News & Commentary

Content posted in January 2018
Page 1 / 3   >   >>
Google Cloud Least-Privilege Function Goes Live
Quick Hits  |  1/31/2018  | 
Custom Roles for Cloud IAM now available in production from Google.
Lazarus Group, Fancy Bear Most Active Threat Groups in 2017
News  |  1/31/2018  | 
Lazarus, believed to operate out of North Korea, and Fancy Bear, believed to operate out of Russia, were most referenced threat actor groups in last year's cyberattacks.
Passwords: 4 Biometric Tokens and How They Can Be Beaten
Commentary  |  1/31/2018  | 
Authentication security methods are getting better all the time, but they are still not infallible.
K-12 Study Gives Schools Low Marks for Protecting Student Privacy Online
News  |  1/31/2018  | 
Survey says local school districts and education departments lack even the most basic security and privacy safeguards.
IoT Botnets by the Numbers
Slideshows  |  1/31/2018  | 
IoT devices are a botherder's dream attack-vector.
700,000 Bad Apps Deleted from Google Play in 2017
Quick Hits  |  1/31/2018  | 
Google rejected 99% of apps with abusive content before anyone could install them, according to a 2017 security recap.
5 Questions to Ask about Machine Learning
Commentary  |  1/31/2018  | 
Marketing hyperbole often exceeds reality. Here are questions you should ask before buying.
Data Encryption: 4 Common Pitfalls
Partner Perspectives  |  1/31/2018  | 
To maximize encryption effectiveness you must minimize adverse effects in network performance and complexity. Here's how.
Phishing Campaign Underscores Threat from Low Budget, Low Skilled Attackers
News  |  1/30/2018  | 
For just over $1,000, a phishing operation successfully spied on members of the Tibetan community for 19 months, Toronto University's Citizen Lab found.
Digital Extortion to Expand Beyond Ransomware
News  |  1/30/2018  | 
In the future of digital extortion, ransomware isn't the only weapon, and database files and servers won't be the only targets.
Breach-Proofing Your Data in a GDPR World
Commentary  |  1/30/2018  | 
Here are six key measures for enterprises to prioritize over the next few months.
Hack Costs Coincheck Cryptocurrency Exchange $530 Million
Quick Hits  |  1/30/2018  | 
Losses at Japanese exchange Coincheck surpass those of the Mt. Gox Bitcoin exchange hack in 2014, and may be largest-ever cryptocurrency theft.
DNS Hijacking: The Silent Threat That's Putting Your Network at Risk
Commentary  |  1/30/2018  | 
The technique is easy to carry out and can cause much damage. Here's what you need to know about fighting back.
Thieves Target ATMs In First US 'Jackpotting' Attacks
News  |  1/29/2018  | 
Attackers have been getting ATMs to illegally dispense cash by tampering with their internal electronics, US Secret Service warns.
Microsoft Issues Emergency Patch to Disable Intel's Broken Spectre Fix
News  |  1/29/2018  | 
Affected Windows systems can also be set to "disable" or "enable" the Intel microcode update for Spectre attacks.
RELX Group Agrees to Buy ThreatMetrix for 580M Cash
Quick Hits  |  1/29/2018  | 
Authentication firm ThreatMetrix will become part of Risk & Business Analytics under the LexisNexis Risk Solutions brand.
Strava Fitness App Shares Secret Army Base Locations
Quick Hits  |  1/29/2018  | 
The exercise tracker published a data visualization map containing exercise routes shared by soldiers on active duty.
An Action Plan to Fill the Information Security Workforce Gap
Commentary  |  1/29/2018  | 
Nothing says #whorunstheworld like an all-female blue team taking down a male-dominated red team in a battle to protect sensitive customer data, and other ideas to entice women into a cyber career.
Former CIA CTO Talks Meltdown and Spectre Cost, Federal Threats
News  |  1/26/2018  | 
Gus Hunt, former technology leader for the CIA, explains the potential long-term cost of Meltdown and Spectre.
Dutch Intel Agency Reportedly Helped US Attribute DNC Hack to Russia
News  |  1/26/2018  | 
The General Intelligence and Security Service of the Netherlands broke into Cozy Bear's network in 2014 and spotted the group launching attacks, de Volkskrant says.
Intel CEO: New Products that Tackle Meltdown, Spectre Threats Coming this Year
Quick Hits  |  1/26/2018  | 
In an earnings call yesterday, Intel CEO Brian Krzanich says security remains a 'priority' for the microprocessor company.
6 Tips for Building a Data Privacy Culture
Slideshows  |  1/26/2018  | 
Experts say it's not enough to just post data classification guidelines and revisit the topic once a year. Companies have to build in privacy by design.
Endpoint and Mobile Top Security Spending at 57% of Businesses
Quick Hits  |  1/26/2018  | 
Businesses say data-at-rest security tools are most effective at preventing breaches, but spend most of their budgets securing endpoint and mobile devices.
Hardware Security: Why Fixing Meltdown & Spectre Is So Tough
Commentary  |  1/26/2018  | 
Hardware-based security is very difficult to break but, once broken, catastrophically difficult to fix. Software-based security is easier to break but also much easier to fix. Now what?
Selling Cloud-Based Cybersecurity to a Skeptic
Partner Perspectives  |  1/26/2018  | 
When it comes to security, organizations dont need to look at cloud as an either/or proposition. But there are misconceptions that need to be addressed.
This Year's Pwn2Own Hackfest Will Offer Up to $2 Million in Rewards
News  |  1/25/2018  | 
Microsoft is a partner at annual contest for the first time.
Industrial Safety Systems in the Bullseye
News  |  1/25/2018  | 
TRITON/TRISIS attack on Schneider Electric plant safety systems could be re-purposed in future attacks, experts say.
Ransomware Detections Up 90% for Businesses in 2017
News  |  1/25/2018  | 
Last year, cybercriminals shifted from consumer to enterprise targets and leveraged ransomware as their weapon of choice.
How Containers & Serverless Computing Transform Attacker Methodologies
Commentary  |  1/25/2018  | 
The pace of hacker innovation never slows. Now security technologies and methods must adapt with equal urgency.
New Voice MFA Tool Uses Machine Learning
Quick Hits  |  1/25/2018  | 
Pindrop claims its new multi-factor authentication solution that uses the "Deep Voice" engine could save call centers up to $1 per call.
Facebook Buys Identity Verification Firm
Quick Hits  |  1/25/2018  | 
Facebook has purchased startup Confirm, which uses pattern analysis to confirm identities.
Meltdown & Spectre: Computing's 'Unsafe at Any Speed' Problem
Commentary  |  1/25/2018  | 
Ralph Nader's book shook up the automotive world over 50 years ago. It's time to take a similar look at computer security.
Avoiding the Epidemic of Hospital Hacks
Partner Perspectives  |  1/25/2018  | 
Lessons learned about cyber hygiene from inside one of America's highest ranked medical institutions.
Ransomware Actors Cut Loose on Health Care Organizations
News  |  1/24/2018  | 
An attack on Allscripts last week that knocked out EHR services to 1,500 clients is the third reported incident just this month.
DDoS Attacks Become More Complex and Costly
News  |  1/24/2018  | 
Major DDoS attacks cost some organizations more than $100,000 in 2017, according to a new NETSCOUT Arbor report.
PCI DSS Adds Standard for Software-based PIN Entry
Quick Hits  |  1/24/2018  | 
Software-Based PIN Entry on COTS (SPoC) standard supports EMV contact and contactless transactions with PIN entry on merchant mobile devices.
Meet Chronicle: Alphabet's New Cybersecurity Business
News  |  1/24/2018  | 
Google parent company Alphabet introduces Chronicle, which will combine a security analytics platform and VirusTotal.
Security Automation: Time to Start Thinking More Strategically
Commentary  |  1/24/2018  | 
To benefit from automation, we need to review incident response processes to find the areas where security analysts can engage in more critical thought and problem-solving.
Bell Canada Hit with 2nd Breach in 8 Months
Quick Hits  |  1/24/2018  | 
Less than 100,000 customers affected in latest incident.
Financial Impact of Cloud Failure Could Hit $2.8B in Insured Loss
News  |  1/24/2018  | 
A new report highlights the potential financial damage of downtime at top cloud services providers.
GDPR: Ready or Not, Here It Comes
Commentary  |  1/24/2018  | 
As organizations all over the world look ahead to May 25 when Europe's General Data Protection Regulation takes effect, many will fall short.
10 Costs Your Cyber Insurance Policy May Not Cover
Slideshows  |  1/23/2018  | 
All the things you might think are covered but that don't actually fall under most policies.
Dark Caracal Campaign Breaks New Ground with Focus on Mobile Devices
News  |  1/23/2018  | 
This is the first known global-scale campaign primarily focused on stealing data from Android devices, Lookout and EFF say.
Fallout from Rushed Patching for Meltdown, Spectre
News  |  1/23/2018  | 
Not all systems require full patching for the flaws right now, anyway, experts say.
Meltdown, Spectre Patches, Performance & My Neighbor's Sports Car
Commentary  |  1/23/2018  | 
When a flaw in the engine of a data center server makes it run more like a Yugo than a Porsche, it's the lawyers who will benefit.
Less than 10% of Gmail Users Employ Two-Factor Authentication
Quick Hits  |  1/23/2018  | 
Google software engineer reveals lack of user adoption for stronger authentication.
45% of Businesses Say Employees Are Biggest Security Risk
Quick Hits  |  1/23/2018  | 
The most common cloud security worries remain the same, with unauthorized access and malware infiltrations topping concerns.
5 Steps to Better Security in Hybrid Clouds
Commentary  |  1/23/2018  | 
Following these tips can improve your security visibility and standardize management across hybrid environments.
Satori Botnet Malware Now Can Infect Even More IoT Devices
News  |  1/22/2018  | 
Latest version targets systems running ARC processors.
Intel Says to Stop Applying Problematic Spectre, Meltdown Patch
News  |  1/22/2018  | 
Cause of reboot problems with its Broadwell and Haswell microprocessor patching now identified, the chipmaker said.
Page 1 / 3   >   >>


Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
7 Free (or Cheap) Ways to Increase Your Cybersecurity Knowledge
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19349
PUBLISHED: 2018-11-17
In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php.
CVE-2018-19350
PUBLISHED: 2018-11-17
In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element.
CVE-2018-19341
PUBLISHED: 2018-11-17
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation near NULL starting at FoxitReader...
CVE-2018-19342
PUBLISHED: 2018-11-17
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information via a U3D sample because of a "Read Access Violation starting at U3DBrowser+0x00000000...
CVE-2018-19343
PUBLISHED: 2018-11-17
The u3d plugin 9.3.0.10809 (aka plugins\U3DBrowser.fpi) in FoxitReader.exe in Foxit Reader 9.3.0.10826 allows remote attackers to cause a denial of service (out-of-bounds read), obtain sensitive information, or possibly have unspecified other impact via a U3D sample because of a "Data from Faul...