News & Commentary

Latest Content tagged with Risk
Page 1 / 2   >   >>
Microsoft Patch Tuesday Recap: 12 Critical Bugs Fixed
Quick Hits  |  11/13/2018  | 
Eight of the 12 critical vulnerabilities addressed this month affect the Chakra Scripting Engine in Microsoft Edge.
Getting to Know Magecart: An Inside Look at 7 Groups
News  |  11/13/2018  | 
A new report spills the details on Magecart, the criminal groups driving it, and ongoing attacks targeting low- and high-profile victims.
Empathy: The Next Killer App for Cybersecurity?
Commentary  |  11/13/2018  | 
The toughest security problems involve people not technology. Here's how to motivate your frontline employees all the way from the service desk to the corner office.
Google Traffic Temporarily Rerouted via Russia, China
News  |  11/13/2018  | 
The incident, which Google reports is now resolved, could be the result of either technical mistakes or malicious activity.
2018 on Track to Be One of the Worst Ever for Data Breaches
News  |  11/12/2018  | 
A total of 3,676 breaches involving over 3.6 billion records were reported in the first nine months of this year alone.
Veterans Find New Roles in Enterprise Cybersecurity
News  |  11/12/2018  | 
Facebook and Synack create programs to educate vets and grow employment opportunities while shrinking the cybersecurity talent gap.
7 Cool New Security Tools to be Revealed at Black Hat Europe
Slideshows  |  11/12/2018  | 
Black Hat Europe's Arsenal lineup will include demoes of new security tools, from AI malware research to container orchestration.
Cyberattacks Top Business Risks in North America, Europe, EAP
Quick Hits  |  11/12/2018  | 
The World Economic Forum reports cyberattacks are a top enterprise concern following WannaCry and the rise of e-commerce.
'CARTA': A New Tool in the Breach Prevention Toolbox
Commentary  |  11/12/2018  | 
Gartner's continuous adaptive risk and trust assessment for averting a data breach addresses the shortcomings of static security programs.
Inside CSAW, a Massive Student-Led Cybersecurity Competition
News  |  11/9/2018  | 
Nearly 400 high school, undergraduate, and graduate students advance to the final round of New York University's CSAW games.
Dropbox Teams with Israeli Security Firm Coronet
Quick Hits  |  11/9/2018  | 
The partnership is expected to improve threat detection for Dropbox while growing Coronet's user base.
What You Should Know About Grayware (and What to Do About It)
Slideshows  |  11/9/2018  | 
Grayware is a tricky security problem, but there are steps you can take to defend your organization when you recognize the risk.
Vulnerabilities in Our Infrastructure: 5 Ways to Mitigate the Risk
Commentary  |  11/9/2018  | 
By teaming up to address key technical and organizational issues, information and operational security teams can improve the resiliency and safety of their infrastructure systems.
Microsoft President: Governments Must Cooperate on Cybersecurity
News  |  11/8/2018  | 
Microsoft's Brad Smith calls on nations and businesses to work toward "digital peace" and acknowledge the effects of cybercrime.
Banking Malware Takes Aim at Brazilians
Quick Hits  |  11/8/2018  | 
Two malware distribution campaigns are sending banking Trojans to customers of financial institutions in Brazil.
Finding Gold in the Threat Intelligence Rush
News  |  11/7/2018  | 
Researchers sift through millions of threat intel observations to determine where to best find valuable threat data.
'PortSmash' Brings New Side-Channel Attack to Intel Processors
News  |  11/6/2018  | 
New vulnerability exposes encryption keys in the first proof-of-concept code.
Most Businesses to Add More Cloud Security Tools
News  |  11/6/2018  | 
Cloud adoption drives organizations to spend in 2019 as they learn traditional security practices can't keep up.
Thoma Bravo Buys Veracode
News  |  11/5/2018  | 
Broadcom will sell Veracode, acquired last year by CA, for $950M to Thoma Bravo as it broadens its security portfolio.
Worst Malware and Threat Actors of 2018
News  |  11/2/2018  | 
Two reports call out the most serious malware attacks and attackers of the year (so far).
NITTF Releases New Model for Insider Threat Program
Quick Hits  |  11/2/2018  | 
The Insider Threat Program Maturity Framework is intended to help government agencies strengthen their programs.
Speed Up AppSec Improvement With an Adversary-Driven Approach
News  |  11/2/2018  | 
Stop overwhelming developers and start using real-world attack behavior to prioritize application vulnerability fixes.
Microsoft, Amazon Top BEC's Favorite Brands
News  |  11/1/2018  | 
When attackers want to impersonate a brand via email, the majority turn to Microsoft and Amazon because of their ubiquity in enterprise environments.
Where Is the Consumer Outrage about Data Breaches?
Commentary  |  11/1/2018  | 
Facebook, Equifax, Cambridge Analytica Why do breaches of incomprehensible magnitude lead to a quick recovery for the businesses that lost or abused the data and such little lasting impact for the people whose information is stolen.
Radisson Rewards Program Targeted in Data Breach
Quick Hits  |  11/1/2018  | 
It's the latest in a series of attacks targeting the travel industry, following incidents at British Airways and Cathay Pacific.
Apple Patches Multiple Major Security Flaws
News  |  10/31/2018  | 
New security updates cross all Apple platforms.
Hardware Cyberattacks: How Worried Should You Be?
News  |  10/31/2018  | 
How to fit hardware threats into your security model as hardware becomes smaller, faster, cheaper, and more complex.
9 Traits of A Strong Infosec Resume
Slideshows  |  10/31/2018  | 
Security experts share insights on which skills and experiences are most helpful to job hunters looking for their next gig.
Kraken Resurfaces From the Deep Web
News  |  10/30/2018  | 
Fallout Exploit Kit releases Kraken Cryptor ransomware, giving the simple threat a much larger target pool.
Girl Scouts Hacked, 2,800 Members Notified
Quick Hits  |  10/30/2018  | 
A Girl Scouts of America branch in California was hacked, putting the data of 2,800 girls and their families at risk.
7 Ways an Old Tool Still Teaches New Lessons About Web AppSec
Slideshows  |  10/29/2018  | 
Are your Web applications secure? WebGoat, a tool old enough to be in high school, continues to instruct.
DeepPhish: Simulating Malicious AI to Act Like an Adversary
News  |  10/26/2018  | 
How researchers developed an algorithm to simulate cybercriminals' use of artificial intelligence and explore the future of phishing.
County Election Websites Can Be Easily Spoofed to Spread Misinformation
News  |  10/25/2018  | 
Majority of county sites in 20 key swing states have non-.gov domains and don't enforce use of SSL, McAfee researchers found.
Retail Fraud Spikes Ahead of the Holidays
News  |  10/25/2018  | 
Researchers note massive increases in retail goods for sale on the black market, retail phishing sites, and malicious applications and social media profiles.
Securing Serverless: Attacking an AWS Account via a Lambda Function
Commentary  |  10/25/2018  | 
Its not every day that someone lets you freely wreak havoc on their account just to find out what happens when you do.
Windows 7 End-of-Life: Are You Ready?
News  |  10/24/2018  | 
Microsoft will terminate support for Windows 7 in January 2020, but some there's still some confusion among enterprises about when the OS officially gets retired.
Battling Bots: How to Find Fake Twitter Followers
News  |  10/23/2018  | 
Duo researchers explain the approach they used to detect automated Twitter profiles and uncover a botnet.
Barclays, Walmart Join New $85M Innovation Coalition
Quick Hits  |  10/23/2018  | 
Innovation incubator Team8 recruits major partners, investors to create new products that help businesses 'thrive by security.'
Former HS Teacher Admits to 'Celebgate' Hack
Quick Hits  |  10/23/2018  | 
Christopher Brannan accessed full iCloud backups, photos, and other personal data belonging to more than 200 victims.
US Tops Global Malware C2 Distribution
News  |  10/22/2018  | 
The United States hosts 35% of the world's command-and-control infrastructure, driving the frequency of host compromises.
UK, US to Sign Accord on AI, Cybersecurity Cooperation
Quick Hits  |  10/22/2018  | 
Royal Navy, US Navy, and tech industry leaders ready to commit to 'a framework for dialogue and cooperation' at inaugural meeting of the Atlantic Future Forum.
Understanding SOCs' 4 Top Deficiencies
Commentary  |  10/22/2018  | 
In most cases, the areas that rankle SANS survey respondents the most about security operations centers can be addressed with the right mix of planning, policies, and procedures.
Gartner Experts Highlight Tech Trends And Their Security Risks
News  |  10/22/2018  | 
Security must be built into systems and applications from the beginning of the design process, they agreed.
Google Patch to Block Spectre Slowdown in Windows 10
Quick Hits  |  10/19/2018  | 
Microsoft will incorporate Google's Retpoline patch to prevent Spectre Variant 2 from slowing down its operating system.
WSJ Report: Facebook Breach the Work of Spammers, Not Nation-State Actors
News  |  10/19/2018  | 
A report by the Wall Street Journal points finger at group that is known to Facebook Security.
Risky Business: Dark Reading Caption Contest Winners
Commentary  |  10/19/2018  | 
Phishing, anti-shoulder surfing, Russia and other hysterical identity management puns and comments. And the winners are ...
How to Get Consumers to Forgive You for a Breach
Quick Hits  |  10/18/2018  | 
It starts with already-established trust, a new survey shows.
Audits: The Missing Layer in Cybersecurity
Commentary  |  10/18/2018  | 
Involving the audit team ensures that technology solutions are not just sitting on the shelf or being underutilized to strategically address security risks.
Former Equifax Manager Sentenced for Insider Trading
Quick Hits  |  10/18/2018  | 
Sudhakar Bonthu bought and sold Equifax stock options prior to the public disclosure of its 2017 data breach.
Getting Up to Speed with "Always-On SSL"
Commentary  |  10/18/2018  | 
Websites can avoid the negative consequences of a "not secure" label from Google Chrome 68 by following four AOSSL best practices.
Page 1 / 2   >   >>


Microsoft President: Governments Must Cooperate on Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/8/2018
5 Reasons Why Threat Intelligence Doesn't Work
Jonathan Zhang, CEO/Founder of WhoisXML API and TIP,  11/7/2018
Why Password Management and Security Strategies Fall Short
Steve Zurier, Freelance Writer,  11/7/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-2491
PUBLISHED: 2018-11-13
When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. If this URL contains malicious JavaScript code it can eventually run inside the built-in log viewer of the application in case user opens the viewer and taps...
CVE-2018-2473
PUBLISHED: 2018-11-13
SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
CVE-2018-2476
PUBLISHED: 2018-11-13
Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site.
CVE-2018-2477
PUBLISHED: 2018-11-13
Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source.
CVE-2018-2478
PUBLISHED: 2018-11-13
An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Not all commands are possible, only those that can be executed by the <sid>adm user. The commands execut...