Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in October 2017
<<   <   Page 4 / 4
Friday Haiku: Waves in the Harbor
Curt Franklin  |  10/6/2017  | 
Do calm winds aloft mean peaceful waves at anchor?
Rise in Insider Threats Drives Shift to Training, Data-Level Security
Commentary  |  10/6/2017  | 
As the value and volume of data grows, perimeter security is not enough to battle internal or external threats.
John Kelly's Personal Phone Compromised
Quick Hits  |  10/6/2017  | 
Officials fear foreign entities may have accessed White House chief of staff Kelly's phone while he was secretary of Homeland Security.
SONIC Quiet on Data Breach Details
Simon Marshall  |  10/6/2017  | 
Drive-in restaurant chain SONIC has suffered a breach but customers and the public are still looking for critical details.
Gartner Says Real Security Starts With a Mission
Curt Franklin  |  10/6/2017  | 
Security for the digital organization starts with a mission that has executive support; the process from mission to execution is step-by-step.
Russian Hackers Pilfered Data from NSA Contractor's Home Computer: Report
News  |  10/5/2017  | 
Classified information and hacking tools from the US National Security Agency landed in the hands of Russian cyberspies, according to a Wall Street Journal report.
How Businesses Should Respond to the Ransomware Surge
News  |  10/5/2017  | 
Modern endpoint security tools and incident response plans will be key in the fight against ransomware.
CLKSCREW Hack Breaks Hardware With Software
Larry Loeb  |  10/5/2017  | 
A new technique can hack into even secure systems by overwhelming with simple commands.
Finding the AI ROI
Simon Marshall  |  10/5/2017  | 
Is AI a good security investment? Many say yes, but it depends on how you deploy your artificial intelligence.
Equifax Lands $7.25 Million Contract with IRS
Quick Hits  |  10/5/2017  | 
The embattled credit monitoring agency will provide taxpayer identification verification and fraud prevention services to the federal tax agency.
10 Steps for Writing a Secure Mobile App
Slideshows  |  10/5/2017  | 
Best practices to avoid the dangers of developing vulnerability-ridden apps.
Private, Public, or Hybrid? Finding the Right Fit in a Bug Bounty Program
Commentary  |  10/5/2017  | 
How can a bug bounty not be a bug bounty? There are several reasons. Here's why you need to understand the differences.
URL Obfuscation: Still a Phisher's Phriend
Partner Perspectives  |  10/5/2017  | 
There are three primary techniques to trick users into thinking a website link is real: URL shorteners, URL doppelgangers, and URL redirects.
Nation-State Attackers Steal, Copy Each Other's Tools
News  |  10/4/2017  | 
When advanced actors steal and re-use tools and infrastructure from other attack groups, it makes it harder to attribute cybercrime.
Yahoo, Equifax Serve as Cautionary Tales in Discerning Data Breach Scope
News  |  10/4/2017  | 
Both companies this week revealed that their previously disclosed breaches impacted a lot more people than previously thought.
DNS a 'Victim of its Own Success'
News  |  10/4/2017  | 
Why securing the Domain Name System remains an afterthought at many organizations.
What Security Teams Need to Know about the NIAC Report
Commentary  |  10/4/2017  | 
Which of the recommendations made by the NIAC working group will affect security teams the most, and how should they prepare?
Yahoo Breach News Just Gets Worse
Curt Franklin  |  10/4/2017  | 
It turns out that more than 3 billion accounts were compromised in the Yahoo breach originally disclosed last year.
Simple Steps to Online Safety for Cybersecurity Awareness Month
News Analysis-Security Now  |  10/4/2017  | 
National Cybersecurity Awareness Month is a great time to give your users a new list of security tips.
Ransomware Will Target Backups: 4 Ways to Protect Your Data
Commentary  |  10/4/2017  | 
Backups are the best way to take control of your defense against ransomware, but they need protecting as well.
Yahoo: All 3 Billion Accounts Affected in 2013 Breach
Quick Hits  |  10/3/2017  | 
Every single Yahoo account was affected in a 2013 data breach, bringing the total from 1 billion to 3 billion.
Gartner Lists Security Trends for 2018
Curt Franklin  |  10/3/2017  | 
A session at Gartner Symposium/ITxpo laid out security trends for the coming year.
New Standards Will Shore up Internet Router Security
News  |  10/3/2017  | 
The BGP Path Validation draft standards were designed to ensure that Internet traffic flows only along digitally signed, authorized paths.
Google Updates Cloud Access Management Policies
Quick Hits  |  10/3/2017  | 
Custom roles for Cloud Identity and Access Management will give users full control of 1,287 public permissions in the Google Cloud.
A Month for Cybersecurity
Simon Marshall  |  10/3/2017  | 
It's National Cybersecurity Awareness Month, a time to think about, plan and deploy better cybersecurity for your organization.
Less Than Half of Consumers Take Protective Steps Post-Breach
Quick Hits  |  10/3/2017  | 
New data on consumer behavior and identity theft shows most don't protect themselves after their personal data is compromised.
DevOpsSec: A Big Step in Cloud Application Security
Commentary  |  10/3/2017  | 
Why it's time for DevOps and security teams to bury the hatchet -- and not in each other's back.
70% of US Employees Lack Security and Privacy Awareness
News  |  10/3/2017  | 
Acceptable use of social media and adherence to workplace physical security drops, new survey shows.
Gartner Analysts See AI Augmenting Security
Curt Franklin  |  10/2/2017  | 
Gartner analysts don't think AI will replace humans in security; instead it will be a critical piece of a better security infrastructure.
Equifax: Number of US Breach Victims Rises to 145.5 Million
Quick Hits  |  10/2/2017  | 
Credit bureau provides update on its breach investigation.
FBI Won't Have to Reveal iPhone-Cracking Tool Used in Terror Case
News  |  10/2/2017  | 
Revealing vendor's name and pricing details a threat to national security, DC court says.
Gartner Symposium Opens in Orlando
Curt Franklin  |  10/2/2017  | 
Gartner Symposium ITXpo is opening today in Orlando. Security Now is there to bring you the latest from the analysts and consultants at one of the most influential firms in the IT industry.
Google Tightens Web Security for 45 TLDs with HSTS
Quick Hits  |  10/2/2017  | 
Google broadens HTTPS Strict Transport Security to Top Level Domains under its control and makes them secure by default.
Sunflower Security Mixes Lights, Drones for Safer Buildings
Simon Marshall  |  10/2/2017  | 
A new security company may change the way we think about residential security.
5 IT Practices That Put Enterprises at Risk
Commentary  |  10/2/2017  | 
No one solution will keep you 100% protected, but if you avoid these common missteps, you can shore up your security posture.
Security Fails in Third-Party Hands
Larry Loeb  |  10/2/2017  | 
Your security may rest in the hands of a third party – and those hands will probably let you down.
Weakness In Windows Defender Lets Malware Slip Through Via SMB Shares
News  |  10/2/2017  | 
CyberArk says the manner in which Defender scans for malicious executables in SMB shares gives attackers an opening.
<<   <   Page 4 / 4


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24028
PUBLISHED: 2021-04-14
An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.
CVE-2021-29370
PUBLISHED: 2021-04-13
A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website.
CVE-2021-3460
PUBLISHED: 2021-04-13
The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.
CVE-2021-3462
PUBLISHED: 2021-04-13
A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.
CVE-2021-3463
PUBLISHED: 2021-04-13
A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error.