Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in January 2017
Page 1 / 3   >   >>
Google Paid $3 Million To Bug Hunters In 2016
News  |  1/31/2017  | 
Search engine giant an example of the growing number of organizations benefiting from bug bounty programs.
Report Says Death Of The Password Greatly Exaggerated
News  |  1/31/2017  | 
Passwords are far from dead - thanks to the Internet of Things, the traditional authentication mechanism will explode in the next decade,
Ransomware Attack On CCTV Cameras In Washington DC Ahead Of Trump Inauguration
Quick Hits  |  1/31/2017  | 
Around 70% of public surveillance cameras were found non-functional due to attack by two ransomware variants.
Over 4.2 Billion Records Exposed In 4,149 Breaches In 2016
Quick Hits  |  1/31/2017  | 
Survey says US and UK witnessed more than half of 2016 global breaches; 52% of attacks compromised Social Security Numbers.
Outsider Attacks Give Nightmares To CIOs, CEOs, CISOs
Partner Perspectives  |  1/31/2017  | 
Three main threats companies arent prepared to handle include outside attacks, data vulnerability and insider sabotage.
3 Things Companies Must Do Before A Data Breach
Commentary  |  1/31/2017  | 
It's important to plan ahead for when you're attacked, and these tips will help you get ready.
How Cybercriminals Turn Employees Into Rogue Insiders
News  |  1/31/2017  | 
The Dark Web is a growing threat to organizations as hackers recruit insiders with access to corporate networks.
Facebook Gets Physical With Its Security Strategy
Facebook Gets Physical With Its Security Strategy
Security TV  |  1/31/2017  | 
Facebook has introduced new measures that will enable users to secure access to their accounts using a physical 'key' application.
6 Free Ransomware Decryption Tools
Slideshows  |  1/30/2017  | 
The No More Ransom group has been working to get free decryptor tools into the hands of security professionals and the general public.
Netflix Scam Spreads Ransomware
News  |  1/30/2017  | 
A program found on suspicious websites aims to trick Windows/PC users into creating fake Netflix logins so it can deliver ransomware.
This Week On Dark Reading
Commentary  |  1/30/2017  | 
This week: how to get paid by cyber insurers and avoid paying ransoms.
Why Youre Doing Cybersecurity Risk Measurement Wrong
Commentary  |  1/30/2017  | 
Measuring risk isnt as simple as some make it out to be, but there are best practices to help you embrace the complexity in a productive way. Here are five.
Hong Kong Securities Firms Warned Of Cyberattacks
Quick Hits  |  1/30/2017  | 
Hong Kong's Securities and Futures Commission announces DDoS attacks on brokers and warns firms of future threats.
Texas Police Unit Loses Years Of Evidence To Ransomware
Quick Hits  |  1/30/2017  | 
Police in Cockrell Hill, Tex., lost eight years of documents, photos, and videos when a ransomware attack corrupted files on its server.
Are Security Concerns Over Trumps Android, Twitter Use Overblown?
News  |  1/27/2017  | 
Security experts say its hard to know for sure without further details.
Cloud Pumps Up Juniper's Q4
Curt Franklin  |  1/27/2017  | 
The transition to cloud infrastructure helped Juniper overcome a drop in security sales in the fourth quarter of 2016.
7 Tips For Getting Your Security Budget Approved
Slideshows  |  1/27/2017  | 
How to have a productive conversation with business leaders and get your security budget approved.
Car Cybersecurity Center Of New Bipartisan Bill
Quick Hits  |  1/27/2017  | 
House of Representatives' SPY Car Study Act aimed at setting cybersecurity standards for new vehicles.
Appeals Court Upholds Microsoft Victory In Overseas Data Case
Quick Hits  |  1/27/2017  | 
Dissenting judges seek revision of earlier ruling, saying it does not serve any privacy interest.
Rethinking Vulnerability Disclosures In Industrial Control Systems
Commentary  |  1/27/2017  | 
Why the security industry's traditional obsession and hype around vulnerabilities cannot be transferred to the ICS environment.
Most Companies Still Willing To Pay Ransom To Recover Data, Survey Shows
News  |  1/26/2017  | 
St. Louis Public Library system becomes latest example of growing number refusing to do so
How I Would Hack Your Network (If I Woke Up Evil)
Commentary  |  1/26/2017  | 
How would an attacker target your company? Here's a first-person account of what might happen.
Facebook Adds Physical Key Security For Member Accounts
Quick Hits  |  1/26/2017  | 
Social media site now supports security keys to boost multifactor authentication.
SentinelOne Raises $70 Million In Latest Funding Round
Quick Hits  |  1/26/2017  | 
Endpoint security firm now has raised more than $110 million in capital.
Most Malware-Infected US Cities List Shows Size Doesn't Matter
Quick Hits  |  1/26/2017  | 
Webroot's list of the top 10 most infected US cities includes only one city from the Top 10 most densely populated.
There's No One Perfect Method For Encryption In The Cloud
Commentary  |  1/26/2017  | 
The problem with encryption is that it affects performance, especially in the cloud. Know the different methods so you can pick the type that best suits your needs.
Pew Research Study Exposes America's Poor Password Hygiene
News  |  1/26/2017  | 
Americans feel like they've lost control over their online lives, but they still aren't always practicing proper security.
Kaspersky Lab Incident Investigations Head Arrested In Russia For 'Treason'
News  |  1/25/2017  | 
Security firm says the case doesn't affect its computer incidents investigation operations.
Google Removes Ransomware-Laden App From Play Store
News  |  1/25/2017  | 
Incident is believed to be first time threat actors have snuck ransomware into Googles official mobile app store.
Data Breaches Exposed 4.2 Billion Records In 2016
News  |  1/25/2017  | 
The 4,149 data breaches reported in 2016 shattered the all-time high of nearly 1 billion exposed records in 2013.
Cloud Is Security-Ready But Is Your Security Team Ready For Cloud?
Commentary  |  1/25/2017  | 
Cloud computing has moved beyond the early adopter phase and is now mainstream. Heres how to keep data safe in an evolving ecosystem.
Security Training 101: Stop Blaming The User
Commentary  |  1/25/2017  | 
To err is human, so it makes sense to quit pointing fingers and start protecting the organization from users -- and vice versa.
SOC Maturity By The Numbers
Slideshows  |  1/25/2017  | 
Most large organizations today have security operations centers in play, but only 15% rate theirs as mature.
Man Guilty Of Hacking Celeb Accounts Gets Nine Months Behind Bars
Quick Hits  |  1/25/2017  | 
Illinois resident Edward Majerczyk illegally accessed around 30 celeb accounts and compromised photos and videos.
This Week On Dark Reading: Event Calendar
Commentary  |  1/25/2017  | 
Devote some time and headspace to improving your skills with these Dark Reading events.
Saudi Arabia Issues Alert On Shamoon 2
Quick Hits  |  1/25/2017  | 
A new variant of the 2012 data-wiping malware that paralyzed Saudi Aramco has emerged.
Meet Ripper.cc, A Reputation Service For Cybercriminals
News  |  1/24/2017  | 
Ripper.cc offers a service to help protect the genuine cybercriminals from the scammers in their midst.
Bad Bots Up Their Human Impersonation Game
News  |  1/24/2017  | 
Every third website visitor was an attack bot in 2016, and humans represent just under half of all Internet traffic, new Imperva data sample shows.
The Trouble With DMARC: 4 Serious Stumbling Blocks
Commentary  |  1/24/2017  | 
Popularity for the Domain-based Message Authentication, Reporting and Conformance email authentication standard is growing. So why are enterprises still struggling to implement it?
Lloyds Bank Hit By DDoS Attack
Quick Hits  |  1/24/2017  | 
Hacker fails to extort $93,600 from bank for the attacks between January 11 and 13, a report says.
Verizon Acquisition Of Yahoo Delayed
Quick Hits  |  1/24/2017  | 
Deal pushed to next quarter to meet closing conditions of the sale.
Email Encryption On The Rise But Still Not 'Universal'
News  |  1/24/2017  | 
Osterman study finds that more than half of organizations in North America use email encryption for external communications.
Meet 'Fruitfly:' Mac Malware Targeting Biomedical Research Centers
Partner Perspectives  |  1/24/2017  | 
This newly discovered code contains indications that it has been circulating undetected for at least a couple years.
4 Reasons Why You Should Take Ransomware Seriously
Commentary  |  1/24/2017  | 
The threats keep getting more sophisticated and the stakes keep getting higher. Is your organization ready to meet the challenge?
The Breaches Kept Coming in 2016
Curt Franklin  |  1/24/2017  | 
2016 was great for the digital bad guys.
'123456' Leads The Worst Passwords Of 2016
News  |  1/23/2017  | 
New report analyzes trends in more than 5 million passwords stolen from enterprises and leaked to the public last year.
SEC Investigates Yahoo Data Breaches
News  |  1/23/2017  | 
Report of an SEC probe of Yahoo serves as a new wake-up call for companies to properly disclose breaches in their earnings reports and disclosures.
Machine Learning In Cybersecurity Warrants A Silver Shotgun Shell Approach
Partner Perspectives  |  1/23/2017  | 
When protecting physical or virtual endpoints, its vital to have more than one layer of defense against malware.
Why Dependence On Cloud Providers Could Come Back And Bite Us
Commentary  |  1/23/2017  | 
It's time to re-evaluate the cloud policies you have in place. And if you're not learning from the mistakes of others, you're doomed to repeat them.
Cyber Incidents Hit 85% Of Firms Over Past 12 Months
Quick Hits  |  1/23/2017  | 
Insider threat is a key factor in the growth of cyber, fraud, and security incidents among global companies in 2016.
Page 1 / 3   >   >>


Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21331
PUBLISHED: 2021-03-03
The Java client for the Datadog API before version 1.0.0-beta.9 has a local information disclosure of sensitive information downloaded via the API using the API Client. The Datadog API is executed on a unix-like system with multiple users. The API is used to download a file containing sensitive info...
CVE-2021-27940
PUBLISHED: 2021-03-03
resources/public/js/orchestrator.js in openark orchestrator before 3.2.4 allows XSS via the orchestrator-msg parameter.
CVE-2021-21312
PUBLISHED: 2021-03-03
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function (Home > Management > Documents > Add, or /front/documen...
CVE-2021-21313
PUBLISHED: 2021-03-03
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability in the /ajax/common.tabs.php endpoint, indeed, at least two parameters _target and id are not proper...
CVE-2021-21314
PUBLISHED: 2021-03-03
GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is an XSS vulnerability involving a logged in user while updating a ticket.