Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in January 2020
Page 1 / 3   >   >>
What It's Like to Be a CISO: Check Point Security Leader Weighs In
News  |  1/31/2020  | 
Jony Fischbein shares the concerns and practices that are top-of-mind in his daily work leading security at Check Point Software.
'George' the Most Popular Password That's a Name
Quick Hits  |  1/31/2020  | 
A new study of stolen passwords reflects the consequences of password overload.
Ashley Madison Breach Returns with Extortion Campaign
Quick Hits  |  1/31/2020  | 
The recent attack messages use new techniques to extort Bitcoin payments from Ashley Madison users hit in massive 2015 data breach.
Embracing a Prevention Mindset to Protect Critical Infrastructure
Commentary  |  1/31/2020  | 
A zero-trust, prevention-first approach is necessary to keep us safe, now and going forward.
Cisco: Privacy Efforts Pay Off Directly
Larry Loeb  |  1/31/2020  | 
Cisco's research has proven that beyond meeting compliance requirements, good privacy is good for business and individuals.
Two Vulnerabilities Found in Microsoft Azure Infrastructure
News  |  1/30/2020  | 
Researchers detail the process of finding two flaws in the Azure Stack architecture and Azure App Service, both of which have been patched.
Android Malware for Mobile Ad Fraud Spiked Sharply in 2019
News  |  1/30/2020  | 
Some 93% of all mobile transactions across 20 countries were blocked as fraudulent, Upstream says.
Russian Cybercrime Forum Contests Bring Cash, Visibility to Winners
Quick Hits  |  1/30/2020  | 
Competitions for users are a long-time tradition on underground cybercrime forums for members looking for money - and cred with major criminal syndicates.
How to Secure Your IoT Ecosystem in the Age of 5G
Commentary  |  1/30/2020  | 
For businesses planning to adopt 5G, the sheer number of IoT devices creates a much larger attack surface.
How To Keep Your Privacy and Data Secure While Working With a Remote Team
News  |  1/30/2020  | 
Implementing basic strategies can ensure your remote team's work will be secure, data will be protected, and you'll be far less exposed to security risks.
United Nations Data Breach Started with Microsoft SharePoint Bug
Quick Hits  |  1/30/2020  | 
A remote code execution flaw enabled a breach of UN offices in Geneva and Vienna, as well as the Office of the High Commissioner for Human Rights.
Enterprise Hardware Still Vulnerable to Memory Lane Attacks
News  |  1/30/2020  | 
Most laptops, workstations, and servers are still vulnerable to physical attacks via direct memory access, despite mitigations often being available, report says.
Election Security 2020: How We Should Allocate $425M in Funding
Commentary  |  1/30/2020  | 
Too many states and municipalities still rely on aging systems; it's time they upped their game and treated election technology like they would any other security project.
All Your Intel L1 Cache Belongs to CacheOut
Larry Loeb  |  1/30/2020  | 
Once again, a novel 'speculative execution side-channel' attack has been discovered by researchers.
Aftermath of a Major ICS Hacking Contest
News  |  1/29/2020  | 
Pwn2Own Miami could help spur more research on and attention to the security of industrial control system products, experts say.
Number of Botnet Command & Control Servers Soared in 2019
News  |  1/29/2020  | 
Servers worldwide that were used to control malware-infected systems jumped more than 71% compared to 2018, Spamhaus says.
Criminals Hide Malware Behind Grammy-Winning Cover
Quick Hits  |  1/29/2020  | 
Songs by Ariana Grande, Taylor Swift, and Post Malone are the most popular places.
Inside the Check Point Research Team's Investigation Process
News  |  1/29/2020  | 
The team sheds light on how their organization works and what they're watching in the threat landscape.
9 Things Application Security Champions Need to Succeed
Slideshows  |  1/29/2020  | 
Common elements to highly effective security champion programs that take DevSecOps to the next level
Pilfered Wawa Payment Card Data Now for Sale on Dark Web
Quick Hits  |  1/29/2020  | 
The Joker's Stash underground marketplace is offering stolen payment card data from Wawa's recently disclosed data breach.
Securing Containers with Zero Trust
Commentary  |  1/29/2020  | 
A software identity-based approach should become a standard security measure for protecting workloads in all enterprise networks.
Businesses Improve Their Data Security, But Privacy Not So Much
News  |  1/29/2020  | 
While the California Consumer Privacy Act will force companies to provide a modicum of meaningful privacy, World Privacy Day still mainly celebrates data security.
Threat Hunting Is Not for Everyone
Commentary  |  1/29/2020  | 
Threat hunting is a sophisticated, advanced technique that should be reserved for specific instances and be conducted only by trained professionals.
Why Companies Should Care about Data Privacy Day
Commentary  |  1/29/2020  | 
Marking yesterday's 14th anniversary of Europe's first data protection day reminds us how far we still have to go.
NFL, Multiple NFL Teams' Twitter Accounts Hacked and Hijacked
Quick Hits  |  1/28/2020  | 
Hackers claiming to be from the hacktivist group OurMine temporarily took over Twitter accounts of the NFL and several teams in the league.
Emerging Long-Range WAN Networks Vulnerable to Hacking, Compromise
News  |  1/28/2020  | 
The root keys used to protect communication on LoRaWAN infrastructure can be easily obtained, IOActive says.
'Understand What You Believe': Fmr. FBI Agent Unpacks Information Threats
News  |  1/28/2020  | 
In the past few years, social media has transformed from a communications gold mine to a minefield of disinformation campaigns.
Russian Brothers Sentenced to 12 Years for Fraud and Identity Theft
Quick Hits  |  1/28/2020  | 
The pair, based in Fort Lauderdale, Fla., were running a sophisticated credit card fraud factory.
Intel Previews Newest 'Zombieload' Patch
Quick Hits  |  1/28/2020  | 
Intel has promised a third patch to remediate the Zombieload speculative execution vulnerability.
CCPA: Cut From the Same Cloth as PCI DSS
Commentary  |  1/28/2020  | 
Finally, some good news about CCPA: If you've built your security infrastructure to PCI DSS standards, you may be already covered by California's new data protection rules
RDG Gets Fooled by UDP
Larry Loeb  |  1/28/2020  | 
Security researchers have found that the implementation in Remote Desktop Gateway of string segmentation lays it open to memory corruption vulnerabilities.
New Zoom Bug Prompts Security Fix, Platform Changes
News  |  1/28/2020  | 
A newly discovered Zoom vulnerability would have enabled an attacker to join active meetings and access audio, video, and documents shared.
Average Ransomware Payments More Than Doubled in Q4 2019
News  |  1/27/2020  | 
Ransomware attackers collected an average of around $84,000 from victim organizations, up from $41,000 in Q3 of 2018, Coveware says.
Greater Focus on Privacy Pays Off for Firms
News  |  1/27/2020  | 
Privacy-mature companies complete sales more quickly, have fewer and less serious breaches, and recover from incidents faster, according to Cisco's annual survey.
How to Get the Most Out of Your Security Metrics
Commentary  |  1/27/2020  | 
There's an art to reporting security metrics so that they speak the language of leadership and connect the data from tools to business objectives.
Ransomware Costs More in Q4
Larry Loeb  |  1/27/2020  | 
In Q4 of 2019, the average ransom payment increased by 104% to $84,116, finds Coveware report.
New Social Engineering Event to Train Business Pros on Human Hacking
Quick Hits  |  1/24/2020  | 
The DEF CON Social Engineering Capture the Flag contest inspired a new event aimed at teaching both security and non-security professionals on the fine art of hacking human behavior.
'CardPlanet' Operator Pleads Guilty in Federal Court
Quick Hits  |  1/24/2020  | 
Russian national faced multiple charges in connection with operating the marketplace for stolen credit-card credentials, and a forum for VIP criminals to offer their services.
GE Medical Instrumentation on the Critical List
Larry Loeb  |  1/24/2020  | 
DHS-CISA has issued a security advisory about GE Carescape medical instrumentation that enumerates many vulnerabilities present in them.
5 Resume Basics for a Budding Cybersecurity Career
Commentary  |  1/24/2020  | 
You'll need to add resume tactician to your skill set in order to climb up the next rung on the security job ladder. Here's how.
Online Employment Scams on the Rise, Says FBI
News  |  1/24/2020  | 
Looking to change jobs? Watch out for fraudsters who use legitimate job services, slick websites, and an interview process to convince applicants to part with sensitive personal details.
The Annoying MacOS Threat That Won't Go Away
News  |  1/23/2020  | 
In two years, the adware-dropping Shlayer Trojan has spread to infect one in 10 MacOS systems, Kaspersky says.
DHS Warns of Increasing Emotet Risk
Quick Hits  |  1/23/2020  | 
Emotet is considered one of the most damaging banking Trojans, primarily through its ability to carry other malware into an organization.
NSA Offers Guidance on Mitigating Cloud Flaws
Quick Hits  |  1/23/2020  | 
A new document separates cloud vulnerabilities into four classes and offers mitigations to help businesses protect cloud resources.
Deconstructing Web Cache Deception Attacks: They're Bad; Now What?
Commentary  |  1/23/2020  | 
Expect cache attacks to get worse before they get better. The problem is that we don't yet have a good solution.
Severe Vulnerabilities Discovered in GE Medical Devices
News  |  1/23/2020  | 
CISA has released an advisory for six high-severity CVEs for GE Carescape patient monitors, Apex Pro, and Clinical Information Center systems.
Ryuk Ransomware Hit Multiple Oil & Gas Facilities, ICS Security Expert Says
News  |  1/23/2020  | 
Attackers 'weaponized' Active Directory to spread the ransomware.
Weathering the Privacy Storm from GDPR to CCPA & PDPA
Commentary  |  1/23/2020  | 
A general approach to privacy, no matter the regulation, is the only way companies can avoid a data protection disaster in 2020 and beyond.
EFS Ransomware Slips by AV Products
Larry Loeb  |  1/23/2020  | 
Inside of Windows is a methodology called Encrypting File System. It works on individual files or folders, rather than at the whole disk level like BitLocker does.
To Avoid Disruption, Ransomware Victims Continue to Pay Up
News  |  1/23/2020  | 
For all the cautions against doing so, one-third of organizations in a Proofpoint survey said they paid their attackers after getting infected with ransomware.
Page 1 / 3   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Mobile App Fraud Jumped in Q1 as Attackers Pivot from Browsers
Jai Vijayan, Contributing Writer,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...