Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Opinion

posted in August 2018
Page 1 / 2   >   >>
Why Automation Will Free Security Pros to Do What They Do Best
Commentary  |  8/31/2018  | 
There are three reasons today's security talent pool is neither scalable nor effective in addressing the rapid evolution of cyberattacks.
Exploitable Flaws Found in Trusted Platform Module 2.0
Larry Loeb  |  8/31/2018  | 
The US Department of Defense uses the TPM as a key element in dealing with security of device identification and authentication, encryption and similar tasks.
Lessons From the Black Hat USA NOC
Commentary  |  8/30/2018  | 
The conference's temporary network operations center provides a snapshot of what is possible when a variety of professionals work together.
4 Benefits of a World with Less Privacy
Commentary  |  8/30/2018  | 
The privacy issue is a problem for a lot of people. I see it differently.
How One Companys Cybersecurity Problem Becomes Another's Fraud Problem
Commentary  |  8/29/2018  | 
The solution: When security teams see something in cyberspace, they need to say something.
Data Leaks Via Smart Light Bulbs? Believe It
Larry Loeb  |  8/29/2018  | 
Researchers from the University of Texas at San Antonio have shown it's possible to exfiltrate data from a smart-bulb system. But there's no need to go back to candles just yet.
Why Security Needs a Software-Defined Perimeter
Commentary  |  8/28/2018  | 
Most security teams today still don't know whether a user at the end of a remote connection is a hacker, spy, fraudster -- or even a dog. An SDP can change that.
WhatsApp: Mobile Phishing's Newest Attack Target
Commentary  |  8/28/2018  | 
In 2018, mobile communication platforms such as WhatsApp, Skype, and SMS have far less protection against app-based phishing than email.
Microsoft Outlook Backdoor Amped Up by Russia-Linked Group
Larry Loeb  |  8/28/2018  | 
The Russia-linked Turla group uses PDF attachments to email messages to exfiltrate data, according to ESET.\r\n
Kaspersky: Lazarus Takes Aim at macOS in Cryptocurrency Campaign
Jeffrey Burt  |  8/28/2018  | 
Kaspersky researchers said users of Apple and Linux systems should see the AppleJesus campaign as a warning not to get lax in their cybersecurity efforts.
How Can We Improve the Conversation Among Blue Teams?
Commentary  |  8/27/2018  | 
Dark Reading seeks new ways to bring defenders together to share information and best practices
The Difference Between Sandboxing, Honeypots & Security Deception
Commentary  |  8/27/2018  | 
A deep dive into the unique requirements and ideal use cases of three important prevention and analysis technologies.
Five IoT Endpoint Security Recommendations for the Enterprise
Alan Zeichick  |  8/27/2018  | 
It's 2:00 a.m. Do you know where your devices are? Find out five IoT security tips to help you sleep at night.
A False Sense of Security
Commentary  |  8/24/2018  | 
Emerging threats over the next two years stem from biometrics, regulations, and insiders.
Apache Struts Critical Weakness Found, Patched
Larry Loeb  |  8/24/2018  | 
The open source framework for Java-based web apps has a critical flaw the Apache Software Foundation is trying to counter.
The GDPR Ripple Effect
Commentary  |  8/23/2018  | 
Will we ever see a truly global data security and privacy mandate?
Embedding Security into the DevOps Toolchain
Commentary  |  8/23/2018  | 
Security teams need to let go of the traditional security stack, stop fighting DevOps teams, and instead jump in right beside them.
The Votes Are In: Election Security Matters
Commentary  |  8/22/2018  | 
Three ways to make sure that Election Day tallies are true.
Vulnerable Web Apps Top Threat to Enterprises
Jeffrey Burt  |  8/22/2018  | 
A report by Kaspersky researchers found that 73% of successful network perimeter breaches in 2017 were committed via web apps, while inside threats continue to put companies at risk.
Microsoft Yanks Suspected Russian-Intelligence Domains
Larry Loeb  |  8/22/2018  | 
Microsoft has pulled the plug on domains it suspected as fronts for Russian Intelligence. The company says the targets were US conservative groups.
How to Gauge the Effectiveness of Security Awareness Programs
Commentary  |  8/21/2018  | 
If you spend $10,000 on an awareness program and expect it to completely stop tens of millions of dollars in losses, you are a fool. If $10,000 prevents $100,000 in loss, that's a 10-fold ROI.
Proving ROI: How a Security Road Map Can Sway the C-Suite
Commentary  |  8/21/2018  | 
When executives are constantly trying to cut the fat, CISOs need to develop a flexible structure to improve baseline assessments and target goals, tactics, and capabilities. Here's how.
Electrical Grid Attack via IoT Devices Successfully Simulated
Larry Loeb  |  8/21/2018  | 
Researchers have successfully simulated an attack on an electrical power grid that employs IoT devices to trigger a blackout.
Data Privacy Careers Are Helping to Close the IT Gender Gap
Commentary  |  8/20/2018  | 
There are three main reasons why the field has been more welcoming for women. Can other tech areas step up?
Foreshadow-NG Vulnerability Sets Tech Giants Scrambling
Larry Loeb  |  8/20/2018  | 
Foreshadow vulnerabilities expose processors and even the cloud to penetration.
Make a Wish: Dark Reading Caption Contest Winners
Commentary  |  8/18/2018  | 
Certification, endpoint security, 2FA, phishing, and PII were among the themes and puns offered by readers in our latest cartoon caption competition. And the winners are ...
The 5 Challenges of Detecting Fileless Malware Attacks
Commentary  |  8/17/2018  | 
Simply applying file-based tools and expectations to fileless attacks is a losing strategy. Security teams must also understand the underlying distinctions between the two.
Congressional Campaign Websites Vulnerable to Attack, Say Researchers
Jeffrey Burt  |  8/17/2018  | 
Researchers presented a study at DEF CON that showed that a third of congressional candidates' websites are vulnerable to attack, adding to threats already seen by some politicians.
Check Point: Fax Machines, Networks Vulnerable to Attack
Jeffrey Burt  |  8/17/2018  | 
Researchers for the cybersecurity company found a way to exploit vulnerabilities in the fax system of an HP OfficeJet inkjet all-in-one printer to gain access to all systems on a network.
Overcoming 'Security as a Silo' with Orchestration and Automation
Commentary  |  8/16/2018  | 
When teams work in silos, the result is friction and miscommunication. Automation changes that.
IAM Heads to the Mobile Cloud
Joe Stanganelli  |  8/16/2018  | 
Persisting problems with identity and access management combined with usability demands are influencing the IAM market. But will enterprise IT step up its IAM game?
IETF Makes Transport Layer Security Version 1.3 Official
Larry Loeb  |  8/15/2018  | 
TLS 1.3 is now the industry standard for secure Internet connections via HTTPS.
Open Source Software Poses a Real Security Threat
Commentary  |  8/15/2018  | 
It's true that open source software has many benefits, but it also has weak points. These four practical steps can help your company stay safer.
Equifax Avoided Fines, but What If ...?
Commentary  |  8/14/2018  | 
Let's imagine the consequences the company would have faced if current laws had been on the books earlier.
DHS: Millions of Smartphones Infected With Severe Embedded Vulnerabilities
Joe Stanganelli  |  8/14/2018  | 
Research from DHS revealed this past week seems to demonstrate that millions of smartphones have deep vulnerabilities allowing for privilege escalation and complete takeover.
The Data Security Landscape Is Shifting: Is Your Company Prepared?
Commentary  |  8/13/2018  | 
New ways to steal your data (and profits) keep cropping up. These best practices can help keep your organization safer.
Microsoft Cortana Vulnerability Can Unlock a Locked Windows PC
Larry Loeb  |  8/13/2018  | 
At Black Hat, researchers showed how a vulnerability in Cortana can unlock a locked Windows PC. Microsoft has patched the flaw, but questions remain.
Artificial Malevolence: Bad Actors Know Computer Science, Too
Alan Zeichick  |  8/13/2018  | 
Artificial intelligence and machine learning have many useful applications in legitimate security prevention. However, the buzz at this year's Black Hat is that bad guys are already catching up.
The Enigma of AI & Cybersecurity
Commentary  |  8/10/2018  | 
We've only seen the beginning of what artificial intelligence can do for information security.
Smart Cities Need to Get Smarter About Cybersecurity
Larry Loeb  |  8/10/2018  | 
At the 2018 Black Hat conference, IBM's X-Force Red and Threatcare found that smart cities are as vulnerable to attack as any enterprise network.
Researchers Show That Code Reuse Links Various North Korean Malware Groups
Jeffrey Burt  |  8/10/2018  | 
Analysts from McAfee and Intezer announced that by reviewing samples, they have found ties between campaigns and threat groups linked to North Korea.
Oh, No, Not Another Security Product
Commentary  |  8/9/2018  | 
Let's face it: There are too many proprietary software options. Addressing the problem will require a radical shift in focus.
Employees Remain the Weak Link in Your Company's Cybersecurity Plans
Larry Loeb  |  8/8/2018  | 
Another report, this time from Finn Partners Research, shows that employees remain the weakest link in the cybersecurity chain.
Breaking Down the PROPagate Code Injection Attack
Commentary  |  8/8/2018  | 
What makes PROPagate unique is that it uses Windows APIs to take advantage of the way Windows subclasses its window events.
Banking Trojans on the Rise in Q2, Kaspersky Report Finds
Jeffrey Burt  |  8/8/2018  | 
Kaspersky Labs saw a record number of new installation packages in the second quarter of this year, with modification to help the malware avoid security solutions.
Shadow IT: Every Company's 3 Hidden Security Risks
Commentary  |  8/7/2018  | 
Companies can squash the proliferation of shadow IT if they listen to employees, create transparent guidelines, and encourage an open discussion about the balance between security and productivity.
Don't Let Your Containers Stray Into Cryptocurrency Mining
Alan Zeichick  |  8/7/2018  | 
Containers were supposed to be safe, until they weren't. With cybercrooks trying to attach cryptocurrency mining malware to containers, there are ways to protect your development environment.
IT Managers: Are You Keeping Up with Social-Engineering Attacks?
Commentary  |  8/6/2018  | 
Increasingly sophisticated threats require a mix of people, processes, and technology safeguards.
Phishing Attacks Increase in Q1 as Cybercrooks Look for New Victims
Larry Loeb  |  8/6/2018  | 
An analysis by APWG saw a significant increase in the number of phishing attacks in the first quarter of this year, as cybercriminals looked for new victims.
Spam at 40: Still a Robust Security Threat in Middle Age
Jeffrey Burt  |  8/6/2018  | 
Four decades after the first such email was sent, attackers are still using spam to deliver their malware.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11583
PUBLISHED: 2020-08-03
A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.
CVE-2020-11584
PUBLISHED: 2020-08-03
A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.
CVE-2020-5770
PUBLISHED: 2020-08-03
Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.01 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
CVE-2020-5771
PUBLISHED: 2020-08-03
Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious backup archive.
CVE-2020-5772
PUBLISHED: 2020-08-03
Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious package file.