News & Commentary

Latest Content
<<   <   Page 2 / 2
IT Pros Worried About IoT But Not Prepared to Secure It
News  |  5/16/2018  | 
Few organizations have a security policy in place for Internet of Things devices, new survey shows.
US Government Cybersecurity at a Crossroads
News  |  5/15/2018  | 
Trump reportedly kills cybersecurity coordinator position, while many agencies continue to play catch-up in their defenses.
25% of Businesses Targeted with Cryptojacking in the Cloud
News  |  5/15/2018  | 
New public cloud security report detects a spike in cryptojacking, mismanaged cloud storage, account takeover, and major patches getting overlooked.
Kaspersky Lab to Move Some Core Operations to Switzerland
News  |  5/15/2018  | 
Most customer data storage and processing, software assembly, and threat detection updates will be based in Zurich.
Don't Roll the Dice When Prioritizing Vulnerability Fixes
News  |  5/15/2018  | 
CVSS scores alone are ineffective risk predictors - modeling for likelihood of exploitation also needs to be taken into account.
Feds Name Suspect in CIA 'Vault 7' Hacking Tool Leak
Quick Hits  |  5/15/2018  | 
Ex-CIA employee in jail for unrelated charges at this time.
Taming the Chaos of Application Security: 'We Built an App for That'
Commentary  |  5/15/2018  | 
Want to improve the state of secure software coding? Hide the complexity from developers.
Rail Europe Notifies Riders of Three-Month Data Breach
Quick Hits  |  5/15/2018  | 
Rail Europe North America alerts customers to a security incident in which hackers planted card-skimming malware on its website.
New DDoS Attack Method Leverages UPnP
News  |  5/15/2018  | 
'Lock down UPnP routers,' researchers say.
Smashing Silos and Building Bridges in the IT-Infosec Divide
News  |  5/14/2018  | 
A strong relationship between IT and security leads to strong defense, but it's not always easy getting the two to collaborate.
'EFAIL' Email Encryption Flaw Research Stirs Debate
News  |  5/14/2018  | 
A newly revealed vulnerability in email encryption is a big problem for a small subset of users.
Shadow IoT Devices Pose a Growing Problem for Organizations
News  |  5/14/2018  | 
An Infoblox survey shows many companies have thousands of non-business Internet of Things devices connecting to their network daily.
Facebook Suspends 200 Apps
Quick Hits  |  5/14/2018  | 
Thousands of apps have been investigated as Facebook determines which had access to large amounts of user data before its 2014 policy changes.
Chili's Suffers Data Breach
Quick Hits  |  5/14/2018  | 
The restaurant believes malware was used to collect payment card data including names and credit or debit numbers.
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
Commentary  |  5/14/2018  | 
There's a major disconnect between Internet of Things governance and risk management, according to a new report. Follow these five steps to address the risks.
Proofpoint Sounds Warning on Vega Stealer Targeted Data Theft Campaign
News  |  5/11/2018  | 
Marketing, PR, and advertising firms are among those being targeted.
Gandcrab Ransomware Exploits Website Vulnerabilities
News  |  5/11/2018  | 
Researchers find campaigns distributing Gandcrab by hosting malware on legitimate websites with poor security measures.
Hide and Seek Brings Persistence to IoT Botnets
News  |  5/11/2018  | 
The rapidly evolving Hide and Seek botnet is now persistent on a wide range of infected IoT devices.
Newly Released Russian Facebook Ads Show Scale of Manipulation
Quick Hits  |  5/11/2018  | 
House Democrats this week released 3,500 Facebook ads demonstrating the extent of Russia's influence on US citizens from 2015 to 2017.
8 Ways Hackers Can Game Air Gap Protections
Slideshows  |  5/11/2018  | 
Isolating critical systems from connectivity isn't a guarantee they can't be hacked.
The New Security Playbook: Get the Whole Team Involved
Commentary  |  5/11/2018  | 
Smart cybersecurity teams are harnessing the power of human intelligence so employees take the right actions.
Author of TreasureHunter PoS Malware Releases Its Source Code
News  |  5/10/2018  | 
Leak gives threat actors a way to build newer, nastier versions of the point-of-sale malware, Flashpoint says.
Phishing Attack Bypasses Two-Factor Authentication
News  |  5/10/2018  | 
Hacker Kevin Mitnick demonstrates a phishing attack designed to abuse multi-factor authentication and take over targets' accounts.
17 Zero-Days Found & Fixed in OPC-UA Industrial Protocol Implementations
Quick Hits  |  5/10/2018  | 
Vulnerabilities in the framework used for secure data transfer in industrial systems were all fixed by March, says Kaspersky Lab.
Risky Business: Deconstructing Ray Ozzie's Encryption Backdoor
Commentary  |  5/10/2018  | 
With the addition of secure enclaves, secure boot, and related features of "Clear," the only ones that will be able to test this code are Apple, well-resourced nations, and vendors who sell jailbreaks.
As Personal Encryption Rises, So Do Backdoor Concerns
Quick Hits  |  5/10/2018  | 
Geopolitical changes drive personal encryption among security pros, who are increasingly worried about encryption backdoors.
Ready or Not: Transport Layer Security 1.3 Is Coming
Commentary  |  5/10/2018  | 
Better encryption could mean weaker security if you're not careful.
Electroneum Cryptomining Targets Microsoft IIS 6.0 Vulnerability
Partner Perspectives  |  5/10/2018  | 
New campaign shows that there are still systems exposed to the year-old CVE20177269 vuln on an operating system that was declared end-of-life three years ago.
Email Security Tools Try to Keep Up with Threats
News  |  5/9/2018  | 
Email has long been a prime vector for cyberattacks, and hackers are only getting sneakier. Can email platforms and security tools keep up?
Script Kiddies, Criminals Hacking Video Streams for Fun & Profit
Quick Hits  |  5/9/2018  | 
Video streams are getting hijacked for 'prestige,' DDoS, and financial gain, a new report found.
Phishing Threats Move to Mobile Devices
News  |  5/9/2018  | 
Mobile devices are emerging as a primary gateway for phishing attacks aimed at stealing data.
20 Signs You Are Heading for a Retention Problem
Commentary  |  5/9/2018  | 
If you don't invest in your best security talent, they will look to burnish their resumes elsewhere. Here's why.
Millennials, Women May Bridge Cyber Talent Gap
Quick Hits  |  5/9/2018  | 
Younger generations, particularly women, could be the answer to a cybersecurity skill shortage expected to reach 1.8 million unfilled roles by 2020.
Calculating Cloud Cost: 8 Factors to Watch
Slideshows  |  5/9/2018  | 
If you're not careful and don't regularly assess the impact of your usage, moving to the cloud could have a negative impact on your bottom line.
Compliance Complexity: The (Avoidable) Risks of Not Playing by the Rules
Commentary  |  5/9/2018  | 
Achieving compliance is a challenging process, but with the right systems and customized data management policy, your organization can stay ahead of the next data breach -- and the regulators.
FBI: Reported Internet Crimes Topped $1.4 Billion Last Year
News  |  5/9/2018  | 
Business email compromise (BEC) campaigns outnumbered ransomware cases.
8.7B Identity Records on Surface, Deep, Dark Webs in 2017
Quick Hits  |  5/8/2018  | 
The 4iQ Identity Breach Report shows a 182% increase in raw identity records discovered by its team between 2016 and 2017.
Microsoft's Patch Tuesday Fixes Two CVEs Under Active Attack
News  |  5/8/2018  | 
This month's updates addressed vulnerabilities in Windows, Office, Edge, Internet Explorer, .Net Framework, Exchange Server, and other services.
Properly Framing the Cost of a Data Breach
Commentary  |  5/8/2018  | 
The expenses and actions typically associated with a cyberattack are not all created equal. Here's how to explain what's important to the C-suite and board.
APT Attacks on Mobile Rapidly Emerging
News  |  5/8/2018  | 
Mobile devices are becoming a 'primary' enterprise target for attackers.
Breakout Time: A Critical Key Cyber Metric
Commentary  |  5/8/2018  | 
Why organizations need to detect an intrusion in under a minute, understand it in under 10 minutes, and eject the adversary in under an hour.
Report: More Breaches Despite Increasing Security Budgets
Partner Perspectives  |  5/8/2018  | 
Lack of security talent, low security awareness among employees, and too much data to analyze tops the list of cyberthreats in the 2018 Cyberthreat Defense Threat Report from CyberEdge group.
Publicly Disclosed Breaches Down Drastically in Q1 2018
News  |  5/8/2018  | 
Quietest first quarter since 2012, according to new report from Risk Based Security.
10 Lessons From an IoT Demo Lab
Slideshows  |  5/7/2018  | 
The Demo Lab at InteropITX 2018 was all about IoT and the traffic - legitimate and malicious - it adds to an enterprise network.
SynAck Ransomware Gets Dangerous 'Doppleganging' Feature
News  |  5/7/2018  | 
New Process Doppelganging, obfuscation features makes the malware much harder to spot and stop.
Why DDoS Just Won't Die
News  |  5/7/2018  | 
Distributed denial-of-service attacks are getting bigger, badder, and 'blended.' What you can (and can't) do about that.
Trial Begins for Latvian Man Accused of Malware Operation
Quick Hits  |  5/7/2018  | 
Ruslans Bondars has been accused of running a malware service that had been linked to cyberattacks on US businesses.
Google Security Updates Target DevOps, Containers
News  |  5/7/2018  | 
The tech giant explains why it's rolling out a new cloud security management tool and an open-source framework for confidential computing.
US Extradites Romanian Hackers Charged with Vishing, Smishing
Quick Hits  |  5/7/2018  | 
Suspects fraudulently obtained more than $18 million through fraud by voice and SMS.
Defending Against an Automated Attack Chain: Are You Ready?
Commentary  |  5/7/2018  | 
Recent threats like AutoSploit bring malware-as-a-service to a whole new level. Here are four ways to be prepared.
<<   <   Page 2 / 2


New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
Cracking 2FA: How It's Done and How to Stay Safe
Kelly Sheridan, Staff Editor, Dark Reading,  5/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Shhh!  They're watching... And you have a laptop?  
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11415
PUBLISHED: 2018-05-24
SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases of this product.
CVE-2018-11412
PUBLISHED: 2018-05-24
In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that stores the system.data extended attribute value in a dedicated inode.
CVE-2018-11413
PUBLISHED: 2018-05-24
An issue was discovered in BearAdmin 0.5. Remote attackers can download arbitrary files via /admin/databack/download.html?name= directory traversal sequences, as demonstrated by name=../application/database.php to read the MySQL credentials in the configuration.
CVE-2018-11414
PUBLISHED: 2018-05-24
An issue was discovered in BearAdmin 0.5. There is admin/admin_log/index.html?user_id= SQL injection because admin\controller\AdminLog.php constructs a MySQL query improperly.
CVE-2018-10593
PUBLISHED: 2018-05-24
A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corrup...