Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in October 2017
Page 1 / 4   >   >>
Ted Schlein: Interview With a Capitalist
Curt Franklin  |  10/31/2017  | 
Ted Schlein is a partner with the most storied venture capital fund in Silicon Valley. When Ted talks about cybersecurity, people listen.
North Korea Faces Accusations of Hacking Warship Builder Daewoo
Quick Hits  |  10/31/2017  | 
North Korea suspected by South Korea of stealing warship blueprints from Daewoo Shipbuilding & Marine Engineering.
Office 365 Missed 34,000 Phishing Emails Last Month
News  |  10/31/2017  | 
Nearly 10% of emails delivered to Office 365 inboxes were spam, phishing messages, and known or zero-day malware.
Who Says Brilliant Security Engineers Can't Be Amazing People Managers?
Commentary  |  10/31/2017  | 
Don't let midcareer stagnation be an exit ramp from the cybersecurity industry. Use it as an opportunity to explore and to deepen your enthusiasm.
Trump Administration to Craft New Cybersecurity Plan
Quick Hits  |  10/31/2017  | 
Strategy will mirror President Trump's cybersecurity Executive Order.
How to Make a Ransomware Payment - Fast
Slideshows  |  10/31/2017  | 
Paying ransom in a ransomware attack isn't recommended, but sometimes, it's necessary. Here's how to pay by cryptocurrency.
A New Fence: The Software-Defined Perimeter
News Analysis-Security Now  |  10/31/2017  | 
The network perimeter is dead: Long live the new perimeter! The boundary of your enterprise network can now be defined by software – but is that the right answer for your organization?
10 Scariest Ransomware Attacks of 2017
News  |  10/31/2017  | 
A look back at WannaCry, NotPetya, Locky, and other destructive ransomware campaigns to infect the world this year.
Stop Counting Vulnerabilities & Start Measuring Risk
Commentary  |  10/31/2017  | 
When security teams report on real risk, executive teams can gain a much better understanding of the company's security posture.
Phishing Kits Regularly Reused by Cybercriminals
News  |  10/31/2017  | 
In 27% of cases, a phishing kit is re-used on more than one host.
Majority of Employees Hit with Ransomware Personally Make Payment
News  |  10/31/2017  | 
Office workers pay an average ransom of $1,400, according to a new report.
Gaza Cybergang Acquires New Tools, Expands Operations
News  |  10/30/2017  | 
Warning from Kaspersky Lab second in recent month involving heightened threat activity in Middle East and North Africa.
Google Bug Database Flaws Expose Severe Vulnerabilities
Quick Hits  |  10/30/2017  | 
A security researcher accessed the most critical bugs in Google products and services by spoofing a corporate email address.
Security Gets Social: 10 of Dark Reading's Most Shared Stories
Slideshows  |  10/30/2017  | 
We scared up our most popular stories on Facebook, Twitter, and LinkedIn.
The 5 Nightmare (Breaches) Before Halloween
News Analysis-Security Now  |  10/30/2017  | 
You're going to be hit by a breach. Which one, and in what guise it comes, will determine just how scary it's going to be.
Kaspersky Expects US Sales to Decline in 2017
Quick Hits  |  10/30/2017  | 
CEO points to an "information war" against his company as the cause of the revenue drop.
CAPTCHA Is Vulnerable
Larry Loeb  |  10/30/2017  | 
A group of researchers have demonstrated a vulnerability in the widely used CAPTCHA scheme – a vulnerability that may mean the end of CAPTCHA as we know it.
Screen Sharing: Dark Reading Caption Contest Winners
Commentary  |  10/30/2017  | 
It was a tough competition with more than 125 submissions, our largest field yet. And the winners are ...
Preventing Credential Theft: A Security Checklist for Boards
Commentary  |  10/30/2017  | 
Board members pose a unique risk for business, but proper planning helps.
Its Time to Change the Cybersecurity Conversation
Commentary  |  10/30/2017  | 
The IT security industry needs more balance between disclosure of threats and discussion of defense practices and greater sharing of ideas
Web Attacks Spike in Financial Industry
News  |  10/27/2017  | 
Web application compromise beats human error as the top data breach cause, putting finance companies at risk for larger attacks, according to a new study.
Ted Schlein Hates Passwords
Curt Franklin  |  10/27/2017  | 
He hates user names, too, and thinks we should get rid of them. In a keynote address at Networking the Future in Tampa, Fla., he discussed why.
Identity Theft Ring Hit with Credit Card Fraud Indictment
Quick Hits  |  10/27/2017  | 
A federal grand jury indicts six individuals on criminal charges relating to credit card and debit card fraud.
3 Steps to Reduce Risk in Your Supply Chain
Commentary  |  10/27/2017  | 
Many companies have very limited visibility into their vendors' security posture -- and some may have thousands of vendors. Here are steps that every company should take to lock down their supply chains.
Kaspersky's US Gov Woes Continue
Simon Marshall  |  10/27/2017  | 
Kaspersky has admitted that its software grabbed a classified file from a private computer. Does it prove the US government's claims or prove that Kaspersky is a good global citizen?
Passwords Use Alone Still Trumps Multi-Factor Authentication
News  |  10/27/2017  | 
Strong authentication use overall remains weak but is starting to gain some ground with enterprises.
Is Your Security Military-Grade?
Curt Franklin  |  10/26/2017  | 
Simple civilian security won't cut it for most businesses. It's time to take your cybersecurity mil-spec.
Inmarsat Disputes IOActive Reports of Critical Flaws in Ship SATCOM
News  |  10/26/2017  | 
Satellite communications provider says security firm's narrative about vulnerabilities in its AmosConnect 8 shipboard email service is overblown.
Security Forecast: Cloudy with Low Data Visibility
News  |  10/26/2017  | 
Businesses are moving more sensitive data to the cloud but struggle to monitor and manage it once it's there.
'Reaper' IoT Botnet Likely a DDoS-for-Hire Tool
Quick Hits  |  10/26/2017  | 
Latest IoT botnet commandeers 10,000 to 20,000 devices with an additional 2 million hosts identified.
Bad Rabbit Used Pilfered NSA Exploit
News  |  10/26/2017  | 
Turns out the fast and furious ransomware campaign in Eastern Europe this week employed the so-called 'BadRomance' tool to help it spread.
Dark Web Marketplaces' New Home: Mobile Messaging Apps
News  |  10/26/2017  | 
Telegram, Discord, Whatsapp grow in popularity as criminals look for more alternatives to fly under the radar.
30% of Major CEOs Have Had Passwords Exposed
Quick Hits  |  10/26/2017  | 
One in three CEOs have had passwords leaked through online services where they registered with a corporate email address.
Why Data Breach Stats Get It Wrong
Commentary  |  10/26/2017  | 
It's not the size of the stolen data dump that is important. It's the window between the date of the breach and the date of discovery that represents the biggest threat.
Ways to Win the Security Skills Challenge
News Analysis-Security Now  |  10/26/2017  | 
Finding and keeping skilled security professionals is hard. But there are ways that can work to keep your best employees on-board and happy.
A Checklist for Securing the Internet of Things
Commentary  |  10/26/2017  | 
IoT devices promise endless benefits, but they also come with serious security issues. Use this checklist to make sure your company stays safe.
5 Reasons Why the CISO is a Cryptocurrency Skeptic
Partner Perspectives  |  10/26/2017  | 
If you think all you need is technology to defend against bad guys, you shouldnt be a CISO. But technology is all cryptocurrency is, starting with Bitcoin.
Doubling Up on AV Fails to Protect 40% of Users from Malware Attacks
News  |  10/26/2017  | 
Traditional signature-based antivirus solutions are falling short on protecting endpoints, even when there are two or more deployed.
Kaspersky Lab Collected, Then Deleted NSA File from a Home Computer
News  |  10/25/2017  | 
Concerns over handling classified US data one of the reasons why Kaspersky Lab CEO ordered file deletion, company says.
Bad Rabbit Dies Down But Questions Remain
News  |  10/25/2017  | 
The origins of the rapid-fire ransomware attack campaign affecting mainly Russian targets remain a bit of a mystery.
Bad Rabbit Breeds Ransomware Fears
Curt Franklin  |  10/25/2017  | 
A new breed of ransomware has hit Russia and Eastern Europe. Bad Rabbit could hop the Atlantic and wreak havoc on North American systems.
Windows 10 Update: 10 Key New Security Features
Slideshows  |  10/25/2017  | 
Microsoft is tightening its focus on Windows 10 security with several new security tools in its latest major OS update.
Advanced Analytics + Frictionless Security: What CISOS Need to Know
Commentary  |  10/25/2017  | 
Advances in analytics technologies promise to make identity management smarter and more transparent to users. But the process is neither straightforward nor easy.
Third Man Charged in Hacking Celebrities' iCloud and Gmail Accounts
Quick Hits  |  10/25/2017  | 
An Illinois man is charged with hacking into more than 550 accounts that belong to entertainment industry figures and others.
Will Transparency Save Kaspersky?
Simon Marshall  |  10/25/2017  | 
Kaspersky is trying radical transparency to counter accusations that it acts as a front for Russian intelligence. Will it be enough to quiet the skeptics?
Productivity, Operations Hardest-Hit by Endpoint Attacks
Quick Hits  |  10/25/2017  | 
Operational outcomes from infected endpoints are more common than data loss or financial effects, researchers found.
Why Patching Software Is Hard: Organizational Challenges
Commentary  |  10/25/2017  | 
The Equifax breach shows how large companies can stumble when it comes to patching. Organizational problems can prevent best practices from being enforced.
'Bad Rabbit' Ransomware Attacks Rock Russia, Ukraine - and Beyond
News  |  10/24/2017  | 
Attack employs new version of infamous NotPetya ransomware used in June attacks on Ukraine targets.
A New BotNet Is Growing: Are You Already Part of Its Army?
Curt Franklin  |  10/24/2017  | 
The IoT_Reaper botnet is new and growing. Are your IoT devices already part of a criminal system that will cripple the Internet?
New Cybercrime Insurance Policy Protects the 'High Net Worth' Set
Quick Hits  |  10/24/2017  | 
Rubica is offering its active subscribers a $1 million cybersecurity insurance policy via its partner PURE Starling.
Page 1 / 4   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27180
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail (aka WorldClient). It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user.
CVE-2021-27181
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the va...
CVE-2021-27182
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail (aka WorldClient). It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user.
CVE-2021-27183
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to modify existing files. This vulnerability may directly lead...
CVE-2021-29449
PUBLISHED: 2021-04-14
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details.