Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in January 2019
<<   <   Page 4 / 4
Security Matters When It Comes to Mergers & Acquisitions
Commentary  |  1/8/2019  | 
The recently disclosed Marriott breach exposed a frequently ignored issue in the M&A process.
Spectre, Meltdown Vulnerabilities Will Haunt Industry for Years
Jeffrey Burt  |  1/8/2019  | 
Chip makers such as Intel have released patches and fixes to mitigate Spectre and Meltdown issues, but the problem won't be solved until they come out with new architectures, which is two to three years away.
New Malvertising Campaign Delivers Vidar Stealer Plus Ransomware
News Analysis-Security Now  |  1/8/2019  | 
Malwarebytes Labs has uncovered a new malvertising campaign in the wild that delivers a one-two punch: the Vidar data stealer and GrandCrab ransomware.
Bug Bounty Awards Climb as Software Security Improves
News  |  1/7/2019  | 
Top reward for iOS remote exploit hits $2 million, as companies who sell exploits to national governments have to offer more money to attract researchers to tackle increasingly secure software.
Stronger DNS Security Stymies Would-Be Criminals
News  |  1/7/2019  | 
2018 saw a reduced number of huge DNS-facilitated DDoS attacks. Vendors and service providers believe that malicious impact will drop with continued technology improvements.
Report: Consumers Buy New Smart Devices But Don't Trust Them
Quick Hits  |  1/7/2019  | 
The gap between acceptance and trust for new smart devices is huge, according to a new survey.
Akamai Streamlines Identity Management with Janrain Acquisition
Quick Hits  |  1/7/2019  | 
Akamai plans to combine Janrain's Identity Cloud with its Intelligent Platform to improve identity management.
Threat of a Remote Cyberattack on Today's Aircraft Is Real
Commentary  |  1/7/2019  | 
We need more stringent controls and government action to prevent a catastrophic disaster.
Academics Look to Bolster the Optimization of Neural Networks
Larry Loeb  |  1/7/2019  | 
A trio of academic papers looks at the current methods used to train neural networks and where the techniques can be improved in order to benefit the businesses that use them.
US Air Force: 5G Dominance Critical to National Security
Joe Stanganelli  |  1/7/2019  | 
In a November 2018 report, the US Air Force's Electromagnetic Defense Task Force ranks control of 5G networks and spectrum as a top priority for national security in the event of a substantial electromagnetic disturbance.
Marriott Sheds New Light on Massive Breach
Quick Hits  |  1/4/2019  | 
New information on the Starwood breach shows that the overall breach was somewhat smaller than originally announced, but the news for passport holders is worse.
Data on Hundreds of German Politicians Published Online in Massive Compromise
News  |  1/4/2019  | 
Authorities are investigating if breach resulted from a leak or a cyberattack.
CERT/CC Details Critical Flaws in Microsoft Windows, Server
Quick Hits  |  1/4/2019  | 
The vulnerabilities could be remotely exploited and give attackers control over affected systems.
How Intel Has Responded to Spectre and Meltdown
Slideshows  |  1/4/2019  | 
In a newly published editorial and video, Intel details what specific actions it has taken in the wake of the discovery of the CPU vulnerabilities.
Marriott Revises Data Breach Numbers as Investigation Continues
News Analysis-Security Now  |  1/4/2019  | 
Marriott has revised the number of customer accounts it believes were affected during a massive data breach. While the overall number dropped, the company now believes 5 million unencrypted passport numbers were exposed.
Managing Security in Today's Compliance and Regulatory Environment
Commentary  |  1/4/2019  | 
Instead of losing sight of the cybersecurity forest as we navigate the compliance trees, consolidate and simplify regulatory compliance efforts to keep your eyes on the security prize.
Microsoft's 'Project Bali' Wants to Let You Control Your Data
News  |  1/4/2019  | 
Currently in private beta, Bali is designed to give users control over the data Microsoft collects about them.
Six CISO Trends to Watch in 2019
News Analysis-Security Now  |  1/4/2019  | 
From legislation to insurance to staffing, 2019 is shaping up as a challenging year for CISOs. Here are six top trends security executives need to watch.
New USB Type-C Standards Offer Cryptographic-Based Security
Larry Loeb  |  1/4/2019  | 
The USB-IF has published new guidelines that looks to bring tougher security protocols, including cryptography, to USB Type-C devices to better protect against attacks.
Emotet Malware Gets More Aggressive
News  |  1/3/2019  | 
Emotet's operators have been adding new capabilities, making the malware now even more dangerous to its enterprise targets.
Android Malware Hits Victims in 196 Countries
Quick Hits  |  1/3/2019  | 
Malware disguised as games and utilities struck more than 100,000 victims before being taken out of Google Play.
Adobe Issues Emergency Patch Following December Miss
News  |  1/3/2019  | 
The company released an out-of-band update to head off vulnerabilities exposed in Acrobat and Reader, one of which had been patched by the company in December.
Taming the Digital Wild West
Commentary  |  1/3/2019  | 
Congress must do more to encourage good Samaritan efforts in the cybersecurity community and make it easier for law enforcement to consistently collaborate with them.
Town of Salem Game Breached, 7.6M Players Affected
Quick Hits  |  1/3/2019  | 
BlankMediaGames disclosed a data breach that affects millions using the browser-based role-playing game.
Redefining Critical Infrastructure for the Age of Disinformation
Commentary  |  1/3/2019  | 
In an era of tighter privacy laws, it's important to create an online environment that uses threat intelligence productively to defeat disinformation campaigns and bolster democracy.
Ryuk Ransomware Tied to Printing Press & Cloud Service Provider Attacks
News Analysis-Security Now  |  1/3/2019  | 
A series of cyber attacks over the holiday week that targeted newspaper printing presses and a cloud service provider are tied to a specific strain of ransomware called Ryuk.
EU's FOSSA Project Launches New Bug Bounty Program
Larry Loeb  |  1/3/2019  | 
The European Union's FOSSA project is launching its first-ever bug bounty program that will focus on 15 different software platforms starting later in January.
Ex-NSA Contractor Was a Suspect In Shadow Brokers Leak
News  |  1/2/2019  | 
New court document shows law enforcement suspected possible involvement of Harold Martin in Shadow Brokers' release of classified NSA hacking tools.
Cyberattack Halts Publication for US Newspapers
News  |  1/2/2019  | 
A virus disrupted print and delivery for the Chicago Tribune, Los Angeles Times, Baltimore Sun, and other US publications this weekend.
AI in Security Carries as Many Questions as Answers
News  |  1/2/2019  | 
Companies are adopting machine intelligence even though there are still issues and questions regarding its performance, a new report on AI use in cybersecurity shows.
Data on 997 North Korean Defectors Targeted in Hack
Quick Hits  |  1/2/2019  | 
Nearly 1,000 North Koreans who defected to South Korea had personal data compromised by an unknown attacker.
US-CERT Offers Tips for Securing Internet-Connected Holiday Gifts
Quick Hits  |  1/2/2019  | 
Key steps to making those home Internet of Things devices just a bit safer.
25 Years Later: Looking Back at the First Great (Cyber) Bank Heist
Commentary  |  1/2/2019  | 
The Citibank hack in 1994 marked a turning point for banking -- and cybercrime -- as we know it. What can we learn from looking back at the past 25 years?
Phishing & Social Engineering Attacks Will Rise in 2019
News Analysis-Security Now  |  1/2/2019  | 
The rise of fileless attack techniques and other developments is making phishing a much more serious problem for enterprise security. As we head into 2019, a new approach is needed.
Ten Cybersecurity Predictions That I Don't Like for 2019
Alan Zeichick  |  1/1/2019  | 
If 2018 turned into a security headache for enterprises, our writers predicts that 2019 won't be much better maybe even worse. \r\n\r\n
<<   <   Page 4 / 4


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-32411
PUBLISHED: 2022-07-01
An issue in the languages config file of HongCMS v3.0 allows attackers to getshell.
CVE-2022-32412
PUBLISHED: 2022-07-01
An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell.
CVE-2022-34903
PUBLISHED: 2022-07-01
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
CVE-2022-32324
PUBLISHED: 2022-07-01
PDFAlto v0.4 was discovered to contain a heap buffer overflow via the component /pdfalto/src/pdfalto.cc.
CVE-2022-32325
PUBLISHED: 2022-07-01
JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c.