Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content
Page 1 / 2   >   >>
Visa Warns of Targeted PoS Attacks on Gas Station Merchants
News  |  12/13/2019  | 
At least two North American chains have been hit in sophisticated new campaigns for stealing payment card data.
Fortinet Buys CyberSponse for SOAR Capabilities
Quick Hits  |  12/13/2019  | 
It plans to integrate CyberSponse's SOAR platform into the Fortinet Security Fabric.
Endpoint Protection: Dark Reading Caption Contest Winners
Commentary  |  12/13/2019  | 
Trojans, knights, and medieval wordplay. And the winners are ...
Lessons Learned from 7 Big Breaches in 2019
Slideshows  |  12/13/2019  | 
Capital One, Macy's, FEMA, and others: key takeaways from the year's most notable breaches.
Android App Analysis Uncovers Seasonal Shopping Risk
News  |  12/12/2019  | 
Researchers scanned 4,200 Android apps and found many exhibit malicious behavior or have a dangerous level of permissions.
Cyberattacks on Retailers Could Increase 20% this Holiday Season
News  |  12/12/2019  | 
Commodity malware and ransomware continue to be the biggest threats, says VMWare Carbon Black.
The Most, Least Insecure US Cities for SMBs
Quick Hits  |  12/12/2019  | 
A new report looks at computer activity in the 50 largest metropolitan areas.
Gallium: The Newest Threat Group on Microsoft's Radar
News  |  12/12/2019  | 
Hacking group has been targeting telecommunication providers.
Get Organized Like a Villain
Commentary  |  12/12/2019  | 
What cybercrime group FIN7 can teach us about using agile frameworks.
Smart Building Security Awareness Grows
News  |  12/12/2019  | 
In 2020, expect to hear more about smart building security.
Lessons from the NSA: Know Your Assets
News  |  12/12/2019  | 
Chris Kubic worked at the National Security Agency for the past 32 years, finishing his tenure as CISO. He talks about lessons learned during his time there and what they mean for the private sector.
Waking Up to Third-Party Security Risk
Commentary  |  12/12/2019  | 
You can't rely on the words, intentions, or security measures of others to guard your company, customer and brand.
Trickbot Operators Now Selling Attack Tools to APT Actors
News  |  12/11/2019  | 
North Korea's Lazarus Group - of Sony breach and WannaCry fame - is among the first customers.
Intel Issues Fix for 'Plundervolt' SGX Flaw
News  |  12/11/2019  | 
Researchers were able to extract AES encryption key using SGX's voltage-tuning function.
5 Tips for Keeping Your Security Team on Target
Commentary  |  12/11/2019  | 
In nearly every security environment, competing priorities are a constant battleground. Here's how to keep the focus on what's important.
Google Chrome Now Automatically Alerts Users on Compromised Passwords
Quick Hits  |  12/11/2019  | 
A series of security enhancements seek to protect users from phishing and warn them when credentials have been compromised.
Younger Generations Drive Bulk of 2FA Adoption
News  |  12/11/2019  | 
Use of two-factor authentication has nearly doubled in the past two years , pointing to a new wave of acceptance.
Nation-State Attackers May Have Co-opted Vega Ransomware
News  |  12/11/2019  | 
The tactics used by the latest version of the Vega cryptolocker program indicates the code may have been stolen from its authors and is now being used for destructive attacks, a new report suggests.
Only Half of Malware Caught by Signature AV
News  |  12/11/2019  | 
Machine learning and behavioral detection are necessary to catch threats, WatchGuard says in a new report. Meanwhile, network attacks have risen, especially against older vulnerabilities, such as those in Apache Struts.
City of Pensacola, Fla., Confirms Ransomware Attack
Quick Hits  |  12/11/2019  | 
Most systems remain offline to prevent the attack from spreading.
Big Changes Are Coming to Security Analytics & Operations
Commentary  |  12/11/2019  | 
New ESG research points to fundamental problems, a need for scalable security data pipelines, and a migration to the public cloud.
Data Leak Week: Billions of Sensitive Files Exposed Online
News  |  12/10/2019  | 
A total of 2.7 billion email addresses, 1 billion email account passwords, and nearly 800,000 applications for copies of birth certificate were found on unsecured cloud buckets.
Microsoft Fixes Windows Zero-Day on Lightest Patch Tuesday of 2019
News  |  12/10/2019  | 
This month's batch of security updates addresses 36 CVEs, seven of which are rated Critical and one of which has been exploited in the wild.
Blink Cameras Found with Multiple Vulnerabilities
Quick Hits  |  12/10/2019  | 
Researchers found three broad types of vulnerabilities, one of which should be particularly concerning to consumers.
Intel's CPU Flaws Continue to Create Problems for the Tech Community
Commentary  |  12/10/2019  | 
We can't wait out this problem and hope that it goes away. We must be proactive.
Only 53% of Security Pros Have Ownership of Workforce IAM
Quick Hits  |  12/10/2019  | 
Most practitioners report an increase in identities, but many don't have control over how those identities are protected from a range of attacks.
Deliver a Deadly Counterpunch to Ransomware Attacks: 4 Steps
Commentary  |  12/10/2019  | 
You can't prevent all ransomware attacks. However, it's possible to ensure that if a breach happens, it doesn't spread, affect business, and become a newsworthy event.
Scientists Break Largest Encryption Key Yet with Brute Force
Quick Hits  |  12/9/2019  | 
The key, only one-third the length of most commercial encryption keys, took more than 35 million compute hours to break.
Microsoft 'Campaign Views' Offers Full Look at Office 365 Attacks
News  |  12/9/2019  | 
Campaign views, arriving in public preview, aims to share more context around how attackers targeted an organization and whether its defenses worked.
Maersk CISO Says NotPeyta Devastated Several Unnamed US firms
Commentary  |  12/9/2019  | 
At least two companies may have been dealt even more damage than the shipping giant, which lost nearly its entire global IT infrastructure.
Two Bayrob Cybercrime Members Sentenced to 20 and 18 Years in Prison
Quick Hits  |  12/9/2019  | 
The Romanian nationals stole some $4 million in a vast malware, botnet, and cryptocurrency operation.
10 Notable Cybersecurity Acquisitions of 2019, Part 2
Slideshows  |  12/9/2019  | 
As mergers and acquisitions continued to shape the security industry throughout 2019, these deals were most significant.
4 Tips to Run Fast in the Face of Digital Transformation
Commentary  |  12/9/2019  | 
This gridiron-inspired advice will guarantee your digital transformation success and keep your data safe.
How Attackers Used Look-Alike Domains to Steal $1 Million From a Chinese VC
News  |  12/6/2019  | 
Money meant to fund an Israeli startup wound up directly deposited to the scammers.
Data Center Provider CyrusOne Confirms Ransomware Attack
Quick Hits  |  12/6/2019  | 
The attack struck CyrusOne's managed services division and compromised six customers primarily serviced by a New York data center.
Senators Call for End to Controversial NSA Program
Quick Hits  |  12/6/2019  | 
The program for collecting telephone call metadata has faced increased scrutiny and restrictions since Edward Snowden revealed its existence in 2013.
Success Enablers or Silent Killers?
Commentary  |  12/6/2019  | 
These five success enablers will help CISOs report, measure, and demonstrate ROI to the C-suite.
VPN Flaw Allows Criminal Access to Everything on Victims' Computers
Quick Hits  |  12/5/2019  | 
Vulnerability in the Aviatrix VPN client, since patched, gives an attacker unlimited access to a breached system.
US Sets $5 Million Bounty For Russian Hacker Behind Zeus Banking Thefts
News  |  12/5/2019  | 
Maksim Yakubets and his crew stole tens of millions using Zeus and Dridex, with victims including Bank of America, Key Bank, GenLabs, and United Dairy, DoJ says.
With Aporeto, Palo Alto Looks Away from the Firewall and Toward the Future
News  |  12/5/2019  | 
Seeing its firewall sales softening, the security vendor makes another acquisition to reorient itself for the cloud era.
SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Commentary  |  12/5/2019  | 
Assessments can be used against your company in court proceedings. Here's how to mitigate this potential risk.
Microsoft Defender ATP Brings EDR Capabilities to macOS
Quick Hits  |  12/5/2019  | 
Mac computers will now have the option to use Microsoft Defender Advanced Threat Protection's endpoint and detection response.
The Human Factor: 5 Reasons Why Cybersecurity Is a People Problem
Commentary  |  12/5/2019  | 
The industry can only go so far in treating security as a challenge that can be resolved only by engineering.
Password-Cracking Teams Up in CrackQ Release
News  |  12/4/2019  | 
The open source platform aims to make password-cracking more manageable and efficient for red teams.
What's in a Botnet? Researchers Spy on Geost Operators
News  |  12/4/2019  | 
The investigation of a major Android banking botnet yields insights about how cybercriminals structure and run an illicit business.
Black Hat Europe Q&A: Understanding the Ethics of Cybersecurity Journalism
News  |  12/4/2019  | 
Investigative journalist Geoff White chats about why now is the right time for his Black Hat Europe Briefing on hackers, journalists, and the ethical ramifications of cybersecurity journalism.
Shades of Shamoon: New Disk-Wiping Malware Targets Middle East Orgs
News  |  12/4/2019  | 
'ZeroCleare' shares some of the same features as its more notorious predecessor, IBM Security says.
(Literally) Put a Ring on It: Protecting Biometric Fingerprints
Quick Hits  |  12/4/2019  | 
Kaspersky creates a prototype ring you can wear on your finger for authentication.
Navigating Security in the Cloud
Commentary  |  12/4/2019  | 
Underestimating the security changes that need to accompany a shift to the cloud could be fatal to a business. Here's why.
Microsoft Issues Advisory for Windows Hello for Business
Quick Hits  |  12/4/2019  | 
An issue exists in Windows Hello for Business when public keys persist after a device is removed from Active Directory, if the AD exists, Microsoft reports.
Page 1 / 2   >   >>


Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Lessons from the NSA: Know Your Assets
Robert Lemos, Contributing Writer,  12/12/2019
4 Tips to Run Fast in the Face of Digital Transformation
Shane Buckley, President & Chief Operating Officer, Gigamon,  12/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8650
PUBLISHED: 2019-12-15
python-requests-Kerberos through 0.5 does not handle mutual authentication
CVE-2014-3536
PUBLISHED: 2019-12-15
CFME (CloudForms Management Engine) 5: RHN account information is logged to top_output.log during registration
CVE-2014-3643
PUBLISHED: 2019-12-15
jersey: XXE via parameter entities not disabled by the jersey SAX parser
CVE-2014-3652
PUBLISHED: 2019-12-15
JBoss KeyCloak: Open redirect vulnerability via failure to validate the redirect URL.
CVE-2014-3699
PUBLISHED: 2019-12-15
eDeploy has RCE via cPickle deserialization of untrusted data