Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in October 2018
Page 1 / 3   >   >>
SamSam Ransomware Goes on a Tear
Quick Hits  |  10/31/2018  | 
SamSam ransomware hasn't gone away and it's adapting to meet evolving defenses.
Apple Patches Multiple Major Security Flaws
News  |  10/31/2018  | 
New security updates cross all Apple platforms.
Hardware Cyberattacks: How Worried Should You Be?
News  |  10/31/2018  | 
How to fit hardware threats into your security model as hardware becomes smaller, faster, cheaper, and more complex.
Chinese Intel Agents Indicted for 5-Year IP Theft Campaign
News  |  10/31/2018  | 
Intelligence agents aimed for aerospace manufacturing targets, with help of cyberattackers, corporate insiders, and one IT security manager.
Qualys Snaps Up Container Firm
Quick Hits  |  10/31/2018  | 
Plans to use Layered Insight's technology to add runtime capabilities and automated enforcement to its container security tool.
Pervasive Emotet Botnet Now Steals Emails
News  |  10/31/2018  | 
Researchers discover new cyber-spying function in the persistent malware operation's arsenal.
How the Power of Quantum Can Be Used Against Us
Commentary  |  10/31/2018  | 
There has been a palpable shift from volumetric attacks to "quantum attacks," and they look to be one of the biggest cybersecurity challenges on the rise today.
9 Traits of A Strong Infosec Resume
Slideshows  |  10/31/2018  | 
Security experts share insights on which skills and experiences are most helpful to job hunters looking for their next gig.
Spooking the C-Suite: The Ephemeral Specter of Third-Party Cyber-Risk
Commentary  |  10/31/2018  | 
Halloween movies are the perfect metaphor for breaking down today's scariest supplier breach tropes.
Destructive Cyberattacks Spiked in Q3
News  |  10/30/2018  | 
Instead of simply fleeing when discovered, adversaries are actively engaging with incident response teams, a new Carbon Black study finds.
Kraken Resurfaces From the Deep Web
News  |  10/30/2018  | 
Fallout Exploit Kit releases Kraken Cryptor ransomware, giving the simple threat a much larger target pool.
Companies Fall Short on 2FA
Quick Hits  |  10/30/2018  | 
New research ranks organizations based on whether they offer two-factor authentication.
The Case for MarDevSecOps
Commentary  |  10/30/2018  | 
Why security must lead the integration of marketing into the collaborative security and development model in the cloud.
Girl Scouts Hacked, 2,800 Members Notified
Quick Hits  |  10/30/2018  | 
A Girl Scouts of America branch in California was hacked, putting the data of 2,800 girls and their families at risk.
10 Steps for Creating Strong Customer Authentication
Commentary  |  10/30/2018  | 
Between usability goals and security/regulatory pressures, setting up customer-facing security is difficult. These steps and best practices can help.
New Report: IoT Now Top Internet Attack Target
Quick Hits  |  10/29/2018  | 
IoT devices are the top targets of cyberattacks -- most of which originate on IoT devices, new report finds.
Security Implications of IBM-Red Hat Merger Unclear
News  |  10/29/2018  | 
But enterprises and open source community likely have little to be concerned about, industry experts say.
7 Ways an Old Tool Still Teaches New Lessons About Web AppSec
Slideshows  |  10/29/2018  | 
Are your Web applications secure? WebGoat, a tool old enough to be in high school, continues to instruct.
Windows Defender: First Full Antivirus Tool to Run in a Sandbox
News  |  10/29/2018  | 
Sandboxed version now available to Windows Insiders and anyone else who force-enables it in Windows 10 version 1703 and above.
AppSec Is Dead, but Software Security Is Alive & Well
Commentary  |  10/29/2018  | 
Application security must be re-envisioned to support software security. It's time to shake up your processes.
British Airways: 185K Affected in Second Data Breach
Quick Hits  |  10/26/2018  | 
The carrier discovered another breach while investigating its largest-ever data breach, disclosed in September.
DeepPhish: Simulating Malicious AI to Act Like an Adversary
News  |  10/26/2018  | 
How researchers developed an algorithm to simulate cybercriminals' use of artificial intelligence and explore the future of phishing.
FTC Offers Small Businesses Free Cybersecurity Resources
Quick Hits  |  10/26/2018  | 
Cybersecurity for Small Businesses campaign kicks off.
3 Keys to Reducing the Threat of Ransomware
Commentary  |  10/26/2018  | 
Following these steps could mean the difference between an inconvenience and a multimillion-dollar IT system rebuild -- for the public and private sectors alike.
County Election Websites Can Be Easily Spoofed to Spread Misinformation
News  |  10/25/2018  | 
Majority of county sites in 20 key swing states have non-.gov domains and don't enforce use of SSL, McAfee researchers found.
New Free Decryption Tool for GandCrab
Quick Hits  |  10/25/2018  | 
Tool rescues GandCrab victims from malicious encryption.
Retail Fraud Spikes Ahead of the Holidays
News  |  10/25/2018  | 
Researchers note massive increases in retail goods for sale on the black market, retail phishing sites, and malicious applications and social media profiles.
Side-Channel Attack Exposes User Accounts on Facebook, XBox, Other Social Sites
News  |  10/25/2018  | 
Researcher will demonstrate at Black Hat Europe his team's recent discovery: a way to exploit popular user-blocking feature on social media and other sites.
Cathay Pacific Suffers Largest Airline Breach
Quick Hits  |  10/25/2018  | 
Breach of Hong Kong-based airline compromises personal information of 9.4 million passengers.
Securing Serverless: Attacking an AWS Account via a Lambda Function
Commentary  |  10/25/2018  | 
Its not every day that someone lets you freely wreak havoc on their account just to find out what happens when you do.
Securing Severless: Defend or Attack?
Commentary  |  10/25/2018  | 
The best way to protect your cloud infrastructure is to pay attention to the fundamentals of application security, identity access management roles, and follow configuration best-practices.
DevSecOps An Effective Fix for Software Flaws
News  |  10/25/2018  | 
Organizations seeking to fix flaws faster should look to automation and related methodologies for success, says a new report.
Windows 7 End-of-Life: Are You Ready?
News  |  10/24/2018  | 
Microsoft will terminate support for Windows 7 in January 2020, but some there's still some confusion among enterprises about when the OS officially gets retired.
ICS Networks Continue to be Soft Targets For Cyberattacks
News  |  10/24/2018  | 
CyberX study shows that many industrial control system environments are riddled with vulnerabilities.
Abandoned Websites Haunt Corporations
Quick Hits  |  10/24/2018  | 
Websites that never go away continue to bring security threats to their owners, says a new report.
Tackling Supply Chain Threats
Commentary  |  10/24/2018  | 
Vendor-supplied malware is a threat that has been largely overlooked. That has to change.
Twitter User Discloses Second Microsoft Zero-Day
Quick Hits  |  10/24/2018  | 
The vulnerability can be used to elevate privileges and delete files on target systems.
8 Threats That Could Sink Your Company
Slideshows  |  10/24/2018  | 
Security researchers warn of both new and re-emerging threats that can cause serious harm.
Benefits of DNS Service Locality
Commentary  |  10/24/2018  | 
Operating one's own local DNS resolution servers is one of the simplest and lowest-cost things an IT administrator can do to monitor and protect applications, services, and users from potential risks.
Battling Bots: How to Find Fake Twitter Followers
News  |  10/23/2018  | 
Duo researchers explain the approach they used to detect automated Twitter profiles and uncover a botnet.
Barclays, Walmart Join New $85M Innovation Coalition
Quick Hits  |  10/23/2018  | 
Innovation incubator Team8 recruits major partners, investors to create new products that help businesses 'thrive by security.'
Russian Research Institute Was Actively Involved In TRITON ICS Attack Activity
News  |  10/23/2018  | 
Data shows with a high degree of confidence that Moscow-based Central Scientific Research Institute of Chemistry and Mechanics helped develop and refine malware, FireEye says.
The Browser Is the New Endpoint
Commentary  |  10/23/2018  | 
Given the role browsers play in accessing enterprise applications and information, it's time to rethink how we classify, manage, and secure them.
Former HS Teacher Admits to 'Celebgate' Hack
Quick Hits  |  10/23/2018  | 
Christopher Brannan accessed full iCloud backups, photos, and other personal data belonging to more than 200 victims.
IoT Bot Landscape Expands, Attacks Vary by Country
News  |  10/23/2018  | 
New report finds 1,005 new user names and passwords beyond Mirais original default list two years ago.
Good Times in Security Come When You Least Expect Them
Commentary  |  10/23/2018  | 
Not every cybersecurity endeavor can have a huge impact. But a small percentage of your efforts can still produce results that blow you away.
Facebook Rumored to Be Hunting for Major Cybersecurity Acquisition
News  |  10/22/2018  | 
Goal appears both a bid to bolster its own security and its tattered reputation for privacy, according to reporting by The Information.
US Tops Global Malware C2 Distribution
News  |  10/22/2018  | 
The United States hosts 35% of the world's command-and-control infrastructure, driving the frequency of host compromises.
UK, US to Sign Accord on AI, Cybersecurity Cooperation
Quick Hits  |  10/22/2018  | 
Royal Navy, US Navy, and tech industry leaders ready to commit to 'a framework for dialogue and cooperation' at inaugural meeting of the Atlantic Future Forum.
2018 State of Cyber Workforce
Slideshows  |  10/22/2018  | 
Let's start with this eye-opener: The cybersecurity profession is facing a shortfall of 3 million workers worldwide.
Page 1 / 3   >   >>


Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5118
PUBLISHED: 2019-11-18
A Security Bypass Vulnerability exists in TBOOT before 1.8.2 in the boot loader module when measuring commandline parameters.
CVE-2019-12422
PUBLISHED: 2019-11-18
Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack.
CVE-2012-4441
PUBLISHED: 2019-11-18
Cross-site Scripting (XSS) in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML in the CI game plugin.
CVE-2019-10764
PUBLISHED: 2019-11-18
In elliptic-php versions priot to 1.0.6, Timing attacks might be possible which can result in practical recovery of the long-term private key generated by the library under certain conditions. Leakage of a bit-length of the scalar during scalar multiplication is possible on an elliptic curve which m...
CVE-2019-19117
PUBLISHED: 2019-11-18
/usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2(PSG1218) V22.5.9.163 devices allows remote authenticated users to execute any command via shell metacharacters in the cgi-bin/luci autoUpTime parameter.