Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content
<<   <   Page 2 / 2
GDPR Drives Changes, but Privacy by Design Proves Elusive
News  |  5/15/2019  | 
One year later, the EU mandate's biggest impact has been to focus more attention on data protection and privacy, security analysts say.
New Intel Vulnerabilities Bring Fresh CPU Attack Dangers
News  |  5/15/2019  | 
Four newly discovered vulns from the speculative-execution family bring Meltdown-like threats to Intel's processors.
Attackers Are Messing with Encryption Traffic to Evade Detection
News  |  5/15/2019  | 
Unknown groups have started tampering with Web traffic encryption, causing the number of fingerprints for connections using Transport Layer Security to jump from 19,000 to 1.4 billion in less than a year.
Microsoft Builds on Decentralized Identity Vision
News  |  5/15/2019  | 
The company elaborates on its plan to balance data control between businesses and consumers by giving more autonomy to individuals.
Introducing the Digital Transformation Architect
Commentary  |  5/15/2019  | 
Bet-the-company transformation that expands the attack surface requires close alignment and leadership across executive, IT and security teams.
Two Ransomware Recovery Firms Typically Pay Hackers
Quick Hits  |  5/15/2019  | 
Companies promising the safe return of data sans ransom payment secretly pass Bitcoin to attackers and charge clients added fees.
Windows 10 Migration: Getting It Right
Commentary  |  5/15/2019  | 
The transition to Windows 10 doesn't need to be a sprint. Organizations can still take advantage of the security in Windows 7 while gaining added management flexibility from the newer OS.
Website Attack Attempts Rose by 69% in 2018
News  |  5/14/2019  | 
Millions of websites have been compromised, but the most likely malware isn't cyptomining: it's quietly stealing files and redirecting traffic, a new Sitelock report shows.
Resolution Requires Cybersecurity Training for Members of Congress
Quick Hits  |  5/14/2019  | 
A bipartisan resolution would mandate IT and cybersecurity training for all members of Congress, their staff, and employees.
Commercial Spyware Uses WhatsApp Flaw to Infect Phones
News  |  5/14/2019  | 
A single flaw allowed attackers thought to be linked to a government to target human rights workers and install surveillance software by sending a phone request. The victims did not even have to answer.
Uniqlo Parent Company Says Hack Compromised 461,091
Quick Hits  |  5/14/2019  | 
Fast Retailing Co. reports cyberattackers accessed accounts registered to its Japanese Uniqlo and GU brand websites.
Baltimore Ransomware Attack Takes Strange Twist
News  |  5/14/2019  | 
Tweet suggests possible screenshot of stolen city documents and credentials in the wake of attack that took down city servers last week.
Microsoft Patches Wormable Vuln in Windows 7, 2003, XP, Server 2008
News  |  5/14/2019  | 
Microsoft releases security updates for some out-of-support systems to fix a bug that could be weaponized as a worm if exploited.
Missing in Action: Cybersecurity Professionals
Commentary  |  5/14/2019  | 
Just as every organization security team's needs are unique, so are the reasons for the shortage of candidates for open positions. Here are five strategies to help you close the gap.
Effective Pen Tests Follow These 7 Steps
Slideshows  |  5/14/2019  | 
Third-party pen tests are part of every comprehensive security plan. Here's how to get the most from this mandatory investment.
Why AI Will Create Far More Jobs Than It Replaces
Commentary  |  5/14/2019  | 
Just as spreadsheets and personal computers created a job boom in the '70s, so too will artificial intelligence spur security analysts' ability to defend against advanced threats.
Korean APT Adds Rare Bluetooth Device-Harvester Tool
News  |  5/13/2019  | 
ScarCruft has evolved into a skilled and resourceful threat group, new research shows.
Thrangrycat Claws Cisco Customer Security
Quick Hits  |  5/13/2019  | 
A linked pair of vulnerabilities could allow an attacker to take over many different types of Cisco networking components.
LockerGoga, MegaCortex Ransomware Share Unlikely Traits
News  |  5/13/2019  | 
New form of ransomware MegaCortex shares commonalities with LockerGoga, enterprise malware recently seen in major cyberattacks.
Attacks on JavaScript Services Leak Info From Websites
News  |  5/13/2019  | 
Three marketing tools, including the Best Of The Web security logomark, were compromised in supply chain attacks, allegedly leaving website customers leaking their users' sensitive information.
Poorly Configured Server Exposes Most Panama Citizens' Data
Quick Hits  |  5/13/2019  | 
Compromised information includes full names, birth dates, national ID numbers, medical insurance numbers, and other personal data.
78% of Consumers Say Online Companies Must Protect Their Info
News  |  5/13/2019  | 
Yet 68% agree they also must do more to protect their own information.
How Open Testing Standards Can Improve Security
Commentary  |  5/13/2019  | 
When creating security metrics, it's critical that test methodologies cover multiple scenarios to ensure that devices perform as expected in all environments.
Demystifying the Dark Web: What You Need to Know
Slideshows  |  5/10/2019  | 
The Dark Web and Deep Web are not the same, neither is fully criminal, and more await in this guide to the Internet's mysterious corners.
Microsoft SharePoint Bug Exploited in the Wild
Quick Hits  |  5/10/2019  | 
A number of reports show CVE-2019-0604 is under active attack, Alien Labs researchers say.
How We Collectively Can Improve Cyber Resilience
Commentary  |  5/10/2019  | 
Three steps you can take, based on Department of Homeland Security priorities.
Symantec CEO Greg Clark Steps Down
Quick Hits  |  5/10/2019  | 
Exec shake-up comes amid earnings drop in financial report.
Hackers Still Outpace Breach Detection, Containment Efforts
News  |  5/10/2019  | 
Research shows time to discovery and containment of breaches slowly shrinking, but attackers don't need a very big window to do a lot of damage.
Data Dump Purportedly Reveals Details on Previously Unknown Iranian Threat Group
News  |  5/9/2019  | 
Rana targets airline companies and others in well-planned, well-researched attacks, Israel's ClearSky says.
US DoJ Indicts Chinese Man for Anthem Breach
News  |  5/9/2019  | 
Fujie Wang allegedly worked as part of a hacking team out of China that stole information on nearly 80 million Americans in the massive healthcare breach.
Nation-State Breaches Surged in 2018: Verizon DBIR
News  |  5/9/2019  | 
The source of breaches has fluctuated significantly over the past nine years, but organized crime has almost always topped nation-state actors each year. The gap narrowed significantly in 2018, according to the annual report.
How the Skills Gap Strains and Constrains Security Pros
News  |  5/9/2019  | 
New ISSA/ESG survey underscores increasing pressures and security fallout of a strapped security team.
New Initiative Aims to Fast-Track Women into Cybersecurity Careers
Quick Hits  |  5/9/2019  | 
'100 Women in 100 Days' is a career development program made possible by a $160,000 gift from Craig Newmark Philanthropies.
How to Close the Critical Cybersecurity Talent Gap
Commentary  |  5/9/2019  | 
If we don't change our ways, the gap will keep getting worse. Outside-the-box thinking and new techniques are required, and here are a few ways to get started.
Sectigo Buys Icon Labs to Expand IoT Security Platform
Quick Hits  |  5/9/2019  | 
End-to-end IoT security product aims to give manufacturers, systems integrators, and businesses a means to harden device security.
Fighting Back Against Tech-Savvy Fraudsters
Commentary  |  5/9/2019  | 
Staying a step ahead requires moving beyond the security techniques of the past.
2018 Arrests Have Done Little to Stop Marauding Threat Group
News  |  5/8/2019  | 
In fact, FIN7's activities only appear to have broadened, according to a new report.
DeepDotWeb Operators Indicted, Website Seized by the FBI
Quick Hits  |  5/8/2019  | 
Defendants allegedly earned kickbacks for sales of illegal contraband, including hacking tools and malicious code.
Social Engineering Slams the C-Suite: Verizon DBIR
News  |  5/8/2019  | 
Criminals are also going after cloud-based email accounts, according to Verizon's '2019 Data Breach Investigations Report.'
FBI: Cybercrime Losses Doubled in 2018
Commentary  |  5/8/2019  | 
The world has embraced digital technology, but cybercrime is putting a serious dent in corporate finances, the FBI finds.
The Fine Line of Feedback: 6 Tips for Talking to Security Pros
Commentary  |  5/8/2019  | 
Feedback is a two-way street in terms of giving, receiving, and knowing how to give and receive.
US States with the Worst Consumer Cyber-Hygiene
Quick Hits  |  5/8/2019  | 
Ranking based on consumers' cybersecurity practices - or lack thereof.
Baltimore City Network Struck with Ransomware Attack
Quick Hits  |  5/7/2019  | 
Government employees are working to determine the source and severity of a cyberattack that forced most city servers offline.
Orgs Are Quicker to Disclose Breaches Reported to Them Via External Sources
News  |  5/7/2019  | 
Companies that find a breach on their own take substantially longer to report a breach, a new analysis shows.
How a Chinese Nation-State Group Reverse-Engineered NSA Attack Tools
News  |  5/7/2019  | 
New Symantec research shows how the Buckeye group captured an exploit and backdoor used by the National Security Agency and deployed them on other victims.
The Dark Web Is Smaller Than You Think
News  |  5/7/2019  | 
The number of live, accessible .onion sites amounts to less than 0.005% of surface web domains, researchers report.
The Big E-Crime Pivot
Commentary  |  5/7/2019  | 
Criminals have begun to recognize that enterprise ransomware offers tremendous financial advantage over the more traditional tactics of wire fraud and account takeover.
Better Behavior, Better Biometrics?
Commentary  |  5/7/2019  | 
Behavioral biometrics is a building block to be used in conjunction with other security measures, but it shows promise.
Russian Nation-State Group Employs Custom Backdoor for Microsoft Exchange Server
News  |  5/7/2019  | 
Turla hacking team abuses a legitimate feature of the Exchange server in order to hide out and access all of the target organization's messages.
Attackers Add a New Spin to Old Scams
News  |  5/6/2019  | 
Scammers are figuring out unique ways of abusing cloud services to make their attacks look more genuine, Netskope says.
<<   <   Page 2 / 2


97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I told you we should worry abit more about vendor lock-in.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7068
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7069
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7070
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7071
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2019-7072
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .