device security as the Internet of Things evolves.
By Kelly Sheridan Associate Editor, Dark Reading, 10/11/2017
Comment0 comments  |  Read  |  Post a Comment
New 4G, 5G Network Flaw 'Worrisome'
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Weaknesses in the voice and data convergence technology can be exploited to allow cybercriminals to launch DoS attacks and hijack mobile data.
By Dawn Kawamoto Associate Editor, Dark Reading, 10/9/2017
Comment0 comments  |  Read  |  Post a Comment
Caterpillar Eyes Competitive Edge with Connected Asset Security Program
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Launches program to incorporate security by design and a strategic governance policy across all of its IoT products.
By Dawn Kawamoto Associate Editor, Dark Reading, 9/27/2017
Comment0 comments  |  Read  |  Post a Comment
SMBs Paid $301 Million to Ransomware Attackers
Dark Reading Staff, Quick Hits
But small- to midsized businesses are taking a tougher stand against ransomware attacks, according to a survey released today of the 2016-2017 period.
By Dark Reading Staff , 9/21/2017
Comment10 comments  |  Read  |  Post a Comment
Get Serious about IoT Security
Derek Manky, Global Security Strategist, FortinetCommentary
These four best practices will help safeguard your organization in the Internet of Things.
By Derek Manky Global Security Strategist, Fortinet, 9/20/2017
Comment4 comments  |  Read  |  Post a Comment
10 Hot Cybersecurity Funding Rounds in Q3
Jai Vijayan, Freelance writer
The first two quarters of 2017 have been the most active ever in five years from a cybersecurity investment standpoint. Here's how the third quarter has shaped up.
By Jai Vijayan Freelance writer, 9/20/2017
Comment2 comments  |  Read  |  Post a Comment
Microsoft's Azure 'Confidential Computing' Encrypts Data in Use
Kelly Sheridan, Associate Editor, Dark ReadingNews
Early Access program under way for new Azure cloud security feature.
By Kelly Sheridan Associate Editor, Dark Reading, 9/14/2017
Comment0 comments  |  Read  |  Post a Comment
The Hunt for IoT: The Rise of Thingbots
Sara Boddy, Principal Threat Research Evangelist
Across all of our research, every indication is that todays "thingbots" botnets built exclusively from Internet of Things devices will become the infrastructure for a future Darknet.
By Sara Boddy Principal Threat Research Evangelist, 9/14/2017
Comment0 comments  |  Read  |  Post a Comment
Tesla Hacks: The Good, The Bad, & The Ugly
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Keen Security Lab found multiple holes in the isolation layer Tesla uses to protect drive systems from infotainment systems, but were impressed by the auto company's security in other ways.
By Sara Peters Senior Editor at Dark Reading, 9/12/2017
Comment1 Comment  |  Read  |  Post a Comment
Attacking Data Integrity & Hacking Radiation Monitoring Devices
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Ruben Santamarta shows radio-based vulnerabilities and investigates how the integrity of critical data can be manipulated to simulate, complicate or exacerbate emergency situations.
By Sara Peters Senior Editor at Dark Reading, 9/8/2017
Comment0 comments  |  Read  |  Post a Comment
10% of Ransomware Attacks on SMBs Targeted IoT Devices
Dawn Kawamoto, Associate Editor, Dark ReadingNews
IoT ransomware attacks are expected to ramp up in the coming years, a new survey shows.
By Dawn Kawamoto Associate Editor, Dark Reading, 9/7/2017
Comment0 comments  |  Read  |  Post a Comment
Workplace IoT Puts Companies on Notice for Smarter Security
Robert Clyde, CISM, Vice-Chair of ISACA Board of Directors, Executive Chair of White Cloud Security and Executive Advisor to BullGuard SoftwareCommentary
Blacklisting every "thing" in sight and banning connections to the corporate network may sound tempting, but it's not a realistic strategy.
By Robert Clyde CISM, Vice-Chair of ISACA Board of Directors, Executive Chair of White Cloud Security and Executive Advisor to BullGuard Software, 9/6/2017
Comment0 comments  |  Read  |  Post a Comment
Mikko Hypponen's Vision of the Cybersecurity Future
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Twenty years from now, will everything be in the Internet of Things, and if so, how does the security industry need to prepare? F-Secure's chief research officer weighs in on this and what else the future promises (and threatens).
By Sara Peters Senior Editor at Dark Reading, 9/4/2017
Comment2 comments  |  Read  |  Post a Comment
Using Market Pressures to Improve Cybersecurity
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Post-MedSec, Chris Wysopal discusses what impact the investor community -- if not consumers -- can have on squashing vulnerabilities and improving cybersecurity.
By Sara Peters Senior Editor at Dark Reading, 8/31/2017
Comment0 comments  |  Read  |  Post a Comment
St. Jude Pacemaker Gets Firmware Update 'Intended as a Recall'
Sara Peters, Senior Editor at Dark ReadingNews
The devices that were the subject of a vulnerability disclosure debate last summer now have an FDA-approved fix.
By Sara Peters Senior Editor at Dark Reading, 8/30/2017
Comment2 comments  |  Read  |  Post a Comment
7 Things to Know About Today's DDoS Attacks
Jai Vijayan, Freelance writer
DDoS attacks are no longer something that just big companies in a few industries need to worry about. They have become a threat to every business.
By Jai Vijayan Freelance writer, 8/30/2017
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by AlyssaTallent
Current Conversations Ohhh that is pretty interesting 
In reply to: Great
Post Your Own Reply
Posted by LouiseMiller
Current Conversations So what does it mean? 
In reply to: Re: Backups
Post Your Own Reply
More Conversations
20 Questions to Ask Yourself before Giving a Security Conference Talk
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRA,  10/16/2017
Printers: The Weak Link in Enterprise Security
Kelly Sheridan, Associate Editor, Dark Reading,  10/16/2017
Hyatt Hit With Another Credit Card Breach
Dark Reading Staff 10/13/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.