Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

posted in March 2019
Page 1 / 2   >   >>
Android Banking Trojan 'Gustuff' Becomes More Dangerous
Larry Loeb  |  3/29/2019  | 
New report puts Gustuff into the same threat tier as Anubis, Red Alert, Exobot, LokiBot and BankBot.
20 Years of STRIDE: Looking Back, Looking Forward
Commentary  |  3/29/2019  | 
The invention of STRIDE was the key inflection point in the development of threat modeling from art to engineering practice.
Artificial Intelligence in Modern Cybersecurity Operations
George Wrenn  |  3/28/2019  | 
As a rapidly evolving field of science, AI has become flexible to new approaches and tools allowing even cutting-edge technology such as quantum computing under its umbrella of methods.
Quantum Computing and Code-Breaking
Commentary  |  3/28/2019  | 
Prepare today for the quantum threats of tomorrow.
Everything I Needed to Know About Third-Party Risk Management, I Learned from Meet the Parents
Commentary  |  3/28/2019  | 
How much do you trust your vendors? You don't have to hook them up to a polygraph machine because there are better ways to establish trust.
Worldwide Study Finds Limited Advances Against Evolving Threats
Larry Loeb  |  3/28/2019  | 
Security vendor SonicWall has issued its SonicWall Cyber Threat Report based on its experiences in 2018.
Threat Hunting 101: Not Mission Impossible for the Resource-Challenged
Commentary  |  3/27/2019  | 
How small and medium-sized businesses can leverage native features of the operating system and freely available, high-quality hunting resources to overcome financial limitations.
Investigation Into LockerGoga Ransomware Finds Flaws in the Code
Larry Loeb  |  3/27/2019  | 
Preliminary analysis of LockerGoga shows it has, in its current forms, limited ability to spread in a network.
The 'Twitterverse' Is Not the Security Community
Commentary  |  3/27/2019  | 
The drama on social media belies the incredible role models, job, training, and networking opportunities found in the real world of traditional cybersecurity.
Data Privacy Manifestos: Competitive Advantage or the Start of Something Bigger?
Commentary  |  3/26/2019  | 
Facebook is the latest company to weigh in with a corporate manifesto focused on privacy. Though it's a welcome trend, only time will tell how many follow through.
Under Attack: Over Half of SMBs Breached Last Year
Commentary  |  3/26/2019  | 
Many small and midsize businesses work faster and harder than large enterprises, but they're just as vulnerable to cybercrime.
WordPress Zero-Day Vulnerability Found in 'Social Warfare' Plugin
Larry Loeb  |  3/26/2019  | 
'Social Warfare' was open to attacks through use of a stored Cross-Site Scripting (XSS) vulnerability that was introduced with the latest change made to the plugin (3.5.2).
5 Years of the NIST Cybersecurity Framework
Joe Stanganelli  |  3/26/2019  | 
With NIST celebrating the five-year anniversary of its widely adopted and recommended Cybersecurity Framework just last month, a look back over the years illustrates how far the Framework has come.
Norsk Hydro: This Is How You React to a Ransomware Breach
Larry Loeb  |  3/25/2019  | 
The company's response to a massive ransomware attack is an object lesson in how to do it right.
A Glass Ceiling? Not in Privacy
Commentary  |  3/25/2019  | 
According to a new study, female professionals in the US privacy profession outnumber males 53% to 47%.
Facebook Exposes Millions of Unencrypted User Passwords
Larry Loeb  |  3/22/2019  | 
It's an internal matter – but it could affect millions of the social network's users.
Security Lessons from My Game Closet
Commentary  |  3/22/2019  | 
In an era of popular video games like Fortnite and Minecraft, there is a lot to be learned about risk, luck, and strategy from some old-fashioned board games.
FIN7 Resurfaces With New Malware Techniques
Larry Loeb  |  3/22/2019  | 
The FIN7 group of cyber criminals is still going strong.
Hacker AI vs. Enterprise AI: A New Threat
Commentary  |  3/21/2019  | 
Artificial intelligence and machine learning are being weaponized using the same logic and functionality that legitimate organizations use.
What the Transition to Smart Cards Can Teach the US Healthcare Industry
Commentary  |  3/21/2019  | 
Healthcare information security suffers from the inherent weakness of using passwords to guard information. Chip-based smart cards could change that.
Jackson County Still Recovering After Paying Ryuk Ransom
Joe Stanganelli  |  3/21/2019  | 
Radio silence after reports of a headline-snagging ransomware payment in Jackson County, Ga., presents a possible case study in the pros and cons of paying ransomware attackers.
The Insider Threat: It's More Common Than You Think
Commentary  |  3/20/2019  | 
A new study shows why security teams must look holistically across cybersecurity, compliance, technology, and human resources to truly address the business effects of workforce risk.
TLS 1.3: A Good News/Bad News Scenario
Commentary  |  3/20/2019  | 
Stronger encryption standards are improving the privacy of data in motion, but enterprises will need to adapt their security architectures to maintain visibility into network traffic.
Evidence Found of Malware Families Collaborating
Larry Loeb  |  3/20/2019  | 
IBM's X-Force has found that intertwined relationships exist between the Trickbot, Gozi, Ramnit and IcedID malware families – and that spells trouble.
The Case of the Missing Data
Commentary  |  3/19/2019  | 
The latest twist in the Equifax breach has serious implications for organizations.
Cyber Attacks Grow by 55% in 2018 & Data Theft Dominates – Report
Larry Loeb  |  3/19/2019  | 
The findings from Positive Technologies aren't that, erm, positive.
Crowdsourced vs. Traditional Pen Testing
Commentary  |  3/19/2019  | 
A side-by-side comparison of key test features and when best to apply them based on the constraints within your budget and environment.
Is Your Supply Chain the Weakest Link?
Steve Durbin  |  3/19/2019  | 
Despite organizations' best efforts to secure intellectual property and other sensitive information, limited progress has been made in effectively managing information risk in the supply chain.
Study Shows Massive Attacks Bypassing MFA
Larry Loeb  |  3/18/2019  | 
Multi-factor authentication is no silver bullet for security problems.
Are You Prepared for a Zombie (Domain) Apocalypse?
Commentary  |  3/18/2019  | 
When a domain registration expires, they can be claimed by new owners. And sometimes, those new owners have malicious intent.
New IoT Device Regulation Establishes Base Line for Security
Larry Loeb  |  3/15/2019  | 
Legislation seeks to use the spending power of the government, which, if the bill goes through, will only be able to acquire those IoT devices that meet the bill's requirements.
On Norman Castles and the Internet
Commentary  |  3/15/2019  | 
When the Normans conquered England, they built castles to maintain security. But where are the castles of the Internet?
Anomaly Detection Techniques: Defining Normal
Commentary  |  3/14/2019  | 
The challenge is identifying suspicious events in training sets where no anomalies are encountered. Part two of a two-part series.
4 Reasons to Take an 'Inside Out' View of Security
Commentary  |  3/14/2019  | 
When you approach security from the inside out, you're protecting your data by determining the most vital applications and using a risk-based strategy, which focuses on the most valuable and vulnerable assets.
North Korea Circumvents Sanctions Through Cybercrime, Says Report
Larry Loeb  |  3/14/2019  | 
The UN report believes the DPRK has snaffled up half a billion dollars so far through nefarious means.
Convergence: Real Problems When it Comes to Securing the IoT/IIoT
Alan Zeichick  |  3/14/2019  | 
Today, enterprises are dealing with a proliferation of connected devices that probably aren't dedicated to computing think video cameras, inventory sensors, machine tools, thermostats and environmental monitors.
IoT Anomaly Detection 101: Data Science to Predict the Unexpected
Commentary  |  3/13/2019  | 
Yes! You can predict the chance of a mechanical failure or security breach before it happens. Part one of a two-part series.
The Case for Transparency in End-User License Agreements
Commentary  |  3/13/2019  | 
Why it behooves technology companies to consider EULAs as an opportunity to accurately inform customers about privacy issues and other important information.
5 Essentials for Securing and Managing Windows 10
Commentary  |  3/12/2019  | 
It's possible to intelligently deploy and utilize Windows 10's many security enhancements while avoiding common and costly migration pitfalls.
The 12 Worst Serverless Security Risks
Commentary  |  3/12/2019  | 
A new guide from the Cloud Security Alliance offers mitigations, best practices, and a comparison between traditional applications and their serverless counterparts.
IT Security Administrators Aren't Invincible
Commentary  |  3/11/2019  | 
IT security administrators and their teams are responsible for evaluating an organization's security tools and technologies, but are they armed with the proper tools, considerations, and budget to do so? Fourth in a six-part series.
Enterprise Is the Target of 'Big Game Hunting'
Larry Loeb  |  3/11/2019  | 
GrandCrab has mutated, and enterprises should be worried.
Study Finds 77% of Mobile Users Compromised by Leak of PII Data
Larry Loeb  |  3/8/2019  | 
It doesn't help that 43% of companies have at least one mobile device with no lock screen active.
Debunking 5 Myths About Zero Trust Security
Commentary  |  3/7/2019  | 
Rather than "trust but verify," a zero trust model assumes that attackers will inevitably get in if they aren't already. However, several misconceptions are impeding its adoption.
4 Ways At-Work Apps Are Vulnerable to Attack
Commentary  |  3/7/2019  | 
Collaboration applications make users and IT teams more efficient. But they come with an added cost: security.
InfoSec Community Excited as NSA Releases Ghidra 9.0 to the Public
Larry Loeb  |  3/7/2019  | 
At the RSA Conference in San Francisco this week, the National Security Agency released to the public one of its internal tools, Ghidra 9.0, which is used for software reverse engineering. The NSA has been using it internally for a decade.
It's Time to Rethink Your Vendor Questionnaire
Commentary  |  3/6/2019  | 
To get the most from a vendor management program you must trust, then verify. These six best practices are a good place to begin.
Fighting Alert Fatigue with Actionable Intelligence
Commentary  |  3/6/2019  | 
By fine-tuning security system algorithms, analysts can make alerts intelligent and useful, not merely generators of noise.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11583
PUBLISHED: 2020-08-03
A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.
CVE-2020-11584
PUBLISHED: 2020-08-03
A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.
CVE-2020-5770
PUBLISHED: 2020-08-03
Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.01 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
CVE-2020-5771
PUBLISHED: 2020-08-03
Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious backup archive.
CVE-2020-5772
PUBLISHED: 2020-08-03
Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious package file.