Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Content posted in June 2018
Page 1 / 2   >   >>
Why Sharing Intelligence Makes Everyone Safer
Commentary  |  6/29/2018  | 
Security teams must expand strategies to go beyond simply identifying details tied to a specific threat to include context and information about attack methodologies.
Mobile Malware Group Hits Google Play a Third Time
Jeffrey Burt  |  6/29/2018  | 
McAfee researchers found that AsiaHitGroup earlier this year again targeted Android device users in Asia with a bulked-up Sonvpay campaign complete with silent push notifications.
'Bad Bots' Invading Cellular Networks
Larry Loeb  |  6/29/2018  | 
A new research paper from Distil Networks finds that 'bad bots' are roaming cellular networks and are using these gateways as part of numerous attacks.
Redefining Security with Blockchain
Commentary  |  6/28/2018  | 
Blockchain offers a proactive approach to secure a new generation of digital platforms and services for both enterprises and individuals.
McAfee: Cybercriminals Improving Techniques as Cryptomining Explodes
Jeffrey Burt  |  6/28/2018  | 
Cybercrime campaigns during the quarter showed that bad actors are improving upon the threats from last year, according to McAfee. Meanwhile, cryptomining schemes continue to skyrocket.
Russia, Facebook & Cybersecurity: Combating Weaponized FUD in the Social Media Age
Commentary  |  6/27/2018  | 
It's up to everyone -- users, security pros, government -- to be critical about the online information we encounter.
Cynicism in Cybersecurity: Confessions of a Recovering Cynic
Commentary  |  6/27/2018  | 
Anyone constantly dealing with complex computer systems teetering on the brink of disaster will likely succumb to the cult of cynicism. These four strategies will help you focus on the positive.
Wi-Fi Alliance: WPA3 Standard Will Improve WiFi Security, Encryption
Larry Loeb  |  6/27/2018  | 
After 20 years, the Wi-Fi Alliance has released a new WiFi standard WPA3 which looks to offer greater security and encryption to consumers in the home as well as enterprise networks.
Today! 'Why Cybercriminals Attack,' A Dark Reading Virtual Event
Commentary  |  6/27/2018  | 
Wednesday, June 27, this all-day event starting at 11 a.m. ET, will help you decide who and what you really need to defend against, and how to do it more effectively.
Securing Serverless Apps: 3 Critical Tasks in 3 Days
Commentary  |  6/26/2018  | 
Serverless workloads in the cloud can be as secure as traditional applications with the right processes and tools. The key: start small, scale as your application scales, and involve everyone.
Secure by Default Is Not What You Think
Commentary  |  6/26/2018  | 
The traditional view of secure by default which has largely been secure out of the box is too narrow. To broaden your view, consider these three parameters.
IBM Spinout Senzing Fights Fraud, Insider Threats With AI
Jeffrey Burt  |  6/26/2018  | 
Senzing, a rare IBM spinout, enables organizations to quickly and easily run through thousands of corporate records to find bad actors that represent a threat to their businesses.
Cloud-Based Identity Management Systems: What to Look For
Alan Zeichick  |  6/26/2018  | 
Most of the big cloud players, including Google, Microsoft and AWS, all offer some form of identity and access management. There are plenty of other cloud-based, on-premises IAM systems as well. Here's what you need to look for.
Secure Code: You Are the Solution to Open Sources Biggest Problem
Commentary  |  6/25/2018  | 
Seventy-eight percent of open source codebases examined in a recent study contain at least one unpatched vulnerability, with an average of 64 known vulnerabilities per codebase.
Adware & Cryptomining Remain Top Enterprise Security Threats
Larry Loeb  |  6/25/2018  | 
New research from Morphisec Labs finds that adware remains a consistent if under-reported security problem for many enterprises. At the same time, cryptomining remains the go-to attack for many cybercriminals.
How to Find a Next-Generation Firewall for the Cloud
Alan Zeichick  |  6/25/2018  | 
If you use cloud-based servers for running business applications, you need to protect those servers with a software-based cloud firewall. There are many options, and here's how to choose.
White House Email Security Faux Pas?
Commentary  |  6/22/2018  | 
The Executive Office of the President isn't complying with the DMARC protocol, but that has fewer implications than some headlines would suggest.
Google, Roku, Sonus Rush Out Patches for DNS Vulnerability
Larry Loeb  |  6/22/2018  | 
DNS rebinding might be ancient in security terms, but it's scary enough that Google, Roku and Sonos rushed through patches to address recent concerns.
Templates: The Most Powerful (And Underrated) Infrastructure Security Tool
Commentary  |  6/21/2018  | 
If your team is manually building cloud instances and networks for every application, you're setting yourself up for a data breach.
AppSec in the World of 'Serverless'
Commentary  |  6/21/2018  | 
The term 'application security' still applies to 'serverless' technology, but the line where application settings start and infrastructure ends is blurring.
Containers in the Cloud Are Great, but Are They Secure?
Alan Zeichick  |  6/21/2018  | 
Containers are an efficient means to package, deploy and run software in the cloud. There are legitimate security concerns, however.
Inside a SamSam Ransomware Attack
Commentary  |  6/20/2018  | 
Here's how hackers use network tools and stolen identities to turn a device-level compromise into an enterprise-level takedown.
Olympic Destroyer Returns With Attacks in Europe
Jeffrey Burt  |  6/20/2018  | 
Kaspersky Labs researchers believe the hackers behind the Olympic Destroyer worm that wreaked havoc at the Winter Olympics are now focusing on organizations that research chemical and biological threats in Europe.
Improving the Adoption of Security Automation
Commentary  |  6/20/2018  | 
Four barriers to automation and how to overcome them.
Betabot Trojan Reborn in New Sophisticated Form
Larry Loeb  |  6/20/2018  | 
As far as malware goes, the Betabot Trojan has gone through several different incarnations. However, its latest form might be the most sophisticated and laying the groundwork for an even larger attack.
How to Prepare for 'WannaCry 2.0'
Commentary  |  6/19/2018  | 
It seems inevitable that a more-powerful follow-up to last year's malware attack will hit sooner or later. You'd better get prepared.
5 Tips for Integrating Security Best Practices into Your Cloud Strategy
Commentary  |  6/19/2018  | 
Do 'cloud-first' strategies create a security-second mindset?
3 Tips for Driving User Buy-in to Security Policies
Commentary  |  6/18/2018  | 
Teaching users why it's important to commit to security controls is a far more effective strategy than simply demanding that they follow them. Here's how.
Is Florida Really Such a Cybersecurity Risk?
Joe Stanganelli  |  6/18/2018  | 
In the wake of a personal-security research report declaring Florida to have the highest level of cybersecurity-risk in the US, a closer look suggests this finding may be neither the most reliable nor the most compelling.
Decades-Old Vulnerability Allows Spoofing of Encryption Tools
Larry Loeb  |  6/18/2018  | 
While GnuPG, Enigmail, GPGTools and python-gnupg have all patched the SigSpoof vulnerability, this old flaw shows how encryption tools can be spoofed.
Modern Cybersecurity Demands a Different Corporate Mindset
Commentary  |  6/15/2018  | 
Very few organizations have fully incorporated all relevant risks and threats into their current digital strategy, research finds.
Intel Chips' 'Lazy FP' Vulnerability Could Leak Secure Data
Larry Loeb  |  6/15/2018  | 
A group of security researchers have found a new vulnerability with Intel's chips that can theoretically allow an attack to utilize the 'Lazy FP' state of the process and gain access to sensitive data.
Four Faces of Fraud: Identity, 'Fake' Identity, Ransomware & Digital
Commentary  |  6/14/2018  | 
Realizing the wide scope of fraud should be at the top of every business executive's to-do list. Here's some practical advice to help you stay safe.
Meet 'Bro': The Best-Kept Secret of Network Security
Commentary  |  6/14/2018  | 
This often overlooked open source tool uses deep packet inspection to transform network traffic into exceptionally useful, real-time data for security operations.
Cisco: Companies More Proactive About Cybersecurity
Jeffrey Burt  |  6/14/2018  | 
The ransomware attacks of 2017 and high-profile credit card system hacks in recent years have convinced organizations that they need to address security before they become victims.
IPS: A Key Network Protection in an Age of Increasing Threats
Simon Marshall  |  6/14/2018  | 
Intrusion prevent systems or IPS have had a checkered history in the enterprise, but increases in malicious activity across business networks have shown the technology can make a big security difference.
LeBron vs. Steph: The NBA Version of Cyber Defense vs. Cyberattacks
Commentary  |  6/13/2018  | 
It takes an aggressive, swarming approach to overcome the most dangerous threats today.
Why CISOs Need a Security Reality Check
Commentary  |  6/13/2018  | 
We deserve a seat at the executive table, and we'll be much better at our jobs once we take it.
Lazarus Suspected of Attacking South Korea Sites With Zero-Day Exploit
Larry Loeb  |  6/13/2018  | 
The North Korea-linked Lazarus Group is suspected of using a flaw in ActiveX to attack websites in South Korea, according to research from AlienVault.
'Shift Left' & the Connected Car
Commentary  |  6/12/2018  | 
How improving application security in the automotive industry can shorten product development time, reduce costs, and save lives.
Talos: VPNFilter Malware Still Stands at the Ready
Jeffrey Burt  |  6/12/2018  | 
Rebooting routers and the FBI's takeover of the C&C server may have mothballed the threat that infected more than 500,000 routers, but attackers could get it going again, Talos's Craig Williams said at Cisco Live in Orlando.
Weaponizing IPv6 to Bypass IPv4 Security
Commentary  |  6/12/2018  | 
Just because you're not yet using IPv6 doesn't mean you're safe from the protocol's attack vectors.
6 Ways Greed Has a Negative Effect on Cybersecurity
Commentary  |  6/11/2018  | 
How the security industry can both make money and stay true to its core values, and why that matters.
ISF: Balance Is Key to Mobile Security
Jeffrey Burt  |  6/11/2018  | 
As the workforce becomes more mobile, companies can't lock everything down but also can't risk leaving their mobile environments wide open, Information Security Forum finds.
Cryptomining Malware, Cryptojacking Remain Top Security Threats
Larry Loeb  |  6/11/2018  | 
Check Point's new global index report finds that cryptomining malware and cryptojacking schemes have surpassed ransomware as the number one threat to IT security.
Threat Landscape: Dark Reading Caption Contest Winners
Commentary  |  6/8/2018  | 
Insider threats -- desktop attacks, security awareness, caffeine -- all worthy contenders in our cartoon caption competition. And the winners are ...
Operation Prowli Infects 40,000 Systems for Cryptomining
Jeffrey Burt  |  6/8/2018  | 
GuardiCore researchers uncover a campaign that has comprised vulnerable servers at more than 9,000 companies worldwide for cryptojacking and traffic manipulation purposes.
ZipSlip Flaw Lets Attackers Inject Malware Into Open Source Projects
Larry Loeb  |  6/8/2018  | 
The newly discovered ZipSlip flaw opens a big hole for malware in many open source projects. Here's what developers need to know.
Side-Channel Attacks & the Importance of Hardware-Based Security
Commentary  |  6/7/2018  | 
Reliably evaluating the security of modern infrastructure requires a solid understanding of the hardware supporting it.
In Pursuit of Cryptography's Holy Grail
Commentary  |  6/7/2018  | 
Homomorphic encryption eliminates the need for data exposure at any point something that certainly would be welcome these days.
Page 1 / 2   >   >>


7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
IoT Vulnerability Disclosure Platform Launched
Dark Reading Staff 10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26649
PUBLISHED: 2020-10-22
AtomXCMS 2.0 is affected by Incorrect Access Control via admin/dump.php
CVE-2020-26650
PUBLISHED: 2020-10-22
AtomXCMS 2.0 is affected by Arbitrary File Read via admin/dump.php
CVE-2020-27533
PUBLISHED: 2020-10-22
A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages.
CVE-2020-24033
PUBLISHED: 2020-10-22
An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. The form does not have an authentication or token authentication mechanism that allows remote attackers to forge requests on behalf of a site administrator to change all settings including deleting users, creating new users with escala...
CVE-2020-27560
PUBLISHED: 2020-10-22
ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service.