Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in January 2018
Page 1 / 4   >   >>
Google Cloud Least-Privilege Function Goes Live
Quick Hits  |  1/31/2018  | 
Custom Roles for Cloud IAM now available in production from Google.
Lazarus Group, Fancy Bear Most Active Threat Groups in 2017
News  |  1/31/2018  | 
Lazarus, believed to operate out of North Korea, and Fancy Bear, believed to operate out of Russia, were most referenced threat actor groups in last year's cyberattacks.
Passwords: 4 Biometric Tokens and How They Can Be Beaten
Commentary  |  1/31/2018  | 
Authentication security methods are getting better all the time, but they are still not infallible.
K-12 Study Gives Schools Low Marks for Protecting Student Privacy Online
News  |  1/31/2018  | 
Survey says local school districts and education departments lack even the most basic security and privacy safeguards.
IoT Botnets by the Numbers
Slideshows  |  1/31/2018  | 
IoT devices are a botherder's dream attack-vector.
700,000 Bad Apps Deleted from Google Play in 2017
Quick Hits  |  1/31/2018  | 
Google rejected 99% of apps with abusive content before anyone could install them, according to a 2017 security recap.
5 Questions to Ask about Machine Learning
Commentary  |  1/31/2018  | 
Marketing hyperbole often exceeds reality. Here are questions you should ask before buying.
Ransomware Shows There's no Honor Among Cyberthieves
Larry Loeb  |  1/31/2018  | 
Proofpoint has found that one group of cybercrooks is stealing from other gangs of cybercriminals by using a proxy Tor browser to steal Bitcoins used to pay off ransomware threats.
Data Encryption: 4 Common Pitfalls
Partner Perspectives  |  1/31/2018  | 
To maximize encryption effectiveness you must minimize adverse effects in network performance and complexity. Here's how.
Four Enterprise Security Lessons From Maury
News Analysis-Security Now  |  1/31/2018  | 
Popular daytime TV show Maury offers some surprisingly apt lessons for enterprise IT leaders for keeping their data protected and their networks secure.
Phishing Campaign Underscores Threat from Low Budget, Low Skilled Attackers
News  |  1/30/2018  | 
For just over $1,000, a phishing operation successfully spied on members of the Tibetan community for 19 months, Toronto University's Citizen Lab found.
Digital Extortion to Expand Beyond Ransomware
News  |  1/30/2018  | 
In the future of digital extortion, ransomware isn't the only weapon, and database files and servers won't be the only targets.
Breach-Proofing Your Data in a GDPR World
Commentary  |  1/30/2018  | 
Here are six key measures for enterprises to prioritize over the next few months.
Hack Costs Coincheck Cryptocurrency Exchange $530 Million
Quick Hits  |  1/30/2018  | 
Losses at Japanese exchange Coincheck surpass those of the Mt. Gox Bitcoin exchange hack in 2014, and may be largest-ever cryptocurrency theft.
DNS Hijacking: The Silent Threat That's Putting Your Network at Risk
Commentary  |  1/30/2018  | 
The technique is easy to carry out and can cause much damage. Here's what you need to know about fighting back.
Cryptomining: Paying the Price for Cryptocurrency
Simon Marshall  |  1/30/2018  | 
The growing popularity of Bitcoin and other cryptocurrency has led to cryptomining, with enterprises and individuals running the software unknowingly. Here's a look at the underside of this new business model.
Trump's 5G Nationalization Plan: Is It Good for Security?
News Analysis-Security Now  |  1/30/2018  | 
The Trump administration has floated a plan to nationalize 5G networks as a security precaution against China, but it's been met with confusion.
Thieves Target ATMs In First US 'Jackpotting' Attacks
News  |  1/29/2018  | 
Attackers have been getting ATMs to illegally dispense cash by tampering with their internal electronics, US Secret Service warns.
Microsoft Issues Emergency Patch to Disable Intel's Broken Spectre Fix
News  |  1/29/2018  | 
Affected Windows systems can also be set to "disable" or "enable" the Intel microcode update for Spectre attacks.
RELX Group Agrees to Buy ThreatMetrix for 580M Cash
Quick Hits  |  1/29/2018  | 
Authentication firm ThreatMetrix will become part of Risk & Business Analytics under the LexisNexis Risk Solutions brand.
Strava Fitness App Shares Secret Army Base Locations
Quick Hits  |  1/29/2018  | 
The exercise tracker published a data visualization map containing exercise routes shared by soldiers on active duty.
An Action Plan to Fill the Information Security Workforce Gap
Commentary  |  1/29/2018  | 
Nothing says #whorunstheworld like an all-female blue team taking down a male-dominated red team in a battle to protect sensitive customer data, and other ideas to entice women into a cyber career.
OilRig's Use of RGDoor Shows Sophistication of Nation-State Attacks
Larry Loeb  |  1/29/2018  | 
OilRig, a group linked to Iran, has been installing RGDoor, a secondary backdoor that can reopen a system even if it's been fixed. Its use shows how sophisticated nation-state attacks are becoming.
Security Spending Increasing, Along With Data Breaches
Larry Loeb  |  1/29/2018  | 
In one of those good news/bad news reports on the state of security, the amount of money being spent on security is expected to increase this year, but the number of data breaches is also rising.\r\n\r\n
Former CIA CTO Talks Meltdown and Spectre Cost, Federal Threats
News  |  1/26/2018  | 
Gus Hunt, former technology leader for the CIA, explains the potential long-term cost of Meltdown and Spectre.
Dutch Intel Agency Reportedly Helped US Attribute DNC Hack to Russia
News  |  1/26/2018  | 
The General Intelligence and Security Service of the Netherlands broke into Cozy Bear's network in 2014 and spotted the group launching attacks, de Volkskrant says.
Intel CEO: New Products that Tackle Meltdown, Spectre Threats Coming this Year
Quick Hits  |  1/26/2018  | 
In an earnings call yesterday, Intel CEO Brian Krzanich says security remains a 'priority' for the microprocessor company.
6 Tips for Building a Data Privacy Culture
Slideshows  |  1/26/2018  | 
Experts say it's not enough to just post data classification guidelines and revisit the topic once a year. Companies have to build in privacy by design.
Endpoint and Mobile Top Security Spending at 57% of Businesses
Quick Hits  |  1/26/2018  | 
Businesses say data-at-rest security tools are most effective at preventing breaches, but spend most of their budgets securing endpoint and mobile devices.
Hardware Security: Why Fixing Meltdown & Spectre Is So Tough
Commentary  |  1/26/2018  | 
Hardware-based security is very difficult to break but, once broken, catastrophically difficult to fix. Software-based security is easier to break but also much easier to fix. Now what?
Intel CEO Promises Chips That Fix Spectre & Meltdown Flaws
News Analysis-Security Now  |  1/26/2018  | 
During Intel's fourth-quarter earnings call, CEO Brian Krzanich promises the company will ship processors that are free of the Spectre and Meltdown flaws later this year.
Selling Cloud-Based Cybersecurity to a Skeptic
Partner Perspectives  |  1/26/2018  | 
When it comes to security, organizations dont need to look at cloud as an either/or proposition. But there are misconceptions that need to be addressed.
Alphabet's Security Moonshot: To Boldly Go... Where Others Are Going Too
News Analysis-Security Now  |  1/26/2018  | 
Google parent company Alphabet launches Chronicle, a business unit looking to create a digital 'immune system' against threats. Other companies are taking a similar approach.
This Year's Pwn2Own Hackfest Will Offer Up to $2 Million in Rewards
News  |  1/25/2018  | 
Microsoft is a partner at annual contest for the first time.
Industrial Safety Systems in the Bullseye
News  |  1/25/2018  | 
TRITON/TRISIS attack on Schneider Electric plant safety systems could be re-purposed in future attacks, experts say.
Cisco Beefing Up Cloud Security With Skyport Buy
News Analysis-Security Now  |  1/25/2018  | 
Cisco gains expertise and technology in hardware security to augment software tools.
Ransomware Detections Up 90% for Businesses in 2017
News  |  1/25/2018  | 
Last year, cybercriminals shifted from consumer to enterprise targets and leveraged ransomware as their weapon of choice.
How Containers & Serverless Computing Transform Attacker Methodologies
Commentary  |  1/25/2018  | 
The pace of hacker innovation never slows. Now security technologies and methods must adapt with equal urgency.
New Voice MFA Tool Uses Machine Learning
Quick Hits  |  1/25/2018  | 
Pindrop claims its new multi-factor authentication solution that uses the "Deep Voice" engine could save call centers up to $1 per call.
Facebook Buys Identity Verification Firm
Quick Hits  |  1/25/2018  | 
Facebook has purchased startup Confirm, which uses pattern analysis to confirm identities.
Meltdown & Spectre: Computing's 'Unsafe at Any Speed' Problem
Commentary  |  1/25/2018  | 
Ralph Nader's book shook up the automotive world over 50 years ago. It's time to take a similar look at computer security.
8 Personal & Professional Data Privacy Tips to Follow
Simon Marshall  |  1/25/2018  | 
With International Data Privacy Day coming later this month, Security Now offers a checklist to help protect personal and professional data.
Avoiding the Epidemic of Hospital Hacks
Partner Perspectives  |  1/25/2018  | 
Lessons learned about cyber hygiene from inside one of America's highest ranked medical institutions.
HPE, Dell EMC Warn Customers Over Spectre, Meltdown Patches
News Analysis-Security Now  |  1/25/2018  | 
Hewlett Packard Enterprise and Dell EMC, two of the biggest suppliers of enterprise data center gear, have issued new warnings about the Spectre and Meltdown patches from Intel.
Ransomware Actors Cut Loose on Health Care Organizations
News  |  1/24/2018  | 
An attack on Allscripts last week that knocked out EHR services to 1,500 clients is the third reported incident just this month.
DDoS Attacks Become More Complex and Costly
News  |  1/24/2018  | 
Major DDoS attacks cost some organizations more than $100,000 in 2017, according to a new NETSCOUT Arbor report.
PCI DSS Adds Standard for Software-based PIN Entry
Quick Hits  |  1/24/2018  | 
Software-Based PIN Entry on COTS (SPoC) standard supports EMV contact and contactless transactions with PIN entry on merchant mobile devices.
Meet Chronicle: Alphabet's New Cybersecurity Business
News  |  1/24/2018  | 
Google parent company Alphabet introduces Chronicle, which will combine a security analytics platform and VirusTotal.
Security Automation: Time to Start Thinking More Strategically
Commentary  |  1/24/2018  | 
To benefit from automation, we need to review incident response processes to find the areas where security analysts can engage in more critical thought and problem-solving.
Bell Canada Hit with 2nd Breach in 8 Months
Quick Hits  |  1/24/2018  | 
Less than 100,000 customers affected in latest incident.
Page 1 / 4   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-33331
PUBLISHED: 2021-08-03
Open redirect vulnerability in the Notifications module in Liferay Portal 7.0.0 through 7.3.1, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19 and 7.2 before fix pack 8, allows remote attackers to redirect users to arbitrary external URLs via the 'redirect' parameter.
CVE-2021-33332
PUBLISHED: 2021-08-03
Cross-site scripting (XSS) vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_portlet_configuration_css_web_por...
CVE-2021-33333
PUBLISHED: 2021-08-03
The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack 6, does not properly check user permission, which allows remote authenticated users to view and delete workflow submissions via crafted URLs.
CVE-2021-33334
PUBLISHED: 2021-08-03
The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user permissions, which allows remote attackers with the forms "Access in Site Administration" permissio...
CVE-2021-30578
PUBLISHED: 2021-08-03
Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.