Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content
Page 1 / 2   >   >>
Tor Weaponized to Steal Bitcoin
Quick Hits  |  10/18/2019  | 
A years-long campaign targets users of Russian darknet markets with a modified install of a privacy-oriented browser.
In A Crowded Endpoint Security Market, Consolidation Is Underway
News  |  10/18/2019  | 
Experts examine the drivers pushing today's endpoint security market to consolidate as its many players compete to meet organizations' changing demands and transition to the cloud.
CenturyLink Customer Data Exposed
Quick Hits  |  10/18/2019  | 
Customer names, addresses, email addresses, and phone numbers were left open on a MongoDB server for 10 months, researchers report.
SOC Puppet: Dark Reading Caption Contest Winners
Commentary  |  10/18/2019  | 
Social engineering, SOC analysts, and Sock puns. And the winners are:
Older Amazon Devices Subject to Old Wi-Fi Vulnerability
Quick Hits  |  10/17/2019  | 
The vulnerability in first-generation Echoes and eight-generation Kindles lets an attacker wage man-in-the-middle attacks.
Debug Feature in Web Dev Tool Exposed Trump Campaign Site, Others to Attack
News  |  10/17/2019  | 
The problem is not with the tool itself but with how some developers and administrators are using it, Comparitech says.
Phishing Campaign Targets Stripe Credentials, Financial Data
News  |  10/17/2019  | 
Attackers make use of an old trick and evade detection by blocking users from viewing an embedded link when hovering over the URL.
State of SMB Insecurity by the Numbers
Slideshows  |  10/17/2019  | 
SMBs still perceive themselves at low risk from cyberthreats in spite of attack statistics that paint a different pictur
Smart Prevention: How Every Enterprise Can Create Human Firewalls
Commentary  |  10/17/2019  | 
Organizations of all sizes should include both human firewalls and virtual tools in their cybersecurity budgets.
Yahoo Breach Victims May Qualify for $358 Payout
Quick Hits  |  10/17/2019  | 
Pending approval of the settlement, affected account holders may be eligible for a payout or two years of free credit monitoring.
Cozy Bear Emerges from Hibernation to Hack EU Ministries
News  |  10/17/2019  | 
The cyber-espionage group, linked to Russia and blamed for hacking the Democratic National Committee in 2016, has been using covert communications and other techniques to escape detection for at least two years.
Data Privacy Protections for the Most Vulnerable Children
Commentary  |  10/17/2019  | 
The business case for why companies that respect the privacy of individuals, and especially minors, will have a strong competitive advantage.
Typosquatting Websites Proliferate in Run-up to US Elections
News  |  10/16/2019  | 
People who mistype the URL for their political candidate or party's website could end up on an opposing party or candidate's website, Digital Shadow's research shows.
SailPoint Buys Orkus and OverWatchID to Strengthen Cloud Access Governance
Quick Hits  |  10/16/2019  | 
The $37.5 million acquisitions will boost SailPoint's portfolio across all cloud platforms.
Schadenfreude Is a Bad Look & Other Observations About Recent Disclosures
Commentary  |  10/16/2019  | 
The debate about whether Android or iOS is the more inherently secure platform misses the larger issues that both platforms are valuable targets and security today is no guarantee of security tomorrow.
Google Cloud Launches Security Health Analytics in Beta
Quick Hits  |  10/16/2019  | 
The tool is designed to help identify misconfigurations and compliance violations in the Google Cloud Platform.
Cryptojacking Worm Targets and Infects 2,000 Docker Hosts
News  |  10/16/2019  | 
Basic and 'inept' worm managed to compromise Docker hosts by exploiting misconfigurations.
Federal CIOs Zero In on Zero Trust
Commentary  |  10/16/2019  | 
Here's how federal CIOs can begin utilizing the security concept and avoid predictable obstacles.
Sodinokibi Ransomware: Where Attackers' Money Goes
News  |  10/15/2019  | 
Researchers following the ransomware variant uncover new data on how much its affiliates earn and where they spend it.
Targeted Ransomware Attacks Show No Signs of Abating
News  |  10/15/2019  | 
Criminals are becoming more sophisticated and targeted in going after enterprise organizations, a new Q2/Q3 report finds.
IoT Attacks Up Significantly in First Half of 2019
Quick Hits  |  10/15/2019  | 
New research shows attacks increased ninefold year-over-year, coming from more than a quarter-million unique IP addresses.
More Breaches, Less Certainty Cause Dark Web Prices to Plateau
News  |  10/15/2019  | 
New research finds it's now less than $10 for full credit details on a consumer, $100 for a distributed denial-of-service attack, and $50 for access to a US bank account.
5 Steps to Protect Against Ransomware Attacks
Commentary  |  10/15/2019  | 
Paying a ransom is strongly discouraged by experts. So, how do you protect your organization?
Symantec Adds Endpoint Security Tool to Revamp Portfolio
Quick Hits  |  10/15/2019  | 
Symantec Endpoint Security aims to deliver protection, detection, threat hunting, and response in a single tool.
Why Bricking Vulnerable IoT Devices Comes with Unintended Consequences
Commentary  |  10/15/2019  | 
Infosec vigilantism can cause serious harm in the era of industrial IoT and connected medical devices.
Sophos for Sale: Thoma Bravo Offers $3.9B
News  |  10/14/2019  | 
Sophos' board of directors plans to unanimously recommend the offer to the company's shareholders.
Cyber Theft, Humint Helped China Cut Corners on Passenger Jet
News  |  10/14/2019  | 
Beijing likely saved a lot of time and billions of dollars by copying components for its C919 plane from others, a new report from CrowdStrike says.
Pitney Bowes Hit by Ransomware
Quick Hits  |  10/14/2019  | 
The attack does not appear to have endangered customer data, but it has had an impact on orders for supplies and postage refills.
Tamper Protection Arrives for Microsoft Defender ATP
Quick Hits  |  10/14/2019  | 
The feature, designed to block unauthorized changes to security features, is now generally available.
When Using Cloud, Paranoia Can Pay Off
News  |  10/14/2019  | 
Journalists are increasingly concerned about what cloud providers may access or share with governments - and companies should worry as well.
The Connected Cybercrime Ecosystem & the Impact of the Capital One Breach
Commentary  |  10/14/2019  | 
A company's security battle is not between that company and a specific fraudster; rather, it's between the company and connected cybercriminal ecosystem.
Click2Mail Suffers Data Breach
Quick Hits  |  10/11/2019  | 
Mail provider discovered customer data being used in spam messages.
7 SMB Security Tips That Will Keep Your Company Safe
Slideshows  |  10/11/2019  | 
With National Cybersecurity Awareness Month as a backdrop, industry leaders weigh in on how SMBs can more effectively protect themselves from cyberattacks.
FBI: Phishing Can Defeat Two-Factor Authentication
Quick Hits  |  10/11/2019  | 
A recent Privacy Industry Notification points to two new hacker tools that can turn a victim's browser into a credential-stealing zombie.
Close the Gap Between Cyber-Risk and Business Risk
Commentary  |  10/11/2019  | 
Four steps outlining how security teams can better understand their company's cyber-risk and demonstrate to company leadership what's being done to mitigate the resulting business risk.
iTunes Zero-Day Exploited to Deliver BitPaymer
News  |  10/10/2019  | 
The ransomware operators targeted an "unquoted path" vulnerability in iTunes for Windows to evade detection and install BitPaymer.
AppSec 'Spaghetti on the Wall' Tool Strategy Undermining Security
News  |  10/10/2019  | 
At many organizations, the attitude to securing software appears to be throwing a lot of technology at the problem, a new study finds.
Imperva Details Response to Customer Database Exposure
Quick Hits  |  10/10/2019  | 
The cloud security's CEO and CTO lay out the timeline of events and the steps customers should take to protect their accounts.
Akamai Snaps Up ChameleonX to Tackle Magecart
Quick Hits  |  10/10/2019  | 
The Israel-based ChameleonX aims to protect websites from cyberattacks targeting payment data.
How to Think Like a Hacker
Commentary  |  10/10/2019  | 
In the arms race of computer security, it's never been more important to develop an adversarial mindset that can identify assumptions and determine if and how they can be violated.
Attackers Hide Behind Trusted Domains, HTTPS
News  |  10/10/2019  | 
One in four malicious URLs employed a legitimate domain, making it more difficult for potential victims to spot possible dangers, a mid-year report finds.
Magecart Attack on Volusion Highlights Supply Chain Dangers
News  |  10/10/2019  | 
Attackers compromised Volusion's Google Cloud environment to load malicious skimmer code onto more than 6,500 customer sites.
Network Security Must Transition into the Cloud Era
Commentary  |  10/10/2019  | 
An integrated approach is the best way to provide organizations with the tools they need to decrease the attack surface and use strong security controls.
Virginia a Hot Spot For Cybersecurity Jobs
News  |  10/9/2019  | 
State has highest number of people in information security roles and the most current job openings, Comparitech study finds.
Security Tool Sprawl Reaches Tipping Point
News  |  10/9/2019  | 
How a new open source initiative for interoperable security tools and a wave of consolidation could finally provide some relief for overwhelmed security analysts and SOCs.
USB Drive Security Still Lags
Quick Hits  |  10/9/2019  | 
While USB drives are frequent pieces of business hardware, a new report says that one-third of US businesses have no policy governing their use.
A Realistic Threat Model for the Masses
Commentary  |  10/9/2019  | 
For many people, overly restrictive advice about passwords and other security practices is doing more harm than good. Here's why.
Twitter Slip-Up Spills MFA Phone Numbers, Emails to Advertisers
Quick Hits  |  10/9/2019  | 
Email addresses and phone numbers provided to secure user accounts were accidentally shared with marketers.
How the Software-Defined Perimeter Is Redefining Access Control
Commentary  |  10/9/2019  | 
In a world where traditional network boundaries no longer exist, VPNs are showing their age.
Microsoft Issues 9 Critical Security Patches
News  |  10/8/2019  | 
None of the total 59 patches were for previously known vulnerabilities nor are any under active attack, Microsoft reports.
Page 1 / 2   >   >>


Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18217
PUBLISHED: 2019-10-21
ProFTPD before 1.3.6b and 1.3.7rc before 1.3.7rc2 allows remote unauthenticated denial-of-service due to incorrect handling of overly long commands because main.c in a child process enters an infinite loop.
CVE-2019-16862
PUBLISHED: 2019-10-21
Reflected XSS in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 allows a remote attacker to execute arbitrary code in the context of a user's session via the pid parameter.
CVE-2019-17409
PUBLISHED: 2019-10-21
Reflected XSS exists in interface/forms/eye_mag/view.php in OpenEMR 5.x before 5.0.2.1 ia the id parameter.
CVE-2019-10715
PUBLISHED: 2019-10-21
There is Stored XSS in Verodin Director before 3.5.4.0 via input fields of certain tooltips, and on the Tags, Sequences, and Actors pages.
CVE-2019-10716
PUBLISHED: 2019-10-21
An Information Disclosure issue in Verodin Director 3.5.3.1 and earlier reveals usernames and passwords of integrated security technologies via a /integrations.json JSON REST API request.