Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in January 2019
<<   <   Page 2 / 4   >   >>
Google Creates Online Phishing Quiz
Quick Hits  |  1/23/2019  | 
Google Alphabet incubator Jigsaw says knowing how to spot a phish plus two-factor authentication are the best defenses against falling for a phishing email.
Cybercriminals Home in on Ultra-High Net Worth Individuals
News  |  1/23/2019  | 
Research shows that better corporate security has resulted in some hackers shifting their sights to the estates and businesses of wealthy families.
Think Twice Before Paying a Ransom
Commentary  |  1/23/2019  | 
Why stockpiling cryptocurrency or paying cybercriminals is not the best response.
In the Cloud, SD-WAN Provides Security at the Edge
News Analysis-Security Now  |  1/23/2019  | 
As businesses move to the cloud, remote locations are relying more and more on SD-WAN. However, this change means a different approach to security. Here's why enterprises should look to the edge.
Enterprise Malware Detections Up 79% as Attackers Refocus
News  |  1/23/2019  | 
A new report on the state of malware shows a spike in B2B malware, with former banking Trojans Emotet and TrickBot topping the list.
Stealthy New DDoS Attacks Target Internet Service Providers
News  |  1/22/2019  | 
Adversaries took advantage of the large attack surface of large communications networks to spread small volumes of junk traffic across hundreds of IP prefixes in Q3 2018, Nexusguard says.
Hack of Plug-in Website Ruffles WordPress Community
News  |  1/22/2019  | 
An intruder thought to be a former employee used a backdoor into the WPML website to skim email addresses and send a mass email blast.
Security Talent Continues to Fetch Top Dollar on IT Job Market
Quick Hits  |  1/22/2019  | 
IT and cybersecurity positions continue to rank near the top of the salary ranges paid to IT professionals, according to a new survey.
The Fact and Fiction of Homomorphic Encryption
Commentary  |  1/22/2019  | 
The approach's promise continues to entice cryptographers and academics. But don't expect it to help in the real world anytime soon.
Real-World Threats That Trump Spectre & Meltdown
Slideshows  |  1/22/2019  | 
New side-channel attacks are getting lots of attention, but other more serious threats should top your list of threats.
How Cybercriminals Clean Their Dirty Money
Commentary  |  1/22/2019  | 
By using a combination of new cryptocurrencies and peer-to-peer marketplaces, cybercriminals are laundering up to an estimated $200 billion in ill-gotten gains a year. And that's just the beginning.
Enterprises Are Getting Smarter When It Comes to Patching Vulnerabilities Study
Larry Loeb  |  1/22/2019  | 
A joint analysis from Kenna Security and the Cyentia Institute finds that enterprises are getting better at patching vulnerabilities, specifically by focusing on critical flaws as opposed to trying to fix very problem that is published.
Google Hit With $57 Million GDPR Fine in France
Quick Hits  |  1/21/2019  | 
The fine represents the first major penalty for a US technology company under the new European regulations.
Shadow IT, IaaS & the Security Imperative
Commentary  |  1/21/2019  | 
Organizations must strengthen their security posture in cloud environments. That means considering five critical elements about their infrastructure, especially when it operates as an IaaS.
Microsoft Looks to Squash Bugs in its Azure DevOps Product
Larry Loeb  |  1/21/2019  | 
Microsoft's latest bug-hunting program is targeting the company's Azure DevOps platform, which looks to make software development more secure.
2018's Most Common Vulnerabilities Include Issues New and Old
News  |  1/18/2019  | 
The most common vulnerabilities seen last year run the gamut from cross-site scripting to issues with CMS platforms.
VC Investments in Cybersecurity Hit Record Highs in 2018
News  |  1/18/2019  | 
But rate of funding appears unsustainable, according to Strategic Cyber Ventures.
GDPR Suit Filed Against Amazon, Apple
Quick Hits  |  1/18/2019  | 
An Austrian non-profit, led by privacy activist and attorney Max Schrems, has filed suit against 8 tech giants for non-compliance with the EU General Data Protection Regulation.
PCI Council Releases New Software Framework for DevOps Era
News  |  1/18/2019  | 
The PCI Software Security Framework will eventually replace PCI DA-DSS when it expires in 2022.
The Rx for HIPAA Compliance in the Cloud
Commentary  |  1/18/2019  | 
For medical entities, simply following HIPAA cloud service provider guidelines is no longer enough to ensure that your practice is protected from cyber threats, government investigations, and fines.
Vulnerability Puts Millions of Fortnite Players at Risk, Check Point Finds
Jeffrey Burt  |  1/18/2019  | 
Epic Games, the developer of Fortnite, fixed vulnerabilities in its web infrastructure that researchers said exposed the sensitive information of users of the wildly popular online game.
8 Tips for Monitoring Cloud Security
Slideshows  |  1/18/2019  | 
Cloud security experts weigh in with the practices and tools they prefer to monitor and measure security metrics in the cloud.
Exposed Oklahoma Server Shows On-Premises Data Is Vulnerable, Too
News Analysis-Security Now  |  1/18/2019  | 
Over the last year, vulnerable, cloud-based databases have shown that dangers of trusting data to others. However, an exposed government server in Oklahoma proves that attackers can find on-premises data, too.
Intel Patching SGX Flaw That Can Lead to Escalation of Privileges
Larry Loeb  |  1/18/2019  | 
A security researcher has found another flaw in Intel's SGX software than can allow an attacker to escalate administrative privileges within an infected machine.
773 Million Email Addresses, 21 Million Passwords For Sale on Hacker Forum
News  |  1/17/2019  | 
Data appears to be from multiple breaches over past few years, says researcher who discovered it.
Facebook Shuts Hundreds of Russia-Linked Pages, Accounts for Disinformation
Quick Hits  |  1/17/2019  | 
Facebook says the accounts and pages were part of two unrelated disinformation operations aimed at targets outside the US.
Microsoft Launches New Azure DevOps Bug Bounty Program
Quick Hits  |  1/17/2019  | 
A new program will pay bounties of up to $20,000 for new critical bugs in the company's Azure DevOps systems and services.
New Attacks Target Recent PHP Framework Vulnerability
News  |  1/17/2019  | 
Multiple threat actors are using relatively simple techniques to take advantage of the vulnerability, launching cryptominers, skimmers, and other malware payloads.
'Collection #1' Repository Totals 87GB of Stolen Email Addresses & Passwords
News Analysis-Security Now  |  1/17/2019  | 
With the discovery of 'Collection #1,' security researcher Troy Hunt appears to have found the largest repository of stolen email addresses and passwords ever, totaling more than 87GB and 12,000 separate files.
The Security Perimeter Is Dead; Long Live the New Endpoint Perimeter
Commentary  |  1/17/2019  | 
The network no longer provides an air gap against external threats, but access devices can take up the slack.
'We Want IoT Security Regulation,' Say 95% of IT Decision-Makers
News  |  1/17/2019  | 
New global survey shows businesses are valuing IoT security more highly, but they are still challenged by IoT data visibility and privacy.
Simulating Lateral Attacks Through Email
Commentary  |  1/17/2019  | 
A skilled attacker can get inside your company by abusing common email applications. Here are three strategies to block them.
A Diverse Security Workforce Is a Stable Security Workforce
News Analysis-Security Now  |  1/17/2019  | 
In an era when enterprises are scrambling to keep up with security demands, a new industry survey from ISF finds that having more diverse skills on the InfoSec team is one way to ensure a more stable workforce.
Fancy Bear's LoJax C&C Servers Still Functioning in the Wild
News Analysis-Security Now  |  1/17/2019  | 
A new report from NetScout's ASERT Team found that two command-and-control servers associated with Fancy Bear's LoJax malware are still active.
Cyber Attacks, Climate Change Are Top Global Risk for Businesses & Governments
News Analysis-Security Now  |  1/17/2019  | 
The World Economic Forum ranks climate change, economic instability, cyber attacks and data thefts as some of the top concerns facing businesses around the globe.
Malware Built to Hack Building Automation Systems
News  |  1/16/2019  | 
Researchers dig into vulnerabilities in popular building automation systems, devices.
Oklahoma Data Leak Compromises Years of FBI Data
Quick Hits  |  1/16/2019  | 
The Oklahoma Securities Commission accidentally leaked 3 TB of information, including data on years of FBI investigations.
How the US Chooses Which Zero-Day Vulnerabilities to Stockpile
Commentary  |  1/16/2019  | 
When it comes to acceptable circumstances for government disclosure of zero-days, the new Vulnerabilities Equity Process might be the accountability practice security advocates have been waiting for.
BEC Groups Ramp Up Payroll Diversion Attacks
News  |  1/16/2019  | 
Criminals are increasingly trying to defraud businesses by diverting payrolls of CEOs, other senior executives, Agari says.
Fortnite Players Compromised Via Epic Games Vulnerability
News  |  1/16/2019  | 
Bugs in Epic Games' platform could let intruders take over players' accounts, view personal data, and/or buy in-game currency.
Are You Listening to Your Kill Chain?
Commentary  |  1/16/2019  | 
With the right tools and trained staff, any organization should be able to deal with threats before information is compromised.
Triton/Trisis Attack Was More Widespread Than Publicly Known
News  |  1/16/2019  | 
Signs of the attack first showed up two months before it was identified as a cyberattack, but they were mistaken for a pure equipment failure by Schneider Electric, security expert reveals at S4x19.
Justice Department Indicts 2 Ukrainian Nationals With Hacking SEC
News Analysis-Security Now  |  1/16/2019  | 
The Justice Department has charged two Ukrainian nationals with hacking into the SEC's EDGAR systems and accessing sensitive company reports and other data before the information was made public.
Federal Judge: Police Can't Force Suspects to Unlock Devices Using Biometrics
Larry Loeb  |  1/16/2019  | 
A federal judge in California finds that police can't force suspects to unlock their smartphones or other mobiles using biometrics. The court found biometrics are protected much the same way passwords are.
Zix Acquiring AppRiver to Bolster Email Security for SMBs
News Analysis-Security Now  |  1/16/2019  | 
In a move to bolster its email security portfolio for small and midsized businesses, Dallas-based Zix is paying $275 million for AppRiver.
Hijacking a PLC Using its Own Network Features
News  |  1/15/2019  | 
Researcher at S4x19 to show how attackers can exploit the built-in advanced connectivity functions in some Rockwell PLCs.
Report: Bots Add Volume to Account Takeover Attacks
Quick Hits  |  1/15/2019  | 
Bots that can launch hundreds of attacks per second are making account takeover fraud more difficult to defend against.
Online Fraud: Now a Major Application Layer Security Problem
Commentary  |  1/15/2019  | 
The explosion of consumer-facing online services and applications is making it easier and cheaper for cybercriminals to host malicious content and launch attacks.
US Judge: Police Can't Force Biometric Authentication
Quick Hits  |  1/15/2019  | 
Law enforcement cannot order individuals to unlock devices using facial or fingerprint scans, a California judge says.
7 Privacy Mistakes That Keep Security Pros on Their Toes
Slideshows  |  1/15/2019  | 
When it comes to privacy, it's the little things that can lead to big mishaps.
<<   <   Page 2 / 4   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-32411
PUBLISHED: 2022-07-01
An issue in the languages config file of HongCMS v3.0 allows attackers to getshell.
CVE-2022-32412
PUBLISHED: 2022-07-01
An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell.
CVE-2022-34903
PUBLISHED: 2022-07-01
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
CVE-2022-32324
PUBLISHED: 2022-07-01
PDFAlto v0.4 was discovered to contain a heap buffer overflow via the component /pdfalto/src/pdfalto.cc.
CVE-2022-32325
PUBLISHED: 2022-07-01
JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c.