News & Commentary

Latest Content
Page 1 / 2   >   >>
8 Security Tips for a Hassle-Free Summer Vacation
Slideshows  |  6/23/2018  | 
It's easy to let your guard down when you're away. Hackers know that, too.
New Drupal Exploit Mines Monero for Attackers
Quick Hits  |  6/22/2018  | 
A new exploit of a known vulnerability gives an attacker control of the Drupal-hosting server.
Cracking Cortana: The Dangers of Flawed Voice Assistants
News  |  6/22/2018  | 
Researchers at Black Hat USA will show how vulnerabilities in Microsoft's Cortana highlight the need to balance security with convenience.
'Pay Up or Get WannaCry Hit' Extortion Email Spreading
Quick Hits  |  6/22/2018  | 
Sophos warns of a 'protection racket' scam email that threatens to infect victims with the ransomware variant if they don't pay the attackers.
White House Email Security Faux Pas?
Commentary  |  6/22/2018  | 
The Executive Office of the President isn't complying with the DMARC protocol, but that has fewer implications than some headlines would suggest.
Destructive Nation-State Cyberattacks Will Rise
News  |  6/21/2018  | 
More than 90 percent of respondents in a Tripwire survey in Europe expect attacks by state-sponsored threat actors to increase in the next 12 months.
Four New Vulnerabilities in Phoenix Contact Industrial Switches
Quick Hits  |  6/21/2018  | 
A series of newly disclosed vulnerabilities could allow an attacker to gain control of industrial switches.
Artificial Intelligence & the Security Market
News  |  6/21/2018  | 
A glimpse into how two new products for intrusion detection and entity resolution are using AI to help humans do their jobs.
Click2Gov Breaches Attributed to WebLogic Application Flaw
Quick Hits  |  6/21/2018  | 
At least 10 US cities running Click2Gov software have alerted citizens to a data breach, but it turns out the problem was in the application server.
7 Places Where Privacy and Security Collide
Slideshows  |  6/21/2018  | 
Privacy and security can experience tension at a number of points in the enterprise. Here are seven plus some possibilities for easing the strain.
Templates: The Most Powerful (And Underrated) Infrastructure Security Tool
Commentary  |  6/21/2018  | 
If your team is manually building cloud instances and networks for every application, you're setting yourself up for a data breach.
Microsoft Office: The Go-To Platform for Zero-Day Exploits
News  |  6/21/2018  | 
Malicious Office documents are the weapon of choice among cybercriminals, who use files to access remotely hosted malicious components.
AppSec in the World of 'Serverless'
Commentary  |  6/21/2018  | 
The term 'application security' still applies to 'serverless' technology, but the line where application settings start and infrastructure ends is blurring.
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
News  |  6/20/2018  | 
Hackers are using the infrastructure, meant to transmit data between applications, for command and control.
China-Based Cyber Espionage Campaign Targets Satellite, Telecom, Defense Firms
News  |  6/20/2018  | 
Threat group Thrip is using three computers based in China to steal data from targeted companies in Southeast Asia and the US, Symantec says.
Inside a SamSam Ransomware Attack
Commentary  |  6/20/2018  | 
Here's how hackers use network tools and stolen identities to turn a device-level compromise into an enterprise-level takedown.
Intel VP Talks Data Security Focus Amid Rise of Blockchain, AI
News  |  6/20/2018  | 
Intel vice president Rick Echevarria discusses the challenges of balancing data security with new technologies like blockchain and artificial intelligence.
Alphabet Launches VirusTotal Monitor to Stop False Positives
Quick Hits  |  6/20/2018  | 
Alphabet's Chronicle security division releases VirusTotal Monitor, a tool for developers to check if their product will be flagged as malware.
Improving the Adoption of Security Automation
Commentary  |  6/20/2018  | 
Four barriers to automation and how to overcome them.
The Best and Worst Tasks for Security Automation
Slideshows  |  6/20/2018  | 
As with all new tech, there are good times and and bad times to use it. Security experts share which tasks to prioritize for automation.
Mylobot Malware Brings New Sophistication to Botnets
News  |  6/20/2018  | 
The malware pulls together a variety of techniques to gain a foothold and remain undiscovered.
Most Websites and Web Apps No Match for Attack Barrage
News  |  6/19/2018  | 
The average website is attacked 50 times per day, with small businesses especially vulnerable.
Tesla Employee Steals, Sabotages Company Data
News  |  6/19/2018  | 
The electric carmaker is the victim of an "extensive and damaging" insider attack, says CEO Elon Musk.
'Olympic Destroyer' Reappears in Attacks on Europe, Russia
News  |  6/19/2018  | 
The attack group known for targeting the 2018 Winter Olympics has resurfaced in campaigns against European financial and biochem companies.
How to Prepare for 'WannaCry 2.0'
Commentary  |  6/19/2018  | 
It seems inevitable that a more-powerful follow-up to last year's malware attack will hit sooner or later. You'd better get prepared.
Former CIA Engineer Charged with Theft and Transmission of Classified Info
News  |  6/19/2018  | 
Suspect had reportedly been named in Vault 7 leak to WikiLeaks.
CrowdStrike Secures $200M Funding Round
Quick Hits  |  6/19/2018  | 
The new funding round brings the company's valuation to more than $3 billion.
Cisco CPO: Privacy Is Not About Secrecy or Compliance
News  |  6/19/2018  | 
Michelle Dennedy sat down with Dark Reading at the recent Cisco Live event to set the record straight about privacy, regulation, encryption, and more.
5 Tips for Integrating Security Best Practices into Your Cloud Strategy
Commentary  |  6/19/2018  | 
Do 'cloud-first' strategies create a security-second mindset?
Security Analytics Startup Uptycs Raises $10M in Series A
Quick Hits  |  6/19/2018  | 
This round of funding for Uptycs, which runs an osquery-powered analytics platform, was led by ForgePoint Capital and Comcast Ventures.
Exposed Container Orchestration Systems Putting Many Orgs at Risk
News  |  6/18/2018  | 
More than 22,600 open container orchestration and API management systems discovered on the Internet.
'Wallchart' Phishing Campaign Exploits World Cup Watchers
News  |  6/18/2018  | 
The details on a phishing attack designed to lure soccer fans with a subject line about the World Cup schedule and scoresheet.
Mass. Man Pleads Guilty in ATM Jackpotting Operation
Quick Hits  |  6/18/2018  | 
Citizens Bank ATM and others targeted in the scheme.
F-Secure Buys MWR InfoSecurity
Quick Hits  |  6/18/2018  | 
Finnish endpoint security company buys British security service provider in cash deal.
7 Ways Cybercriminals Are Scamming a Fortune from Cryptocurrencies
Slideshows  |  6/18/2018  | 
Cryptocurrencies, how do hackers love thee? Let us count the ways.
3 Tips for Driving User Buy-in to Security Policies
Commentary  |  6/18/2018  | 
Teaching users why it's important to commit to security controls is a far more effective strategy than simply demanding that they follow them. Here's how.
Trump-Kim Meeting Was a Magnet For Russian Cyberattacks
News  |  6/15/2018  | 
Attacks directed at targets in Singapore went through the roof earlier this week.
Email, Social Media Still Security Nightmares
Quick Hits  |  6/15/2018  | 
Phishing and banking trojans continue to be major threats brought into the enterprise.
Hackers Crack iPhone Defense Built to Block Forensic Tools
Quick Hits  |  6/15/2018  | 
Grayshift, the company behind a system to help police break into iPhones, says it found a workaround for USB Restricted Mode.
Modern Cybersecurity Demands a Different Corporate Mindset
Commentary  |  6/15/2018  | 
Very few organizations have fully incorporated all relevant risks and threats into their current digital strategy, research finds.
Intel Discloses Yet Another Side Channel Vulnerability
News  |  6/14/2018  | 
Moderate severity Lazy FP restore flaw affects Intel Core-based microprocessors.
Demystifying Mental Health in the Infosec Community
News  |  6/14/2018  | 
Security experts talk about burnout, diversity, mental health, and legal issues in a new Community track at Black Hat USA.
Four Faces of Fraud: Identity, 'Fake' Identity, Ransomware & Digital
Commentary  |  6/14/2018  | 
Realizing the wide scope of fraud should be at the top of every business executive's to-do list. Here's some practical advice to help you stay safe.
Kaspersky Lab Freezes Work with Europol in Protest of EU Vote
News  |  6/14/2018  | 
New European Parliament document calls out Kaspersky Lab software as 'malicious' and says it should be banned.
Mobile App Threats Continue to Grow
News  |  6/14/2018  | 
Criminals looking to profit from corporate resources and information keep going after mobile devices, two new reports confirm.
23,000 Compromised in HealthEquity Data Breach
Quick Hits  |  6/14/2018  | 
HealthEquity, which handles more than 3.4 million health savings accounts, was breached when an intruder accessed an employee's email.
Containerized Apps: An 8-Point Security Checklist
Slideshows  |  6/14/2018  | 
Here are eight measures to take to ensure the security of your containerized application environment.
Meet 'Bro': The Best-Kept Secret of Network Security
Commentary  |  6/14/2018  | 
This often overlooked open source tool uses deep packet inspection to transform network traffic into exceptionally useful, real-time data for security operations.
DDoS Amped Up: DNS, Memcached Attacks Rise
News  |  6/13/2018  | 
China and the US are the world's leading sources of distributed denial-of-service botnet attacks.
Blockchain All the Rage But Comes With Numerous Risks
News  |  6/13/2018  | 
Researchers dig into four types of cyberattacks targeting blockchain, how they work, and why early adopters are the easiest targets.
Page 1 / 2   >   >>


'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, Preempt,  6/20/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12697
PUBLISHED: 2018-06-23
A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.
CVE-2018-12698
PUBLISHED: 2018-06-23
demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump.
CVE-2018-12699
PUBLISHED: 2018-06-23
finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.
CVE-2018-12700
PUBLISHED: 2018-06-23
A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion.
CVE-2018-11560
PUBLISHED: 2018-06-23
The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100.