News & Commentary
Latest Content
|
New Encryption Mode Brings Sincerity and Discretion to Low-Cost Android Devices
Adantium, developed by Google, brings communication encryption to bear on storage security.
OkCupid Denies Data Breach Amid Account Hack Complaints
Users on the dating website report hackers breaking into their accounts, changing email addresses, and resetting passwords.
Security Pros Agree Military Should Conduct Offensive Hacking
But it can't operate in a bubble, a new Washington Post study indicates.
What the Government Shutdown Teaches Us about Cybersecurity
As lawmakers face a Friday deadline to prevent the federal government from closing a second time, we examine the cost to the digital domain, both public and private.
US Law Enforcement Busts Romanian Online Crime Operation
Twelve members of 20-person group extradited to US to face charges related to theft of millions via fake ads other scams.
New Zombie 'POODLE' Attack Bred from TLS Flaw
Citrix issues update for encryption weakness dogging the popular security protocol.
6 Reasons to Be Wary of Encryption in Your Enterprise
Encryption can be critical to data security, but it's not a universal panacea.
Malware Campaign Hides Ransomware in Super Mario Wrapper
A newly discovered malware campaign uses steganography to hide GandCrab in a seemingly innocent Mario image.
A Dog's Life: Dark Reading Caption Contest Winners
What do a telephony protocol, butt-sniffing, and multifactor authentication have in common? A John Klossner cartoon! And the winners are ...
We Need More Transparency in Cybersecurity
Security has become a stand-alone part of the corporate IT organization. That must stop, and transparency is the way forward.
Cyberattack Hits Australian Parliament
Officials believe a nation-state is to blame for the incident, which took place Thursday night into Friday morning.
Ransomware Attack Via MSP Locks Customers Out of Systems
Vulnerable plugin for a remote management tool gave attackers a way to encrypt systems belonging to all customers of a US-based MSP.
Carbonite Announces Webroot Purchase
The purchase will add WebRoot's cloud-based security to the cloud-based data backup and recovery platform of Carbonite.
Apple Patches Group FaceTime Flaw
Teenaged Fortnite player gets credit for finding the bug.
4 Payment Security Trends for 2019
Visa's chief risk officer anticipates some positive changes ahead.
Security Bugs in Video Chat Tools Enable Remote Attackers
Lifesize is issuing a hotfix to address vulnerabilities in its enterprise collaboration devices, which could give hackers a gateway into target organizations.
When 911 Goes Down: Why Voice Network Security Must Be a Priority
When there's a DDoS attack against your voice network, are you ready to fight against it?
DDoS Mitigation Pioneer Launches Network Security Startup
Barrett Lyon is co-founder of Netography, which emerged today with $2.6M in seed funding from Andreessen Horowitz.
New Chrome Extension Takes Aim at Password Security
Google adds 'Password Checkup' feature that alerts users if their online credentials have been compromised.
HelpSystems Buys Core Security Assets to Grow Infosec Portfolio
Acquisition will enable it to provide threat detection, pen testing, and other security tools to customers.
Attacks on Automotive Systems Feared Likely
Yet few engineers feel empowered to do anything about them, a survey shows.
Some Airline Flight Online Check-in Links Expose Passenger Data
Several airlines send unencrypted links to passengers for flight check-in that could be intercepted by attackers to view passenger and other data, researchers found.
Google Tackles Gmail Spam with Tensorflow
Tensorflow, Google's open-source machine learning framework, has been used to block 100 million spam messages.
Consumers Care About Security - Sometimes
New RSA Security survey shows a generation gap in concerns over cybersecurity and privacy.
4 Practical Questions to Ask Before Investing in AI
A pragmatic, risk-based approach can help CISOs plan for an efficient, effective, and economically sound implementation of AI for cybersecurity.
Serverless Computing: 'Function' vs. 'Infrastructure' as-a-Service
How much do companies really gain from offloading security duties to the cloud? Let's do the math.
7 Tips for Communicating with the Board
The key? Rather than getting bogged down in the technical details, focus on how a security program is addressing business risk.
Shellbot Crimeware Re-Emerges in Monero Mining Campaign
New attack uses a repurposed version of the Trojan that spreads using Internet Relay Chat.
Cybercriminals Exploit Gmail Feature to Scale Up Attacks
Criminals are taking advantage of Gmail's 'dots don't matter' feature to set up multiple fraudulent accounts on websites, using variations of the same email address, Agari says.
Mitigating the Security Risks of Cloud-Native Applications
While containers can create more secure application development environments, they also introduce new security challenges that affect security and compliance.
New Vulnerabilities Make RDP Risks Far from Remote
More than two dozen vulnerabilities raise the risk of using RDP clients to remotely manage and configure systems.
Over 59K Data Breaches Reported in EU Under GDPR
In addition, 91 reported fines have been imposed since the regulation went into effect last May.
No Sign of 'Material' Nation-State Actor Impact on 2018 US Midterms
That's the conclusion of a classified postmortem report sent to the White House yesterday by Acting Attorney General and DHS Secretary.
Taming the Wild, West World of Security Product Testing
The industry has long needed an open, industry-standard testing framework. NetSecOPEN is working to make that happen.
New Botnet Shows Evolution of Tech and Criminal Culture
Cayosin brings together multiple strands of botnet tech and hacker behavior for a disturbing new threat.
Exposed Consumer Data Skyrocketed 126% in 2018
The number of data breaches dropped overall, but the amount of sensitive records exposed jumped to 446.5 million last year, according to the ITRC.
6 Security Tips Before You Put a Digital Assistant to Work
If you absolutely have to have Amazon Alexa or Google Assistant in your home, heed the following advice.
Researchers Devise New Method of Intrusion Deception for SDN
Team from University of Missouri take wraps off Dolus, a system ‘defense using pretense’ which they say will help defend software-defined networking (SDN)
cloud infrastructure.
Facebook Struggles in Privacy Class-Action Lawsuit
Facebook's privacy disclosures "are quite vague" and should have been made more prominent, a federal judge argued.
IoT Security's Coming of Age Is Overdue
The unique threat landscape requires a novel security approach based on the latest advances in network and AI security.
Nest Hack Leaves Homeowner Sleepless in Chicago
A Chicago-area family's smart home controls were compromised in a hack that has left them feeling vulnerable in their own home.
How Hackers Could Hit Super Bowl LIII
Security threats and concerns abound for the year's biggest football game. What officials and fans can do about it.
KISS, Cyber & the Humble but Nourishing Chickpea
The combination of simple, straightforward, and methodical ingredients are the keys to developing a balanced and well-rounded security program.
Cisco Router Vulnerability Gives Window into Researchers' World
The research around a recent vulnerability shows how researchers follow leads and find unexpected results.
8 Cybersecurity Myths Debunked
The last thing any business needs is a swarm of myths and misunderstandings seeding common and frequent errors organizations of all sizes make in safeguarding data and infrastructure.
Dell, CrowdStrike, Secureworks Join Forces to Secure Endpoints
Dell SafeGuard and Response is geared toward businesses, governments, and schools that may lack resources they need to detect and remediate sophisticated threats.
Airbus Employee Info Exposed in Data Breach
Few details as yet on a cyberattack that hit Airbus' commercial aircraft business.
For a Super Security Playbook, Take a Page from Football
Four key questions to consider as you plan out your next winning security strategy.
Justice Dept. Alerting Victims of North Korean Botnet Infections
US officials disrupt North Korea's Joanap attack infrastructure.
Rubrik Data Leak is Another Cloud Misconfiguration Horror Story
A server security mishap exposed vast stores of data belonging to clients of Rubrik, a security and cloud management firm.
|
White Papers
Video
10 Comments
Current Issue
5 Emerging Cyber Threats to Watch for in 2019Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2019-8980
PUBLISHED: 2019-02-21
PUBLISHED: 2019-02-21
PUBLISHED: 2019-02-21
PUBLISHED: 2019-02-21
PUBLISHED: 2019-02-21
From DHS/US-CERT's National Vulnerability Database CVE-2019-8980
PUBLISHED: 2019-02-21
A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures.
CVE-2019-8979PUBLISHED: 2019-02-21
Koseven through 3.3.9, and Kohana through 3.3.6, has SQL Injection when the order_by() parameter can be controlled.
CVE-2013-7469PUBLISHED: 2019-02-21
Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
CVE-2018-20146PUBLISHED: 2019-02-21
An issue was discovered in Liquidware ProfileUnity before 6.8.0 with Liquidware FlexApp before 6.8.0. A local user could obtain administrator rights, as demonstrated by use of PowerShell.
CVE-2019-5727PUBLISHED: 2019-02-21
Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1.14, and 6.0.x before 6.0.15 and Splunk Light before 6.6.0 has Persistent XSS, aka SPL-138827.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2019 UBM, All rights reserved
Tweet This