Vulnerabilities / Threats //

Advanced Threats

News & Commentary
It's Time to Take GitHub Threats Seriously
Kumar Saurabh, CEO and co-founder of LogicHubCommentary
There's a good chance your company has projects on the source code management system, but the casual way many developers use GitHub creates security issues.
By Kumar Saurabh CEO and co-founder of LogicHub, 4/24/2018
Comment0 comments  |  Read  |  Post a Comment
Biometrics Are Coming & So Are Security Concerns
Michael Fauscette, Chief Research Officier at G2 CrowdCommentary
Could these advanced technologies be putting user data at risk?
By Michael Fauscette Chief Research Officier at G2 Crowd, 4/20/2018
Comment0 comments  |  Read  |  Post a Comment
How to Protect Industrial Control Systems from State-Sponsored Hackers
Matt Cauthorn, VP of Security, ExtraHopCommentary
US-CERT recently issued an alert about Russian threat activity against infrastructure sectors. Is there a way to fight back?
By Matt Cauthorn VP of Security, ExtraHop, 4/19/2018
Comment0 comments  |  Read  |  Post a Comment
The Role of KPIs in Incident Response
John Moran, Senior Product Manager, DFLabsCommentary
Using KPIs can have a positive impact on the tactical and strategic functions of a security operations program.
By John Moran Senior Product Manager, DFLabs, 4/18/2018
Comment1 Comment  |  Read  |  Post a Comment
Cyber War Game Shows How Federal Agencies Disagree on Incident Response
Sara Peters, Senior Editor at Dark ReadingNews
Former officials at DHS, DOJ, and DOD diverge on issues of attribution and defining what constitutes an act of cyber war.
By Sara Peters Senior Editor at Dark Reading, 4/18/2018
Comment0 comments  |  Read  |  Post a Comment
Federal Agency Data Under Siege
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Seventy-one percent of IT security professionals in US federal agencies have reported breaches in their organizations.
By Marc Wilczek Digital Strategist & CIO Advisor, 4/13/2018
Comment0 comments  |  Read  |  Post a Comment
Stopping Cyber Madness: Why the Private Sector Must Lead the Fight
Paul Kurtz, CEO & Cofounder, TruSTAR TechnologyCommentary
The government's ability to help secure the Internet will be limited given the light speed of the Internet versus the slower pace of government. That's why stopping the madness begins with the private sector.
By Paul Kurtz CEO & Cofounder, TruSTAR Technology, 4/11/2018
Comment0 comments  |  Read  |  Post a Comment
Protect Yourself from Online Fraud This Tax Season
Robert Block, Senior VP of Identity Strategy at SecureAuth and Core SecurityCommentary
Use these tips to stay safe online during everyone's least-favorite time of the year.
By Robert Block Senior VP of Identity Strategy at SecureAuth and Core Security, 4/6/2018
Comment0 comments  |  Read  |  Post a Comment
How to Build a Cybersecurity Incident Response Plan
Wayne Lee and Keith Swiat, Senior Architect in West Monroe Partners' Cybersecurity Practice & Director in West Monroe Partners' Technology PracticeCommentary
Being hit by a cyberattack is going to be painful. But it can be less painful if you're prepared, and these best practices can help.
By Wayne Lee and Keith Swiat Senior Architect in West Monroe Partners' Cybersecurity Practice & Director in West Monroe Partners' Technology Practice, 4/5/2018
Comment0 comments  |  Read  |  Post a Comment
Hudson's Bay Brands Hacked, 5 Million Credit Card Accounts Stolen
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The infamous Carbanak/FIN7 cybercrime syndicate breached Saks and Lord & Taylor and is now selling some of the stolen credit card accounts on the Dark Web.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/2/2018
Comment0 comments  |  Read  |  Post a Comment
The Cybersecurity Mandates Keep On Coming
Steven Grossman, VP of Strategy, Bay DynamicsCommentary
There's a good reason for the proliferation of mandates like the one in New York state, but companies may struggle to answer this question: "Are we in compliance?"
By Steven Grossman VP of Strategy, Bay Dynamics, 3/30/2018
Comment3 comments  |  Read  |  Post a Comment
MITRE Evaluates Tools for APT Detection
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new service from MITRE will evaluate products based on how well they detect advanced persistent threats.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/29/2018
Comment1 Comment  |  Read  |  Post a Comment
Deconstructing the DOJ Iranian Hacking Indictment
Cameron Ero, Security Engineer, OktaCommentary
The alleged attackers used fairly simple tools, techniques and procedures to compromise a new victim organization on an almost weekly basis for over five years.
By Cameron Ero Security Engineer, Okta, 3/29/2018
Comment0 comments  |  Read  |  Post a Comment
780 Days in the Life of a Computer Worm
Javvad Malik, Security Advocate at AlienVaultCommentary
This is a story of a worm, from the time it was coded and deployed onto the Internet. It is narrated by the worm in the first person.
By Javvad Malik Security Advocate at AlienVault, 3/27/2018
Comment0 comments  |  Read  |  Post a Comment
Privacy: Do We Need a National Data Breach Disclosure Law?
Dallas Bishoff, Director, Security Services, PCMCommentary
Some say we need a more consistent approach, while others worry a national law might supersede and water down some state laws already on the books.
By Dallas Bishoff Director, Security Services, PCM, 3/27/2018
Comment15 comments  |  Read  |  Post a Comment
The Overlooked Problem of 'N-Day' Vulnerabilities
Ang Cui, Founder & CEO, Red Balloon SecurityCommentary
N-days -- or known vulnerabilities -- are a goldmine for attackers of industrial control systems. It's time for a new defense strategy.
By Ang Cui Founder & CEO, Red Balloon Security, 3/26/2018
Comment0 comments  |  Read  |  Post a Comment
Looking Back to Look Ahead: Cyber Threat Trends to Watch
Derek Manky, Global Security Strategist, FortinetCommentary
Data from the fourth quarter of last year shows the state of application exploits, malicious software, and botnets.
By Derek Manky Global Security Strategist, Fortinet, 3/23/2018
Comment1 Comment  |  Read  |  Post a Comment
5 Ways to Get Ready for Public Cloud Deployment
Rinki Sethi, Senior Director of Security Operations and Strategy of  Palo Alto NetworksCommentary
Syncing security and product development early is now a "must do."
By Rinki Sethi Senior Director of Security Operations and Strategy of Palo Alto Networks, 3/22/2018
Comment0 comments  |  Read  |  Post a Comment
GandCrab Ransomware Goes 'Agile'
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
GandCrab ransomware's developers have iterated the code rapidly, researchers found.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/21/2018
Comment0 comments  |  Read  |  Post a Comment
How Serverless Computing Reshapes Security
Guy Podjarny, CEO & Cofounder, SnykCommentary
The new division of responsibility moves some security concerns off a business's plate while changing priorities for other risks.
By Guy Podjarny CEO & Cofounder, Snyk, 3/21/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Diversity: It's About Inclusion
Kelly Jackson Higgins, Executive Editor at Dark Reading,  4/25/2018
Threat Intel: Finding Balance in an Overcrowded Market
Kelly Sheridan, Staff Editor, Dark Reading,  4/23/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.