Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in October 2018
Page 1 / 4   >   >>
SamSam Ransomware Goes on a Tear
Quick Hits  |  10/31/2018  | 
SamSam ransomware hasn't gone away and it's adapting to meet evolving defenses.
Apple Patches Multiple Major Security Flaws
News  |  10/31/2018  | 
New security updates cross all Apple platforms.
Hardware Cyberattacks: How Worried Should You Be?
News  |  10/31/2018  | 
How to fit hardware threats into your security model as hardware becomes smaller, faster, cheaper, and more complex.
Chinese Intel Agents Indicted for 5-Year IP Theft Campaign
News  |  10/31/2018  | 
Intelligence agents aimed for aerospace manufacturing targets, with help of cyberattackers, corporate insiders, and one IT security manager.
Qualys Snaps Up Container Firm
Quick Hits  |  10/31/2018  | 
Plans to use Layered Insight's technology to add runtime capabilities and automated enforcement to its container security tool.
Pervasive Emotet Botnet Now Steals Emails
News  |  10/31/2018  | 
Researchers discover new cyber-spying function in the persistent malware operation's arsenal.
How the Power of Quantum Can Be Used Against Us
Commentary  |  10/31/2018  | 
There has been a palpable shift from volumetric attacks to "quantum attacks," and they look to be one of the biggest cybersecurity challenges on the rise today.
9 Traits of A Strong Infosec Resume
Slideshows  |  10/31/2018  | 
Security experts share insights on which skills and experiences are most helpful to job hunters looking for their next gig.
Spooking the C-Suite: The Ephemeral Specter of Third-Party Cyber-Risk
Commentary  |  10/31/2018  | 
Halloween movies are the perfect metaphor for breaking down today's scariest supplier breach tropes.
Carbon Black: 20 Voter Databases for Sale on the Dark Web
News Analysis-Security Now  |  10/31/2018  | 
On the eve of the 2018 US election, Carbon Black released its quarterly threat report, which found 20 voter databases for sale on the Dark Web, including ones that contain information on voters in Florida, New York, Colorado and Connecticut.
Google's reCAPTCHA Version 3 Offers Better Bot-Fighting Capabilities
Larry Loeb  |  10/31/2018  | 
Google is rolling out the third version of reCAPTCHA software, which the company claims can better fight spam and bots with less user input.
Destructive Cyberattacks Spiked in Q3
News  |  10/30/2018  | 
Instead of simply fleeing when discovered, adversaries are actively engaging with incident response teams, a new Carbon Black study finds.
Kraken Resurfaces From the Deep Web
News  |  10/30/2018  | 
Fallout Exploit Kit releases Kraken Cryptor ransomware, giving the simple threat a much larger target pool.
Companies Fall Short on 2FA
Quick Hits  |  10/30/2018  | 
New research ranks organizations based on whether they offer two-factor authentication.
The Case for MarDevSecOps
Commentary  |  10/30/2018  | 
Why security must lead the integration of marketing into the collaborative security and development model in the cloud.
Girl Scouts Hacked, 2,800 Members Notified
Quick Hits  |  10/30/2018  | 
A Girl Scouts of America branch in California was hacked, putting the data of 2,800 girls and their families at risk.
10 Steps for Creating Strong Customer Authentication
Commentary  |  10/30/2018  | 
Between usability goals and security/regulatory pressures, setting up customer-facing security is difficult. These steps and best practices can help.
Satori Botnet Resurfaces & Targets Android Devices
News Analysis-Security Now  |  10/30/2018  | 
Despite that fact its author has been sent back to jail, the Satori botnet has recently resurfaced and seems to be targeting Android devices, according to a research note from CenturyLink.
Kaspersky: Most CISOs Say Cyber Attacks Are Inevitable
Jeffrey Burt  |  10/30/2018  | 
The Kaspersky Lab report says that while the relationship between executives and CISOs is improving, there continues to be a disconnect around such issues as budgets and the risk of threats.
Security Implications of IBM-Red Hat Merger Unclear
News  |  10/29/2018  | 
But enterprises and open source community likely have little to be concerned about, industry experts say.
New Report: IoT Now Top Internet Attack Target
Quick Hits  |  10/29/2018  | 
IoT devices are the top targets of cyberattacks -- most of which originate on IoT devices, new report finds.
7 Ways an Old Tool Still Teaches New Lessons About Web AppSec
Slideshows  |  10/29/2018  | 
Are your Web applications secure? WebGoat, a tool old enough to be in high school, continues to instruct.
Windows Defender: First Full Antivirus Tool to Run in a Sandbox
News  |  10/29/2018  | 
Sandboxed version now available to Windows Insiders and anyone else who force-enables it in Windows 10 version 1703 and above.
AppSec Is Dead, but Software Security Is Alive & Well
Commentary  |  10/29/2018  | 
Application security must be re-envisioned to support software security. It's time to shake up your processes.
IBM's $34B Bid for Red Hat Will Upend Cloud As We Know It
News Analysis-Security Now  |  10/29/2018  | 
Over the weekend, IBM announced that it would acquire Red Hat for $34 billion. The deal will likely upend the cloud computing market for good.
DemonBot Botnet Takes Advantage of Hadoop Flaw to Create DDoS Attacks
Larry Loeb  |  10/29/2018  | 
Radware has found a new botnet called DemonBot that is taking advantage of a flaw in Hadoop servers to create large-scale DDoS attacks.
Want a Sustainable Security Workforce? Start Getting Innovative
News Analysis-Security Now  |  10/29/2018  | 
Security is a never-ending struggle to keep up. Staffing your team is no exception. However, the old method of finding talented InfoSec people are no longer working. It's time to get innovative.
British Airways: 185K Affected in Second Data Breach
Quick Hits  |  10/26/2018  | 
The carrier discovered another breach while investigating its largest-ever data breach, disclosed in September.
DeepPhish: Simulating Malicious AI to Act Like an Adversary
News  |  10/26/2018  | 
How researchers developed an algorithm to simulate cybercriminals' use of artificial intelligence and explore the future of phishing.
FTC Offers Small Businesses Free Cybersecurity Resources
Quick Hits  |  10/26/2018  | 
Cybersecurity for Small Businesses campaign kicks off.
3 Keys to Reducing the Threat of Ransomware
Commentary  |  10/26/2018  | 
Following these steps could mean the difference between an inconvenience and a multimillion-dollar IT system rebuild -- for the public and private sectors alike.
Multiple Phishing Attacks Target Top Universities
News Analysis-Security Now  |  10/26/2018  | 
Kaspersky Labs sent out a warning this week that multiple phishing campaigns have targeted more than 100 universities and schools over the past year, including the University of Washington, Cornell University and others.
IoT Device Adoption Hampered by Consumer's Security Concerns
Larry Loeb  |  10/26/2018  | 
For companies looking to jump on the IoT bandwagon, the adoption of these devices is being slowed by consumers' concerns over safety and security, a new report finds.
Check Point, Fortinet Add Cloud Security Depth With Acquisitions
News Analysis-Security Now  |  10/26/2018  | 
This week, Check Point announced a deal to acquire Dome9, and Fortinet is buying ZoneFox. The two agreements look to strengthen the companies' cloud security portfolios.
County Election Websites Can Be Easily Spoofed to Spread Misinformation
News  |  10/25/2018  | 
Majority of county sites in 20 key swing states have non-.gov domains and don't enforce use of SSL, McAfee researchers found.
New Free Decryption Tool for GandCrab
Quick Hits  |  10/25/2018  | 
Tool rescues GandCrab victims from malicious encryption.
Retail Fraud Spikes Ahead of the Holidays
News  |  10/25/2018  | 
Researchers note massive increases in retail goods for sale on the black market, retail phishing sites, and malicious applications and social media profiles.
Side-Channel Attack Exposes User Accounts on Facebook, XBox, Other Social Sites
News  |  10/25/2018  | 
Researcher will demonstrate at Black Hat Europe his team's recent discovery: a way to exploit popular user-blocking feature on social media and other sites.
Cathay Pacific Suffers Largest Airline Breach
Quick Hits  |  10/25/2018  | 
Breach of Hong Kong-based airline compromises personal information of 9.4 million passengers.
Trump's Numerous iPhones Creating Security Headache Report
News Analysis-Security Now  |  10/25/2018  | 
The New York Times reports that President Donald Trump uses up to three different iPhones and that his habits have left his calls open to spying from China and Russia.
Securing Serverless: Attacking an AWS Account via a Lambda Function
Commentary  |  10/25/2018  | 
Its not every day that someone lets you freely wreak havoc on their account just to find out what happens when you do.
Securing Severless: Defend or Attack?
Commentary  |  10/25/2018  | 
The best way to protect your cloud infrastructure is to pay attention to the fundamentals of application security, identity access management roles, and follow configuration best-practices.
Managed Security Service Providers: Good Idea, but What's the Catch?
Alan Zeichick  |  10/25/2018  | 
Managed security service providers are a good idea for businesses struggling with creating their own InfoSec division. However, there are some drawbacks to consider.
DevSecOps An Effective Fix for Software Flaws
News  |  10/25/2018  | 
Organizations seeking to fix flaws faster should look to automation and related methodologies for success, says a new report.
Security Researcher Finds Second Zero-Day Exploit in Windows 10
News Analysis-Security Now  |  10/25/2018  | 
For the second time, an independent security researcher has found a zero-day exploit in Windows 10 that can also affect some of the newer versions of Window Server.
Apple's Tim Cook: Privacy Is a Fundamental Human Right
News Analysis-Security Now  |  10/25/2018  | 
Apple CEO Tim Cook addressed the ICDPPC conference in Europe this week, offered praise for GDPR and spoke about how consumer privacy is a fundamental human right.
Windows 7 End-of-Life: Are You Ready?
News  |  10/24/2018  | 
Microsoft will terminate support for Windows 7 in January 2020, but some there's still some confusion among enterprises about when the OS officially gets retired.
ICS Networks Continue to be Soft Targets For Cyberattacks
News  |  10/24/2018  | 
CyberX study shows that many industrial control system environments are riddled with vulnerabilities.
Tackling Supply Chain Threats
Commentary  |  10/24/2018  | 
Vendor-supplied malware is a threat that has been largely overlooked. That has to change.
Abandoned Websites Haunt Corporations
Quick Hits  |  10/24/2018  | 
Websites that never go away continue to bring security threats to their owners, says a new report.
Page 1 / 4   >   >>


Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-28042
PUBLISHED: 2021-03-05
Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. This can lead to remote code execution.
CVE-2021-28041
PUBLISHED: 2021-03-05
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
CVE-2021-3377
PUBLISHED: 2021-03-05
The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting (XSS) vulnerability. This issue is fixed in v5.0.0.
CVE-2021-3420
PUBLISHED: 2021-03-05
A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow.
CVE-2020-29020
PUBLISHED: 2021-03-05
Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware.