Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content
Page 1 / 2   >   >>
US National Cyber Director: Toward a New Cybersecurity Social Contract
News  |  5/16/2022  | 
In a Black Hat Asia keynote Fireside Chat, US National Cyber Director Chris Inglis outlined his vision of an effective cybersecurity public-private partnership strategy.
CISO Shares Top Strategies to Communicate Security's Value to the Biz
News  |  5/13/2022  | 
In a keynote address at Black Hat Asia in Singapore this week, CISO and former NASA security engineer George Do discussed his go-to model for measuring security effectiveness and getting others in the organization to listen.
Black Hat Asia: Democracy's Survival Depends on Taming Technology
News  |  5/13/2022  | 
The conference opens with stark outlook on the future of global democracy -- currently squeezed between Silicon Valley and China.
Transforming SQL Queries Bypasses WAF Security
News  |  5/12/2022  | 
A team of university researchers finds a machine learning-based approach to generating HTTP requests that slip past Web application firewalls.
Known macOS Vulnerabilities Led Researcher to Root Out New Flaws
News  |  5/12/2022  | 
Researcher shares how he unearthed newer bugs in Apple's operating system by closer scrutiny of previous research, including vulnerabilities that came out of the Pwn2Own competition.
1,000+ Attacks in 2 Years: How the SideWinder APT Sheds Its Skin
News  |  5/5/2022  | 
Researcher to reveal fresh details at Black Hat Asia on a tenacious cyber-espionage group attacking specific military, law enforcement, aviation, and other entities in Central and South Asia.
How to Negotiate With Ransomware Attackers
News  |  11/15/2021  | 
Security researchers investigate the ransom negotiation process to create strategies businesses can use if they face an attack.
Cloud Attack Analysis Unearths Lessons for Security Pros
News  |  11/11/2021  | 
Researchers detail their investigation of a cryptomining campaign stealing AWS credentials and how attackers have evolved their techniques.
What Happens If Time Gets Hacked
News  |  11/11/2021  | 
Renowned hardware security expert raises alarm on the risk and dangers of cyberattackers targeting the current time-synchronization infrastructure.
Hacker-for-Hire Group Spied on More Than 3,500 Targets in 18 Months
News  |  11/10/2021  | 
Russian-speaking "Void Balaur" group's victims include politicians, dissidents, human rights activists, doctors, and journalists, security vendor discloses at Black Hat Europe 2021.
ChaosDB: Researchers Share Technical Details of Azure Flaw
News  |  11/10/2021  | 
Wiz researchers who discovered a severe flaw in the Azure Cosmos DB database discussed the full extent of the vulnerability at Black Hat Europe.
Securing the Public: Who Should Take Charge?
News  |  11/10/2021  | 
International policy expert Marietke Schaake explores the intricacies of protecting the public as governments depend on private companies to build and secure digital infrastructure.
Dark Reading Video News Desk Comes to Black Hat Europe
News  |  11/10/2021  | 
While attendees join Black Hat Europe 2021 virtually and live in London, we bring you prerecorded interviews from remote offices around the world.
Researcher Details Vulnerabilities Found in AWS API Gateway
News  |  11/10/2021  | 
AWS fixed the security flaws that left the API service at risk of so-called HTTP header-smuggling attacks, says the researcher who discovered them.
Free Tool Scans Web Servers for Vulnerability to HTTP Header-Smuggling Attacks
News  |  11/1/2021  | 
A researcher will release an open source tool at Black Hat Europe next week that roots out server weaknesses to a sneaky type of attack.
APTs, Teleworking, and Advanced VPN Exploits: The Perfect Storm
News  |  10/29/2021  | 
A Mandiant researcher shares the details of an investigation into the misuse of Pulse Secure VPN devices by suspected state-sponsored threat actors.
Read Between the Lines: Finding Flaws in EPUB Reading Systems
News  |  10/27/2021  | 
Security researchers who analyzed 97 free EPUB reading applications found half are not compliant with security recommendations.
Who's In Your Wallet? Exploring Mobile Wallet Security
News  |  10/25/2021  | 
Security flaws in contactless payments for transportation systems could lead to fraud for stolen devices, researchers find.
Applying Behavioral Psychology to Strengthen Your Incident Response Team
News  |  10/11/2021  | 
A deep-dive study on the inner workings of incident response teams leads to a framework to apply behavioral psychology principles to CSIRTs.
CyberArk Leads the PAM Omdia Universe
Commentary  |  10/7/2021  | 
With more staff working remotely, privileged access management (or PAM) has never been more important. Market forecasts, drivers, and trends are explored.
Research Highlights Significant Evolution in Email Security
Commentary  |  9/27/2021  | 
Email security is in transition, from on-premises to the cloud, from inline to API-based, and from stand-alone to integrated into XDR. New research from Omdia highlights where the market is today, and where it is heading.
UK MoD Data Breach Shows Cybersecurity Must Protect Both People and Data
Commentary  |  9/22/2021  | 
The UK MoD has failed to protect personally identifiable information (PII) for Afghan interpreters; the incident highlights how avoidable cybersecurity mistakes can have devastating consequences.
FragAttacks Foil 2 Decades of Wireless Security
News  |  8/6/2021  | 
Wireless security protocols have improved, but product vendors continue to make implementation errors that allow a variety of attacks.
Researchers Call for 'CVE' Approach for Cloud Vulnerabilities
News  |  8/6/2021  | 
New research suggests isolation among cloud customer accounts may not be a given -- and the researchers behind the findings issue a call to action for cloud security.
HTTP/2 Implementation Errors Exposing Websites to Serious Risks
News  |  8/5/2021  | 
Organizations that don't implement end-to-end HTTP/2 are vulnerable to attacks that redirect users to malicious sites and other threats, security researcher reveals at Black Hat USA.
CISA Launches JCDC, the Joint Cyber Defense Collaborative
News  |  8/5/2021  | 
"We can't do this alone," the new CISA director told attendees in a keynote at Black Hat USA today.
Incident Responders Explore Microsoft 365 Attacks in the Wild
News  |  8/5/2021  | 
Mandiant experts discuss the novel techniques used to evade detection, automate data theft, and achieve persistent access.
Researchers Find Significant Vulnerabilities in macOS Privacy Protections
News  |  8/5/2021  | 
Attacks require executing code on a system but foil Apple's approach to protecting private data and systems files.
A New Approach to Securing Authentication Systems' Core Secrets
News  |  8/5/2021  | 
Researchers at Black Hat USA explain issues around defending "Golden Secrets" and present an approach to solving the problem.
Organizations Still Struggle to Hire & Retain Infosec Employees: Report
News  |  8/5/2021  | 
Security leaders are challenged to fill application security and cloud computing jobs in particular, survey data shows.
Why Supply Chain Attacks Are Destined to Escalate
News  |  8/5/2021  | 
In his keynote address at Black Hat USA on Wednesday, Matt Tait, chief operating officer at Corellium, called for software platform vendors and security researchers to do their part to thwart the fallout of software supply chain compromises.
New Normal Demands New Security Leadership Structure
News  |  8/2/2021  | 
At the inaugural Omdia Analyst Summit, experts discuss where the past year has created gaps in traditional security strategy and how organizations can fill them.
Multiple Zero-Day Flaws Discovered in Popular Hospital Pneumatic Tube System
News  |  8/2/2021  | 
"PwnedPiper" flaws could allow attackers to disrupt delivery of lab samples or steal hospital employee credentials, new research shows.
8 Security Tools to be Unveiled at Black Hat USA
Slideshows  |  7/28/2021  | 
Security researchers and practitioners share a host of new cyber tools for penetration testing, reverse engineering, malware defense, and more.
Biden Administration Responds to Geopolitical Cyber Threats
Commentary  |  7/23/2021  | 
In response to growing concerns regarding the recent uptick in large-scale, nation-state-backed ransomware attacks on critical infrastructure, the Biden administration is taking new action to tackle the evolving challenges posed by ransomware attacks.
7 Hot Cyber Threat Trends to Expect at Black Hat
Slideshows  |  7/22/2021  | 
A sneak peek of some of the main themes at Black Hat USA next month.
Law Firm for Ford, Pfizer, Exxon Discloses Ransomware Attack
Quick Hits  |  7/19/2021  | 
Campbell Conroy & O'Neil reports the attack affected personal data including Social Security numbers, passport numbers, and payment card data for some individuals.
US Accuses China of Using Criminal Hackers in Cyber Espionage Operations
News  |  7/19/2021  | 
DOJ indicts four Chinese individuals for alleged role in attacks targeting intellectual property, trade secrets belonging to defense contractors, maritime companies, aircraft service firms, and others.
NSO Group Spyware Used On Journalists & Activists Worldwide
Quick Hits  |  7/19/2021  | 
An investigation finds Pegasus spyware, intended for use on criminals and terrorists, has been used in targeted campaigns against others around the world.
7 Ways AI and ML Are Helping and Hurting Cybersecurity
Commentary  |  7/19/2021  | 
In the right hands, artificial intelligence and machine learning can enrich our cyber defenses. In the wrong hands, they can create significant harm.
Breaking Down the Threat of Going All-In With Microsoft Security
Commentary  |  7/19/2021  | 
Limit risk by dividing responsibility for infrastructure, tools, and security.
Researchers Create New Approach to Detect Brand Impersonation
News  |  7/16/2021  | 
A team of Microsoft researchers developed and trained a Siamese Neural Network to detect brand impersonation attacks.
Recent Attacks Lead to Renewed Calls for Banning Ransom Payments
News  |  7/16/2021  | 
While attackers in protected jurisdictions continue to get massive sums for continuing to breach organizations, the ransomware threat will only continue to grow.
4 Future Integrated Circuit Threats to Watch
Commentary  |  7/16/2021  | 
Threats to the supply chains for ICs and other computer components are poised to wreak even more havoc on organizations.
Attackers Exploited 4 Zero-Day Flaws in Chrome, Safari & IE
News  |  7/15/2021  | 
At least two government-backed actors -- including one Russian group -- used the now-patched flaws in separate campaigns, Google says.
State Dept. to Pay Up to $10M for Information on Foreign Cyberattacks
News  |  7/15/2021  | 
The Rewards for Justice program, a counterterrorism tool, is now aimed at collecting information on nation-states that use hackers to disrupt critical infrastructure.
CISA Launches New Website to Aid Ransomware Defenders
Quick Hits  |  7/15/2021  | 
StopRansomware.gov provides information to help organizations protect against, and respond to, ransomware attacks.
Microsoft: Israeli Firm's Tools Used to Target Activists, Dissidents
News  |  7/15/2021  | 
Candiru sold spyware that exploited Windows vulnerabilities and had been used in attacks against dissidents, activists, and journalists.
IoT-Specific Malware Infections Jumped 700% Amid Pandemic
Quick Hits  |  7/15/2021  | 
Gafgyt and Mirai malware represented majority of IoT malware, new data from Zscaler shows.
How to Bridge On-Premises and Cloud Identity
Commentary  |  7/15/2021  | 
Identity fabric, a cloud-native framework, removes the need for multiple, siloed, proprietary identity systems.
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Black Hat USA 2022 Attendee Report
Black Hat attendees are not sleeping well. Between concerns about attacks against cloud services, ransomware, and the growing risks to the global supply chain, these security pros have a lot to be worried about. Read our 2022 report to hear what they're concerned about now.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-2817
PUBLISHED: 2022-08-15
Use After Free in GitHub repository vim/vim prior to 9.0.0212.
CVE-2022-38357
PUBLISHED: 2022-08-15
Improper neutralization of special elements leaves the Eyes of Network Web application vulnerable to an iFrame injection attack, via the url parameter of /module/module_frame/index.php.
CVE-2022-38358
PUBLISHED: 2022-08-15
Improper neutralization of input during web page generation leaves the Eyes of Network web application vulnerable to cross-site scripting attacks at /module/admin_notifiers/rules.php and /module/report_event/indext.php via the parameters rule_notification, rule_name, and rule_name_old, and at /modul...
CVE-2022-38359
PUBLISHED: 2022-08-15
Cross-site request forgery attacks can be carried out against the Eyes of Network web application, due to an absence of adequate protections. An attacker can, for instance, delete the admin user by directing an authenticated user to the URL https://<target-address>/module/admin_user/index.php?...
CVE-2022-28756
PUBLISHED: 2022-08-15
The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.5 contains a vulnerability in the auto update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.