News & Commentary

Content posted in January 2017
Page 1 / 3   >   >>
Google Paid $3 Million To Bug Hunters In 2016
News  |  1/31/2017  | 
Search engine giant an example of the growing number of organizations benefiting from bug bounty programs.
Report Says Death Of The Password Greatly Exaggerated
News  |  1/31/2017  | 
Passwords are far from dead - thanks to the Internet of Things, the traditional authentication mechanism will explode in the next decade,
Ransomware Attack On CCTV Cameras In Washington DC Ahead Of Trump Inauguration
Quick Hits  |  1/31/2017  | 
Around 70% of public surveillance cameras were found non-functional due to attack by two ransomware variants.
Over 4.2 Billion Records Exposed In 4,149 Breaches In 2016
Quick Hits  |  1/31/2017  | 
Survey says US and UK witnessed more than half of 2016 global breaches; 52% of attacks compromised Social Security Numbers.
Outsider Attacks Give Nightmares To CIOs, CEOs, CISOs
Partner Perspectives  |  1/31/2017  | 
Three main threats companies arent prepared to handle include outside attacks, data vulnerability and insider sabotage.
3 Things Companies Must Do Before A Data Breach
Commentary  |  1/31/2017  | 
It's important to plan ahead for when you're attacked, and these tips will help you get ready.
How Cybercriminals Turn Employees Into Rogue Insiders
News  |  1/31/2017  | 
The Dark Web is a growing threat to organizations as hackers recruit insiders with access to corporate networks.
6 Free Ransomware Decryption Tools
Slideshows  |  1/30/2017  | 
The No More Ransom group has been working to get free decryptor tools into the hands of security professionals and the general public.
Netflix Scam Spreads Ransomware
News  |  1/30/2017  | 
A program found on suspicious websites aims to trick Windows/PC users into creating fake Netflix logins so it can deliver ransomware.
This Week On Dark Reading
Commentary  |  1/30/2017  | 
This week: how to get paid by cyber insurers and avoid paying ransoms.
Why Youre Doing Cybersecurity Risk Measurement Wrong
Commentary  |  1/30/2017  | 
Measuring risk isnt as simple as some make it out to be, but there are best practices to help you embrace the complexity in a productive way. Here are five.
Hong Kong Securities Firms Warned Of Cyberattacks
Quick Hits  |  1/30/2017  | 
Hong Kong's Securities and Futures Commission announces DDoS attacks on brokers and warns firms of future threats.
Texas Police Unit Loses Years Of Evidence To Ransomware
Quick Hits  |  1/30/2017  | 
Police in Cockrell Hill, Tex., lost eight years of documents, photos, and videos when a ransomware attack corrupted files on its server.
Are Security Concerns Over Trumps Android, Twitter Use Overblown?
News  |  1/27/2017  | 
Security experts say its hard to know for sure without further details.
7 Tips For Getting Your Security Budget Approved
Slideshows  |  1/27/2017  | 
How to have a productive conversation with business leaders and get your security budget approved.
Car Cybersecurity Center Of New Bipartisan Bill
Quick Hits  |  1/27/2017  | 
House of Representatives' SPY Car Study Act aimed at setting cybersecurity standards for new vehicles.
Appeals Court Upholds Microsoft Victory In Overseas Data Case
Quick Hits  |  1/27/2017  | 
Dissenting judges seek revision of earlier ruling, saying it does not serve any privacy interest.
Rethinking Vulnerability Disclosures In Industrial Control Systems
Commentary  |  1/27/2017  | 
Why the security industry's traditional obsession and hype around vulnerabilities cannot be transferred to the ICS environment.
Most Companies Still Willing To Pay Ransom To Recover Data, Survey Shows
News  |  1/26/2017  | 
St. Louis Public Library system becomes latest example of growing number refusing to do so
How I Would Hack Your Network (If I Woke Up Evil)
Commentary  |  1/26/2017  | 
How would an attacker target your company? Here's a first-person account of what might happen.
Facebook Adds Physical Key Security For Member Accounts
Quick Hits  |  1/26/2017  | 
Social media site now supports security keys to boost multifactor authentication.
SentinelOne Raises $70 Million In Latest Funding Round
Quick Hits  |  1/26/2017  | 
Endpoint security firm now has raised more than $110 million in capital.
Most Malware-Infected US Cities List Shows Size Doesn't Matter
Quick Hits  |  1/26/2017  | 
Webroot's list of the top 10 most infected US cities includes only one city from the Top 10 most densely populated.
There's No One Perfect Method For Encryption In The Cloud
Commentary  |  1/26/2017  | 
The problem with encryption is that it affects performance, especially in the cloud. Know the different methods so you can pick the type that best suits your needs.
Pew Research Study Exposes America's Poor Password Hygiene
News  |  1/26/2017  | 
Americans feel like they've lost control over their online lives, but they still aren't always practicing proper security.
Kaspersky Lab Incident Investigations Head Arrested In Russia For 'Treason'
News  |  1/25/2017  | 
Security firm says the case doesn't affect its computer incidents investigation operations.
Google Removes Ransomware-Laden App From Play Store
News  |  1/25/2017  | 
Incident is believed to be first time threat actors have snuck ransomware into Googles official mobile app store.
Data Breaches Exposed 4.2 Billion Records In 2016
News  |  1/25/2017  | 
The 4,149 data breaches reported in 2016 shattered the all-time high of nearly 1 billion exposed records in 2013.
Cloud Is Security-Ready But Is Your Security Team Ready For Cloud?
Commentary  |  1/25/2017  | 
Cloud computing has moved beyond the early adopter phase and is now mainstream. Heres how to keep data safe in an evolving ecosystem.
Security Training 101: Stop Blaming The User
Commentary  |  1/25/2017  | 
To err is human, so it makes sense to quit pointing fingers and start protecting the organization from users -- and vice versa.
SOC Maturity By The Numbers
Slideshows  |  1/25/2017  | 
Most large organizations today have security operations centers in play, but only 15% rate theirs as mature.
Man Guilty Of Hacking Celeb Accounts Gets Nine Months Behind Bars
Quick Hits  |  1/25/2017  | 
Illinois resident Edward Majerczyk illegally accessed around 30 celeb accounts and compromised photos and videos.
This Week On Dark Reading: Event Calendar
Commentary  |  1/25/2017  | 
Devote some time and headspace to improving your skills with these Dark Reading events.
Saudi Arabia Issues Alert On Shamoon 2
Quick Hits  |  1/25/2017  | 
A new variant of the 2012 data-wiping malware that paralyzed Saudi Aramco has emerged.
Meet Ripper.cc, A Reputation Service For Cybercriminals
News  |  1/24/2017  | 
Ripper.cc offers a service to help protect the genuine cybercriminals from the scammers in their midst.
Bad Bots Up Their Human Impersonation Game
News  |  1/24/2017  | 
Every third website visitor was an attack bot in 2016, and humans represent just under half of all Internet traffic, new Imperva data sample shows.
The Trouble With DMARC: 4 Serious Stumbling Blocks
Commentary  |  1/24/2017  | 
Popularity for the Domain-based Message Authentication, Reporting and Conformance email authentication standard is growing. So why are enterprises still struggling to implement it?
Lloyds Bank Hit By DDoS Attack
Quick Hits  |  1/24/2017  | 
Hacker fails to extort $93,600 from bank for the attacks between January 11 and 13, a report says.
Verizon Acquisition Of Yahoo Delayed
Quick Hits  |  1/24/2017  | 
Deal pushed to next quarter to meet closing conditions of the sale.
Email Encryption On The Rise But Still Not 'Universal'
News  |  1/24/2017  | 
Osterman study finds that more than half of organizations in North America use email encryption for external communications.
Meet 'Fruitfly:' Mac Malware Targeting Biomedical Research Centers
Partner Perspectives  |  1/24/2017  | 
This newly discovered code contains indications that it has been circulating undetected for at least a couple years.
4 Reasons Why You Should Take Ransomware Seriously
Commentary  |  1/24/2017  | 
The threats keep getting more sophisticated and the stakes keep getting higher. Is your organization ready to meet the challenge?
'123456' Leads The Worst Passwords Of 2016
News  |  1/23/2017  | 
New report analyzes trends in more than 5 million passwords stolen from enterprises and leaked to the public last year.
SEC Investigates Yahoo Data Breaches
News  |  1/23/2017  | 
Report of an SEC probe of Yahoo serves as a new wake-up call for companies to properly disclose breaches in their earnings reports and disclosures.
Machine Learning In Cybersecurity Warrants A Silver Shotgun Shell Approach
Partner Perspectives  |  1/23/2017  | 
When protecting physical or virtual endpoints, its vital to have more than one layer of defense against malware.
Why Dependence On Cloud Providers Could Come Back And Bite Us
Commentary  |  1/23/2017  | 
It's time to re-evaluate the cloud policies you have in place. And if you're not learning from the mistakes of others, you're doomed to repeat them.
Cyber Incidents Hit 85% Of Firms Over Past 12 Months
Quick Hits  |  1/23/2017  | 
Insider threat is a key factor in the growth of cyber, fraud, and security incidents among global companies in 2016.
US Army Bug Bounty Program Fixes 118 Flaws
Quick Hits  |  1/23/2017  | 
The Hack the Army program, sponsored by the US Army, received 400 bug reports and paid more than $100,000 to hackers who found 118 unique bugs.
Corporate Legal Counsels Fret Over Cybersecurity
News  |  1/20/2017  | 
BDO Consulting survey shows in-house legal executives cite data breaches, cross-border data transfers, as risks with e-discovery.
Security Chatbots Aim To Simplify Incident Detection And Response
News  |  1/20/2017  | 
Emerging intelligent assistants help analyze and automate response to attacks.
Page 1 / 3   >   >>


Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
What Israel's Elite Defense Force Unit 8200 Can Teach Security about Diversity
Lital Asher-Dotan, Senior Director, Security Research and Content, Cybereason,  5/21/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Shhh!  They're watching... And you have a laptop?  
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-3018
PUBLISHED: 2018-05-24
The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354.
CVE-2013-3023
PUBLISHED: 2018-05-24
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 might allow remote attackers to obtain sensitive information about Tomcat credentials by sniffing the network for a session in which HTTP is used. IBM X-Force ID: 84361.
CVE-2013-3024
PUBLISHED: 2018-05-24
IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362.
CVE-2018-5674
PUBLISHED: 2018-05-24
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
CVE-2018-5675
PUBLISHED: 2018-05-24
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...