IoT
News & Commentary
2019 Attacker Playbook
Ericka Chickowski, Contributing Writer, Dark Reading
Security pundits predict the ways that cybercriminals, nation-state actors, and other attackers will refine their tactics, techniques, and procedures in the coming year.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/14/2018
Comment0 comments  |  Read  |  Post a Comment
The Economics Fueling IoT (In)security
Ariel Kriger, VP Business Development at VDOOCommentary
Attackers understand the profits that lie in the current lack of security. That must change.
By Ariel Kriger VP Business Development at VDOO, 12/13/2018
Comment0 comments  |  Read  |  Post a Comment
Anti-Botnet Guide Aims to Tackle Automated Threats
Kelly Sheridan, Staff Editor, Dark ReadingNews
The international guide is intended to help organizations defend their networks and systems from automated and distributed attacks.
By Kelly Sheridan Staff Editor, Dark Reading, 11/29/2018
Comment1 Comment  |  Read  |  Post a Comment
New Bluetooth Hack Affects Millions of Vehicles
Dark Reading Staff, Quick Hits
Attack could expose the personal information of drivers who sync their mobile phone to a vehicle entertainment system.
By Dark Reading Staff , 11/16/2018
Comment3 comments  |  Read  |  Post a Comment
BlackBerry Doubles Down on Security in $1.4B Acquisition of Cylance
Kelly Sheridan, Staff Editor, Dark ReadingNews
BlackBerry aims to bring Cylance artificial intelligence and security tools into its software portfolio.
By Kelly Sheridan Staff Editor, Dark Reading, 11/16/2018
Comment0 comments  |  Read  |  Post a Comment
7 Cool New Security Tools to be Revealed at Black Hat Europe
Ericka Chickowski, Contributing Writer, Dark Reading
Black Hat Europe's Arsenal lineup will include demoes of new security tools, from AI malware research to container orchestration.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/12/2018
Comment0 comments  |  Read  |  Post a Comment
Vulnerabilities in Our Infrastructure: 5 Ways to Mitigate the Risk
Michael Fabian, Principal Security Consultant, SynopsysCommentary
By teaming up to address key technical and organizational issues, information and operational security teams can improve the resiliency and safety of their infrastructure systems.
By Michael Fabian Principal Security Consultant, Synopsys, 11/9/2018
Comment0 comments  |  Read  |  Post a Comment
User Behavior Analytics Could Find a Home in the OT World of the IIoT
Satish Gannu, Chief Security Officer, ABBCommentary
The technology never really took off in IT, but it could be very helpful in the industrial world.
By Satish Gannu Chief Security Officer, ABB, 11/8/2018
Comment0 comments  |  Read  |  Post a Comment
IT-to-OT Solutions That Can Bolster Security in the IIoT
Satish Gannu, Chief Security Officer, ABBCommentary
Industrial companies can use the hard-won, long-fought lessons of IT to leapfrog to an advanced state of Industrial Internet of Things security.
By Satish Gannu Chief Security Officer, ABB, 11/7/2018
Comment0 comments  |  Read  |  Post a Comment
Hidden Costs of IoT Vulnerabilities
Carl Nerup, Co-Founder and Chief Marketing Officer at CogCommentary
IoT devices have become part of our work and personal lives. Unfortunately, building security into these devices was largely an afterthought.
By Carl Nerup Co-Founder and Chief Marketing Officer at Cog, 11/6/2018
Comment1 Comment  |  Read  |  Post a Comment
7 Non-Computer Hacks That Should Never Happen
Steve Zurier, Freelance Writer
From paper to IoT, security researchers offer tips for protecting common attack surfaces that you're probably overlooking.
By Steve Zurier Freelance Writer, 11/5/2018
Comment3 comments  |  Read  |  Post a Comment
Worst Malware and Threat Actors of 2018
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Two reports call out the most serious malware attacks and attackers of the year (so far).
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/2/2018
Comment3 comments  |  Read  |  Post a Comment
New Report: IoT Now Top Internet Attack Target
Dark Reading Staff, Quick Hits
IoT devices are the top targets of cyberattacks -- most of which originate on IoT devices, new report finds.
By Dark Reading Staff , 10/29/2018
Comment0 comments  |  Read  |  Post a Comment
AppSec Is Dead, but Software Security Is Alive & Well
Matt Rose, Global Director Application Security Strategy, at CheckmarxCommentary
Application security must be re-envisioned to support software security. It's time to shake up your processes.
By Matt Rose Global Director Application Security Strategy, at Checkmarx, 10/29/2018
Comment2 comments  |  Read  |  Post a Comment
Side-Channel Attack Exposes User Accounts on Facebook, XBox, Other Social Sites
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researcher will demonstrate at Black Hat Europe his team's recent discovery: a way to exploit popular user-blocking feature on social media and other sites.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/25/2018
Comment0 comments  |  Read  |  Post a Comment
Tackling Supply Chain Threats
Ang Cui, Founder & CEO, Red Balloon SecurityCommentary
Vendor-supplied malware is a threat that has been largely overlooked. That has to change.
By Ang Cui Founder & CEO, Red Balloon Security, 10/24/2018
Comment0 comments  |  Read  |  Post a Comment
IoT Bot Landscape Expands, Attacks Vary by Country
Steve Zurier, Freelance WriterNews
New report finds 1,005 new user names and passwords beyond Mirais original default list two years ago.
By Steve Zurier Freelance Writer, 10/23/2018
Comment1 Comment  |  Read  |  Post a Comment
2018 State of Cyber Workforce
Ericka Chickowski, Contributing Writer, Dark Reading
Let's start with this eye-opener: The cybersecurity profession is facing a shortfall of 3 million workers worldwide.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/22/2018
Comment9 comments  |  Read  |  Post a Comment
Gartner Experts Highlight Tech Trends And Their Security Risks
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Security must be built into systems and applications from the beginning of the design process, they agreed.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/22/2018
Comment0 comments  |  Read  |  Post a Comment
New Security Woes for Popular IoT Protocols
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers at Black Hat Europe will detail denial-of-service and other flaws in MQTT, CoAP machine-to-machine communications protocols that imperil industrial and other IoT networks online.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/18/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20161
PUBLISHED: 2018-12-15
A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips (triggered by the motion sensor) are not saved if the attacker's traffic (such as Dot11Deauth) successfully disconnects the Sync Module from the...
CVE-2018-20159
PUBLISHED: 2018-12-15
i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a "...
CVE-2018-20157
PUBLISHED: 2018-12-15
The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.
CVE-2018-20154
PUBLISHED: 2018-12-14
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses.
CVE-2018-20155
PUBLISHED: 2018-12-14
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings.