Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

Content posted in July 2018
Page 1 / 2   >   >>
Unified Security Data: A Simple Idea to Combat Persistent, Complex Cyberattacks
Commentary  |  7/31/2018  | 
Do you know what happens to your data when it's not in use? If the answer is no, you need to fix that.
Accidental Cryptojackers: A Tale of Two Sites
Commentary  |  7/31/2018  | 
Why website operators need to know with whom they are doing business and how to close the loop on third-party vulnerabilities.
PowerGhost Cryptomining Malware Targets Corporate Networks
Jeffrey Burt  |  7/31/2018  | 
Kaspersky Lab researchers said the malware uses fileless techniques to make it harder to detect and the Eternal Blue exploit to spread to systems across the networks.
MUD: The Solution to Our Messy Enterprise IoT Security Problems?
Commentary  |  7/30/2018  | 
The 'Manufacturer Usage Description' proposal from IETF offers a promising route for bolstering security across the industry.
New Spectre-Like Vulnerability Allows for Remote Data Theft
Larry Loeb  |  7/30/2018  | 
Researchers have found new Spectre-like vulnerability in x86 processors called NetSpectre, which allows attackers to steal data remotely.
Zero Trust Means Never Trust & Always Verify
Alan Zeichick  |  7/30/2018  | 
Enterprise security teams have actually been practicing zero trust policies for a number of years, but new advances and better tools now make the philosophy easier to implement. Still, it's always best to verify.
Every Week Is Shark Week in Cyberspace
Commentary  |  7/27/2018  | 
Your data, identities, and credentials are cyber chum. Here's how to protect yourself from the feeding frenzy.
Symantec: Leafminer Group Is a Dangerous Group of Amateurs
Larry Loeb  |  7/27/2018  | 
While the Leafminer group has been causing significant problems in the Middle East for well over a year, Symantec notes that the group is doing so using rather amateurish techniques.
Kronos Returns as Banking Trojan Attacks Ramp Up
Jeffrey Burt  |  7/27/2018  | 
Proofpoint researchers have seen a new version of the four-year-old Kronos emerge in campaigns in Europe and Japan. The report also finds it may be rebranded as 'Osiris.'
5 Ways Small Security Teams Can Defend Like Fortune 500 Companies
Commentary  |  7/26/2018  | 
Keep your company protected with a mix of old- and new-school technologies.
The Double-Edged Sword of Artificial Intelligence in Security
Commentary  |  7/26/2018  | 
AI is revolutionizing cybersecurity for both defenders and attackers as hackers, armed with the same weaponized technology, create a seemingly never-ending arms race.
California's CCPA Law: Why CISOs Need to Take Heed
Joe Stanganelli  |  7/26/2018  | 
The recently enacted California Consumer Privacy Act, while hardly a sweeping reform of the state's privacy laws, changes the playing field for IT risk and liability where California residents' personal information is concerned.
The Good & Bad News About Today's Cybersecurity Investment Landscape
Commentary  |  7/25/2018  | 
Lots of things keep CISOs up at night. But instead of guessing what CISOs want, investors and vendors should incorporate customer feedback throughout product ideation and development cycles.
Securing Our Interconnected Infrastructure
Commentary  |  7/25/2018  | 
A little over a year ago, the world witnessed NotPetya, the most destructive cyberattack to date. What have we learned?
Bluetooth Vulnerability Opens Up Man-in-the-Middle Attacks
Larry Loeb  |  7/25/2018  | 
With almost certainly hypothetical, this vulnerability in Bluetooth's protocol could result in a man-in-the-middle attack and allow the culprits to steal personal data off a device.
How 'Projection' Slows Down the Path to Security Maturity
Commentary  |  7/24/2018  | 
A little bit of self-awareness goes a long way when it comes to evaluating a company's security maturity level. It's also a prerequisite to improving.
Threat Hunting: Rethinking 'Needle in a Haystack' Security Defenses
Commentary  |  7/24/2018  | 
In cyber, needles (that is, threats) can disappear quickly, for a variety of reasons, and long often after hackers have completed what they came to do.
Kaspersky: There's No Such Thing as a Free Gift Card Code
Jeffrey Burt  |  7/24/2018  | 
Kaspersky Labs is warning that bad actors are using a scheme offering free gift card codes from Amazon, Google, eBay and others to separate consumers from their personal data and money.
London Calling with New Strategies to Stop Ransomware
Commentary  |  7/23/2018  | 
The new London Protocol from the Certificate Authority Security Council/Browser Forum aims to minimize the possibility of phishing activity on high-value identity websites.
Watch Out: The Dark Web Is Really Watching You
Alan Zeichick  |  7/23/2018  | 
The Dark Web is a lot of things, but it's mostly a hangout for criminals and cyberthieves. However, this dark corner of the Internet may know more about you or your enterprise than you think.
DNS Rebinding Attack Could Affect Half a Billion IoT Devices
Larry Loeb  |  7/23/2018  | 
From smart speakers to printers to IP-connected video equipment, DNS rebinding attacks are targeting a number of IoT-based devices.
Why Artificial Intelligence Is Not a Silver Bullet for Cybersecurity
Commentary  |  7/20/2018  | 
Like any technology, AI and machine learning have limitations. Three are detection, power, and people.
More Data Breaches in Store for US Retail Industry
Larry Loeb  |  7/20/2018  | 
A report from Thales eSecurity and 451 Research finds that the security systems of US retailers are getting breached more often than their global counterparts. As a result, IT is rethinking its security spending.
The Fundamental Flaw in Security Awareness Programs
Commentary  |  7/19/2018  | 
It's a ridiculous business decision to rely on the discretion of a minimally trained user to thwart a highly skilled sociopath, financially motivated criminal, or nation-state.
Beyond Passwords: Why Your Company Should Rethink Authentication
Commentary  |  7/19/2018  | 
Scaling security infrastructure requires scaling trust of users, devices, and methods of authentication. Here's how to get started.
Make Security Boring Again
Commentary  |  7/18/2018  | 
In the public sector and feeling overwhelmed? Focus on the basics, as mind numbing as that may sound.
From Bullets to Clicks: The Evolution of the Cyber Arms Race
Commentary  |  7/18/2018  | 
Cyber strategies have become as important as physical weapons in the battle for political advantage. Here's a quick look at four broad categories.
Cloud Security: Lessons Learned from Intrusion Prevention Systems
Commentary  |  7/17/2018  | 
The advancement of AI-driven public cloud technology is changing the game of "protection by default" in the enterprise.
SCADA/ICS Dangers & Cybersecurity Strategies
Commentary  |  7/17/2018  | 
Nearly 60% of surveyed organizations using SCADA or ICS reported they experienced a breach in those systems in the last year. Here are four tips for making these systems safer.
Researchers Detail Spoofing Attack Against Vehicle GPS
Larry Loeb  |  7/17/2018  | 
A new paper shows that with the right amount of hardware and know-how, an attacker can spoof a vehicle's GPS system and change the route.
Time to Yank Cybercrime into the Light
Commentary  |  7/16/2018  | 
Too many organizations are still operating blindfolded, research finds.
IDT CIO Faces Down New Crop of Global Threats
Simon Marshall  |  7/16/2018  | 
IDT CIO Golan Ben-Oni has faced down two serious cyberattacks in the last year and he expects more are on the way. From selecting vendors to thinking about the cloud, here's how Ben-Oi is rethinking the security landscape.
Broadcom's Deal for CA Puts Big Iron in the Spotlight
Larry Loeb  |  7/16/2018  | 
With Broadcom buying CA for $18.9 billion, old-time big iron is suddenly cool again. Here's what it means for security and software development.
How to Structure an Enterprise-Wide Threat Intelligence Strategy
Commentary  |  7/13/2018  | 
To keep an organization safe, you must think about the entire IT ecosystem.
Attackers Increasingly Turning Attention to the Cloud
Jeffrey Burt  |  7/13/2018  | 
In the first half of 2018, Check Point researchers saw threat actors turning more of their attention to the cloud to steal data, as well as to grab compute power for cryptomining efforts.
Bug Bounty Programs Paying Off for Enterprises
Larry Loeb  |  7/13/2018  | 
The number of bug bounty programs continues to grow, and enterprise security is better for it. A new report urges more businesses to embrace and not squash these initiatives.
Lessons from My Strange Journey into InfoSec
Commentary  |  7/12/2018  | 
Establishing an entre into the security world can be a maddeningly slow process. For those of us already here, it can be an opportunity to help others.
ICS Security: 'The Enemy Is in the Wire'
Commentary  |  7/12/2018  | 
Threats to industrial control systems are real and frightening. The government is taking steps to keep us safer in the future, but there are near-term steps you can take right now.
IBM: Hidden Costs Drive Up Financial Hit of Mega Breaches to $350M
Jeffrey Burt  |  7/12/2018  | 
For companies that have 50 million records compromised, lost business and reputation, as well as the employee time spent in recovery work, can put the overall cost at $350 million.
Kaspersky: Asia the Focus of APT Operations in Q2
Jeffrey Burt  |  7/12/2018  | 
In their second quarter report, Kaspersky researchers also noted the return of various well-known bad actors and the threats facing networking hardware devices.
Getting Safe, Smart & Secure on S3
Commentary  |  7/11/2018  | 
AWS Simple Storage Service has proven to be a security minefield. It doesn't have to be if you pay attention to people, process, and technology.
What We Talk About When We Talk About Risk
Commentary  |  7/11/2018  | 
Measuring security risk is not that hard if you get your terms straight and leverage well-established methods and principles from other disciplines.
Magecart Group Seen as Hidden Hand Behind Ticketmaster Attack
Larry Loeb  |  7/11/2018  | 
By targeting third-party vendors that Ticketmaster uses to help process payment, the Magecart group appears to be expanding the scope of its cybercrimes, according to RiskIQ.
For Data Thieves, the World Cup Runneth Over
Commentary  |  7/10/2018  | 
Large sporting events are always going to be targets, but the fact that the competition is in Russia adds another layer of concern. Here are three tips to stay safer.
HNS IoT Botnet Evolves, Goes Cross-Platform
Jeffrey Burt  |  7/10/2018  | 
The Hide 'N Seek malware had previously targeted devices such as home routers and DVRs, but now the botnet is including Apache CouchDB and OrientDB in its expanding list of targets.
Cisco: GDPR Is About More Than Compliance
Jeffrey Burt  |  7/10/2018  | 
Cisco's top privacy official says that the EU's new privacy regulations – GDPR – gives forward-thinking companies an opportunity to excel by building new data management and privacy models.
Creating a Defensible Security Architecture
Commentary  |  7/9/2018  | 
Take the time to learn about your assets. You'll be able to layer in multiple prevention and detection solutions and have a highly effective security architecture.
Attackers Combining Smoke Loader & PROPagate in New Campaign
Larry Loeb  |  7/9/2018  | 
Cisco Talos researchers have found that attackers have started to combine Smoke Loader and the PROPagate injection in a new campaign delivered through phony Word documents.
Reactive or Proactive? Making the Case for New Kill Chains
Commentary  |  7/6/2018  | 
Classic kill chain models that aim to find and stop external attacks don't account for threats from insiders. Here what a modern kill chain should include.
Google, Firefox Pull Stylish After Report Shows How Data Is Collected
Larry Loeb  |  7/6/2018  | 
A security researcher showed how the Stylish browser extension sent personal data and search results back to the parent company, and this forced Mozilla and Google to yank it off their stores.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15058
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.
CVE-2020-15059
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter.
CVE-2020-15060
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name.
CVE-2020-15061
PUBLISHED: 2020-08-07
Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to denial-of-service the device via long input values.
CVE-2020-15062
PUBLISHED: 2020-08-07
DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic.