Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Content posted in April 2018
Page 1 / 2   >   >>
What Meltdown and Spectre Mean for Mobile Device Security
Commentary  |  4/30/2018  | 
Here are four tips to keep your mobile users safe from similar attacks.
3 Ways to Maximize Security and Minimize Business Challenges
Partner Perspectives  |  4/30/2018  | 
The best strategy for choosing security tools and architecting networks is to focus on staffing and resources, risk tolerance, and business change.
Rubella Macro Builder Crimeware Kit Price Drops to $40
Larry Loeb  |  4/30/2018  | 
Crime might not pay, but it also doesn't have to be expensive to try. Flashpoint researchers have found that the monthly fee for the Rubella Macro Builder crimeware kit dropped to $40 on the underground market.
'Zero Login:' The Rise of Invisible Identity
Commentary  |  4/27/2018  | 
Will new authentication technologies that recognize users on the basis of their behaviors finally mean the death of the despised password?
Researchers Detail Self-Learning System That Secures IoT Devices
Larry Loeb  |  4/27/2018  | 
Researchers from several universities have published a new paper describing what they believe is a better way to protect and secure IoT devices and sensors.
Why Hackers Love Healthcare
Commentary  |  4/26/2018  | 
The migration of valuable data to the cloud is piquing the interest of cybercrimimals. But there are ways to fight back.
Orangeworm Malware Burrows Into Healthcare Industry
Jeffrey Burt  |  4/26/2018  | 
A group of cybercriminals, known collectively as Orangeworm, are using their own malware and a custom backdoor called Kwampirs in highly targeted attacks against healthcare organizations, according to Symantec.
Europe and Asia Take on More DDoS Attacks
Partner Perspectives  |  4/26/2018  | 
While North American targets have historically been on the receiving end of the majority of DDoS attacks since their inception, that trend changed in 2017.
Despite Risks, Nearly Half of IT Execs Don't Rethink Cybersecurity after an Attack
Commentary  |  4/25/2018  | 
A recent survey reveals a troubling degree of security inertia lurking among scores of organizations. But there are a few bright spots.
Why Information Integrity Attacks Pose New Security Challenges
Commentary  |  4/25/2018  | 
To fight information integrity attacks like the ones recently perpetrated by bots on the FCC's website, we need to change our stance and look for the adversaries hiding in plain sight.
Microsoft: Tech Support Scams on the Rise
Larry Loeb  |  4/25/2018  | 
A recent report from Microsoft shows that the number of scams using tech support as a cover is on the increase. However, many times it's up to consumers and companies to protect themselves.
Cloud Misconceptions Are Pervasive Across Enterprises
Partner Perspectives  |  4/25/2018  | 
Shadow IT is rampant at many organizations that rely upon cloud-delivered tools and services to enable remote work, according to a new study. Here's what security teams need to do about it.
5 New Network Attack Techniques That Will Keep You Awake at Night
Alan Zeichick  |  4/25/2018  | 
You can't trust anything -- not the cloud, not hardware, not industrial control systems. Take nothing for granted, advise the experts, and trust nothing.
Deconstructing the Possibilities and Realities of Enterprise IoT Security
Commentary  |  4/24/2018  | 
Organizations are rushing to leverage Internet of Things solutions but struggle to design the information technology architectures that will lock down the data these devices create.
Smartphones Remain the Most Vulnerable of Endpoints
Simon Marshall  |  4/24/2018  | 
The nature of mobile devices, especially smartphones, continues to make them the most vulnerable of endpoint devices. Here's why enterprise security teams need to stay vigilante.
It's Time to Take GitHub Threats Seriously
Commentary  |  4/24/2018  | 
There's a good chance your company has projects on the source code management system, but the casual way many developers use GitHub creates security issues.
Cybercrime: More Like Facebook's Model Than Traditional Criminal Enterprise
Larry Loeb  |  4/23/2018  | 
As the global economy has changed, so has cybercrime, which resembles something much closer to how Facebook works than a traditional criminal enterprise, according to a new report.
Digital Identity Makes Headway Around the World
Commentary  |  4/23/2018  | 
The US is lagging behind the digital ID leaders.
It's the People: 5 Reasons Why SOC Can't Scale
Alan Zeichick  |  4/23/2018  | 
There are always more security alerts and threats to respond, but the answer isn't to simply throw more money at the SOC to hire additional Tier 1 and Tier 2 security analysts.
IDS & IPS: Two Essential Security Measures
Partner Perspectives  |  4/23/2018  | 
To protect business networks, one line of security isn't enough.
Biometrics Are Coming & So Are Security Concerns
Commentary  |  4/20/2018  | 
Could these advanced technologies be putting user data at risk?
Login With Facebook & Watch Your Personal Data Leak
Larry Loeb  |  4/20/2018  | 
A common feature on many popular websites allows users to login with their Facebook profile. However, a trio of Princeton researchers show that this feature allows personal information to leak and be collected.
Cyber Attacks Have Doubled, but Security Is Getting Better at Blocking Them
Jeffrey Burt  |  4/20/2018  | 
In a survey, Accenture said the number of targeted attacks like ransomware and DDoS are growing, but organizations are getting better and faster at detecting them.
How to Protect Industrial Control Systems from State-Sponsored Hackers
Commentary  |  4/19/2018  | 
US-CERT recently issued an alert about Russian threat activity against infrastructure sectors. Is there a way to fight back?
Microsoft Security Is Channeling the Terminator
Alan Zeichick  |  4/19/2018  | 
In its own way of channeling the Terminator and Skynet, Microsoft is looking to add more layers of artificial intelligence into its Windows Defender ATP to further reduce remediation and increase automation of security.
Researchers Discover Second rTorrent Vulnerability Campaign
Partner Perspectives  |  4/19/2018  | 
This time attackers appears to have spoofed the Recording Industry Association of America (RIAA) and New York University (NYU) user-agents.
In Wake of Spectre & Meltdown, Intel Shifts Memory Scanning to GPU
Jeffrey Burt  |  4/19/2018  | 
At the RSA Conference this week, Intel introduced several silicon-level security technologies, including moving memory scanning from the CPU to the GPU, as part of its larger 'security-first' strategy following the Spectre and Meltdown issues.
The Role of KPIs in Incident Response
Commentary  |  4/18/2018  | 
Using KPIs can have a positive impact on the tactical and strategic functions of a security operations program.
How to Leverage Artificial Intelligence for Cybersecurity
Partner Perspectives  |  4/18/2018  | 
AI and predictive analytics should be used to augment a companys security team, not replace it. Here's why.
Alert Warns Russian Actors Are Targeted Unsecured Network Devices
Larry Loeb  |  4/18/2018  | 
A join statement from UK and US law enforcement and security agencies are warning that Russian actors are targeting older and unpatched network infrastructure as part of an ongoing cyberespionage campaign.
Why We Need Privacy Solutions That Scale Across Borders
Commentary  |  4/17/2018  | 
New privacy solutions are becoming scalable, smarter, and easier to address compliance across industries and geographies.
Endpoint Security: 3 Big Obstacles to Overcome
Joe Stanganelli  |  4/17/2018  | 
Two recent reports highlight three major challenges in enterprise endpoint security.
Ransomware: Still a Security Threat & Still Evolving
Jeffrey Burt  |  4/17/2018  | 
While ransomware may have faded from the headlines a bit during the first four months of 2018, a bevy of reports from Verizon, Symantec and Webroot find that not only does it remain a top security threat, but it continues to evolve as well.
'PowerHammer' Exploit Can Steal Computer Data Across Electrical Lines
Larry Loeb  |  4/16/2018  | 
Researchers at Ben-Gurion University have created a new exploit called 'PowerHammer' that can steal data from PCs and other systems through electrical lines.
How GDPR Forces Marketers to Rethink Data & Security
Commentary  |  4/16/2018  | 
The European regulation is making marketing technology companies re-examine their security, and that's a good thing.
Data Breach Increase Shows Endpoints Are Under Attack
Joe Stanganelli  |  4/16/2018  | 
The stats and factoids from the latest edition of Verizon's annual Data Breach Investigation Report make clear enterprise endpoints have been far too vulnerable and that explains why data breaches are on the rise.
Federal Agency Data Under Siege
Commentary  |  4/13/2018  | 
Seventy-one percent of IT security professionals in US federal agencies have reported breaches in their organizations.
Misconfigured Routers Could Be Used for Botnets, Espionage
Larry Loeb  |  4/13/2018  | 
A recent white paper released by Akamai finds that thousands of misconfigured routers using older UPnP protocols could be turned into malicious botnets or used for espionage.
Beyond Bitcoin: How Blockchain Can Benefit IoT Security
Jeffrey Burt  |  4/13/2018  | 
As the market for the Internet of Things grows, security concerns are increasing. However, a new study shows that blockchain technology can go beyond protecting cryptocurrency to help lock down IoT devices and sensors better than other methods.
The Good, the Bad & the Disruptive: Bots on the Wild, Wild Web
Commentary  |  4/12/2018  | 
Not all bots are bad -- some are downright helpful -- so you can't block them entirely.
Microsegmentation: Strong Security in Small Packages
Commentary  |  4/12/2018  | 
A deep dive into how organizations can effectively devise and implement microsegmentation in a software-defined networking data center.
How Attackers Can Exploit rTorrent with Monero Cryptocurrency Miner
Partner Perspectives  |  4/12/2018  | 
As cryptomining campaigns become more profitable, cybercriminals are becoming more creative about finding new ways to extend their operations.
Billions of Business Files & Data Are Exposed Online to Anyone
Simon Marshall  |  4/12/2018  | 
A report from Digital Shadows finds that more than a billion files, including sensitive data and intellectual property, are exposed to the greater Internet. Much of this is due to antiquated technology.
Avoiding the Ransomware Mistakes that Crippled Atlanta
Partner Perspectives  |  4/11/2018  | 
What made Atlanta an easy target was its outdated use of technology: old computers running on non-supported platforms, which are also a characteristic of many municipalities and most major cities.
Stopping Cyber Madness: Why the Private Sector Must Lead the Fight
Commentary  |  4/11/2018  | 
The government's ability to help secure the Internet will be limited given the light speed of the Internet versus the slower pace of government. That's why stopping the madness begins with the private sector.
Hack Back: An Eye for an Eye Could Make You Blind
Commentary  |  4/11/2018  | 
Attackers have had almost zero consequences or cost for stealing data from innocent victims. But what if we could hack their wallets, not their systems?
Bastille's ATI System Warning Raises Its Own Alarm
Larry Loeb  |  4/11/2018  | 
Bastille Networks made a splash by notifying ATI Systems that its warning systems have a significant vulnerability. However, the timing of the notice leaves a question about motives when public safety is at risk.
IoT Malware-on-the-Fly Expected to Rise
Dawn Kawamoto  |  4/11/2018  | 
Researchers discover a new Mirai-variant IoT botnet that appears linked to IoTroop or Reaper botnet, allowing attackers to easily update malicious code on the fly.
Pairing Policy & Technology: BYOD That Works for Your Enterprise
Commentary  |  4/10/2018  | 
An intelligent security policy coupled with the right technology can set you up for success with BYOD.
20 Ways to Increase the Efficiency of the Incident Response Workflow
Commentary  |  4/10/2018  | 
Despite all the good intentions of some great security teams, we are still living in a "cut-and-paste" incident management world.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15058
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.
CVE-2020-15059
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter.
CVE-2020-15060
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name.
CVE-2020-15061
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to denial-of-service the device via long input values.
CVE-2020-15062
PUBLISHED: 2020-08-07
DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.