Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content
Page 1 / 2   >   >>
Typosquatting Websites Proliferate in Run-up to US Elections
News  |  10/16/2019  | 
People who mistype the URL for their political candidate or party's website could end up on an opposing party or candidate's website, Digital Shadow's research shows.
SailPoint Buys Orkus and OverWatchID to Strengthen Cloud Access Governance
Quick Hits  |  10/16/2019  | 
The $37.5 million acquisitions will boost SailPoint's portfolio across all cloud platforms.
Schadenfreude Is a Bad Look & Other Observations About Recent Disclosures
Commentary  |  10/16/2019  | 
The debate about whether Android or iOS is the more inherently secure platform misses the larger issues that both platforms are valuable targets and security today is no guarantee of security tomorrow.
Google Cloud Launches Security Health Analytics in Beta
Quick Hits  |  10/16/2019  | 
The tool is designed to help identify misconfigurations and compliance violations in the Google Cloud Platform.
Cryptojacking Worm Targets and Infects 2,000 Docker Hosts
News  |  10/16/2019  | 
Basic and 'inept' worm managed to compromise Docker hosts by exploiting misconfigurations.
Federal CIOs Zero In on Zero Trust
Commentary  |  10/16/2019  | 
Here's how federal CIOs can begin utilizing the security concept and avoid predictable obstacles.
Sodinokibi Ransomware: Where Attackers' Money Goes
News  |  10/15/2019  | 
Researchers following the ransomware variant uncover new data on how much its affiliates earn and where they spend it.
Targeted Ransomware Attacks Show No Signs of Abating
News  |  10/15/2019  | 
Criminals are becoming more sophisticated and targeted in going after enterprise organizations, a new Q2/Q3 report finds.
IoT Attacks Up Significantly in First Half of 2019
Quick Hits  |  10/15/2019  | 
New research shows attacks increased ninefold year-over-year, coming from more than a quarter-million unique IP addresses.
More Breaches, Less Certainty Cause Dark Web Prices to Plateau
News  |  10/15/2019  | 
New research finds it's now less than $10 for full credit details on a consumer, $100 for a distributed denial-of-service attack, and $50 for access to a US bank account.
5 Steps to Protect Against Ransomware Attacks
Commentary  |  10/15/2019  | 
Paying a ransom is strongly discouraged by experts. So, how do you protect your organization?
Symantec Adds Endpoint Security Tool to Revamp Portfolio
Quick Hits  |  10/15/2019  | 
Symantec Endpoint Security aims to deliver protection, detection, threat hunting, and response in a single tool.
Why Bricking Vulnerable IoT Devices Comes with Unintended Consequences
Commentary  |  10/15/2019  | 
Infosec vigilantism can cause serious harm in the era of industrial IoT and connected medical devices.
Sophos for Sale: Thoma Bravo Offers $3.9B
News  |  10/14/2019  | 
Sophos' board of directors plans to unanimously recommend the offer to the company's shareholders.
Cyber Theft, Humint Helped China Cut Corners on Passenger Jet
News  |  10/14/2019  | 
Beijing likely saved a lot of time and billions of dollars by copying components for its C919 plane from others, a new report from CrowdStrike says.
Pitney Bowes Hit by Ransomware
Quick Hits  |  10/14/2019  | 
The attack does not appear to have endangered customer data, but it has had an impact on orders for supplies and postage refills.
Tamper Protection Arrives for Microsoft Defender ATP
Quick Hits  |  10/14/2019  | 
The feature, designed to block unauthorized changes to security features, is now generally available.
When Using Cloud, Paranoia Can Pay Off
News  |  10/14/2019  | 
Journalists are increasingly concerned about what cloud providers may access or share with governments - and companies should worry as well.
The Connected Cybercrime Ecosystem & the Impact of the Capital One Breach
Commentary  |  10/14/2019  | 
A company's security battle is not between that company and a specific fraudster; rather, it's between the company and connected cybercriminal ecosystem.
Click2Mail Suffers Data Breach
Quick Hits  |  10/11/2019  | 
Mail provider discovered customer data being used in spam messages.
7 SMB Security Tips That Will Keep Your Company Safe
Slideshows  |  10/11/2019  | 
With National Cybersecurity Awareness Month as a backdrop, industry leaders weigh in on how SMBs can more effectively protect themselves from cyberattacks.
FBI: Phishing Can Defeat Two-Factor Authentication
Quick Hits  |  10/11/2019  | 
A recent Privacy Industry Notification points to two new hacker tools that can turn a victim's browser into a credential-stealing zombie.
Close the Gap Between Cyber-Risk and Business Risk
Commentary  |  10/11/2019  | 
Four steps outlining how security teams can better understand their company's cyber-risk and demonstrate to company leadership what's being done to mitigate the resulting business risk.
iTunes Zero-Day Exploited to Deliver BitPaymer
News  |  10/10/2019  | 
The ransomware operators targeted an "unquoted path" vulnerability in iTunes for Windows to evade detection and install BitPaymer.
AppSec 'Spaghetti on the Wall' Tool Strategy Undermining Security
News  |  10/10/2019  | 
At many organizations, the attitude to securing software appears to be throwing a lot of technology at the problem, a new study finds.
Imperva Details Response to Customer Database Exposure
Quick Hits  |  10/10/2019  | 
The cloud security's CEO and CTO lay out the timeline of events and the steps customers should take to protect their accounts.
Akamai Snaps Up ChameleonX to Tackle Magecart
Quick Hits  |  10/10/2019  | 
The Israel-based ChameleonX aims to protect websites from cyberattacks targeting payment data.
How to Think Like a Hacker
Commentary  |  10/10/2019  | 
In the arms race of computer security, it's never been more important to develop an adversarial mindset that can identify assumptions and determine if and how they can be violated.
Attackers Hide Behind Trusted Domains, HTTPS
News  |  10/10/2019  | 
One in four malicious URLs employed a legitimate domain, making it more difficult for potential victims to spot possible dangers, a mid-year report finds.
Magecart Attack on Volusion Highlights Supply Chain Dangers
News  |  10/10/2019  | 
Attackers compromised Volusion's Google Cloud environment to load malicious skimmer code onto more than 6,500 customer sites.
Network Security Must Transition into the Cloud Era
Commentary  |  10/10/2019  | 
An integrated approach is the best way to provide organizations with the tools they need to decrease the attack surface and use strong security controls.
Virginia a Hot Spot For Cybersecurity Jobs
News  |  10/9/2019  | 
State has highest number of people in information security roles and the most current job openings, Comparitech study finds.
Security Tool Sprawl Reaches Tipping Point
News  |  10/9/2019  | 
How a new open source initiative for interoperable security tools and a wave of consolidation could finally provide some relief for overwhelmed security analysts and SOCs.
USB Drive Security Still Lags
Quick Hits  |  10/9/2019  | 
While USB drives are frequent pieces of business hardware, a new report says that one-third of US businesses have no policy governing their use.
A Realistic Threat Model for the Masses
Commentary  |  10/9/2019  | 
For many people, overly restrictive advice about passwords and other security practices is doing more harm than good. Here's why.
Twitter Slip-Up Spills MFA Phone Numbers, Emails to Advertisers
Quick Hits  |  10/9/2019  | 
Email addresses and phone numbers provided to secure user accounts were accidentally shared with marketers.
How the Software-Defined Perimeter Is Redefining Access Control
Commentary  |  10/9/2019  | 
In a world where traditional network boundaries no longer exist, VPNs are showing their age.
Microsoft Issues 9 Critical Security Patches
News  |  10/8/2019  | 
None of the total 59 patches were for previously known vulnerabilities nor are any under active attack, Microsoft reports.
Utilities' Operational Networks Continue to Be Vulnerable
News  |  10/8/2019  | 
More than half of utilities have suffered an outage or data loss in the last 12 months, but only a minority of organizations seem ready for an attack that could affect operations, a survey finds.
NSA Issues Advisory on VPN Vulnerability Trio
Quick Hits  |  10/8/2019  | 
Vulnerabilities with Pulse Secure, Fortinet, and Palo Alto Networks VPNs are called out in the advisory.
Most US Presidential Campaign Websites Offer Little Privacy Protection
News  |  10/8/2019  | 
New audit finds that privacy policies on 70% of the sites have no limits on data sharing.
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Commentary  |  10/8/2019  | 
As in any battle, understanding and exploiting the terrain often dictates the outcome.
Business Email Compromise Attacks Spike 269%
Quick Hits  |  10/8/2019  | 
A new Mimecast report finds a significant uptick in BEC attacks, malware attachments, and spam landing in target inboxes.
7 Considerations Before Adopting Security Standards
Slideshows  |  10/8/2019  | 
Here's what to think through as you prepare your organization for standards compliance.
Beyond the Horde: The Uptick in Targeted Attacks (And How to Fight Back)
Commentary  |  10/8/2019  | 
We're seeing a dramatic rise in targeted attacks, but following these guidelines can help your enterprise stay safe.
Iranian Cyberattack on US Presidential Campaign Could Be a Sign of Things to Come
News  |  10/8/2019  | 
Political parties and election systems will be heavily targeted in the months leading up to the 2020 general elections, some security experts say.
Lack of Role Models, Burnout & Pay Disparity Hold Women Back
News  |  10/7/2019  | 
New ISACA data emphasizes a gap between men and women who share their opinions on underrepresentation of women and equal pay in the tech industry.
Drupalgeddon2 Vulnerability Still Endangering CMSes
Quick Hits  |  10/7/2019  | 
A new wave of attacks has been discovered on Drupal-based content management systems that weren't patched for the older flaw.
Magecart Skimmers Spotted on 2M Websites
Quick Hits  |  10/7/2019  | 
Researchers say supply chain attacks are responsible for the most significant spikes in Magecart detections.
10 Steps to Assess SOC Maturity in SMBs
Commentary  |  10/7/2019  | 
Facing a system and organization controls audit doesn't have to be stressful for small and midsize businesses if they follow these guidelines.
Page 1 / 2   >   >>


How to Think Like a Hacker
Dr. Giovanni Vigna, Chief Technology Officer at Lastline,  10/10/2019
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer,  10/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17666
PUBLISHED: 2019-10-17
rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.
CVE-2019-17607
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php servername parameter.
CVE-2019-17608
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php dbname parameter.
CVE-2019-17609
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php dbusername parameter.
CVE-2019-17610
PUBLISHED: 2019-10-16
HongCMS 3.0.0 has XSS via the install/index.php dbpassword parameter.