Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in January 2019
Page 1 / 4   >   >>
Cisco Router Vulnerability Gives Window into Researchers' World
News  |  1/31/2019  | 
The research around a recent vulnerability shows how researchers follow leads and find unexpected results.
8 Cybersecurity Myths Debunked
Commentary  |  1/31/2019  | 
The last thing any business needs is a swarm of myths and misunderstandings seeding common and frequent errors organizations of all sizes make in safeguarding data and infrastructure.
Dell, CrowdStrike, Secureworks Join Forces to Secure Endpoints
News  |  1/31/2019  | 
Dell SafeGuard and Response is geared toward businesses, governments, and schools that may lack resources they need to detect and remediate sophisticated threats.
Airbus Employee Info Exposed in Data Breach
Quick Hits  |  1/31/2019  | 
Few details as yet on a cyberattack that hit Airbus' commercial aircraft business.
For a Super Security Playbook, Take a Page from Football
Commentary  |  1/31/2019  | 
Four key questions to consider as you plan out your next winning security strategy.
Is Your Cisco Router Leaving Your Enterprise Vulnerable?
Larry Loeb  |  1/31/2019  | 
If your network uses Cisco's RV320 or RV325 Dual Gigabit WAN VPN routers, you are already under attack.
Four Security Questions You Need to Answer for SD-WAN Success
Alan Zeichick  |  1/31/2019  | 
Before you select an SD-WAN vendor, read this.
Justice Dept. Alerting Victims of North Korean Botnet Infections
Quick Hits  |  1/30/2019  | 
US officials disrupt North Korea's Joanap attack infrastructure.
Rubrik Data Leak is Another Cloud Misconfiguration Horror Story
News  |  1/30/2019  | 
A server security mishap exposed vast stores of data belonging to clients of Rubrik, a security and cloud management firm.
Massive DDoS Attack Generates 500 Million Packets per Second
News  |  1/30/2019  | 
January 10 torrent involved nearly four times as many packets as last year's huge attack on GitHub, says Imperva.
Iran Ups its Traditional Cyber Espionage Tradecraft
News  |  1/30/2019  | 
Newly named APT39 hacking team exemplifies Iran's growing sophistication in nation-state hacking operations.
Yes, You Can Patch Stupid
Commentary  |  1/30/2019  | 
Before you start calling users stupid, remember that behind every stupid user is a stupider security professional.
Discover Issues New Cards Following Data Breach
Quick Hits  |  1/30/2019  | 
The credit card company reports Discover's card systems were not involved in the breach, discovered in August 2018.
Access Control Lists: 6 Key Principles to Keep in Mind
Slideshows  |  1/30/2019  | 
Build them carefully and maintain them rigorously, and ACLs will remain a productive piece of your security infrastructure for generations of hardware to come.
Open Source & Machine Learning: A Dynamic Duo
Commentary  |  1/30/2019  | 
In recent months, machine-learning code has become readily available in the open source community, putting security analysts on a path toward easier data pattern recognition.
Should All IAM Be CIAM?
Joe Stanganelli  |  1/30/2019  | 
CIAM vendors are right that traditional IAM isn't going to cut it for customer-facing solutions but their sound premises have led to the perverse conclusion of keeping in-house IAM systems suboptimal. What if the power of CIAM could help employees realize better usability and security too?
Japanese Government to Use 'Credential Stuffing' to Survey Consumer IoT Devices
Larry Loeb  |  1/30/2019  | 
The Japanese government is concerned about the security of IoT devices – but is a mass attempt to log into consumers' devices the right approach to the issue?
Microsoft Exchange Vuln Enables Attackers to Gain Domain Admin Privileges
News  |  1/29/2019  | 
Anyone with access to an Exchange mailbox can take control of domain, security researcher says.
FaceTime Bug an AppSec Fail
News  |  1/29/2019  | 
Apple has shut off Group FaceTime while it prepares a fix for a newly found security flaw found by a 14-year-old gamer.
Americans Worried More About Computer - Not Border - Security
Quick Hits  |  1/29/2019  | 
A new survey shows more Americans are more concerned about their computer's security than the US border's.
Remote Access & the Diminishing Security Perimeter
Commentary  |  1/29/2019  | 
Where security really matters, the enterprise is only as secure as the endpoints it allows to access its sensitive core systems.
Symantec Rolls Out New Endpoint Security Tools, Updates
Quick Hits  |  1/29/2019  | 
Today's releases include more advanced EDR tools, a new managed EDR service, and protection and hardening for Symantec's endpoint portfolio.
Creating a Security Culture & Solving the Human Problem
Commentary  |  1/29/2019  | 
People are the biggest weakness to security breaches; people can also be your organization's biggest defense.
5G Security Transformation: Why Businesses Need to Prepare Now
News Analysis-Security Now  |  1/29/2019  | 
5G technology holds a good deal of promise for businesses, from expanded IoT capabilities to new ways to reach customers. The downside is that these networks require a new security approach, which InfoSec teams need to start thinking about now.
Turn Off FaceTime in Apple iOS Now, Experts Warn
Quick Hits  |  1/28/2019  | 
Newly found bug reportedly allows callers to spy on you even if you don't pick up.
Japan Authorizes IoT Hacking
Quick Hits  |  1/28/2019  | 
A new campaign will see government employees hacking into personal IoT devices to identify those at highest security risk.
US Law Enforcement Shuts Down Massive Marketplace for Compromised Servers
News  |  1/28/2019  | 
At its peak, xDedic listed over 70,000 owned servers that buyers could purchase for prices starting as low as $6 each.
Why Privacy Is Hard Work
Commentary  |  1/28/2019  | 
For Data Privacy Day, let's commit to a culture of privacy by design, nurtured by a knowledgeable team that can execute an effective operational compliance program.
3 Ways Companies Mess Up GDPR Compliance the Most
Commentary  |  1/28/2019  | 
The best way to conform to the EU's new privacy regulation is to assume that you don't need to hold on to personal data, versus the opposite.
'Steganography' Obsfucation Hides Old PDF Exploits From Antivirus Tools
Larry Loeb  |  1/28/2019  | 
EdgeSpot has found two new obsfucation methods to hide old PDF exploits from various antivirus tools.
Internet Society to Issue Privacy Code of Conduct
News  |  1/25/2019  | 
In time for Data Privacy Day, on Monday, the nine-point guidance will offer insights into how companies can more effectively manage personal data.
Ukraine Sees Surge in Election-Targeted Cyberattacks
Quick Hits  |  1/25/2019  | 
The nation suspects Russia's hand in the attacks, which seem aimed at disrupting the upcoming presidential election.
Satya Nadella: Privacy Is a Human Right
Quick Hits  |  1/25/2019  | 
In a talk at the World Economic Forum, Microsoft's CEO voiced support for GDPR and expressed hope the United States creates a similar approach to privacy.
Credential Compromises by the Numbers
Slideshows  |  1/25/2019  | 
Recent statistics show just how much credential stealing has become a staple in the attacker playbook.
The 5 Stages of CISO Success, Past & Future
Commentary  |  1/25/2019  | 
In cybersecurity, as in history, security leaders who forget the lessons of the past will be doomed to repeat them.
Four Enterprise Identity & Access Management Trends to Watch in 2019
Alan Zeichick  |  1/25/2019  | 
For CISOs, Identity and Access Management, or IAM, is a must-have for the security tool box. However, the technology is rapidly evolving. Here are four important trends to watch this year.
After Eight Years, Metasploit Gets Its First Major Update
News  |  1/24/2019  | 
Metasploit 5.0 offers a host of service-oriented features, along with a new commitment from Rapid7 for regular releases.
Cisco Study Finds Fewer Data Breaches at GDPR-Ready Firms
News  |  1/24/2019  | 
Many organizations find that getting their data privacy house in order is paying off.
Cyberattackers Bait Financial Firms with Google Cloud Platform
News  |  1/24/2019  | 
A new wave of attacks abuses the Google Cloud Platform URL redirection in PDF decoys, sending users to a malicious link.
Database of 24 Million Mortgage, Loan Records Left Exposed Online
News  |  1/24/2019  | 
Breach latest example of how misconfigurations, human errors undermine security in a big way, experts say.
Collateral Damage: When Cyberwarfare Targets Civilian Data
Commentary  |  1/24/2019  | 
You can call it collateral damage. You can call it trickledown cyberwarfare. Either way, foreign hacker armies are targeting civilian enterprises as a means of attacking rival government targets.
New Phishing Campaign Packs Triple Threat
Quick Hits  |  1/24/2019  | 
Attack threatens victims with three "deadly malware" infestations if they don't give up critical email account credentials.
Cloud Customers Faced 681M Cyberattacks in 2018
Quick Hits  |  1/24/2019  | 
The most common attacks involved software vulnerabilities, stolen credentials, Web applications, and IoT devices.
Why Cybersecurity Must Be a Top Priority for Small & Midsize Businesses
Commentary  |  1/24/2019  | 
The big corporations may grab the headlines, but America's SMBs have the most to lose in the aftermath of a data breach.
DNS Tampering Prompts Homeland Security Warning
Larry Loeb  |  1/24/2019  | 
Despite the partial federal government shutdown, DHS has managed to issue a warning to the public about possible tampering with DNS addresses that appear to have originated in Iran.
RF Hacking Research Exposes Danger to Construction Sites
News  |  1/23/2019  | 
Trend Micro team unearthed 17 vulnerabilities among seven vendors' remote controller devices.
DHS Issues Emergency Directive on DNS Security
News  |  1/23/2019  | 
All government domain owners are instructed to take immediate steps to strengthen the security of their DNS servers following a successful hacking campaign.
'Anatova' Emerges as Potentially Major New Ransomware Threat
News  |  1/23/2019  | 
Modular design, ability to infect network shares make the malware dangerous, McAfee says.
Aging PCs Running Out-of-Date Software Bring Security Worries
Quick Hits  |  1/23/2019  | 
Age is an issue with application languages and frameworks, too.
The Evolution of SIEM
Commentary  |  1/23/2019  | 
Expectations for these security information and event management systems have grown over the years, in ways that just aren't realistic.
Page 1 / 4   >   >>


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32606
PUBLISHED: 2021-05-11
In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. (This does not affect earlier versions that lack CAN ISOTP SF_BROADCAST support.)
CVE-2021-3504
PUBLISHED: 2021-05-11
A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to...
CVE-2021-20309
PUBLISHED: 2021-05-11
A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to ...
CVE-2021-20310
PUBLISHED: 2021-05-11
A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this...
CVE-2021-20311
PUBLISHED: 2021-05-11
A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero in sRGBTransformImage() in the MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker processed by an application using ImageMagick. The highest threat from t...