Vulnerabilities / Threats //

Advanced Threats

News & Commentary
The Data Security Landscape Is Shifting: Is Your Company Prepared?
Francis Dinha, CEO & Co-Founder of OpenVPNCommentary
New ways to steal your data (and profits) keep cropping up. These best practices can help keep your organization safer.
By Francis Dinha CEO & Co-Founder of OpenVPN, 8/13/2018
Comment0 comments  |  Read  |  Post a Comment
The Enigma of AI & Cybersecurity
Dr. Dongyan Wang, Chief AI Officer at DeepBrain ChainCommentary
We've only seen the beginning of what artificial intelligence can do for information security.
By Dr. Dongyan Wang Chief AI Officer at DeepBrain Chain, 8/10/2018
Comment0 comments  |  Read  |  Post a Comment
Dark Reading News Desk Live at Black Hat USA 2018
Sara Peters, Senior Editor at Dark ReadingNews
Watch here Wednesday and Thursday, 2 p.m. - 6 p.m. ET to see over 40 live video interviews straight from the Black Hat USA conference in Las Vegas.
By Sara Peters Senior Editor at Dark Reading, 8/9/2018
Comment1 Comment  |  Read  |  Post a Comment
IT Managers: Are You Keeping Up with Social-Engineering Attacks?
Larry Ponemon, Chairman and Founder, Ponemon Institute, and 3M Privacy ConsultantCommentary
Increasingly sophisticated threats require a mix of people, processes, and technology safeguards.
By Larry Ponemon Chairman and Founder, Ponemon Institute, and 3M Privacy Consultant, 8/6/2018
Comment3 comments  |  Read  |  Post a Comment
Power Grid Security: How Safe Are We?
Cameron Camp, ESET Security ResearcherCommentary
Experiencing a power outage? It could have been caused by a hacker or just a squirrel chewing through some equipment. And that's a problem.
By Cameron Camp ESET Security Researcher, 8/2/2018
Comment0 comments  |  Read  |  Post a Comment
5 Steps to Fight Unauthorized Cryptomining
Matt Downing, Principal Threat Intelligence Researcher at Alert LogicCommentary
This compromise feels like a mere annoyance, but it can open the door to real trouble.
By Matt Downing Principal Threat Intelligence Researcher at Alert Logic, 8/1/2018
Comment0 comments  |  Read  |  Post a Comment
Unified Security Data: A Simple Idea to Combat Persistent, Complex Cyberattacks
Liz Maida,  Co-founder, CEO & CTO, Uplevel SecurityCommentary
Do you know what happens to your data when it's not in use? If the answer is no, you need to fix that.
By Liz Maida Co-founder, CEO & CTO, Uplevel Security, 7/31/2018
Comment1 Comment  |  Read  |  Post a Comment
New Spectre Variant Hits the Network
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new proof of concept is a reminder that complex systems can be vulnerable at the most basic level.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/30/2018
Comment0 comments  |  Read  |  Post a Comment
MUD: The Solution to Our Messy Enterprise IoT Security Problems?
Louis Creager, IoT Security Analyst, zveloCommentary
The 'Manufacturer Usage Description' proposal from IETF offers a promising route for bolstering security across the industry.
By Louis Creager IoT Security Analyst, zvelo, 7/30/2018
Comment0 comments  |  Read  |  Post a Comment
8 Steps Toward Safer Elections
Steve Zurier, Freelance Writer
Heres some advice from leading authorities on how state and local governments can adapt to an environment where election systems will inevitably be hacked.
By Steve Zurier Freelance Writer, 7/26/2018
Comment4 comments  |  Read  |  Post a Comment
Threat Hunting: Rethinking 'Needle in a Haystack' Security Defenses
Devon Kerr, Principal Threat Researcher at EndgameCommentary
In cyber, needles (that is, threats) can disappear quickly, for a variety of reasons, and long often after hackers have completed what they came to do.
By Devon Kerr Principal Threat Researcher at Endgame, 7/24/2018
Comment0 comments  |  Read  |  Post a Comment
Make Security Boring Again
Joel Fulton, Chief Information Security Officer for SplunkCommentary
In the public sector and feeling overwhelmed? Focus on the basics, as mind numbing as that may sound.
By Joel Fulton Chief Information Security Officer for Splunk, 7/18/2018
Comment0 comments  |  Read  |  Post a Comment
From Bullets to Clicks: The Evolution of the Cyber Arms Race
Nir Gaist, CTO and Founder of NyotronCommentary
Cyber strategies have become as important as physical weapons in the battle for political advantage. Here's a quick look at four broad categories.
By Nir Gaist CTO and Founder of Nyotron, 7/18/2018
Comment1 Comment  |  Read  |  Post a Comment
SCADA/ICS Dangers & Cybersecurity Strategies
Peter Newton, Senior Director of Product Marketing at FortinetCommentary
Nearly 60% of surveyed organizations using SCADA or ICS reported they experienced a breach in those systems in the last year. Here are four tips for making these systems safer.
By Peter Newton Senior Director of Product Marketing at Fortinet, 7/17/2018
Comment0 comments  |  Read  |  Post a Comment
Time to Yank Cybercrime into the Light
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Too many organizations are still operating blindfolded, research finds.
By Marc Wilczek Digital Strategist & CIO Advisor, 7/16/2018
Comment0 comments  |  Read  |  Post a Comment
8 Big Processor Vulnerabilities in 2018
Ericka Chickowski, Contributing Writer, Dark Reading
Security researchers have been working in overdrive examining processors for issues and they haven't come up empty-handed.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/13/2018
Comment1 Comment  |  Read  |  Post a Comment
How to Structure an Enterprise-Wide Threat Intelligence Strategy
Tom Badders, Senior Product Manager, Secure Mobility, at Telos CorporationCommentary
To keep an organization safe, you must think about the entire IT ecosystem.
By Tom Badders Senior Product Manager, Secure Mobility, at Telos Corporation, 7/13/2018
Comment0 comments  |  Read  |  Post a Comment
ICS Security: 'The Enemy Is in the Wire'
Wayne Lloyd, Federal CTO at RedSealCommentary
Threats to industrial control systems are real and frightening. The government is taking steps to keep us safer in the future, but there are near-term steps you can take right now.
By Wayne Lloyd Federal CTO at RedSeal, 7/12/2018
Comment2 comments  |  Read  |  Post a Comment
What We Talk About When We Talk About Risk
Jack Jones, Chairman, FAIR InstituteCommentary
Measuring security risk is not that hard if you get your terms straight and leverage well-established methods and principles from other disciplines.
By Jack Jones Chairman, FAIR Institute, 7/11/2018
Comment3 comments  |  Read  |  Post a Comment
For Data Thieves, the World Cup Runneth Over
Travis Jarae, Founder & CEO of One World IdentityCommentary
Large sporting events are always going to be targets, but the fact that the competition is in Russia adds another layer of concern. Here are three tips to stay safer.
By Travis Jarae Founder & CEO of One World Identity, 7/10/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
White Hat to Black Hat: What Motivates the Switch to Cybercrime
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
PGA of America Struck By Ransomware
Dark Reading Staff 8/9/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Now about that mortgage refinance offer from Wells Fargo .....
Current Issue
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-6970
PUBLISHED: 2018-08-13
VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privil...
CVE-2018-14781
PUBLISHED: 2018-08-13
Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G The models identified above, when paired with a remote controller and having the "easy bolus" and "remote bolu...
CVE-2018-15123
PUBLISHED: 2018-08-13
Insecure configuration storage in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows remote attacker perform new attack vectors and take under control device and smart home.
CVE-2018-15124
PUBLISHED: 2018-08-13
Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device.
CVE-2018-15125
PUBLISHED: 2018-08-13
Sensitive Information Disclosure in Zipato Zipabox Smart Home Controller allows remote attacker get sensitive information that expands attack surface.