Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in October 2017
<<   <   Page 2 / 3   >   >>
Security Training & Awareness: 3 Big Myths
Commentary  |  10/23/2017  | 
The once-overwhelming consensus that security awareness programs are invaluable is increasingly up for debate.
IOTroop Botnet Hits Over a Million Organizations in Under 30 Days
Quick Hits  |  10/20/2017  | 
The IoT botnet is expected to spread faster than Mirai.
Veracode: 75% Of Apps Have at Least One Vulnerability on Initial Scan
News  |  10/20/2017  | 
But developers not the only ones to blame, company says.
The Week in Crypto: Bad News for SSH, WPA2, RSA & Privacy
News  |  10/20/2017  | 
Between KRACK, ROCA, new threats to SSH keys, and the European Commission's loosey-goosey stance on encryption backdoors, it's been a difficult time for cryptography.
How to Talk to the C-Suite about Malware Trends
Commentary  |  10/20/2017  | 
There is no simple answer to the question 'Are we protected against the latest brand-name malware attack?' But there is a smart one.
Overlay Technique from Brazilian Banking Trojans Making Resurgence
News  |  10/20/2017  | 
New analysis says heavy reliance on overlays and manual remote execution of transactions being combined with more advanced features of traditional banking Trojans
'BoundHook' Technique Enables Attacker Persistence on Windows Systems
News  |  10/19/2017  | 
CyberArk shows how attackers can leverage Intel's MPX technology to burrow deeper into a compromised Windows system.
10 Social Engineering Attacks Your End Users Need to Know About
Slideshows  |  10/19/2017  | 
It's Cybersecurity Awareness Month. Make sure your users are briefed on these 10 attacker techniques that are often overlooked.
IoT Deployment Security Top Concern for Enterprises
Quick Hits  |  10/19/2017  | 
A new survey shows that 63% of respondents are worried about the impact of the Internet of Things on corporate security technologies and processes.
What's Next after the SEC 'Insider Trading' Breach?
Commentary  |  10/19/2017  | 
Last month's hack of the Securities and Exchange Commission may prove to be the most high-profile corporate gatekeeper attack to date. But it definitely won't be the last.
CISOs: Striving Toward Proactive Security Strategies
Partner Perspectives  |  10/19/2017  | 
A new survey paints a compelling picture of the modern security executive, how they succeed, and how much power they wield.
New Locky Ransomware Strain Emerges
News  |  10/19/2017  | 
Latest version goes by the .asasin extension and is collecting information on users' computer operating system and IP address.
Malicious Minecraft Apps on Google Android Could Turn Devices into Bots
Quick Hits  |  10/18/2017  | 
New 'Sockbot' malware has 'highly flexible proxy topology' that might be leveraged for a variety of nefarious purposes.
Oracle Fixes 20 Remotely Exploitable Java SE Vulns
News  |  10/18/2017  | 
Quarterly update for October is the smallest of the year: only 252 flaws to fix! Oracle advises to apply patches 'without delay.'
Game Change: Meet the Mach37 Fall Startups
Slideshows  |  10/18/2017  | 
CEOs describe how they think their fledgling ventures will revolutionize user training, privacy, identity management and embedded system security.
The Future of Democratic Threats is Digital
News  |  10/18/2017  | 
Public policy and technological challenges take center stage as security leaders discuss digital threats to democracy.
'Hacker Door' Backdoor Resurfaces as RAT a Decade Later
Quick Hits  |  10/18/2017  | 
Sophisticated backdoor re-emerges as a RAT more than a decade after its 2004 public release, with updated advanced malicious functionality.
What's Next After HTTPS: A Fully Encrypted Web?
Commentary  |  10/18/2017  | 
As the rate of HTTPS adoption grows faster by the day, it's only a matter of time before a majority of websites turn on SSL. Here's why.
Banks Start Broad Use of Blockchain, as JP Morgan, IBM Lead Way
News  |  10/17/2017  | 
Two major players announced cross-border payment networks built on blockchain technologies Monday, and more financial services will follow soon, despite opinions about Bitcoin.
Reuters: Microsoft's 2013 Breach Hit Bug Repository, Insiders Say
Quick Hits  |  10/17/2017  | 
Five anonymous former Microsoft employees tell Reuters that Microsoft's database of internally discovered vulnerabilities was compromised in 2013, but Microsoft will not confirm it occurred.
ATM Machine Malware Sold on Dark Web
Quick Hits  |  10/17/2017  | 
Cybercriminals are advertising ATM malware that's designed to exploit hardware and software vulnerabilities on the cash-dispensing machines.
Factorization Bug Exposes Millions Of Crypto Keys To 'ROCA' Exploit
News  |  10/17/2017  | 
Products from Lenovo, HPE, Google, Microsoft, and others impacted by flaw in Infineon chipset.
Google Bolsters Security for Select Groups
Quick Hits  |  10/17/2017  | 
Business leaders, political campaign teams, journalists, and other high-risk groups will receive advanced email and account protection.
InfoSec Pros Among Worst Offenders of Employer Snooping
News  |  10/17/2017  | 
A majority of IT security professionals admit to trolling through company information unrelated to their work -- even sensitive material.
Why Security Leaders Can't Afford to Be Just 'Left-Brained'
Commentary  |  10/17/2017  | 
The left side of the brain is logical and linear; the right side, creative. You have to use both sides of the brain to connect to your audience in your business.
Secure Wifi Hijacked by KRACK Vulns in WPA2
News  |  10/16/2017  | 
All modern WiFi access points and devices that have implemented the protocol vulnerable to attacks that allow decryption, traffic hijacking other attacks. Second, unrelated crypto vulnerability also found in RSA code library in TPM chips.
US Supreme Court to Hear Microsoft-DOJ Email Case
Quick Hits  |  10/16/2017  | 
High court to rule on email privacy case, pitting Redmond giant against DOJ over access to its foreign-based email servers.
DHS to Require All Fed Agencies to Use DMARC, HTTPS, and STARTTLS
News  |  10/16/2017  | 
The move follows a DHS review of federal government agencies' steps to secure email and deploy authentication technologies.
New Cybercrime Campaign a 'Clear and Imminent' Threat to Banks Worldwide
News  |  10/16/2017  | 
Hundreds of millions of dollars stolen from banks via an sophisticated attack that blended cyber and physical elements.
Adobe Patches Flash ZeroDay Used To Plant Surveillance Software
Quick Hits  |  10/16/2017  | 
Second time in four weeks FINSPY "lawful intercept" tool and a zero-day found together.
GDPR Compliance: 5 Early Steps to Get Laggards Going
Slideshows  |  10/16/2017  | 
If you're just getting on the EU General Data Protection Regulation bandwagon, here's where you should begin.
20 Questions to Ask Yourself before Giving a Security Conference Talk
Commentary  |  10/16/2017  | 
As cybersecurity continues to become more of a mainstream concern, those of us who speak at industry events must learn how to truly connect with our audience.
Printers: The Weak Link in Enterprise Security
News  |  10/16/2017  | 
Organizations frequently overlook printer security, leaving systems exposed to malware and theft. New tools aim to lessen the risk.
DoubleLocker Delivers Unique Two-Punch Hit to Android
News  |  10/13/2017  | 
Combines Android ransomware with capability to change users device PINs.
Hyatt Hit With Another Credit Card Breach
Quick Hits  |  10/13/2017  | 
Payment card information stolen when cards were either swiped or manually entered into registration systems at some Hyatt hotels.
Getting the Most Out of Cyber Threat Intelligence
Commentary  |  10/13/2017  | 
How security practitioners can apply structured analysis and move from putting out fires to fighting the arsonists.
10 Major Cloud Storage Security Slip-Ups (So Far) this Year
Slideshows  |  10/13/2017  | 
Accenture is the latest in a string of major companies to expose sensitive cloud data this year, following Verizon, Deloitte, and Dow Jones.
Kaspersky Lab and the AV Security Hole
News  |  10/12/2017  | 
It's unclear what happened in the reported theft of NSA data by Russian spies, but an attacker would need little help to steal if he or she had privileged access to an AV vendor's network, security experts say.
Coalition to Offer Free Business Email Compromise Workshops
Quick Hits  |  10/12/2017  | 
A coalition of federal law enforcement agencies, ISACs, and Symantec will offer BEC workshops in a dozen cities.
Equifax Now Faces Potential Breach of Customer Help Page
Quick Hits  |  10/12/2017  | 
Embattled credit-monitoring company takes down help page that reportedly redirects users to download a bogus software update.
Security No. 1 Inhibitor to Microsoft Office 365 Adoption
News  |  10/12/2017  | 
More businesses are switching to Office 365 despite fear of social engineering and ransomware attacks, but some remain wary.
Olympic Games Face Greater Cybersecurity Risks
News  |  10/12/2017  | 
Cybercriminals may alter score results and engage in launching physical attacks at future Olympic Games, a recently released report warns.
Ransomware Grabs Headlines but BEC May Be a Bigger Threat
Commentary  |  10/12/2017  | 
With social media, gathering information has never been easier, making Business Email Compromise the land of milk and honey for cybercriminals.
6 Steps to Finding Honey in the OWASP
Partner Perspectives  |  10/12/2017  | 
The most famous project of the Open Web Application Security Project is getting an update. Here's what you need to know, and how you can get involved.
North Korean Threat Actors Probe US Electric Companies
News  |  10/11/2017  | 
September spear phishing attack appeared to be more reconnaissance activity than sign of impending attack, FireEye says.
IoT: Insecurity of Things or Internet of Threats?
News  |  10/11/2017  | 
Security leaders call for device manufacturers to buckle down on device security as the Internet of Things evolves.
Cybersecurity's 'Broken' Hiring Process
News  |  10/11/2017  | 
New study shows the majority of cybersecurity positions get filled at salaries above the original compensation cap, while jobs sit unfilled an average of six months.
Akamai Acquires Nominum
Quick Hits  |  10/11/2017  | 
Purchase of DNS and enterprise cybersecurity solutions company is designed to bolster Akamai's offering to telecom carriers.
Phishing Emails that Invoke Fear, Urgency, Get the Most Clicks
News  |  10/11/2017  | 
The most commonly clicked phishing emails include urgent calls to action, or exploit victims' desire for popularity.
Can Machine Learning Outsmart Malware?
Partner Perspectives  |  10/11/2017  | 
Using machine learning in the cybersecurity domain is a growing trend with many advantages, but it also has its risks.
<<   <   Page 2 / 3   >   >>


For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Craig Harber, Chief Technology Officer at Fidelis Cybersecurity,  10/8/2019
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
USB Drive Security Still Lags
Dark Reading Staff 10/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17545
PUBLISHED: 2019-10-14
GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.
CVE-2019-17546
PUBLISHED: 2019-10-14
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a &quot;Negative-size-param&quot; condition.
CVE-2019-17547
PUBLISHED: 2019-10-14
In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free.
CVE-2019-17501
PUBLISHED: 2019-10-14
Centreon 19.04 allows attackers to execute arbitrary OS commands via the Command Line field of main.php?p=60807&amp;type=4 (aka the Configuration &gt; Commands &gt; Discovery screen).
CVE-2019-17539
PUBLISHED: 2019-10-14
In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.