Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in January 2020
<<   <   Page 3 / 3
AWS Issues 'Urgent' Warning for Database Users to Update Certs
Quick Hits  |  1/9/2020  | 
Users of AWS Aurora, DocumentDB, and RDS databases must download and install a fresh certificate and rotate the certificate authority.
Operationalizing Threat Intelligence at Scale in the SOC
Commentary  |  1/9/2020  | 
Open source platforms such as the Malware Information Sharing Platform are well positioned to drive a community-based approach to intelligence sharing.
7 Free Tools for Better Visibility Into Your Network
Slideshows  |  1/9/2020  | 
It's hard to protect what you don't know is there. These free tools can help you understand just what it is that you need to protect -- and need to protect yourself from.
Rockwell Automation to Buy ICS Security Services Firm
Quick Hits  |  1/9/2020  | 
Industrial control systems vendor plans to acquire Avnet Data Security, which provides penetration testing, assessments, training, and managed network and security services for the ICS sector.
Las Vegas Suffers Cyberattack on First Day of CES
Quick Hits  |  1/8/2020  | 
The attack, still under investigation, hit early in the morning of Jan. 7.
Developers Still Don't Properly Handle Sensitive Data
News  |  1/8/2020  | 
The top classes of vulnerabilities for 2019 indicate that developers still don't correctly sanitize inputs, nor protect passwords and keys as they should.
Google's Project Zero Policy Change Mandates 90-Day Disclosure
Quick Hits  |  1/8/2020  | 
The updated disclosure policy aims to achieve more thorough and improved patch development, Google reports.
TikTok Bugs Put Users' Videos, Personal Data At Risk
News  |  1/8/2020  | 
Researchers found it was possible to spoof SMS messages from TikTok and exploit an API flaw that could grant access to users' personal data.
The "Art of Cloud War" for Business-Critical Data
Commentary  |  1/8/2020  | 
How business executives' best intentions may be negatively affecting security and risk mitigation strategies -- and exposing weaknesses in organizational defenses.
DHS Warns of Potential Iranian Cyberattacks
News  |  1/7/2020  | 
Recent US military action in Baghdad could prompt retaliatory attacks against US organizations, it says.
Cloudflare Adds New Endpoint, Web Security Service
News  |  1/7/2020  | 
"Teams" and a new browser security acquisition expand the cloud firm's security offerings.
The Discovery and Implications of 'MDB Leaker'
News  |  1/7/2020  | 
The "MDB Leaker" vulnerability in the Microsoft Access Database could lead to a memory leak if left unpatched.
Accenture to Buy Symantec's Cyber Security Services
Quick Hits  |  1/7/2020  | 
The purchase, for an undisclosed amount, is scheduled to close in March.
Insight Partners Acquires Armis at $1.1B Valuation
Quick Hits  |  1/7/2020  | 
This deal marks the largest-ever acquisition of a private Israeli cybersecurity company, Armis' co-founders report.
New Standards Set to Reshape Future of Email Security
Commentary  |  1/7/2020  | 
Emerging specs and protocols expected to make the simple act of opening an email a less risky proposition
Widely Known Flaw in Pulse Secure VPN Being Used in Ransomware Attacks
News  |  1/6/2020  | 
New Year's Eve attack on currency exchange service Travelex may have involved use of the flaw.
Malicious Google Play Apps Linked to SideWinder APT
News  |  1/6/2020  | 
The active attack involving three malicious Android applications is the first exploiting CVE-2019-2215, Trend Micro researchers report.
US Government Publishing Office Website Defaced
Quick Hits  |  1/6/2020  | 
The Federal Depository Library Program (FDLP) website was attacked by a group of hackers claiming to represent the government of Iran.
Mimecast Acquires Segasec to Boost Phishing Defense
Quick Hits  |  1/6/2020  | 
Segasec's technology will be integrated into Mimecast's email and Web security services to identify malicious domains.
Client-Side JavaScript Risks & the CCPA
Commentary  |  1/6/2020  | 
How California's new privacy law increases the liability for securing Web-facing user data, and what enterprises can do to mitigate their risk.
Ransomware Victim Southwire Sues Maze Operators
News  |  1/3/2020  | 
Attackers demanded $6 million from the wire and cable manufacturer when they launched a December ransomware campaign.
Cisco Drops a Dozen Vulnerability Patches
Quick Hits  |  1/3/2020  | 
Among them are three for critical authentication bypass flaws.
Continental Drift: Is Digital Sovereignty Splitting Global Data Centers?
News  |  1/3/2020  | 
The recent proposal by Germany, backed by France, to fuse the infrastructures of Europe's cloud providers could challenge every data center storing a European's data.
Malware Hits Travelex Currency Exchange Service
Quick Hits  |  1/3/2020  | 
The New Year's Eve malware attack forced Travelex employees to resort to manual operations.
Organizations May 'Uncloud' Over Security, Budgetary Concerns
Commentary  |  1/3/2020  | 
While most cloud vendors forecast continued adoption and growth, some customers are taking a harder look at the cloud services they're using
Time for Insider-Threat Programs to Grow Up
News  |  1/2/2020  | 
Immature programs attempting to protect against damaging attacks by insiders run the risk of alienating employees.
CCPA Kickoff: What Businesses Need to Know
News  |  1/2/2020  | 
The California Consumer Privacy Act is in full effect, prompting organizations to think about how they'll remain compliant.
Ransomware Scuttles Coast Guard Facility for 30+ Hours
Quick Hits  |  1/2/2020  | 
The attack on the unnamed facility began with a malicious email link.
Landry's Restaurant Chain Discloses Payment Security Incident
Quick Hits  |  1/2/2020  | 
Some payment cards were mistakenly swiped on order-entry systems that lacked the security of its point-of-sale terminals.
Mechanics of a Crypto Heist: How SIM Swappers Can Steal Cryptocurrency
Commentary  |  1/2/2020  | 
The true vulnerability at the heart of SIM-swap attacks on crypto accounts lies in crypto exchanges' and email providers' variable implementation of 2FA.
6 Security Team Goals for DevSecOps in 2020
Slideshows  |  1/2/2020  | 
Huge opportunities await security teams that are finally ready move the needle on security problems that have plagued organizations for years.
<<   <   Page 3 / 3


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "I feel safe, but I can't understand a word he's saying."
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11111
PUBLISHED: 2020-03-31
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).
CVE-2020-11112
PUBLISHED: 2020-03-31
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
CVE-2020-11113
PUBLISHED: 2020-03-31
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
CVE-2020-10374
PUBLISHED: 2020-03-30
A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG 20.1.56 allows unauthenticated remote command execution via a crafted POST request or the what parameter of the screenshot function in the Contact Support form.
CVE-2020-11104
PUBLISHED: 2020-03-30
An issue was discovered in USC iLab cereal through 1.3.0. Serialization of an (initialized) C/C++ long double variable into a BinaryArchive or PortableBinaryArchive leaks several bytes of stack or heap memory, from which sensitive information (such as memory layout or private keys) can be gleaned if...