Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in October 2017
Page 1 / 4   >   >>
Ted Schlein: Interview With a Capitalist
Curt Franklin  |  10/31/2017  | 
Ted Schlein is a partner with the most storied venture capital fund in Silicon Valley. When Ted talks about cybersecurity, people listen.
North Korea Faces Accusations of Hacking Warship Builder Daewoo
Quick Hits  |  10/31/2017  | 
North Korea suspected by South Korea of stealing warship blueprints from Daewoo Shipbuilding & Marine Engineering.
Office 365 Missed 34,000 Phishing Emails Last Month
News  |  10/31/2017  | 
Nearly 10% of emails delivered to Office 365 inboxes were spam, phishing messages, and known or zero-day malware.
Who Says Brilliant Security Engineers Can't Be Amazing People Managers?
Commentary  |  10/31/2017  | 
Don't let midcareer stagnation be an exit ramp from the cybersecurity industry. Use it as an opportunity to explore and to deepen your enthusiasm.
Trump Administration to Craft New Cybersecurity Plan
Quick Hits  |  10/31/2017  | 
Strategy will mirror President Trump's cybersecurity Executive Order.
How to Make a Ransomware Payment - Fast
Slideshows  |  10/31/2017  | 
Paying ransom in a ransomware attack isn't recommended, but sometimes, it's necessary. Here's how to pay by cryptocurrency.
A New Fence: The Software-Defined Perimeter
News Analysis-Security Now  |  10/31/2017  | 
The network perimeter is dead: Long live the new perimeter! The boundary of your enterprise network can now be defined by software – but is that the right answer for your organization?
10 Scariest Ransomware Attacks of 2017
News  |  10/31/2017  | 
A look back at WannaCry, NotPetya, Locky, and other destructive ransomware campaigns to infect the world this year.
Stop Counting Vulnerabilities & Start Measuring Risk
Commentary  |  10/31/2017  | 
When security teams report on real risk, executive teams can gain a much better understanding of the company's security posture.
Phishing Kits Regularly Reused by Cybercriminals
News  |  10/31/2017  | 
In 27% of cases, a phishing kit is re-used on more than one host.
Majority of Employees Hit with Ransomware Personally Make Payment
News  |  10/31/2017  | 
Office workers pay an average ransom of $1,400, according to a new report.
Gaza Cybergang Acquires New Tools, Expands Operations
News  |  10/30/2017  | 
Warning from Kaspersky Lab second in recent month involving heightened threat activity in Middle East and North Africa.
Google Bug Database Flaws Expose Severe Vulnerabilities
Quick Hits  |  10/30/2017  | 
A security researcher accessed the most critical bugs in Google products and services by spoofing a corporate email address.
Security Gets Social: 10 of Dark Reading's Most Shared Stories
Slideshows  |  10/30/2017  | 
We scared up our most popular stories on Facebook, Twitter, and LinkedIn.
The 5 Nightmare (Breaches) Before Halloween
News Analysis-Security Now  |  10/30/2017  | 
You're going to be hit by a breach. Which one, and in what guise it comes, will determine just how scary it's going to be.
Kaspersky Expects US Sales to Decline in 2017
Quick Hits  |  10/30/2017  | 
CEO points to an "information war" against his company as the cause of the revenue drop.
CAPTCHA Is Vulnerable
Larry Loeb  |  10/30/2017  | 
A group of researchers have demonstrated a vulnerability in the widely used CAPTCHA scheme – a vulnerability that may mean the end of CAPTCHA as we know it.
Screen Sharing: Dark Reading Caption Contest Winners
Commentary  |  10/30/2017  | 
It was a tough competition with more than 125 submissions, our largest field yet. And the winners are ...
Preventing Credential Theft: A Security Checklist for Boards
Commentary  |  10/30/2017  | 
Board members pose a unique risk for business, but proper planning helps.
Its Time to Change the Cybersecurity Conversation
Commentary  |  10/30/2017  | 
The IT security industry needs more balance between disclosure of threats and discussion of defense practices and greater sharing of ideas
Web Attacks Spike in Financial Industry
News  |  10/27/2017  | 
Web application compromise beats human error as the top data breach cause, putting finance companies at risk for larger attacks, according to a new study.
Ted Schlein Hates Passwords
Curt Franklin  |  10/27/2017  | 
He hates user names, too, and thinks we should get rid of them. In a keynote address at Networking the Future in Tampa, Fla., he discussed why.
Identity Theft Ring Hit with Credit Card Fraud Indictment
Quick Hits  |  10/27/2017  | 
A federal grand jury indicts six individuals on criminal charges relating to credit card and debit card fraud.
3 Steps to Reduce Risk in Your Supply Chain
Commentary  |  10/27/2017  | 
Many companies have very limited visibility into their vendors' security posture -- and some may have thousands of vendors. Here are steps that every company should take to lock down their supply chains.
Kaspersky's US Gov Woes Continue
Simon Marshall  |  10/27/2017  | 
Kaspersky has admitted that its software grabbed a classified file from a private computer. Does it prove the US government's claims or prove that Kaspersky is a good global citizen?
Passwords Use Alone Still Trumps Multi-Factor Authentication
News  |  10/27/2017  | 
Strong authentication use overall remains weak but is starting to gain some ground with enterprises.
Is Your Security Military-Grade?
Curt Franklin  |  10/26/2017  | 
Simple civilian security won't cut it for most businesses. It's time to take your cybersecurity mil-spec.
Inmarsat Disputes IOActive Reports of Critical Flaws in Ship SATCOM
News  |  10/26/2017  | 
Satellite communications provider says security firm's narrative about vulnerabilities in its AmosConnect 8 shipboard email service is overblown.
Security Forecast: Cloudy with Low Data Visibility
News  |  10/26/2017  | 
Businesses are moving more sensitive data to the cloud but struggle to monitor and manage it once it's there.
'Reaper' IoT Botnet Likely a DDoS-for-Hire Tool
Quick Hits  |  10/26/2017  | 
Latest IoT botnet commandeers 10,000 to 20,000 devices with an additional 2 million hosts identified.
Bad Rabbit Used Pilfered NSA Exploit
News  |  10/26/2017  | 
Turns out the fast and furious ransomware campaign in Eastern Europe this week employed the so-called 'BadRomance' tool to help it spread.
Dark Web Marketplaces' New Home: Mobile Messaging Apps
News  |  10/26/2017  | 
Telegram, Discord, Whatsapp grow in popularity as criminals look for more alternatives to fly under the radar.
30% of Major CEOs Have Had Passwords Exposed
Quick Hits  |  10/26/2017  | 
One in three CEOs have had passwords leaked through online services where they registered with a corporate email address.
Why Data Breach Stats Get It Wrong
Commentary  |  10/26/2017  | 
It's not the size of the stolen data dump that is important. It's the window between the date of the breach and the date of discovery that represents the biggest threat.
Ways to Win the Security Skills Challenge
News Analysis-Security Now  |  10/26/2017  | 
Finding and keeping skilled security professionals is hard. But there are ways that can work to keep your best employees on-board and happy.
A Checklist for Securing the Internet of Things
Commentary  |  10/26/2017  | 
IoT devices promise endless benefits, but they also come with serious security issues. Use this checklist to make sure your company stays safe.
5 Reasons Why the CISO is a Cryptocurrency Skeptic
Partner Perspectives  |  10/26/2017  | 
If you think all you need is technology to defend against bad guys, you shouldnt be a CISO. But technology is all cryptocurrency is, starting with Bitcoin.
Doubling Up on AV Fails to Protect 40% of Users from Malware Attacks
News  |  10/26/2017  | 
Traditional signature-based antivirus solutions are falling short on protecting endpoints, even when there are two or more deployed.
Kaspersky Lab Collected, Then Deleted NSA File from a Home Computer
News  |  10/25/2017  | 
Concerns over handling classified US data one of the reasons why Kaspersky Lab CEO ordered file deletion, company says.
Bad Rabbit Dies Down But Questions Remain
News  |  10/25/2017  | 
The origins of the rapid-fire ransomware attack campaign affecting mainly Russian targets remain a bit of a mystery.
Bad Rabbit Breeds Ransomware Fears
Curt Franklin  |  10/25/2017  | 
A new breed of ransomware has hit Russia and Eastern Europe. Bad Rabbit could hop the Atlantic and wreak havoc on North American systems.
Windows 10 Update: 10 Key New Security Features
Slideshows  |  10/25/2017  | 
Microsoft is tightening its focus on Windows 10 security with several new security tools in its latest major OS update.
Advanced Analytics + Frictionless Security: What CISOS Need to Know
Commentary  |  10/25/2017  | 
Advances in analytics technologies promise to make identity management smarter and more transparent to users. But the process is neither straightforward nor easy.
Third Man Charged in Hacking Celebrities' iCloud and Gmail Accounts
Quick Hits  |  10/25/2017  | 
An Illinois man is charged with hacking into more than 550 accounts that belong to entertainment industry figures and others.
Will Transparency Save Kaspersky?
Simon Marshall  |  10/25/2017  | 
Kaspersky is trying radical transparency to counter accusations that it acts as a front for Russian intelligence. Will it be enough to quiet the skeptics?
Productivity, Operations Hardest-Hit by Endpoint Attacks
Quick Hits  |  10/25/2017  | 
Operational outcomes from infected endpoints are more common than data loss or financial effects, researchers found.
Why Patching Software Is Hard: Organizational Challenges
Commentary  |  10/25/2017  | 
The Equifax breach shows how large companies can stumble when it comes to patching. Organizational problems can prevent best practices from being enforced.
'Bad Rabbit' Ransomware Attacks Rock Russia, Ukraine - and Beyond
News  |  10/24/2017  | 
Attack employs new version of infamous NotPetya ransomware used in June attacks on Ukraine targets.
A New BotNet Is Growing: Are You Already Part of Its Army?
Curt Franklin  |  10/24/2017  | 
The IoT_Reaper botnet is new and growing. Are your IoT devices already part of a criminal system that will cripple the Internet?
New Cybercrime Insurance Policy Protects the 'High Net Worth' Set
Quick Hits  |  10/24/2017  | 
Rubica is offering its active subscribers a $1 million cybersecurity insurance policy via its partner PURE Starling.
Page 1 / 4   >   >>


Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-28042
PUBLISHED: 2021-03-05
Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. This can lead to remote code execution.
CVE-2021-28041
PUBLISHED: 2021-03-05
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
CVE-2021-3377
PUBLISHED: 2021-03-05
The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting (XSS) vulnerability. This issue is fixed in v5.0.0.
CVE-2021-3420
PUBLISHED: 2021-03-05
A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow.
CVE-2020-29020
PUBLISHED: 2021-03-05
Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware.