Vulnerabilities / Threats //

Advanced Threats

News & Commentary
Improving the Adoption of Security Automation
Dan Koloski, Vice President, Oracle's Systems Management and Security  products groupCommentary
Four barriers to automation and how to overcome them.
By Dan Koloski Vice President, Oracle's Systems Management and Security products group, 6/20/2018
Comment0 comments  |  Read  |  Post a Comment
How to Prepare for 'WannaCry 2.0'
Shimon Oren, Head of Cyber Intelligence at Deep InstinctCommentary
It seems inevitable that a more-powerful follow-up to last year's malware attack will hit sooner or later. You'd better get prepared.
By Shimon Oren Head of Cyber Intelligence at Deep Instinct, 6/19/2018
Comment0 comments  |  Read  |  Post a Comment
5 Tips for Integrating Security Best Practices into Your Cloud Strategy
Robert Corradini, Director of Product Management at 5nineCommentary
Do 'cloud-first' strategies create a security-second mindset?
By Robert Corradini Director of Product Management at 5nine, 6/19/2018
Comment0 comments  |  Read  |  Post a Comment
Modern Cybersecurity Demands a Different Corporate Mindset
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Very few organizations have fully incorporated all relevant risks and threats into their current digital strategy, research finds.
By Marc Wilczek Digital Strategist & CIO Advisor, 6/15/2018
Comment0 comments  |  Read  |  Post a Comment
Four Faces of Fraud: Identity, 'Fake' Identity, Ransomware & Digital
David Shefter, Chief Technology Officer at Ziften TechnologiesCommentary
Realizing the wide scope of fraud should be at the top of every business executive's to-do list. Here's some practical advice to help you stay safe.
By David Shefter Chief Technology Officer at Ziften Technologies, 6/14/2018
Comment1 Comment  |  Read  |  Post a Comment
LeBron vs. Steph: The NBA Version of Cyber Defense vs. Cyberattacks
Donald Meyer, Head of Cloud and Data Center,  Check Point SoftwareCommentary
It takes an aggressive, swarming approach to overcome the most dangerous threats today.
By Donald Meyer Head of Cloud and Data Center, Check Point Software, 6/13/2018
Comment0 comments  |  Read  |  Post a Comment
'Shift Left' & the Connected Car
Rohit Sethi, COO of Security CompassCommentary
How improving application security in the automotive industry can shorten product development time, reduce costs, and save lives.
By Rohit Sethi COO of Security Compass, 6/12/2018
Comment1 Comment  |  Read  |  Post a Comment
Weaponizing IPv6 to Bypass IPv4 Security
John Anderson, Principal Security Consultant, Trustwave SpiderlabsCommentary
Just because you're not yet using IPv6 doesn't mean you're safe from the protocol's attack vectors.
By John Anderson Principal Security Consultant, Trustwave Spiderlabs, 6/12/2018
Comment1 Comment  |  Read  |  Post a Comment
Side-Channel Attacks & the Importance of Hardware-Based Security
Ketan Shah, Vice President of Products at FortanixCommentary
Reliably evaluating the security of modern infrastructure requires a solid understanding of the hardware supporting it.
By Ketan Shah Vice President of Products at Fortanix, 6/7/2018
Comment1 Comment  |  Read  |  Post a Comment
I, for One, Welcome Our Robotic Security Overlords
Danelle Au, VP Strategy, SafeBreachCommentary
Automation will come in more subtle ways than C-3PO and it's transforming cybersecurity.
By Danelle Au VP Strategy, SafeBreach, 6/5/2018
Comment0 comments  |  Read  |  Post a Comment
Cybercrime Is Skyrocketing as the World Goes Digital
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
If cybercrime were a country, it would have the 13th highest GDP in the world.
By Marc Wilczek Digital Strategist & CIO Advisor, 6/1/2018
Comment0 comments  |  Read  |  Post a Comment
New Threats, Old Threats: Everywhere a Threat
Derek Manky, Global Security Strategist, FortinetCommentary
First-quarter data shows cryptojacking on the rise -- but don't count out some "classic" threats just yet.
By Derek Manky Global Security Strategist, Fortinet, 5/29/2018
Comment0 comments  |  Read  |  Post a Comment
GDPR, WHOIS & the Impact on Merchant Risk Security Monitoring
Ron Teicher, CEO & Founder, EverCompliantCommentary
The EU's General Data Protection Regulation will make it harder for law enforcement, forensic investigators, and others to track down everything from credit card fraud to child porn rings.
By Ron Teicher CEO & Founder, EverCompliant, 5/24/2018
Comment0 comments  |  Read  |  Post a Comment
The Risks of Remote Desktop Access Are Far from Remote
Matt Ahrens,  Security Team Leader at CoalitionCommentary
RDP is used by fraudsters to steal and monetize data more often than you might think. But there are ways to stay safe.
By Matt Ahrens Security Team Leader at Coalition, 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
Why Isn't Integrity Getting the Attention It Deserves?
Tim Erlin, VP of Product Management & Strategy at TripwireCommentary
A focus on integrity requires a shift in the way many approach security management, but it's one of the most promising approaches to effective enterprise security.
By Tim Erlin VP of Product Management & Strategy at Tripwire, 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
Charlie Miller, Senior Vice President, The Santa Fe GroupCommentary
There's a major disconnect between Internet of Things governance and risk management, according to a new report. Follow these five steps to address the risks.
By Charlie Miller Senior Vice President, The Santa Fe Group, 5/14/2018
Comment2 comments  |  Read  |  Post a Comment
8 Ways Hackers Can Game Air Gap Protections
Ericka Chickowski, Contributing Writer, Dark Reading
Isolating critical systems from connectivity isn't a guarantee they can't be hacked.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/11/2018
Comment0 comments  |  Read  |  Post a Comment
APT Attacks on Mobile Rapidly Emerging
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Mobile devices are becoming a 'primary' enterprise target for attackers.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/8/2018
Comment0 comments  |  Read  |  Post a Comment
Breakout Time: A Critical Key Cyber Metric
Scott Taschler, Director of Product Marketing for CrowdStrikeCommentary
Why organizations need to detect an intrusion in under a minute, understand it in under 10 minutes, and eject the adversary in under an hour.
By Scott Taschler Director of Product Marketing for CrowdStrike, 5/8/2018
Comment0 comments  |  Read  |  Post a Comment
GDPR Requirements Prompt New Approach to Protecting Data in Motion
Rick Bilodeau, Vice President of Marketing, StreamSetsCommentary
The EU's General Data Protection Regulation means that organizations must look at new ways to keep data secure as it moves.
By Rick Bilodeau Vice President of Marketing, StreamSets, 5/3/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Meet 'Bro': The Best-Kept Secret of Network Security
Greg Bell, CEO, Corelight,  6/14/2018
Four Faces of Fraud: Identity, 'Fake' Identity, Ransomware & Digital
David Shefter, Chief Technology Officer at Ziften Technologies,  6/14/2018
Containerized Apps: An 8-Point Security Checklist
Jai Vijayan, Freelance writer,  6/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-5236
PUBLISHED: 2018-06-20
Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition (or race hazard). This type of issue occurs in software where the output is dependent on the sequence or timing of other uncontrollable events.
CVE-2018-5237
PUBLISHED: 2018-06-20
Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels.
CVE-2018-6211
PUBLISHED: 2018-06-20
On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the res_buf parameter to index.cgi.
CVE-2018-6212
PUBLISHED: 2018-06-20
On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting (XSS) attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect proc...
CVE-2018-6213
PUBLISHED: 2018-06-20
In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account.