News & Commentary

Content posted in October 2017
Page 1 / 3   >   >>
North Korea Faces Accusations of Hacking Warship Builder Daewoo
Quick Hits  |  10/31/2017  | 
North Korea suspected by South Korea of stealing warship blueprints from Daewoo Shipbuilding & Marine Engineering.
Office 365 Missed 34,000 Phishing Emails Last Month
News  |  10/31/2017  | 
Nearly 10% of emails delivered to Office 365 inboxes were spam, phishing messages, and known or zero-day malware.
Who Says Brilliant Security Engineers Can't Be Amazing People Managers?
Commentary  |  10/31/2017  | 
Don't let midcareer stagnation be an exit ramp from the cybersecurity industry. Use it as an opportunity to explore and to deepen your enthusiasm.
Trump Administration to Craft New Cybersecurity Plan
Quick Hits  |  10/31/2017  | 
Strategy will mirror President Trump's cybersecurity Executive Order.
How to Make a Ransomware Payment - Fast
Slideshows  |  10/31/2017  | 
Paying ransom in a ransomware attack isn't recommended, but sometimes, it's necessary. Here's how to pay by cryptocurrency.
10 Scariest Ransomware Attacks of 2017
News  |  10/31/2017  | 
A look back at WannaCry, NotPetya, Locky, and other destructive ransomware campaigns to infect the world this year.
Stop Counting Vulnerabilities & Start Measuring Risk
Commentary  |  10/31/2017  | 
When security teams report on real risk, executive teams can gain a much better understanding of the company's security posture.
Phishing Kits Regularly Reused by Cybercriminals
News  |  10/31/2017  | 
In 27% of cases, a phishing kit is re-used on more than one host.
Majority of Employees Hit with Ransomware Personally Make Payment
News  |  10/31/2017  | 
Office workers pay an average ransom of $1,400, according to a new report.
Gaza Cybergang Acquires New Tools, Expands Operations
News  |  10/30/2017  | 
Warning from Kaspersky Lab second in recent month involving heightened threat activity in Middle East and North Africa.
Google Bug Database Flaws Expose Severe Vulnerabilities
Quick Hits  |  10/30/2017  | 
A security researcher accessed the most critical bugs in Google products and services by spoofing a corporate email address.
Security Gets Social: 10 of Dark Reading's Most Shared Stories
Slideshows  |  10/30/2017  | 
We scared up our most popular stories on Facebook, Twitter, and LinkedIn.
Kaspersky Expects US Sales to Decline in 2017
Quick Hits  |  10/30/2017  | 
CEO points to an "information war" against his company as the cause of the revenue drop.
Screen Sharing: Dark Reading Caption Contest Winners
Commentary  |  10/30/2017  | 
It was a tough competition with more than 125 submissions, our largest field yet. And the winners are ...
Preventing Credential Theft: A Security Checklist for Boards
Commentary  |  10/30/2017  | 
Board members pose a unique risk for business, but proper planning helps.
Its Time to Change the Cybersecurity Conversation
Commentary  |  10/30/2017  | 
The IT security industry needs more balance between disclosure of threats and discussion of defense practices and greater sharing of ideas
Web Attacks Spike in Financial Industry
News  |  10/27/2017  | 
Web application compromise beats human error as the top data breach cause, putting finance companies at risk for larger attacks, according to a new study.
Identity Theft Ring Hit with Credit Card Fraud Indictment
Quick Hits  |  10/27/2017  | 
A federal grand jury indicts six individuals on criminal charges relating to credit card and debit card fraud.
3 Steps to Reduce Risk in Your Supply Chain
Commentary  |  10/27/2017  | 
Many companies have very limited visibility into their vendors' security posture -- and some may have thousands of vendors. Here are steps that every company should take to lock down their supply chains.
Passwords Use Alone Still Trumps Multi-Factor Authentication
News  |  10/27/2017  | 
Strong authentication use overall remains weak but is starting to gain some ground with enterprises.
Inmarsat Disputes IOActive Reports of Critical Flaws in Ship SATCOM
News  |  10/26/2017  | 
Satellite communications provider says security firm's narrative about vulnerabilities in its AmosConnect 8 shipboard email service is overblown.
Security Forecast: Cloudy with Low Data Visibility
News  |  10/26/2017  | 
Businesses are moving more sensitive data to the cloud but struggle to monitor and manage it once it's there.
'Reaper' IoT Botnet Likely a DDoS-for-Hire Tool
Quick Hits  |  10/26/2017  | 
Latest IoT botnet commandeers 10,000 to 20,000 devices with an additional 2 million hosts identified.
Bad Rabbit Used Pilfered NSA Exploit
News  |  10/26/2017  | 
Turns out the fast and furious ransomware campaign in Eastern Europe this week employed the so-called 'BadRomance' tool to help it spread.
Dark Web Marketplaces' New Home: Mobile Messaging Apps
News  |  10/26/2017  | 
Telegram, Discord, Whatsapp grow in popularity as criminals look for more alternatives to fly under the radar.
30% of Major CEOs Have Had Passwords Exposed
Quick Hits  |  10/26/2017  | 
One in three CEOs have had passwords leaked through online services where they registered with a corporate email address.
Why Data Breach Stats Get It Wrong
Commentary  |  10/26/2017  | 
It's not the size of the stolen data dump that is important. It's the window between the date of the breach and the date of discovery that represents the biggest threat.
A Checklist for Securing the Internet of Things
Commentary  |  10/26/2017  | 
IoT devices promise endless benefits, but they also come with serious security issues. Use this checklist to make sure your company stays safe.
5 Reasons Why the CISO is a Cryptocurrency Skeptic
Partner Perspectives  |  10/26/2017  | 
If you think all you need is technology to defend against bad guys, you shouldnt be a CISO. But technology is all cryptocurrency is, starting with Bitcoin.
Doubling Up on AV Fails to Protect 40% of Users from Malware Attacks
News  |  10/26/2017  | 
Traditional signature-based antivirus solutions are falling short on protecting endpoints, even when there are two or more deployed.
Kaspersky Lab Collected, Then Deleted NSA File from a Home Computer
News  |  10/25/2017  | 
Concerns over handling classified US data one of the reasons why Kaspersky Lab CEO ordered file deletion, company says.
Bad Rabbit Dies Down But Questions Remain
News  |  10/25/2017  | 
The origins of the rapid-fire ransomware attack campaign affecting mainly Russian targets remain a bit of a mystery.
Windows 10 Update: 10 Key New Security Features
Slideshows  |  10/25/2017  | 
Microsoft is tightening its focus on Windows 10 security with several new security tools in its latest major OS update.
Advanced Analytics + Frictionless Security: What CISOS Need to Know
Commentary  |  10/25/2017  | 
Advances in analytics technologies promise to make identity management smarter and more transparent to users. But the process is neither straightforward nor easy.
Third Man Charged in Hacking Celebrities' iCloud and Gmail Accounts
Quick Hits  |  10/25/2017  | 
An Illinois man is charged with hacking into more than 550 accounts that belong to entertainment industry figures and others.
Productivity, Operations Hardest-Hit by Endpoint Attacks
Quick Hits  |  10/25/2017  | 
Operational outcomes from infected endpoints are more common than data loss or financial effects, researchers found.
Why Patching Software Is Hard: Organizational Challenges
Commentary  |  10/25/2017  | 
The Equifax breach shows how large companies can stumble when it comes to patching. Organizational problems can prevent best practices from being enforced.
'Bad Rabbit' Ransomware Attacks Rock Russia, Ukraine - and Beyond
News  |  10/24/2017  | 
Attack employs new version of infamous NotPetya ransomware used in June attacks on Ukraine targets.
New Cybercrime Insurance Policy Protects the 'High Net Worth' Set
Quick Hits  |  10/24/2017  | 
Rubica is offering its active subscribers a $1 million cybersecurity insurance policy via its partner PURE Starling.
10 Steps for Stretching Your IT Security Budget
Slideshows  |  10/24/2017  | 
When the budget gods decline your request for an increase, here are 10 ways to stretch that dollar.
Finding Your Appetite for Security Automation (and Why That's Important)
Commentary  |  10/24/2017  | 
Yes, automation is becoming increasingly critical. But before you go all-in, determine the level that's right for your company.
Why Patching Software Is Hard: Technical Challenges
Commentary  |  10/24/2017  | 
Huge companies like Equifax can stumble over basic technical issues. Here's why.
One-Third of Businesses Can't Keep Up with Cloud Security
Quick Hits  |  10/24/2017  | 
One in three organizations cannot maintain security as cloud and container environments expand.
Opera, Vivaldi Co-Founder Talks Internet Privacy
News  |  10/24/2017  | 
Most people don't understand the extent to which their personal information is at risk, says Jon von Tetzchner, who founded the Opera and Vivaldi browser firms.
New Tool Debuts for Hacking Back at Hackers in Your Network
News  |  10/24/2017  | 
Deception technology firm Cymmetria offers a new offense option for defenders.
Unpatched Bugs Rampant on Mobile Devices in Financial Services Firms
News  |  10/23/2017  | 
More than a quarter of mobile devices used by financial services employees carry known vulnerabilities, according to a recent report.
US Critical Infrastructure Target of Russia-Linked Cyberattacks
News  |  10/23/2017  | 
Attacks have been under way since May, targeting energy, nuclear, aviation, water, and manufacturing, FBI and DHS say.
Windows 10 Update Aims to Block Attackers' Behavior
News  |  10/23/2017  | 
Microsoft protects machines from common attacker behaviors with security updates in Windows 10.
Kaspersky Lab Offers Up its Source Code for Inspection
News  |  10/23/2017  | 
Beleaguered security vendor fights back against Russian-spying claims with new transparency program aimed at assuaging concerns.
Google Play Bug Bounty Program Debuts
Quick Hits  |  10/23/2017  | 
Google teams up with HackerOne to create the Google Play Security Reward Program.
Page 1 / 3   >   >>


Microsoft President: Governments Must Cooperate on Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/8/2018
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
2018 on Track to Be One of the Worst Ever for Data Breaches
Jai Vijayan, Freelance writer,  11/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14934
PUBLISHED: 2018-11-15
The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device microphone.
CVE-2018-14935
PUBLISHED: 2018-11-15
The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS.
CVE-2018-16619
PUBLISHED: 2018-11-15
Sonatype Nexus Repository Manager before 3.14 allows XSS.
CVE-2018-16620
PUBLISHED: 2018-11-15
Sonatype Nexus Repository Manager before 3.14 has Incorrect Access Control.
CVE-2018-16621
PUBLISHED: 2018-11-15
Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection.