News & Commentary

Latest Content
Page 1 / 2   >   >>
Click2Gov Breaches Attributed to WebLogic Application Flaw
Quick Hits  |  6/21/2018  | 
At least 10 US cities running Click2Gov software have alerted citizens to a data breach, but it turns out the problem was in the application server.
7 Places Where Privacy and Security Collide
Slideshows  |  6/21/2018  | 
Privacy and security can experience tension at a number of points in the enterprise. Here are seven plus some possibilities for easing the strain.
Templates: The Most Powerful (And Underrated) Infrastructure Security Tool
Commentary  |  6/21/2018  | 
If your team is manually building cloud instances and networks for every application, you're setting yourself up for a data breach.
Microsoft Office: The Go-To Platform for Zero-Day Exploits
News  |  6/21/2018  | 
Malicious Office documents are the weapon of choice among cybercriminals, who use files to access remotely hosted malicious components.
AppSec in the World of 'Serverless'
Commentary  |  6/21/2018  | 
The term 'application security' still applies to 'serverless' technology, but the line where application settings start and infrastructure ends is blurring.
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
News  |  6/20/2018  | 
Hackers are using the infrastructure, meant to transmit data between applications, for command and control.
China-Based Cyber Espionage Campaign Targets Satellite, Telecom, Defense Firms
News  |  6/20/2018  | 
Threat group Thrip is using three computers based in China to steal data from targeted companies in Southeast Asia and the US, Symantec says.
Inside a SamSam Ransomware Attack
Commentary  |  6/20/2018  | 
Here's how hackers use network tools and stolen identities to turn a device-level compromise into an enterprise-level takedown.
Intel VP Talks Data Security Focus Amid Rise of Blockchain, AI
News  |  6/20/2018  | 
Intel vice president Rick Echevarria discusses the challenges of balancing data security with new technologies like blockchain and artificial intelligence.
Alphabet Launches VirusTotal Monitor to Stop False Positives
Quick Hits  |  6/20/2018  | 
Alphabet's Chronicle security division releases VirusTotal Monitor, a tool for developers to check if their product will be flagged as malware.
Improving the Adoption of Security Automation
Commentary  |  6/20/2018  | 
Four barriers to automation and how to overcome them.
The Best and Worst Tasks for Security Automation
Slideshows  |  6/20/2018  | 
As with all new tech, there are good times and and bad times to use it. Security experts share which tasks to prioritize for automation.
Mylobot Malware Brings New Sophistication to Botnets
News  |  6/20/2018  | 
The malware pulls together a variety of techniques to gain a foothold and remain undiscovered.
Most Websites and Web Apps No Match for Attack Barrage
News  |  6/19/2018  | 
The average website is attacked 50 times per day, with small businesses especially vulnerable.
Tesla Employee Steals, Sabotages Company Data
News  |  6/19/2018  | 
The electric carmaker is the victim of an "extensive and damaging" insider attack, says CEO Elon Musk.
'Olympic Destroyer' Reappears in Attacks on Europe, Russia
News  |  6/19/2018  | 
The attack group known for targeting the 2018 Winter Olympics has resurfaced in campaigns against European financial and biochem companies.
How to Prepare for 'WannaCry 2.0'
Commentary  |  6/19/2018  | 
It seems inevitable that a more-powerful follow-up to last year's malware attack will hit sooner or later. You'd better get prepared.
Former CIA Engineer Charged with Theft and Transmission of Classified Info
News  |  6/19/2018  | 
Suspect had reportedly been named in Vault 7 leak to WikiLeaks.
CrowdStrike Secures $200M Funding Round
Quick Hits  |  6/19/2018  | 
The new funding round brings the company's valuation to more than $3 billion.
Cisco CPO: Privacy Is Not About Secrecy or Compliance
News  |  6/19/2018  | 
Michelle Dennedy sat down with Dark Reading at the recent Cisco Live event to set the record straight about privacy, regulation, encryption, and more.
5 Tips for Integrating Security Best Practices into Your Cloud Strategy
Commentary  |  6/19/2018  | 
Do 'cloud-first' strategies create a security-second mindset?
Security Analytics Startup Uptycs Raises $10M in Series A
Quick Hits  |  6/19/2018  | 
This round of funding for Uptycs, which runs an osquery-powered analytics platform, was led by ForgePoint Capital and Comcast Ventures.
Exposed Container Orchestration Systems Putting Many Orgs at Risk
News  |  6/18/2018  | 
More than 22,600 open container orchestration and API management systems discovered on the Internet.
'Wallchart' Phishing Campaign Exploits World Cup Watchers
News  |  6/18/2018  | 
The details on a phishing attack designed to lure soccer fans with a subject line about the World Cup schedule and scoresheet.
Mass. Man Pleads Guilty in ATM Jackpotting Operation
Quick Hits  |  6/18/2018  | 
Citizens Bank ATM and others targeted in the scheme.
F-Secure Buys MWR InfoSecurity
Quick Hits  |  6/18/2018  | 
Finnish endpoint security company buys British security service provider in cash deal.
7 Ways Cybercriminals Are Scamming a Fortune from Cryptocurrencies
Slideshows  |  6/18/2018  | 
Cryptocurrencies, how do hackers love thee? Let us count the ways.
3 Tips for Driving User Buy-in to Security Policies
Commentary  |  6/18/2018  | 
Teaching users why it's important to commit to security controls is a far more effective strategy than simply demanding that they follow them. Here's how.
Trump-Kim Meeting Was a Magnet For Russian Cyberattacks
News  |  6/15/2018  | 
Attacks directed at targets in Singapore went through the roof earlier this week.
Email, Social Media Still Security Nightmares
Quick Hits  |  6/15/2018  | 
Phishing and banking trojans continue to be major threats brought into the enterprise.
Hackers Crack iPhone Defense Built to Block Forensic Tools
Quick Hits  |  6/15/2018  | 
Grayshift, the company behind a system to help police break into iPhones, says it found a workaround for USB Restricted Mode.
Modern Cybersecurity Demands a Different Corporate Mindset
Commentary  |  6/15/2018  | 
Very few organizations have fully incorporated all relevant risks and threats into their current digital strategy, research finds.
Intel Discloses Yet Another Side Channel Vulnerability
News  |  6/14/2018  | 
Moderate severity Lazy FP restore flaw affects Intel Core-based microprocessors.
Demystifying Mental Health in the Infosec Community
News  |  6/14/2018  | 
Security experts talk about burnout, diversity, mental health, and legal issues in a new Community track at Black Hat USA.
Four Faces of Fraud: Identity, 'Fake' Identity, Ransomware & Digital
Commentary  |  6/14/2018  | 
Realizing the wide scope of fraud should be at the top of every business executive's to-do list. Here's some practical advice to help you stay safe.
Kaspersky Lab Freezes Work with Europol in Protest of EU Vote
News  |  6/14/2018  | 
New European Parliament document calls out Kaspersky Lab software as 'malicious' and says it should be banned.
Mobile App Threats Continue to Grow
News  |  6/14/2018  | 
Criminals looking to profit from corporate resources and information keep going after mobile devices, two new reports confirm.
23,000 Compromised in HealthEquity Data Breach
Quick Hits  |  6/14/2018  | 
HealthEquity, which handles more than 3.4 million health savings accounts, was breached when an intruder accessed an employee's email.
Containerized Apps: An 8-Point Security Checklist
Slideshows  |  6/14/2018  | 
Here are eight measures to take to ensure the security of your containerized application environment.
Meet 'Bro': The Best-Kept Secret of Network Security
Commentary  |  6/14/2018  | 
This often overlooked open source tool uses deep packet inspection to transform network traffic into exceptionally useful, real-time data for security operations.
DDoS Amped Up: DNS, Memcached Attacks Rise
News  |  6/13/2018  | 
China and the US are the world's leading sources of distributed denial-of-service botnet attacks.
Blockchain All the Rage But Comes With Numerous Risks
News  |  6/13/2018  | 
Researchers dig into four types of cyberattacks targeting blockchain, how they work, and why early adopters are the easiest targets.
World Cup Cyberattack Likely, Experts Say
Quick Hits  |  6/13/2018  | 
The majority of security professionals anticipate attacks on the 2018 FIFA World Cup's network, social media.
LeBron vs. Steph: The NBA Version of Cyber Defense vs. Cyberattacks
Commentary  |  6/13/2018  | 
It takes an aggressive, swarming approach to overcome the most dangerous threats today.
Cisco Talos Summit: Network Defenders Not Serious Enough About Attacks
News  |  6/13/2018  | 
Security is weak, and most companies are clueless, according to Immunity researcher Lurene Grenier, who kicked off the Cisco Talos Threat Research Summit on Sunday.
Why CISOs Need a Security Reality Check
Commentary  |  6/13/2018  | 
We deserve a seat at the executive table, and we'll be much better at our jobs once we take it.
Microsoft Fixes 11 Critical, 39 Important Vulns
News  |  6/12/2018  | 
The most critical vulnerability, experts say, affects Windows Domain Name Systems, while another lets attackers hack Cortana from the lock screen.
MacOS Bypass Flaw Lets Attackers Sign Malicious Code as Apple
News  |  6/12/2018  | 
A security bypass weakness in macOS APIs let attackers impersonate Apple to sign malicious code and evade third-party security tools.
'Shift Left' & the Connected Car
Commentary  |  6/12/2018  | 
How improving application security in the automotive industry can shorten product development time, reduce costs, and save lives.
Cyxtera Completes Immunity Purchase
Quick Hits  |  6/12/2018  | 
Cyxtera completes acquisition it first announced in January.
Page 1 / 2   >   >>


'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Email, Social Media Still Security Nightmares
Dark Reading Staff 6/15/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12526
PUBLISHED: 2018-06-21
Telesquare SDT-CS3B1 and SDT-CW3B1 devices through 1.2.0 have a default factory account. Remote attackers can obtain access to the device via TELNET using a hardcoded account.
CVE-2018-1253
PUBLISHED: 2018-06-21
RSA Authentication Manager Operation Console, versions 8.3 P1 and earlier, contains a stored cross-site scripting vulnerability. A malicious Operations Console administrator could potentially exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When other ...
CVE-2018-1254
PUBLISHED: 2018-06-21
RSA Authentication Manager Security Console, versions 8.3 P1 and earlier, contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim Security Console administrator to supply malicious HTML or JavaScript...
CVE-2018-12615
PUBLISHED: 2018-06-21
An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges.
CVE-2016-10723
PUBLISHED: 2018-06-21
** DISPUTED ** An issue was discovered in the Linux kernel through 4.17.2. Since the page allocator does not yield CPU resources to the owner of the oom_lock mutex, a local unprivileged user can trivially lock up the system forever by wasting CPU resources from the page allocator (e.g., via concurre...