Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Content posted in October 2019
Page 1 / 2   >   >>
Chinese-Linked APT41 Can Read Your Texts
Larry Loeb  |  10/31/2019  | 
New malware family is designed to have the ability to monitor as well as save SMS traffic from specific phone numbers, IMSI numbers and keywords for subsequent theft.
Quantifying Security Results to Justify Costs
Commentary  |  10/31/2019  | 
The CISO job isn't to protect the entire business from all threats for any budget. It's to spell out what level of protection executives can expect for a given budget.
9 Ways Data Vampires Are Bleeding Your Sensitive Information
Commentary  |  10/31/2019  | 
Pull a Van Helsing on those sucking the lifeblood from your data and intellectual property.
Email Threats Poised to Haunt Security Pros into Next Decade
Commentary  |  10/30/2019  | 
Decentralized threat intel sharing, more public-private collaboration, and greater use of automated incident response are what's needed to combat phishing
Xhelper Will Be Back Whether You Want It or Not
Larry Loeb  |  10/30/2019  | 
Researcher says that this Trojan dropper variant of the original Android malware has infected more than 45,000 Android devices over the last six months.
Hacking Phones: How Law Enforcement Is Saving Privacy
Commentary  |  10/30/2019  | 
It's no longer true that society must choose to either weaken everybody's privacy or let criminals run rampant.
Endpoints Fail Predictably: Absolute
Larry Loeb  |  10/29/2019  | 
A security firm based in Vancouver, Canada, has issued a disturbing 2019 Endpoint Security Trends Report that finds security spending not worth the bucks.
Why Cloud-Native Applications Need Cloud-Native Security
Commentary  |  10/29/2019  | 
Today's developers and the enterprises they work for must prioritize security in order to reap the speed and feature benefits these applications and new architectures provide.
MSFT Floats an ARC
Larry Loeb  |  10/29/2019  | 
As far back as 2015, the group responsible for Domain-based Message Authentication, Reporting & Conformance specification realized that one implementation was not going to solve the problem of email spoofing.
Why It's Imperative to Bridge the IT & OT Cultural Divide
Commentary  |  10/29/2019  | 
As industrial enterprises face the disruptive forces of an increasingly connected world, these two cultures must learn to coexist.
5 Things the Hoodie & the Hard Hat Need to Know About Each Other
Commentary  |  10/28/2019  | 
Traditionally, the worlds of IT (the hoodie) and OT (the hard hat) have been separate. That must change.
4 Security Lessons Federal IT Pros Can Teach the Private Sector
Commentary  |  10/25/2019  | 
With a little research and basic planning, small companies can make big strides against the cybersecurity threats they face. Here's how.
It's Time to Improve Website Identity Indicators, Not Remove Them
Commentary  |  10/24/2019  | 
Why Google and Mozilla are wrong about the benefits of Extended Validation certificates that aim to prevent fraud and protect user privacy.
Beware the 'Raccoon Stealer' – It Ain't No Furry Friend
Larry Loeb  |  10/24/2019  | 
'Raccoon stealer' is one of the 2019's top ten most-mentioned pieces of malware in the underground economy.
Why Organizations Must Quantify Cyber-Risk in Business Terms
Commentary  |  10/24/2019  | 
The rising costs of breaches and regulatory fines are driving demand for better measurement and articulation of business impacts.
Planning a Zero-Trust Initiative? Here's How to Prioritize
Commentary  |  10/23/2019  | 
If you start by focusing on users, data, access, and managed devices, you will make major strides toward achieving better security.
Operational Technology Players Come Out of the Shadows
Larry Loeb  |  10/23/2019  | 
Operational technology (OT) has long been hiding in the factories and sites of industrial installations, but things are changing.
Report: 2020 Presidential Campaigns Still Vulnerable to Web Attacks
Commentary  |  10/23/2019  | 
Nine out of 12 Democratic candidates have yet to enable DNSSEC, a simple set of extensions that stops most targeted domain-based attacks.
The AI (R)evolution: Why Humans Will Always Have a Place in the SOC
Commentary  |  10/22/2019  | 
In cybersecurity, the combination of men, women and machines can do what neither can do alone -- form a complementary team capable of upholding order and fighting the forces of evil.
Two Threat Actors, One Targeted Threat
Larry Loeb  |  10/22/2019  | 
By combining, two threat actors leveraged their own specific areas of expertise into one highly efficient and private tool.
Keeping Too Many Cooks out of the Security Kitchen
Commentary  |  10/22/2019  | 
A good security team helps the business help itself operate more securely -- soliciting input while adhering to a unified strategy, vision, goals, and priorities.
SOC Operations: 6 Vital Lessons & Pitfalls
Commentary  |  10/21/2019  | 
There is no one road to security operations success, but these guidelines will smooth your path.
Cylance Discovers WAV Files Can Hide Malware
Larry Loeb  |  10/21/2019  | 
BlackBerry Cylance threat researchers Anuj Soni, Jordan Barth and Brian Marks recently discovered obfuscated malware code that was embedded within WAV audio files.
What's New in the EU Security Market
Oliver Schonschek  |  10/18/2019  | 
This October we visited the trade fair it-sa, which counts as one of the more important IT security exhibitions in the world. They hosted more than 750 security vendors from 25 countries who presented their solutions for the international market.
SOC Puppet: Dark Reading Caption Contest Winners
Commentary  |  10/18/2019  | 
Social engineering, SOC analysts, and Sock puns. And the winners are:
Smart Prevention: How Every Enterprise Can Create Human Firewalls
Commentary  |  10/17/2019  | 
Organizations of all sizes should include both human firewalls and virtual tools in their cybersecurity budgets.
Unit 42 Finds the First Cryptojacking Docker Container
Larry Loeb  |  10/17/2019  | 
Palo Alto Network's Unit 42 has found the first cryptocurrency miner malware that spreads like a worm through the use of Docker containers.
Data Privacy Protections for the Most Vulnerable Children
Commentary  |  10/17/2019  | 
The business case for why companies that respect the privacy of individuals, and especially minors, will have a strong competitive advantage.
Schadenfreude Is a Bad Look & Other Observations About Recent Disclosures
Commentary  |  10/16/2019  | 
The debate about whether Android or iOS is the more inherently secure platform misses the larger issues that both platforms are valuable targets and security today is no guarantee of security tomorrow.
Artificial Intelligence & Cybersecurity: Making It Work for Your Organization
Steve Durbin  |  10/16/2019  | 
Artificial intelligence (AI) is creating a new frontier in information security. Systems that independently learn, reason and act will increasingly replicate human behavior. Just like humans, they will be imperfect, but also capable of achieving great things.
Even RATs Need Marketing
Larry Loeb  |  10/16/2019  | 
Palo Alto Networks' Unit 42 researchers have discovered a new and previously undocumented Remote Access Tool (RAT).
Federal CIOs Zero In on Zero Trust
Commentary  |  10/16/2019  | 
Here's how federal CIOs can begin utilizing the security concept and avoid predictable obstacles.
5 Steps to Protect Against Ransomware Attacks
Commentary  |  10/15/2019  | 
Paying a ransom is strongly discouraged by experts. So, how do you protect your organization?
Why Bricking Vulnerable IoT Devices Comes with Unintended Consequences
Commentary  |  10/15/2019  | 
Infosec vigilantism can cause serious harm in the era of industrial IoT and connected medical devices.
Don't Get Burned by Your Sophos Firewall
Larry Loeb  |  10/15/2019  | 
Researcher finds Sophos firewalls can allow net-based RCE without authentication.
The Connected Cybercrime Ecosystem & the Impact of the Capital One Breach
Commentary  |  10/14/2019  | 
A company's security battle is not between that company and a specific fraudster; rather, it's between the company and connected cybercriminal ecosystem.
CISO No Longer the Last Word on Security – Radware
Larry Loeb  |  10/14/2019  | 
The rise of DevSecOps may be the reason that 70% of respondents to Radware's survey stated that the CISO was not the top influencer in deciding on security software policy.
Close the Gap Between Cyber-Risk and Business Risk
Commentary  |  10/11/2019  | 
Four steps outlining how security teams can better understand their company's cyber-risk and demonstrate to company leadership what's being done to mitigate the resulting business risk.
New 'Reductor' Malware Intercepts Browser Traffic
Larry Loeb  |  10/11/2019  | 
Encrypted traffic from both Chrome and Firefox shown to be vulnerable.
How to Think Like a Hacker
Commentary  |  10/10/2019  | 
In the arms race of computer security, it's never been more important to develop an adversarial mindset that can identify assumptions and determine if and how they can be violated.
Encoding the Analyst: Why AI Security Tools Are Thinking Like an Expert – Only Faster
Justin Fier  |  10/10/2019  | 
Despite our best efforts, human defenders simply cannot process information at machine-speeds and cyber-criminals are taking advantage. When human knowledge meets AI's precision, Cyber AI can augment the human at every stage of safeguarding the digital business.
Network Security Must Transition into the Cloud Era
Commentary  |  10/10/2019  | 
An integrated approach is the best way to provide organizations with the tools they need to decrease the attack surface and use strong security controls.
A Realistic Threat Model for the Masses
Commentary  |  10/9/2019  | 
For many people, overly restrictive advice about passwords and other security practices is doing more harm than good. Here's why.
UK Businesses Feel the Heat as Cyber Attacks Rise 243% Over the Summer
Larry Loeb  |  10/9/2019  | 
UK-based business ISP analyzed data from its customers and found that the number of cyber attacks its customers experienced had increased over last year's summer period by 243%.
How the Software-Defined Perimeter Is Redefining Access Control
Commentary  |  10/9/2019  | 
In a world where traditional network boundaries no longer exist, VPNs are showing their age.
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Commentary  |  10/8/2019  | 
As in any battle, understanding and exploiting the terrain often dictates the outcome.
Beyond the Horde: The Uptick in Targeted Attacks (And How to Fight Back)
Commentary  |  10/8/2019  | 
We're seeing a dramatic rise in targeted attacks, but following these guidelines can help your enterprise stay safe.
UK Spy Agency Warns About VPN Hacking
Larry Loeb  |  10/8/2019  | 
Advanced persistent threat actors linked to the Chinese government are attacking enterprise VPN servers from Fortinet, Palo Alto Networks and Pulse Secure.
Cequence Finds Web Conferencing Vulnerability
Larry Loeb  |  10/7/2019  | 
Vulnerability could allow an attacker to list and view active meetings that are not protected.
10 Steps to Assess SOC Maturity in SMBs
Commentary  |  10/7/2019  | 
Facing a system and organization controls audit doesn't have to be stressful for small and midsize businesses if they follow these guidelines.
Page 1 / 2   >   >>


Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29378
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. It is possible to elevate the privilege of a CLI user (to full administrative access) by using the password [email protected]#y$z%x6x7q8c9z) for the e...
CVE-2020-29379
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. During the process of updating the firmware, the update script starts a telnetd -l /bin/sh process that does not require authentication for TELNET access.
CVE-2020-29380
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. TELNET is offered by default but SSH is not always available. An attacker can intercept passwords sent in cleartext and conduct a man-in-...
CVE-2020-29381
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. Command injection can occur in "upload tftp syslog" and "upload tftp configuration" in the CLI via a crafted filename...
CVE-2020-29382
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. A hardcoded RSA private key (specific to V1600D, V1600G1, and V1600G2) is contained in the firmware images.