News & Commentary

Latest Content
<<   <   Page 2 / 2
Xori Adds Speed, Breadth to Disassembler Lineup
News  |  8/9/2018  | 
A new open source tool, introduced at Black Hat USA, places a priority on speed and automation.
IoT Malware Discovered Trying to Attack Satellite Systems of Airplanes, Ships
News  |  8/9/2018  | 
Researcher Ruben Santamarta shared the details of his successful hack of an in-flight airplane Wi-Fi network and other findings at Black Hat USA today.
Cloud Intelligence Throwdown: Amazon vs. Google vs. Microsoft
News  |  8/9/2018  | 
A closer look at native threat intelligence capabilities built into major cloud platforms and discussion of their strengths and shortcomings.
AWS Employee Flub Exposes S3 Bucket Containing GoDaddy Server Configuration and Pricing Models
News  |  8/9/2018  | 
Publicly accessible S3 bucket included configuration data for tens of thousands of systems, as well as sensitive pricing information.
Weakness in WhatsApp Enables Large-Scale Social Engineering
News  |  8/9/2018  | 
Problem lies in WhatsApp's validation of message parameters and cannot be currently mitigated, Check Point researchers say.
PGA of America Struck By Ransomware
Quick Hits  |  8/9/2018  | 
Hackers provided a Bitcoin wallet number, though no specific ransom amount was demanded, for the return of files.
Dark Reading News Desk Live at Black Hat USA 2018
News  |  8/9/2018  | 
Watch here Wednesday and Thursday, 2 p.m. - 6 p.m. ET to see over 40 live video interviews straight from the Black Hat USA conference in Las Vegas.
Oh, No, Not Another Security Product
Commentary  |  8/9/2018  | 
Let's face it: There are too many proprietary software options. Addressing the problem will require a radical shift in focus.
White Hat to Black Hat: What Motivates the Switch to Cybercrime
News  |  8/8/2018  | 
Almost one in 10 security pros in the US have considered black hat work, and experts believe many dabble in criminal activity for financial gain or employer retaliation.
No, The Mafia Doesn't Own Cybercrime: Study
News  |  8/8/2018  | 
Organized crime does, however, sometimes provide money-laundering and other expertise to cybercriminals.
Researchers Release Free TRITON/TRISIS Malware Detection Tools
News  |  8/8/2018  | 
Team of experts re-creates the TRITON/TRISIS attack to better understand the epic hack of an energy plant that ultimately failed.
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
News  |  8/8/2018  | 
Google engineering director Parisa Tabriz took the Black Hat keynote stage to detail the Chrome transition and share advice with security pros.
10 Threats Lurking on the Dark Web
Slideshows  |  8/8/2018  | 
Despite some high-profile takedowns last year, the Dark Web remains alive and well. Here's a compilation of some of the more prolific threats that loom.
Understanding Firewalls: Build Them Up, Tear Them Down
News  |  8/8/2018  | 
A presentation at Black Hat USA will walk attendees through developing a firewall for MacOS, and then poking holes in it.
Manufacturing Industry Experiencing Higher Incidence of Cyberattacks
News  |  8/8/2018  | 
New report reveals the natural consequences of ignoring the attendant risks of industrial IoT and Industry 4.0.
Breaking Down the PROPagate Code Injection Attack
Commentary  |  8/8/2018  | 
What makes PROPagate unique is that it uses Windows APIs to take advantage of the way Windows subclasses its window events.
Even 'Regular Cybercriminals' Are After ICS Networks
News  |  8/7/2018  | 
A Cybereason honeypot project shows that ordinary cybercriminals are also targeting weakly secured environments.
Expect API Breaches to Accelerate
News  |  8/7/2018  | 
APIs provide the digital glue that binds apps, cloud resources, app services and data all together and they're increasingly an appsec security threat.
Shadow IT: Every Company's 3 Hidden Security Risks
Commentary  |  8/7/2018  | 
Companies can squash the proliferation of shadow IT if they listen to employees, create transparent guidelines, and encourage an open discussion about the balance between security and productivity.
US-CERT Warns of New Linux Kernel Vulnerability
Quick Hits  |  8/7/2018  | 
Patches now available to prevent DoS attack on Linux systems.
Facebook Launches Fizz Library for Dev Speed, Security
Quick Hits  |  8/6/2018  | 
New open source TLS library aims to help developers incorporate speed and security into apps and services.
Google Details Tech Built into Shielded VMs
News  |  8/6/2018  | 
Specialized virtual machines, recently released in beta mode, ensure cloud workloads haven't been compromised.
Salesforce Customer Data Possibly Exposed in API Glitch
Quick Hits  |  8/6/2018  | 
The issue was discovered and fixed on July 18.
IT Managers: Are You Keeping Up with Social-Engineering Attacks?
Commentary  |  8/6/2018  | 
Increasingly sophisticated threats require a mix of people, processes, and technology safeguards.
Spot the Bot: Researchers Open-Source Tools to Hunt Twitter Bots
News  |  8/6/2018  | 
Their goal? To create a means of differentiating legitimate from automated accounts and detail the process so other researchers can replicate it.
Mastering MITRE's ATT&CK Matrix
Slideshows  |  8/6/2018  | 
This breakdown of Mitre's model for cyberattacks and defense can help organizations understand the stages of attack events and, ultimately, build better security.
Dept. of Energy to Test Electrical Grid Against Cyberattacks
Quick Hits  |  8/3/2018  | 
This is the first time the Department of Energy will test the electrical grid's ability to recover from a blackout caused by cyberattacks.
FBI Offers New IoT Security Tips
Quick Hits  |  8/3/2018  | 
A new article from the FBI offers insight into IoT risks and ways to reduce them.
4 Reasons Why Companies Are Failing at Incident Response
Commentary  |  8/3/2018  | 
When it comes to containing the business impacts of a security breach, proper planning is often the difference between success and failure.
Is SMS 2FA Enough Login Protection?
News  |  8/3/2018  | 
Experts say Reddit breach offers a prime example of the risks of depending on one-time passwords sent via text.
Industrial Sector Targeted in Highly Personalized Spear-Phishing Campaign
News  |  8/2/2018  | 
At least 400 companies in Russia have been in the bullseye of new, sophisticated spear-phishing attacks, Kaspersky Lab says.
Cryptojacker Campaign Hits MikroTik Routers
News  |  8/2/2018  | 
More than 200,000 routers hit with a sophisticated cryptomining attack that appears to be spreading.
DEF CON Invites Kids to 'Hack the Election'
Quick Hits  |  8/2/2018  | 
New contest at DEF CON lets kids ages 8 to 16 hunt for vulnerabilities in replicas of states' election-results websites.
Multifactor Acquisition: Cisco Plans to Buy Duo for $2.35B
News  |  8/2/2018  | 
Cisco intends to use Duo's authentication technology to ramp up security across hybrid and multicloud environments.
Power Grid Security: How Safe Are We?
Commentary  |  8/2/2018  | 
Experiencing a power outage? It could have been caused by a hacker or just a squirrel chewing through some equipment. And that's a problem.
6 Ways DevOps Can Supercharge Security
Slideshows  |  8/2/2018  | 
Security teams have a huge opportunity to make major inroads by embracing the DevOps movement.
How GDPR Could Turn Privileged Insiders into Bribery Targets
Commentary  |  8/2/2018  | 
Regulatory penalties that exceed the cost of an extortion payout may lead to a new form of ransomware. These four steps can keep you from falling into that trap.
Feds Indict Three Ukrainians For Cyberattacks on 100+ Companies
News  |  8/1/2018  | 
Dmytro Fedorov, Fedir Hladyr, and Andrii Kolpakov are senior members of the notorious FIN7 cybercrime group, aka the Carbanak Group.
New Chrome Extension Alerts Users to Hacked Sites
News  |  8/1/2018  | 
HackNotice leverages a database of 20,000 hacks to alert users when a site they visit has been compromised.
Reddit Warns Users of Data Breach
Quick Hits  |  8/1/2018  | 
An attacker broke into Reddit systems and accessed user data, email addresses, and a database of hashed passwords from 2007.
UnityPoint Health Reveals 1.4 Million Patient Breach
Quick Hits  |  8/1/2018  | 
The hospital company's second breach this year is far larger than the first.
How AI Could Become the Firewall of 2003
Commentary  |  8/1/2018  | 
An over-reliance on artificial intelligence and machine learning for the wrong uses will create unnecessary risks.
48% of Customers Avoid Services Post-Data Breach
Quick Hits  |  8/1/2018  | 
Nearly all organizations hit with a security incident report a long-term negative impact on both revenue and consumer trust.
5 Steps to Fight Unauthorized Cryptomining
Commentary  |  8/1/2018  | 
This compromise feels like a mere annoyance, but it can open the door to real trouble.
Google Researcher Unpacks Rare Android Malware Obfuscation Library
News  |  8/1/2018  | 
Analysis exposes the lengths malware authors will go to in order to protect their code from disassembly and reverse engineering.
HP Launches Printer Bug Bounty Program
News  |  7/31/2018  | 
Bugcrowd will manage new vulnerability disclosure award program for HP enterprise printers.
DHS Establishes Center For Defense of Critical Infrastructure
News  |  7/31/2018  | 
Center foundational to new government-led 'collective defense' strategy for sharing and responding to cyberthreats, DHS secretary says.
Hundreds of Registry Keys Exposed to Microsoft COM Hijacking
News  |  7/31/2018  | 
Experts believe there could be thousands more in the wild.
Unified Security Data: A Simple Idea to Combat Persistent, Complex Cyberattacks
Commentary  |  7/31/2018  | 
Do you know what happens to your data when it's not in use? If the answer is no, you need to fix that.
Yale Discloses Data Breach
Quick Hits  |  7/31/2018  | 
The university discloses that someone stole personal information a long time ago.
<<   <   Page 2 / 2


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15572
PUBLISHED: 2018-08-20
The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.
CVE-2018-15573
PUBLISHED: 2018-08-20
** DISPUTED ** An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata parameter and a pathname in the lf...
CVE-2018-15574
PUBLISHED: 2018-08-20
** DISPUTED ** An issue was discovered in the license editor in Reprise License Manager (RLM) through 12.2BL2. It is a cross-site scripting vulnerability in the /goform/edit_lf_get_data lf parameter via GET or POST. NOTE: the vendor has stated &quot;We do not consider this a vulnerability.&quot;
CVE-2018-15570
PUBLISHED: 2018-08-20
In waimai Super Cms 20150505, there is stored XSS via the /admin.php/Foodcat/editsave fcname parameter.
CVE-2018-15564
PUBLISHED: 2018-08-20
An issue was discovered in daveismyname simple-cms through 2014-03-11. There is a CSRF vulnerability that can delete any page via admin/?delpage=8.