Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in October 2017
<<   <   Page 2 / 4   >   >>
Finding Your Appetite for Security Automation (and Why That's Important)
Commentary  |  10/24/2017  | 
Yes, automation is becoming increasingly critical. But before you go all-in, determine the level that's right for your company.
10 Steps for Stretching Your IT Security Budget
Slideshows  |  10/24/2017  | 
When the budget gods decline your request for an increase, here are 10 ways to stretch that dollar.
CNCF Adopts 2 Container Security Projects
Curt Franklin  |  10/24/2017  | 
A pair of new open source container security projects find a home at the CNCF. Enterprise Cloud News' Scott Ferguson reports the details.
Why Patching Software Is Hard: Technical Challenges
Commentary  |  10/24/2017  | 
Huge companies like Equifax can stumble over basic technical issues. Here's why.
One-Third of Businesses Can't Keep Up with Cloud Security
Quick Hits  |  10/24/2017  | 
One in three organizations cannot maintain security as cloud and container environments expand.
Opera, Vivaldi Co-Founder Talks Internet Privacy
News  |  10/24/2017  | 
Most people don't understand the extent to which their personal information is at risk, says Jon von Tetzchner, who founded the Opera and Vivaldi browser firms.
New Tool Debuts for Hacking Back at Hackers in Your Network
News  |  10/24/2017  | 
Deception technology firm Cymmetria offers a new offense option for defenders.
Unpatched Bugs Rampant on Mobile Devices in Financial Services Firms
News  |  10/23/2017  | 
More than a quarter of mobile devices used by financial services employees carry known vulnerabilities, according to a recent report.
You Must Know Blockchain
Curt Franklin  |  10/23/2017  | 
Even if you're not planning to use it any time soon, the signs are clear: You must know the technology of blockchain.
US Critical Infrastructure Target of Russia-Linked Cyberattacks
News  |  10/23/2017  | 
Attacks have been under way since May, targeting energy, nuclear, aviation, water, and manufacturing, FBI and DHS say.
Windows 10 Update Aims to Block Attackers' Behavior
News  |  10/23/2017  | 
Microsoft protects machines from common attacker behaviors with security updates in Windows 10.
Kaspersky Lab Offers Up its Source Code for Inspection
News  |  10/23/2017  | 
Beleaguered security vendor fights back against Russian-spying claims with new transparency program aimed at assuaging concerns.
The Simplicity of a Wordpress Hack
Larry Loeb  |  10/23/2017  | 
The latest Wordpress hack is serious, but it's not part of some grand conspiracy among hackers.
Google Play Bug Bounty Program Debuts
Quick Hits  |  10/23/2017  | 
Google teams up with HackerOne to create the Google Play Security Reward Program.
Security Training & Awareness: 3 Big Myths
Commentary  |  10/23/2017  | 
The once-overwhelming consensus that security awareness programs are invaluable is increasingly up for debate.
IOTroop Botnet Hits Over a Million Organizations in Under 30 Days
Quick Hits  |  10/20/2017  | 
The IoT botnet is expected to spread faster than Mirai.
Veracode: 75% Of Apps Have at Least One Vulnerability on Initial Scan
News  |  10/20/2017  | 
But developers not the only ones to blame, company says.
Financial Institutions Lack Confidence in Their Own Defenses
Curt Franklin  |  10/20/2017  | 
Financial institutions are fighting fraud with tools that aren't completely up to the task, according to the results of a new survey out this week.
The Week in Crypto: Bad News for SSH, WPA2, RSA & Privacy
News  |  10/20/2017  | 
Between KRACK, ROCA, new threats to SSH keys, and the European Commission's loosey-goosey stance on encryption backdoors, it's been a difficult time for cryptography.
How to Talk to the C-Suite about Malware Trends
Commentary  |  10/20/2017  | 
There is no simple answer to the question 'Are we protected against the latest brand-name malware attack?' But there is a smart one.
Overlay Technique from Brazilian Banking Trojans Making Resurgence
News  |  10/20/2017  | 
New analysis says heavy reliance on overlays and manual remote execution of transactions being combined with more advanced features of traditional banking Trojans
Contesting Control of Container Security
Simon Marshall  |  10/20/2017  | 
Who should control container security? It's a question that is gaining importance as containers become a favored mechanism for enterprise development.
How Can You Beat the Widespread ROCA?
Curt Franklin  |  10/19/2017  | 
ROCA is a vulnerability hitting millions of devices. How can you tell if yours are affected and what can you do if they are?
'BoundHook' Technique Enables Attacker Persistence on Windows Systems
News  |  10/19/2017  | 
CyberArk shows how attackers can leverage Intel's MPX technology to burrow deeper into a compromised Windows system.
10 Social Engineering Attacks Your End Users Need to Know About
Slideshows  |  10/19/2017  | 
It's Cybersecurity Awareness Month. Make sure your users are briefed on these 10 attacker techniques that are often overlooked.
IoT Deployment Security Top Concern for Enterprises
Quick Hits  |  10/19/2017  | 
A new survey shows that 63% of respondents are worried about the impact of the Internet of Things on corporate security technologies and processes.
What's Next after the SEC 'Insider Trading' Breach?
Commentary  |  10/19/2017  | 
Last month's hack of the Securities and Exchange Commission may prove to be the most high-profile corporate gatekeeper attack to date. But it definitely won't be the last.
CISOs: Striving Toward Proactive Security Strategies
Partner Perspectives  |  10/19/2017  | 
A new survey paints a compelling picture of the modern security executive, how they succeed, and how much power they wield.
New Locky Ransomware Strain Emerges
News  |  10/19/2017  | 
Latest version goes by the .asasin extension and is collecting information on users' computer operating system and IP address.
GDPR Pressure Begins on US Multinationals
Simon Marshall  |  10/19/2017  | 
GDPR may be an EU regulation but it will have a significant impact on US companies doing business with any European customer, and the impact will start soon.
Can the IoT Be More Secure?
News Analysis-Security Now  |  10/19/2017  | 
The IoT has lots of insecurity built in – but here are some ways to make it more secure.
Malicious Minecraft Apps on Google Android Could Turn Devices into Bots
Quick Hits  |  10/18/2017  | 
New 'Sockbot' malware has 'highly flexible proxy topology' that might be leveraged for a variety of nefarious purposes.
Oracle Fixes 20 Remotely Exploitable Java SE Vulns
News  |  10/18/2017  | 
Quarterly update for October is the smallest of the year: only 252 flaws to fix! Oracle advises to apply patches 'without delay.'
Necurs Malware Wants a Selfie With Your Desktop
Curt Franklin  |  10/18/2017  | 
Necurs has returned and this time it's carrying a payload that takes a picture of your desktop.
McAfee Brings AI to Security With New Products
Curt Franklin  |  10/18/2017  | 
McAfee has announced new products at MPOWER products that bring AI and machine learning to security analytics.
Game Change: Meet the Mach37 Fall Startups
Slideshows  |  10/18/2017  | 
CEOs describe how they think their fledgling ventures will revolutionize user training, privacy, identity management and embedded system security.
The Future of Democratic Threats is Digital
News  |  10/18/2017  | 
Public policy and technological challenges take center stage as security leaders discuss digital threats to democracy.
'Hacker Door' Backdoor Resurfaces as RAT a Decade Later
Quick Hits  |  10/18/2017  | 
Sophisticated backdoor re-emerges as a RAT more than a decade after its 2004 public release, with updated advanced malicious functionality.
What's Next After HTTPS: A Fully Encrypted Web?
Commentary  |  10/18/2017  | 
As the rate of HTTPS adoption grows faster by the day, it's only a matter of time before a majority of websites turn on SSL. Here's why.
Banks Start Broad Use of Blockchain, as JP Morgan, IBM Lead Way
News  |  10/17/2017  | 
Two major players announced cross-border payment networks built on blockchain technologies Monday, and more financial services will follow soon, despite opinions about Bitcoin.
Reuters: Microsoft's 2013 Breach Hit Bug Repository, Insiders Say
Quick Hits  |  10/17/2017  | 
Five anonymous former Microsoft employees tell Reuters that Microsoft's database of internally discovered vulnerabilities was compromised in 2013, but Microsoft will not confirm it occurred.
ATM Machine Malware Sold on Dark Web
Quick Hits  |  10/17/2017  | 
Cybercriminals are advertising ATM malware that's designed to exploit hardware and software vulnerabilities on the cash-dispensing machines.
Factorization Bug Exposes Millions Of Crypto Keys To 'ROCA' Exploit
News  |  10/17/2017  | 
Products from Lenovo, HPE, Google, Microsoft, and others impacted by flaw in Infineon chipset.
KRACK Attack: How Enterprises Can Protect Their WiFi
Curt Franklin  |  10/17/2017  | 
A flaw in the WPA2 protocol means that most WiFi networks worldwide are open to successful attack.
Google Bolsters Security for Select Groups
Quick Hits  |  10/17/2017  | 
Business leaders, political campaign teams, journalists, and other high-risk groups will receive advanced email and account protection.
InfoSec Pros Among Worst Offenders of Employer Snooping
News  |  10/17/2017  | 
A majority of IT security professionals admit to trolling through company information unrelated to their work -- even sensitive material.
Why Security Leaders Can't Afford to Be Just 'Left-Brained'
Commentary  |  10/17/2017  | 
The left side of the brain is logical and linear; the right side, creative. You have to use both sides of the brain to connect to your audience in your business.
Attivo Goes On the Attack Against Hackers
Simon Marshall  |  10/17/2017  | 
Attivo gets $21 million in new funding to take the fight to hackers through advanced deception.
Secure Wifi Hijacked by KRACK Vulns in WPA2
News  |  10/16/2017  | 
All modern WiFi access points and devices that have implemented the protocol vulnerable to attacks that allow decryption, traffic hijacking other attacks. Second, unrelated crypto vulnerability also found in RSA code library in TPM chips.
HONEST Poll Results: How Much Should You Encrypt?
Curt Franklin  |  10/16/2017  | 
What is the 'Goldilocks Zone' when it comes to encryption? Security Now community members speak out in our latest poll.
<<   <   Page 2 / 4   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12777
PUBLISHED: 2020-08-10
A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information.
CVE-2020-12778
PUBLISHED: 2020-08-10
Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack.
CVE-2020-12779
PUBLISHED: 2020-08-10
Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script.
CVE-2020-12780
PUBLISHED: 2020-08-10
A security misconfiguration exists in Combodo iTop, which can expose sensitive information.
CVE-2020-12781
PUBLISHED: 2020-08-10
Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery.