News & Commentary

Latest Content
Page 1 / 2   >   >>
Nation-State Hacker Group Hijacking DNS to Redirect Email, Web Traffic
News  |  4/17/2019  | 
'Sea Turtle' group has compromised at least 40 national security organizations in 13 countries so far, Cisco Talos says.
VPN Vulnerabilities Point Out Need for Comprehensive Remote Security
News  |  4/17/2019  | 
VPNs are the primary tool for securing remote access, but recently disclosed vulnerabilities point out the weakness of relying on them as the only tool.
Tips for the Aftermath of a Cyberattack
News  |  4/17/2019  | 
Incident response demands technical expertise, but you can't fully recover without non-IT experts.
New Malware Campaign Targets Financials, Retailers
Quick Hits  |  4/17/2019  | 
The attack uses a legitimate remote access system as well as several families of malware.
Legacy Apps: The Security Risk Lurking in Dusty Corners
Commentary  |  4/17/2019  | 
Four best practices to keep old code from compromising your enterprise environment.
Ever-Sophisticated Bad Bots Target Healthcare, Ticketing
News  |  4/17/2019  | 
From criminals to competitors, online bots continue to scrape information from sites and pose as legitimate users.
Inside the Dark Web's How-To Guides for Teaching Fraud
Quick Hits  |  4/17/2019  | 
A new study investigates nearly 30,000 guides to explore what fraudsters sell and teach aspiring cybercriminals.
Selecting the Right Strategy to Reduce Vulnerability Risk
Commentary  |  4/17/2019  | 
There's no one-size-fits-all strategy for eliminating vulnerability risk. Knowing how your organization operates is what makes the difference.
7 Tips for an Effective Employee Security Awareness Program
Slideshows  |  4/17/2019  | 
Breaches and compliance requirements have heightened the need for continuous and effective employee training, security experts say.
Decoding a 'New' Elite Cyber Espionage Team
News  |  4/16/2019  | 
Stealthy and well-heeled hacking group went undetected for five years and wields a massive attack framework of some 80 different modules.
Security Audit Shows Gains, Though Privacy Lags
News  |  4/16/2019  | 
The 2018 Online Trust Audit shows that "encryption everywhere" is improving security, while fuzzy language is slowing privacy gains.
Threat Group Exploits Chrome Bug to Serve Malicious Ads to iOS Users
News  |  4/16/2019  | 
A new exploit developed by eGobbler is allowing it to distribute malvertisementsmore than 500 million to dateat huge scale, Confiant says.
Meet Scranos: New Rootkit-Based Malware Gains Confidence
News  |  4/16/2019  | 
The cross-platform operation, first tested on victims in China, has begun to spread around the world.
Benefiting from Data Privacy Investments
Commentary  |  4/16/2019  | 
GDPR-ready companies experience lower overall costs associated with data breaches, research finds.
IT Outsourcing Firm Wipro Investigates Data Breach
Quick Hits  |  4/16/2019  | 
Employee accounts may have been compromised in a sophisticated phishing campaign.
New Attacks (and Old Attacks Made New)
Commentary  |  4/16/2019  | 
Although new attacks might get the most attention, don't assume old ones have gone away.
Data on Thousands of Law Enforcement Personnel Exposed in Breach
Quick Hits  |  4/15/2019  | 
Unknown hackers broke into databases of nonprofit and have posted online personal info on FBI, Secret Service, Capitol Police, US Park Police, others.
Microsoft Downplays Scope of Email Attack
News  |  4/15/2019  | 
An unknown attacker used a support agent's credentials to access email content belonging to some Outlook, Hotmail users.
New Details Emerge on Windows Zero Day
News  |  4/15/2019  | 
The CVE-2019-0859 vulnerability, patched last week, is the latest in a string of Windows local privilege escalation bugs discovered at Kaspersky Lab.
TRITON Attacks Underscore Need for Better Defenses
News  |  4/15/2019  | 
As attackers focus on cyber-physical systems, companies must improve their visibility into IT system compromises as well as limit actions on operational-technology networks, experts say.
The Single Cybersecurity Question Every CISO Should Ask
Commentary  |  4/15/2019  | 
The answer can lead to a scalable enterprise security solution for years to come.
CERT, CISA Warn of Vuln in at Least 4 Major VPNs
Quick Hits  |  4/12/2019  | 
VPN products by Cisco, Palo Alto Networks, F5 Networks, Pulse Secure, insecurely store session cookies.
This Week in Security Funding: Where the Money Went
News  |  4/12/2019  | 
Predictions for cybersecurity investment in 2019 are holding true with funding announcements from four startups.
Romanians Convicted in Cybertheft Scheme
Quick Hits  |  4/12/2019  | 
Working out of Bucharest since 2007, a pair of criminals infected and controlled more than 400,000 individual computers, mostly in the US.
8 'SOC-as-a-Service' Offerings
Slideshows  |  4/12/2019  | 
These new cloud services seek to help companies figure out what their traditional SIEM alerts mean, plus how they can prioritize responses and improve their security operations.
Home Office Apologizes for EU Citizen Data Exposure
Quick Hits  |  4/12/2019  | 
The Home Office has admitted to compromising private email addresses belonging to EU citizens hoping to settle in the UK.
Cloudy with a Chance of Security Breach
Commentary  |  4/12/2019  | 
Businesses must be aware of the security weaknesses of the public cloud and not assume that every angle is covered.
New 'HOPLIGHT' Malware Appears in Latest North Korean Attacks, Say DHS, FBI
News  |  4/11/2019  | 
The FBI and Department of Homeland Security release malware analysis report, indicators of compromise for nine different executable files.
'Dragonblood' Vulnerabilities Seep Into WPA3 Secure Wifi Handshake
News  |  4/11/2019  | 
A new set of vulnerabilities may put some early adopters of strong Wifi security at greater security risk.
Senate Report on Equifax Raises Questions Ahead of FICO Product Announcement
News  |  4/11/2019  | 
Equifax is slammed in a Senate subcommittee report ahead of the announcement of a joint service with FICO.
Tax Hacks: How Seasonal Scams Cause Yearlong Problems
News  |  4/11/2019  | 
Tax season is marked with malware campaigns, tax fraud, and identity theft, with money and data flowing through an underground economy.
Julian Assange Arrested in London
Quick Hits  |  4/11/2019  | 
The WikiLeaks founder, who was taken from the Ecuadorian Embassy by British police, has been convicted of skipping bail in 2012.
In Security, All Logs Are Not Created Equal
Commentary  |  4/11/2019  | 
Prioritizing key log sources goes a long way toward effective incident response.
Microsoft Patches Are Freezing Older PCs Running Sophos, Avast
Quick Hits  |  4/11/2019  | 
Computers running Sophos or Avast software have been failing to boot following the latest Patch Tuesday update.
When Your Sandbox Fails
Commentary  |  4/11/2019  | 
The sandbox is an important piece of the security stack, but an organization's entire strategy shouldn't rely on its ability to detect every threat. Here's why.
Triton/Trisis Attacks Another Victim
News  |  4/11/2019  | 
FireEye Mandiant incident responders reveal a new attack by the hacking group that previously targeted a petrochemical plant in Saudi Arabia in 2017.
Majority of Hotel Websites Leak Guest Booking Info
News  |  4/10/2019  | 
Third parties such as ad, search engine, and analytics firms often have access to guest name, address, phone numbers, credit cards and other data, Symantec says.
Senate Bill Would Ban Social Networks' Social Engineering Tricks
Quick Hits  |  4/10/2019  | 
Bill takes aim at tactics used to convince people to give up their personal data, designing games that addict kids, and more.
25% of Phishing Emails Sneak into Office 365: Report
News  |  4/10/2019  | 
Researchers analyzed 55.5 million emails and found one out of every 99 messages contains a phishing attack.
New Android Malware Adds Persistence, Targets Australian Banking Customers
News  |  4/10/2019  | 
Malware campaign, which finds and exfiltrates a user's contact list and banking credentials, could potentially grow to global proportions.
Merging Companies, Merging Clouds
Commentary  |  4/10/2019  | 
Integrating cloud environments is anything but easy. Evaluating the security risks in doing so must be a starting component of an overall M&A strategy.
Android Phones Now Double as Physical Security Keys
News  |  4/10/2019  | 
Google debuted a series of security updates at Next 2019, giving users the option to use their phone as a second authentication factor.
Safe Harbor Programs: Ensuring the Bounty Isn't on White Hat Hackers' Heads
Commentary  |  4/10/2019  | 
As crowdsourced security-testing surges in popularity, companies need to implement safe harbor provisions to protect good-faith hackers -- and themselves.
'MuddyWater' APT Spotted Attacking Android
News  |  4/10/2019  | 
Cyber espionage attack group adds mobile malware to its toolset.
Verizon Patches Trio of Vulnerabilities in Home Router
News  |  4/9/2019  | 
One of the flaws gives attackers way to gain root access to devices, Tenable says.
Microsoft Patch Tuesday Fixes Windows Bugs Under Attack
News  |  4/9/2019  | 
The April release of security updates patches 74 vulnerabilities, two of which are being exploited in the wild.
Meet Baldr: The Inside Scoop on a New Stealer
News  |  4/9/2019  | 
Baldr first appeared in January and has since evolved to version 2.2 as attackers aim to build a long-lasting threat.
A New Approach to Application Security Testing
Commentary  |  4/9/2019  | 
If the appsec industry were to develop a better AST solution from scratch, what would it look like?
Craigslist Founder Funds Security Toolkit for Journalists, Elections
News  |  4/9/2019  | 
The free tools will be developed by the Global Cyber Alliance to monitor election infrastructure and processes in the runup to the 2020 Presidential election.
Yahoo Reaches $117.5M Breach Accord Following Failed Settlement
Quick Hits  |  4/9/2019  | 
An adjusted settlement between Yahoo and the victims of its massive data breach is still awaiting approval.
Page 1 / 2   >   >>


When Your Sandbox Fails
Kowsik Guruswamy, Chief Technology Officer at Menlo Security,  4/11/2019
Julian Assange Arrested in London
Dark Reading Staff 4/11/2019
8 'SOC-as-a-Service' Offerings
Steve Zurier, Freelance Writer,  4/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-1840
PUBLISHED: 2019-04-18
A vulnerability in the DHCPv6 input packet processor of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to restart the server and cause a denial of service (DoS) condition on the affected system. The vulnerability is due to incomplete user-supplied input validation when...
CVE-2019-1841
PUBLISHED: 2019-04-18
A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vuln...
CVE-2019-1826
PUBLISHED: 2019-04-18
A vulnerability in the quality of service (QoS) feature of Cisco Aironet Series Access Points (APs) could allow an authenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation on QoS fields within Wi-Fi fra...
CVE-2019-1829
PUBLISHED: 2019-04-18
A vulnerability in the CLI of Cisco Aironet Series Access Points (APs) could allow an authenticated, local attacker to gain access to the underlying Linux operating system (OS) without the proper authentication. The attacker would need valid administrator device credentials. The vulnerability is due...
CVE-2019-1830
PUBLISHED: 2019-04-18
A vulnerability in Locally Significant Certificate (LSC) management for the Cisco Wireless LAN Controller (WLC) could allow an authenticated, remote attacker to cause the device to unexpectedly restart, which causes a denial of service (DoS) condition. The attacker would need to have valid administr...