Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in October 2017
<<   <   Page 3 / 3
New Dark Reading Conference Will Focus on Defense
Commentary  |  10/11/2017  | 
The INsecurity Conference, Nov. 29-30 at the Gaylord National Harbor in Maryland is all about helping infosecurity pros mitigate threats -- from hot topics to basic hygiene.
How Systematic Lying Can Improve Your Security
Commentary  |  10/11/2017  | 
No, you don't have to tell websites your mother's actual maiden name.
Security Tops Use Cases for Endpoint Data
Quick Hits  |  10/11/2017  | 
Businesses increasingly use endpoint data for security investigations, eDiscovery, and device migration to Windows 10.
Ransomware Sales on the Dark Web Spike 2,502% in 2017
News  |  10/11/2017  | 
Sales soar to $6.2 million as do-it-yourself kits, ransomware-as-a-service, and distribution offerings take hold.
GDPR Concerns Include 'Where's My Data Stored?'
News  |  10/11/2017  | 
European data protection regulations are coming like a freight train and many firms are still unprepared.
Cybercrime Meets Culture In Middle East, North African Underground
News  |  10/10/2017  | 
Spirit of sharing and free malware a characteristic of crimeware markets in this region, Trend Micro says.
Equifax: 12.5 Million UK Client Records Exposed in Breach
Quick Hits  |  10/10/2017  | 
But of that data, it affects 700K of British consumers, credit-monitoring company said today.
Microsoft Patches Windows Zero-Day Flaws Tied to DNSSEC
News  |  10/10/2017  | 
Security experts advise 'immediate' patching of critical DNS client vulnerabilities in Windows 8, 10, and other affected systems.
FDIC Incurs 54 Confirmed and Suspected Breaches in 2 Years
Quick Hits  |  10/10/2017  | 
Office of Inspector General takes the Federal Deposit Insurance Corporation to task for its response to breaches.
Unstructured Data: The Threat You Cannot See
Commentary  |  10/10/2017  | 
Why security teams needs to take a cognitive approach to the increasing volumes of data flowing from sources they don't control.
Artificial Intelligence: Experts Talk Ethical, Security Concerns
News  |  10/10/2017  | 
Global leaders weigh the benefits and dangers of a future in which AI plays a greater role in business and security strategy.
Key New Security Features in Android Oreo
Slideshows  |  10/10/2017  | 
Android 8.0 Oreo marks a major revamp of Google's mobile operating system, putting in a number of new security-hardening measures.
SiteLock: Website Attacks Surged 186% in Q2
News  |  10/9/2017  | 
Websites mostly belonging to small- to midsized firms got hit with more than 60 attacks per day on average, new analysis finds.
New 4G, 5G Network Flaw 'Worrisome'
News  |  10/9/2017  | 
Weaknesses in the voice and data convergence technology can be exploited to allow cybercriminals to launch DoS attacks and hijack mobile data.
More Businesses Accidentally Exposing Cloud Services
Quick Hits  |  10/9/2017  | 
53% of businesses using cloud storage services unintentionally expose them to the public.
Russian Hackers Targeted NSA Employee's Home Computer
Quick Hits  |  10/6/2017  | 
New reports today say it was a National Security Agency employee, not a a contractor, whose home machine running Kaspersky Lab antivirus was hacked for classified files.
Rise in Insider Threats Drives Shift to Training, Data-Level Security
Commentary  |  10/6/2017  | 
As the value and volume of data grows, perimeter security is not enough to battle internal or external threats.
John Kelly's Personal Phone Compromised
Quick Hits  |  10/6/2017  | 
Officials fear foreign entities may have accessed White House chief of staff Kelly's phone while he was secretary of Homeland Security.
Russian Hackers Pilfered Data from NSA Contractor's Home Computer: Report
News  |  10/5/2017  | 
Classified information and hacking tools from the US National Security Agency landed in the hands of Russian cyberspies, according to a Wall Street Journal report.
How Businesses Should Respond to the Ransomware Surge
News  |  10/5/2017  | 
Modern endpoint security tools and incident response plans will be key in the fight against ransomware.
Equifax Lands $7.25 Million Contract with IRS
Quick Hits  |  10/5/2017  | 
The embattled credit monitoring agency will provide taxpayer identification verification and fraud prevention services to the federal tax agency.
10 Steps for Writing a Secure Mobile App
Slideshows  |  10/5/2017  | 
Best practices to avoid the dangers of developing vulnerability-ridden apps.
Private, Public, or Hybrid? Finding the Right Fit in a Bug Bounty Program
Commentary  |  10/5/2017  | 
How can a bug bounty not be a bug bounty? There are several reasons. Here's why you need to understand the differences.
URL Obfuscation: Still a Phisher's Phriend
Partner Perspectives  |  10/5/2017  | 
There are three primary techniques to trick users into thinking a website link is real: URL shorteners, URL doppelgangers, and URL redirects.
Nation-State Attackers Steal, Copy Each Other's Tools
News  |  10/4/2017  | 
When advanced actors steal and re-use tools and infrastructure from other attack groups, it makes it harder to attribute cybercrime.
Yahoo, Equifax Serve as Cautionary Tales in Discerning Data Breach Scope
News  |  10/4/2017  | 
Both companies this week revealed that their previously disclosed breaches impacted a lot more people than previously thought.
DNS a 'Victim of its Own Success'
News  |  10/4/2017  | 
Why securing the Domain Name System remains an afterthought at many organizations.
What Security Teams Need to Know about the NIAC Report
Commentary  |  10/4/2017  | 
Which of the recommendations made by the NIAC working group will affect security teams the most, and how should they prepare?
Ransomware Will Target Backups: 4 Ways to Protect Your Data
Commentary  |  10/4/2017  | 
Backups are the best way to take control of your defense against ransomware, but they need protecting as well.
Yahoo: All 3 Billion Accounts Affected in 2013 Breach
Quick Hits  |  10/3/2017  | 
Every single Yahoo account was affected in a 2013 data breach, bringing the total from 1 billion to 3 billion.
New Standards Will Shore up Internet Router Security
News  |  10/3/2017  | 
The BGP Path Validation draft standards were designed to ensure that Internet traffic flows only along digitally signed, authorized paths.
Google Updates Cloud Access Management Policies
Quick Hits  |  10/3/2017  | 
Custom roles for Cloud Identity and Access Management will give users full control of 1,287 public permissions in the Google Cloud.
Less Than Half of Consumers Take Protective Steps Post-Breach
Quick Hits  |  10/3/2017  | 
New data on consumer behavior and identity theft shows most don't protect themselves after their personal data is compromised.
DevOpsSec: A Big Step in Cloud Application Security
Commentary  |  10/3/2017  | 
Why it's time for DevOps and security teams to bury the hatchet -- and not in each other's back.
70% of US Employees Lack Security and Privacy Awareness
News  |  10/3/2017  | 
Acceptable use of social media and adherence to workplace physical security drops, new survey shows.
Equifax: Number of US Breach Victims Rises to 145.5 Million
Quick Hits  |  10/2/2017  | 
Credit bureau provides update on its breach investigation.
FBI Won't Have to Reveal iPhone-Cracking Tool Used in Terror Case
News  |  10/2/2017  | 
Revealing vendor's name and pricing details a threat to national security, DC court says.
Google Tightens Web Security for 45 TLDs with HSTS
Quick Hits  |  10/2/2017  | 
Google broadens HTTPS Strict Transport Security to Top Level Domains under its control and makes them secure by default.
5 IT Practices That Put Enterprises at Risk
Commentary  |  10/2/2017  | 
No one solution will keep you 100% protected, but if you avoid these common missteps, you can shore up your security posture.
Weakness In Windows Defender Lets Malware Slip Through Via SMB Shares
News  |  10/2/2017  | 
CyberArk says the manner in which Defender scans for malicious executables in SMB shares gives attackers an opening.
<<   <   Page 3 / 3


A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
USB Drive Security Still Lags
Dark Reading Staff 10/9/2019
Virginia a Hot Spot For Cybersecurity Jobs
Jai Vijayan, Contributing Writer,  10/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17612
PUBLISHED: 2019-10-15
An issue was discovered in 74CMS v5.2.8. There is a SQL Injection generated by the _list method in the Common/Controller/BackendController.class.php file via the index.php?m=Admin&amp;c=Ad&amp;a=category sort parameter.
CVE-2019-17613
PUBLISHED: 2019-10-15
qibosoft 7 allows remote code execution because do/jf.php makes eval calls. The attacker can use the Point Introduction Management feature to supply PHP code to be evaluated. Alternatively, the attacker can access admin/index.php?lfj=jfadmin&amp;action=addjf via CSRF, as demonstrated by a payload in...
CVE-2019-17395
PUBLISHED: 2019-10-15
In the Rapid Gator application 0.7.1 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.
CVE-2019-17602
PUBLISHED: 2019-10-15
An issue was discovered in Zoho ManageEngine OpManager before 12.4 build 124089. The OPMDeviceDetailsServlet servlet is prone to SQL injection. Depending on the configuration, this vulnerability could be exploited unauthenticated or authenticated.
CVE-2019-17394
PUBLISHED: 2019-10-15
In the Seesaw Parent and Family application 6.2.5 for Android, the username and password are stored in the log during authentication, and may be available to attackers via logcat.