Vulnerabilities / Threats //

Advanced Threats

News & Commentary
13 Russians Indicted for Massive Operation to Sway US Election
Kelly Sheridan, Associate Editor, Dark ReadingNews
Russian nationals reportedly used stolen American identities and infrastructure to influence the 2016 election outcome.
By Kelly Sheridan Associate Editor, Dark Reading, 2/16/2018
Comment1 Comment  |  Read  |  Post a Comment
Air Force Awards $12,500 for One Bug
Dark Reading Staff, Quick Hits
The highest single bounty of any federal bug bounty program yet is awarded through Hack the Air Force 2.0.
By Dark Reading Staff , 2/15/2018
Comment1 Comment  |  Read  |  Post a Comment
Fileless Malware: Not Just a Threat, but a Super-Threat
Itay Glick, CEO & Co-founder, VotiroCommentary
Exploits are getting more sophisticated by the day, and cybersecurity technology just isn't keeping up.
By Itay Glick CEO & Co-founder, Votiro, 2/14/2018
Comment0 comments  |  Read  |  Post a Comment
As Primaries Loom, Election Security Efforts Behind Schedule
Dark Reading Staff, Quick Hits
While federal agencies lag on vulnerability assessments and security clearance requests, the bipartisan Defending Digital Democracy Project releases three new resources to help state and local election agencies with cybersecurity, incident response.
By Dark Reading Staff , 2/13/2018
Comment1 Comment  |  Read  |  Post a Comment
Fake News: Could the Next Major Cyberattack Cause a Cyberwar?
Joseph Carson, Chief Security Scientist at ThycoticCommentary
In the way it undercuts trust, fake news is a form of cyberattack. Governments must work to stop it.
By Joseph Carson Chief Security Scientist at Thycotic, 2/13/2018
Comment0 comments  |  Read  |  Post a Comment
Better Security Analytics? Clean Up the Data First!
Dan Koloski, Vice President, Oracle's Systems Management and Security  products groupCommentary
Even the best analytics algorithms using incomplete and unclean data won't yield useful results.
By Dan Koloski Vice President, Oracle's Systems Management and Security products group, 2/12/2018
Comment0 comments  |  Read  |  Post a Comment
Tracking Bitcoin Wallets as IOCs for Ransomware
Curtis Jordan, Lead Security Engineer, TruSTARCommentary
By understanding how cybercriminals use bitcoin, threat analysts can connect the dots between cyber extortion, wallet addresses, shared infrastructure, TTPs, and attribution.
By Curtis Jordan Lead Security Engineer, TruSTAR, 2/12/2018
Comment0 comments  |  Read  |  Post a Comment
Ukraine Power Distro Plans $20 Million Cyber Defense System
Dark Reading Staff, Quick Hits
After NotPetya and severe blackouts, Ukrenergo responds with an investment in cybersecurity.
By Dark Reading Staff , 2/6/2018
Comment0 comments  |  Read  |  Post a Comment
Securing Cloud-Native Apps
Guy Podjarny, CEO & Cofounder, SnykCommentary
A useful approach for securing cloud-native platforms can be adapted for securing apps running on top of the platform as well.
By Guy Podjarny CEO & Cofounder, Snyk, 2/1/2018
Comment0 comments  |  Read  |  Post a Comment
Breach-Proofing Your Data in a GDPR World
Sanjay Beri, Co-Founder & CEO, NetskopeCommentary
Here are six key measures for enterprises to prioritize over the next few months.
By Sanjay Beri Co-Founder & CEO, Netskope, 1/30/2018
Comment0 comments  |  Read  |  Post a Comment
DNS Hijacking: The Silent Threat That's Putting Your Network at Risk
Cricket Liu, Executive VP & Senior Fellow, InfobloxCommentary
The technique is easy to carry out and can cause much damage. Here's what you need to know about fighting back.
By Cricket Liu Executive VP & Senior Fellow, Infoblox, 1/30/2018
Comment0 comments  |  Read  |  Post a Comment
Intel CEO: New Products that Tackle Meltdown, Spectre Threats Coming this Year
Dark Reading Staff, Quick Hits
In an earnings call yesterday, Intel CEO Brian Krzanich says security remains a 'priority' for the microprocessor company.
By Dark Reading Staff , 1/26/2018
Comment0 comments  |  Read  |  Post a Comment
Meltdown & Spectre: Computing's 'Unsafe at Any Speed' Problem
Richard Ford, Chief Scientist, ForcepointCommentary
Ralph Nader's book shook up the automotive world over 50 years ago. It's time to take a similar look at computer security.
By Richard Ford Chief Scientist, Forcepoint, 1/25/2018
Comment10 comments  |  Read  |  Post a Comment
Security Automation: Time to Start Thinking More Strategically
Liz Maida,  Co-founder, CEO & CTO, Uplevel SecurityCommentary
To benefit from automation, we need to review incident response processes to find the areas where security analysts can engage in more critical thought and problem-solving.
By Liz Maida Co-founder, CEO & CTO, Uplevel Security, 1/24/2018
Comment1 Comment  |  Read  |  Post a Comment
Understanding Supply Chain Cyber Attacks
Liviu Arsene, Senior E-threat Analyst, BitdefenderCommentary
While the attack surface has increased exponentially because of the cloud and everything-as-a-service providers, there are still ways in which host companies can harden supply chain security.
By Liviu Arsene Senior E-threat Analyst, Bitdefender, 1/19/2018
Comment0 comments  |  Read  |  Post a Comment
Feds Team with Foreign Policy Experts to Assess US Election Security
Steve Zurier, Freelance WriterNews
Expert panel lays out potential risks for the 2018 election cycle and beyond
By Steve Zurier Freelance Writer, 1/18/2018
Comment1 Comment  |  Read  |  Post a Comment
How AI Would Have Caught the Forever 21 Breach
Justin Fier, Director for Cyber Intelligence & Analytics at DarktraceCommentary
Companies must realize that the days of the desktop/server model are over and focus on "nontraditional" devices.
By Justin Fier Director for Cyber Intelligence & Analytics at Darktrace, 1/17/2018
Comment0 comments  |  Read  |  Post a Comment
What Can We Learn from Counterterrorism and National Security Efforts?
Adi Dar, Chief Executive Officer of CyberbitCommentary
The best practices and technologies that originated in the intelligence realm can help businesses stay safer, too.
By Adi Dar Chief Executive Officer of Cyberbit, 1/12/2018
Comment1 Comment  |  Read  |  Post a Comment
Privacy: The Dark Side of the Internet of Things
Ryan Barrett, VP of Security and Privacy at IntermediaCommentary
Before letting an IoT device into your business or home, consider what data is being collected and where it is going.
By Ryan Barrett VP of Security and Privacy at Intermedia, 1/11/2018
Comment1 Comment  |  Read  |  Post a Comment
'Back to Basics' Might Be Your Best Security Weapon
Lee Waskevich, Vice President, Security Solutions at ePlus TechnologyCommentary
A company's ability to successfully reduce risk starts with building a solid security foundation.
By Lee Waskevich Vice President, Security Solutions at ePlus Technology, 1/10/2018
Comment6 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
One in Three SOC Analysts Now Job-Hunting
Kelly Jackson Higgins, Executive Editor at Dark Reading,  2/12/2018
Encrypted Attacks Continue to Dog Perimeter Defenses
Ericka Chickowski, Contributing Writer, Dark Reading,  2/14/2018
Can Android for Work Redefine Enterprise Mobile Security?
Satish Shetty, CEO, Codeproof Technologies,  2/13/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: One agent too many was installed on Bob's desktop.
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.