Researchers Investigate Possible Connection Between WannaCry & North Korean Hacker Group
8 Notorious Russian Hackers Arrested in the Past 8 Years
'WannaCry' Rapidly Moving Ransomware Attack Spreads to 74 Countries
Backdoors: When Good Intentions Go Bad
10 Free or Low-Cost Security Tools
News & Commentary
Emerging Threats to Add to Your Security Radar Screen
Kelly Sheridan, Associate Editor, Dark ReadingNews
The cybersecurity threat landscape is poised to grow in size and complexity - what to look out for.
By Kelly Sheridan Associate Editor, Dark Reading, 5/22/2017
Comment0 comments  |  Read  |  Post a Comment
Chinese Man Pleads Guilty to Espionage, Theft from US Firm
Dark Reading Staff, Quick Hits
Chinese national Xu Jiaqiang pleaded guilty to economic espionage and theft of trade secrets from his former employer in the US.
By Dark Reading Staff , 5/22/2017
Comment0 comments  |  Read  |  Post a Comment
In Search of an Rx for Enterprise Security Fatigue
Rick Orloff, VP, Chief Security Officer, and Chief Privacy Officer at Code42Commentary
Are you exhausted by the vast number of measures your organization needs to keep its systems and data safe? You're not alone.
By Rick Orloff VP, Chief Security Officer, and Chief Privacy Officer at Code42, 5/22/2017
Comment0 comments  |  Read  |  Post a Comment
Researcher Creates Tool to Unlock WannaCry-Infected Windows XP Files
Dark Reading Staff, Quick Hits
A security researcher appears to have discovered a flaw in WannaCry that may provide Windows XP victims of the attack with a way to unlock their files.
By Dark Reading Staff , 5/19/2017
Comment0 comments  |  Read  |  Post a Comment
Ransomware Rocks Endpoint Security Concerns
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Meanwhile, threat detection technologies are evolving that can help security teams spot incidents more efficiently.
By Dawn Kawamoto Associate Editor, Dark Reading, 5/19/2017
Comment0 comments  |  Read  |  Post a Comment
Deconstructing the 2016 Yahoo Security Breach
Jacob Olcott, VP, Strategic Partnerships, BitSightCommentary
One good thing about disasters is that we can learn from them and avoid repeating the same mistakes. Here are five lessons that the Yahoo breach should have taught us.
By Jacob Olcott VP, Strategic Partnerships, BitSight, 5/19/2017
Comment0 comments  |  Read  |  Post a Comment
5 Security Lessons WannaCry Taught Us the Hard Way
Ericka Chickowski, Contributing Writer, Dark ReadingNews
There is a lot more our industry should be doing to protect its systems and data from cyber blackmail.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/18/2017
Comment2 comments  |  Read  |  Post a Comment
APT3 Threat Group a Contractor for Chinese Intelligence Agency
Jai Vijayan, Freelance writerNews
Recorded Future says its research shows clear link between cyber threat group and China's Ministry of State Security.
By Jai Vijayan Freelance writer, 5/18/2017
Comment0 comments  |  Read  |  Post a Comment
Don't Forget Basic Security Measures, Experts Say
Kelly Sheridan, Associate Editor, Dark ReadingNews
Some security leaders argue there is little point in worrying about emerging threats when businesses can't defend against today's attacks.
By Kelly Sheridan Associate Editor, Dark Reading, 5/18/2017
Comment1 Comment  |  Read  |  Post a Comment
Android Users Fail to Run Latest OS Version
Dark Reading Staff, Quick Hits
A study finds 98% of Android devices are not running the latest software version, according to a report released today by Zimperium.
By Dark Reading Staff , 5/18/2017
Comment0 comments  |  Read  |  Post a Comment
All Generations, All Risks, All Contained: A How-To Guide
Stan Black, CSO, CitrixCommentary
Organizations must have a security plan that considers all of their employees.
By Stan Black CSO, Citrix, 5/18/2017
Comment1 Comment  |  Read  |  Post a Comment
NSA Tools Behind WannaCry Being Used In Even Bigger Attack Campaign
Jai Vijayan, Freelance writerNews
Attackers have been using NSAs EternalBlue and Double Pulsar to distribute AdylKuzz cryptocurrency malware to hundreds of thousands of systems, Proofpoint says.
By Jai Vijayan Freelance writer, 5/18/2017
Comment0 comments  |  Read  |  Post a Comment
WannaCry: Ransomware Catastrophe or Failure?
Gary Warner, Chief Threat ScientistCommentary
Using Bitcoin payments as a measure, the WannaCry attack is not nearly as profitable as the headlines suggest. But you should still patch your Windows systems and educate users.
By Gary Warner Chief Threat Scientist, 5/18/2017
Comment0 comments  |  Read  |  Post a Comment
FireEye CEO Mandia Talks Rapid Rise of Nation-State Threats
Kelly Sheridan, Associate Editor, Dark ReadingNews
FireEye CEO Kevin Mandia at Interop ITX discussed changes in the geopolitical threat landscape and how attackers target their victims.
By Kelly Sheridan Associate Editor, Dark Reading, 5/17/2017
Comment0 comments  |  Read  |  Post a Comment
Why We Need a Data-Driven Cybersecurity Market
David Damato, Chief Security Officer, TaniumCommentary
NIST should bring together industry to create a standard set of metrics and develop better ways to share information.
By David Damato Chief Security Officer, Tanium, 5/17/2017
Comment0 comments  |  Read  |  Post a Comment
Survey: Unpatched Windows OS on the Rise
Dark Reading Staff, Quick Hits
Despite the rise in vulnerabilities, the percentage of unpatched Windows operating systems grew in the first quarter compared to the previous year.
By Dark Reading Staff , 5/17/2017
Comment0 comments  |  Read  |  Post a Comment
Inside the Motivations Behind Modern Cyberattackers
Kelly Sheridan, Associate Editor, Dark ReadingNews
Attackers seeking money, dominance, and data are banding together and sharing infrastructure to target businesses.
By Kelly Sheridan Associate Editor, Dark Reading, 5/17/2017
Comment1 Comment  |  Read  |  Post a Comment
The Fundamental Flaw in TCP/IP: Connecting Everything
Jeff Hussey, President & CEO, Tempered NetworksCommentary
Almost 30 years after its inception, it's time to fix the engine that both fuels the modern day Internet and is the root cause of its most vexing security challenges.
By Jeff Hussey President & CEO, Tempered Networks, 5/17/2017
Comment4 comments  |  Read  |  Post a Comment
WannaCry's 'Kill Switch' May Have Been a Sandbox-Evasion Tool
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Massive ransomware worm attack appears to have come with a poorly planned anti-analysis feature.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/16/2017
Comment1 Comment  |  Read  |  Post a Comment
ShadowBrokers To Launch Monthly Subscription Service for Exploits
Jai Vijayan, Freelance writerNews
Think of it like a wine of the month club for attack tools and new exploits threat group says.
By Jai Vijayan Freelance writer, 5/16/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
The Fundamental Flaw in TCP/IP: Connecting Everything
Jeff Hussey, President & CEO, Tempered Networks,  5/17/2017
5 Security Lessons WannaCry Taught Us the Hard Way
Ericka Chickowski, Contributing Writer, Dark Reading,  5/18/2017
All Generations, All Risks, All Contained: A How-To Guide
Stan Black, CSO, Citrix,  5/18/2017
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
Partner Perspectives
What's This?
WanaCrypt0r Hits Worldwide
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack. Read >>
Partner Perspectives
What's This?
Endpoint Security: Putting The Focus On What Matters
Five tips to help sift through the noise and focus on actions that can dramatically impact your endpoint security program. Read >>
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Janice, I think I've got a message from the code father!
Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.
White Papers
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Flash Poll
Video
Slideshows
Twitter Feed