Vulnerabilities / Threats

News & Commentary
Rise of the 'Hivenet': Botnets That Think for Themselves
Derek Manky, Global Security Strategist, FortinetCommentary
These intelligent botnet clusters swarm compromised devices to identify and assault different attack vectors all at once.
By Derek Manky Global Security Strategist, Fortinet, 2/16/2018
Comment0 comments  |  Read  |  Post a Comment
North Korea-Linked Cyberattacks Spread Out of Control: Report
Kelly Sheridan, Associate Editor, Dark ReadingNews
New details on old cyberattacks originating from North Korea indicate several forms of malware unintentionally spread wider than authors intended.
By Kelly Sheridan Associate Editor, Dark Reading, 2/15/2018
Comment0 comments  |  Read  |  Post a Comment
Democracy & DevOps: What Is the Proper Role for Security?
PJ Kirner, CTO & Founder, IllumioCommentary
Security experts need a front-row seat in the application development process but not at the expense of the business.
By PJ Kirner CTO & Founder, Illumio, 2/15/2018
Comment0 comments  |  Read  |  Post a Comment
Air Force Awards $12,500 for One Bug
Dark Reading Staff, Quick Hits
The highest single bounty of any federal bug bounty program yet is awarded through Hack the Air Force 2.0.
By Dark Reading Staff , 2/15/2018
Comment1 Comment  |  Read  |  Post a Comment
From DevOps to DevSecOps: Structuring Communication for Better Security
Robert Hawk, Privacy & Security Lead at xMattersCommentary
A solid approach to change management can help prevent problems downstream.
By Robert Hawk Privacy & Security Lead at xMatters, 2/15/2018
Comment1 Comment  |  Read  |  Post a Comment
Windows 10 Critical Vulnerability Reports Grew 64% in 2017
Kelly Sheridan, Associate Editor, Dark ReadingNews
The launch and growth of new operating systems is mirrored by an increase in reported vulnerabilities.
By Kelly Sheridan Associate Editor, Dark Reading, 2/14/2018
Comment1 Comment  |  Read  |  Post a Comment
Intel Expands Bug Bounty Program, Offers up to $250K
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Microprocessor giant adds vulnerability-finding category for Meltdown, Spectre-type flaws.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/14/2018
Comment0 comments  |  Read  |  Post a Comment
3 Tips to Keep Cybersecurity Front & Center
Greg Kushto, Vice President of Sales Engineering at Force 3Commentary
In today's environment, a focus on cybersecurity isn't a luxury. It's a necessity, and making sure that focus is achieved starts with the company's culture.
By Greg Kushto Vice President of Sales Engineering at Force 3, 2/14/2018
Comment1 Comment  |  Read  |  Post a Comment
Fileless Malware: Not Just a Threat, but a Super-Threat
Itay Glick, CEO & Co-founder, VotiroCommentary
Exploits are getting more sophisticated by the day, and cybersecurity technology just isn't keeping up.
By Itay Glick CEO & Co-founder, Votiro, 2/14/2018
Comment0 comments  |  Read  |  Post a Comment
As Primaries Loom, Election Security Efforts Behind Schedule
Dark Reading Staff, Quick Hits
While federal agencies lag on vulnerability assessments and security clearance requests, the bipartisan Defending Digital Democracy Project releases three new resources to help state and local election agencies with cybersecurity, incident response.
By Dark Reading Staff , 2/13/2018
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Fixes Two Security Flaws in Outlook
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
February security patches include updates for 50 vulnerabilities, 14 of which are critical.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/13/2018
Comment0 comments  |  Read  |  Post a Comment
Lazarus Group Attacks Banks, Bitcoin Users in New Campaign
Kelly Sheridan, Associate Editor, Dark ReadingNews
A new Lazarus Group cyberattack campaign combines spear-phishing techniques with a cryptocurrency scanner designed to scan for Bitcoin wallets.
By Kelly Sheridan Associate Editor, Dark Reading, 2/13/2018
Comment0 comments  |  Read  |  Post a Comment
Can Android for Work Redefine Enterprise Mobile Security?
Satish Shetty, CEO, Codeproof TechnologiesCommentary
Google's new mobility management framework makes great strides in addressing security and device management concerns while offering diverse deployment options. Here are the pros and cons.
By Satish Shetty CEO, Codeproof Technologies, 2/13/2018
Comment1 Comment  |  Read  |  Post a Comment
Fake News: Could the Next Major Cyberattack Cause a Cyberwar?
Joseph Carson, Chief Security Scientist at ThycoticCommentary
In the way it undercuts trust, fake news is a form of cyberattack. Governments must work to stop it.
By Joseph Carson Chief Security Scientist at Thycotic, 2/13/2018
Comment0 comments  |  Read  |  Post a Comment
Cyberattack Aimed to Disrupt Opening of Winter Olympics
Kelly Sheridan, Associate Editor, Dark ReadingNews
Researchers who identified malware targeting the 2018 Winter Olympics say the attackers had previously compromised the Games' infrastructure.
By Kelly Sheridan Associate Editor, Dark Reading, 2/12/2018
Comment0 comments  |  Read  |  Post a Comment
One in Three SOC Analysts Now Job-Hunting
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The more experienced a SOC analyst gets, the more his or her job satisfaction declines, a new survey of security operations center staffers shows.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/12/2018
Comment1 Comment  |  Read  |  Post a Comment
Better Security Analytics? Clean Up the Data First!
Dan Koloski, Vice President, Oracle's Systems Management and Security  products groupCommentary
Even the best analytics algorithms using incomplete and unclean data won't yield useful results.
By Dan Koloski Vice President, Oracle's Systems Management and Security products group, 2/12/2018
Comment0 comments  |  Read  |  Post a Comment
Tracking Bitcoin Wallets as IOCs for Ransomware
Curtis Jordan, Lead Security Engineer, TruSTARCommentary
By understanding how cybercriminals use bitcoin, threat analysts can connect the dots between cyber extortion, wallet addresses, shared infrastructure, TTPs, and attribution.
By Curtis Jordan Lead Security Engineer, TruSTAR, 2/12/2018
Comment0 comments  |  Read  |  Post a Comment
Google Paid $2.9M for Vulnerabilities in 2017
Kelly Sheridan, Associate Editor, Dark ReadingNews
The Google Vulnerability Reward Program issued a total of 1,230 rewards in 2017. The single largest payout was $112,500.
By Kelly Sheridan Associate Editor, Dark Reading, 2/9/2018
Comment0 comments  |  Read  |  Post a Comment
8 Nation-State Hacking Groups to Watch in 2018
Kelly Sheridan, Associate Editor, Dark Reading
The aliases, geographies, famous attacks, and behaviors of some of the most prolific threat groups.
By Kelly Sheridan Associate Editor, Dark Reading, 2/9/2018
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
One in Three SOC Analysts Now Job-Hunting
Kelly Jackson Higgins, Executive Editor at Dark Reading,  2/12/2018
Encrypted Attacks Continue to Dog Perimeter Defenses
Ericka Chickowski, Contributing Writer, Dark Reading,  2/14/2018
Can Android for Work Redefine Enterprise Mobile Security?
Satish Shetty, CEO, Codeproof Technologies,  2/13/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: One agent too many was installed on Bob's desktop.
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.