Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content
Page 1 / 2   >   >>
VPN Flaw Allows Criminal Access to Everything on Victims' Computers
Quick Hits  |  12/5/2019  | 
Vulnerability in the Aviatrix VPN client, since patched, gives an attacker unlimited access to a breached system.
US Sets $5 Million Bounty For Russian Hacker Behind Zeus Banking Thefts
News  |  12/5/2019  | 
Maksim Yakubets and his crew stole tens of millions using Zeus and Dridex, with victims including Bank of America, Key Bank, GenLabs, and United Dairy, DoJ says.
With Aporeto, Palo Alto Looks Away from the Firewall and Toward the Future
News  |  12/5/2019  | 
Seeing its firewall sales softening, the security vendor makes another acquisition to reorient itself for the cloud era.
SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Commentary  |  12/5/2019  | 
Assessments can be used against your company in court proceedings. Here's how to mitigate this potential risk.
Microsoft Defender ATP Brings EDR Capabilities to macOS
Quick Hits  |  12/5/2019  | 
Mac computers will now have the option to use Microsoft Defender Advanced Threat Protection's endpoint and detection response.
The Human Factor: 5 Reasons Why Cybersecurity Is a People Problem
Commentary  |  12/5/2019  | 
The industry can only go so far in treating security as a challenge that can be resolved only by engineering.
Password-Cracking Teams Up in CrackQ Release
News  |  12/4/2019  | 
The open source platform aims to make password-cracking more manageable and efficient for red teams.
What's in a Botnet? Researchers Spy on Geost Operators
News  |  12/4/2019  | 
The investigation of a major Android banking botnet yields insights about how cybercriminals structure and run an illicit business.
Black Hat Europe Q&A: Understanding the Ethics of Cybersecurity Journalism
News  |  12/4/2019  | 
Investigative journalist Geoff White chats about why now is the right time for his Black Hat Europe Briefing on hackers, journalists, and the ethical ramifications of cybersecurity journalism.
Shades of Shamoon: New Disk-Wiping Malware Targets Middle East Orgs
News  |  12/4/2019  | 
'ZeroCleare' shares some of the same features as its more notorious predecessor, IBM Security says.
(Literally) Put a Ring on It: Protecting Biometric Fingerprints
Quick Hits  |  12/4/2019  | 
Kaspersky creates a prototype ring you can wear on your finger for authentication.
Navigating Security in the Cloud
Commentary  |  12/4/2019  | 
Underestimating the security changes that need to accompany a shift to the cloud could be fatal to a business. Here's why.
Microsoft Issues Advisory for Windows Hello for Business
Quick Hits  |  12/4/2019  | 
An issue exists in Windows Hello for Business when public keys persist after a device is removed from Active Directory, if the AD exists, Microsoft reports.
Attackers Continue to Exploit Outlook Home Page Flaw
News  |  12/4/2019  | 
FireEye issues guidance on locking down Outlook, claiming that security researchers, at least, are able to work around the patch issued by Microsoft.
Application & Infrastructure Risk Management: You've Been Doing It Backward
Commentary  |  12/4/2019  | 
Before getting more scanning tools, think about what's needed to defend your organization's environment and devise a plan to ensure all needed tools can work together productively.
TrickBot Expands in Japan Ahead of the Holidays
News  |  12/3/2019  | 
Data indicates TrickBot operators are modifying its modules and launching widespread campaigns around the world.
When Rogue Insiders Go to the Dark Web
News  |  12/3/2019  | 
Employees gone bad sell stolen company information, sometimes openly touting their companies, researchers say.
What Security Leaders Can Learn from Marketing
Commentary  |  12/3/2019  | 
Employees can no longer be pawns who must be protected all the time. They must become partners in the battle against threats.
Smith & Wesson Is Magecart's Latest Target
Quick Hits  |  12/3/2019  | 
Researchers estimate the gun manufacturer's website was compromised sometime before Black Friday.
Siemens Offers Workarounds for Newly Found PLC Vulnerability
Quick Hits  |  12/3/2019  | 
An undocumented hardware-based special access feature recently found by researchers in Siemens' S7-1200 can be used by attackers to gain control of the industrial devices.
Leveraging the Cloud for Cyber Intelligence
Commentary  |  12/3/2019  | 
How fusing output datasets and sharing information can create a real-time understanding of suspicious activity across your enterprise.
Kali Linux Gets New Desktop Environment & Undercover Theme
News  |  12/2/2019  | 
Updates to pen-testing platform are designed to improve performance and user interface, says Offensive Security, maintainer of the open source project.
DHS to Require Federal Agencies to Set Vulnerability Disclosure Policies
News  |  12/2/2019  | 
The Cybersecurity and Infrastructure Security Agency (CISA) publishes a draft document mandating a vulnerability disclosure policy and a strategy for handling reports of security weaknesses.
StrandHogg Vulnerability Affects All Versions of Android
News  |  12/2/2019  | 
The bug enables malware to pose as any legitimate Android app, letting attackers track messages, photos, credentials, and phone conversations.
Microsoft Fixes Flaw Threatening Azure Accounts
Quick Hits  |  12/2/2019  | 
Researchers detail a bug they found in some of Microsoft's OAuth 2.0 applications.
Cybersecurity Team Holiday Guide: 2019 Gag Gift Edition
Slideshows  |  12/2/2019  | 
Make your favorite security experts laugh with these affordable holiday gifts.
Data from 21M Mixcloud Users Compromised in Breach
Quick Hits  |  12/2/2019  | 
The music streaming service received reports indicating attackers gained unauthorized access to its systems.
3 Modern Myths of Threat Intelligence
Commentary  |  12/2/2019  | 
More intelligence does not lead to more security. Here's why.
SQL Injection Errors No Longer the Top Software Security Issue
News  |  11/27/2019  | 
In newly updated Common Weakness Enumeration (CWE), SQL injection now ranks sixth.
Analysis of Jira Bug Stresses Impact of SSRF in Public Cloud
News  |  11/27/2019  | 
More than 3,100 Jira instances are still vulnerable to a server-side request forgery vulnerability patched in August.
Google Details Its Responses to Cyber Attacks, Disinformation
Quick Hits  |  11/27/2019  | 
Government groups continue to attack user credentials and distribute disinformation according to a new blog post from Google's Threat Analysis Group.
New Free Emulator Challenges Apple's Control of iOS
News  |  11/27/2019  | 
An open-source tool gives researchers and jailbreakers a free option for researching vulnerabilities in the operating system and gives Apple a new headache.
How to Get Prepared for Privacy Legislation
Commentary  |  11/27/2019  | 
All the various pieces of legislation, both in the US and worldwide, can feel overwhelming. But getting privacy basics right is a solid foundation.
Practical Principles for Security Metrics
Commentary  |  11/27/2019  | 
A proactive approach to cybersecurity requires the right tools, not more tools.
7 Ways to Hang Up on Voice Fraud
Slideshows  |  11/27/2019  | 
Criminals are coming at us from all direction, including our phones. Don't answer that next call without reading this tips first.
The Implications of Last Week's Exposure of 1.2B Records
News  |  11/26/2019  | 
Large sums of organized data, whether public or private, are worth their weight in gold to cybercriminals.
An Alarming Number of Software Teams Are Missing Cybersecurity Expertise
News  |  11/26/2019  | 
The overwhelming majority of developers worry about security and consider it important, yet many lack a dedicated cybersecurity leader.
'Dexphot': A Sophisticated, Everyday Threat
News  |  11/26/2019  | 
Though the cryptominer has received little attention, it exemplifies the complexity of modern malware, Microsoft says.
On the Border Warns of Data Breach
Quick Hits  |  11/26/2019  | 
Malware on a payment system could have stolen credit card info from customers in 28 states, according to the company.
DDoS: An Underestimated Threat
Commentary  |  11/26/2019  | 
Distributed denial-of-service (DDoS) attacks have become more common, more powerful, and more useful to attackers. Here's how to fight back.
NYPD Pulls Fingerprint Database Offline Due to Ransomware Scare
Quick Hits  |  11/26/2019  | 
An infected minicomputer distributed an unidentified threat to 23 machines connected to the LiveScan fingerprint tracking system.
5 Ways to Champion and Increase Your 2020 Security Budget
Commentary  |  11/26/2019  | 
Give your organization's leadership an impactful, out-of-office experience so they know what's at stake with their budgeting decisions.
Tushu, Take Twoshu: Malicious SDK Reappears in Google Play
News  |  11/25/2019  | 
Months after the Tushu SDK was found infecting Android apps on Google Play, its operators are back with new evasive techniques.
Most Organizations Have Incomplete Vulnerability Information
News  |  11/25/2019  | 
Companies that rely solely on CVE/NVD are missing 33% of disclosed flaws, Risk Based Security says.
T-Mobile Prepaid Hit by Significant Data Breach
Quick Hits  |  11/25/2019  | 
The breach, estimated to have affected more than a million customers, came from malicious external actors.
They See You When You're Shopping: Holiday Cybercrime Starts Early
Quick Hits  |  11/25/2019  | 
Researchers notice year-end phishing attacks starting in July and ramping up in September.
Time to Warn Users About Black Friday & Cyber Monday Scams
Commentary  |  11/25/2019  | 
Warn your employees to avoid the inevitable scams associated with these two "holidays," or you risk compromising your company's network.
Researchers Explore How Mental Health Is Tracked Online
News  |  11/22/2019  | 
An analysis of popular mental health-related websites revealed a vast number of trackers, many of which are used for targeted advertising.
Target Seeks $74M in Data Breach Reimbursement from Insurance Company
Quick Hits  |  11/22/2019  | 
The funds would cover some of the money Target paid to reimburse financial institutions for credit card replacement after the 2013 breach.
Black Hat Europe Q&A: Unveiling the Underground World of Anti-Cheats
News  |  11/22/2019  | 
Security consultant Joel Noguera describes how he got involved in testing anti-cheat software security, and what to expect from his upcoming Black Hat Europe talk.
Page 1 / 2   >   >>


Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "The security team seem to be taking SiegeWare seriously" 
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-1114
PUBLISHED: 2019-12-05
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php.
CVE-2012-1115
PUBLISHED: 2019-12-05
A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.
CVE-2012-1592
PUBLISHED: 2019-12-05
A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.
CVE-2019-16770
PUBLISHED: 2019-12-05
A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough.
CVE-2019-19609
PUBLISHED: 2019-12-05
The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function.