Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in October 2018
<<   <   Page 2 / 4   >   >>
Twitter User Discloses Second Microsoft Zero-Day
Quick Hits  |  10/24/2018  | 
The vulnerability can be used to elevate privileges and delete files on target systems.
8 Threats That Could Sink Your Company
Slideshows  |  10/24/2018  | 
Security researchers warn of both new and re-emerging threats that can cause serious harm.
Benefits of DNS Service Locality
Commentary  |  10/24/2018  | 
Operating one's own local DNS resolution servers is one of the simplest and lowest-cost things an IT administrator can do to monitor and protect applications, services, and users from potential risks.
FireEye Links Triton Malware to Russian Research Institute
News Analysis-Security Now  |  10/24/2018  | 
Triton appeared in late 2017, designed to target industrial control systems. Now, FireEye has linked the malware to a Russian research facility.
iPhones Increasingly Vulnerable to Coinhive Cryptomining Malware
Jeffrey Burt  |  10/24/2018  | 
In their most recent Global Threat Index, Check Point researchers found a 400% increase in Coinhive attacks against iPhones by bad actors using the popular cryptomining malware.
Industrial Systems Suffer From Poor Patching, Bad Password Practices Study
Larry Loeb  |  10/24/2018  | 
Industrial control systems are riddled with outdated software that is in need of patching, while passwords are stored in plain text and endpoints are left open to attack, according to a report from CyberX.
Battling Bots: How to Find Fake Twitter Followers
News  |  10/23/2018  | 
Duo researchers explain the approach they used to detect automated Twitter profiles and uncover a botnet.
Barclays, Walmart Join New $85M Innovation Coalition
Quick Hits  |  10/23/2018  | 
Innovation incubator Team8 recruits major partners, investors to create new products that help businesses 'thrive by security.'
Russian Research Institute Was Actively Involved In TRITON ICS Attack Activity
News  |  10/23/2018  | 
Data shows with a high degree of confidence that Moscow-based Central Scientific Research Institute of Chemistry and Mechanics helped develop and refine malware, FireEye says.
The Browser Is the New Endpoint
Commentary  |  10/23/2018  | 
Given the role browsers play in accessing enterprise applications and information, it's time to rethink how we classify, manage, and secure them.
Former HS Teacher Admits to 'Celebgate' Hack
Quick Hits  |  10/23/2018  | 
Christopher Brannan accessed full iCloud backups, photos, and other personal data belonging to more than 200 victims.
IoT Bot Landscape Expands, Attacks Vary by Country
News  |  10/23/2018  | 
New report finds 1,005 new user names and passwords beyond Mirais original default list two years ago.
Good Times in Security Come When You Least Expect Them
Commentary  |  10/23/2018  | 
Not every cybersecurity endeavor can have a huge impact. But a small percentage of your efforts can still produce results that blow you away.
Biometrics: How to Balance Security, Privacy & Data Protection
News Analysis-Security Now  |  10/23/2018  | 
Biometrics is a way to strengthen security within the enterprise, while doing away with older methods such as passwords. However, collecting this highly personal data has its own security risk.
Enterprises Face a Large, & Growing, Cybersecurity Skills Gap
News Analysis-Security Now  |  10/23/2018  | 
As enterprise cybersecurity becomes complex and businesses scramble to invest more in their defenses, there's a shortage of workers with the right set of skills that businesses need. Is it possible to overcome this particular gap?
Facebook Rumored to Be Hunting for Major Cybersecurity Acquisition
News  |  10/22/2018  | 
Goal appears both a bid to bolster its own security and its tattered reputation for privacy, according to reporting by The Information.
US Tops Global Malware C2 Distribution
News  |  10/22/2018  | 
The United States hosts 35% of the world's command-and-control infrastructure, driving the frequency of host compromises.
UK, US to Sign Accord on AI, Cybersecurity Cooperation
Quick Hits  |  10/22/2018  | 
Royal Navy, US Navy, and tech industry leaders ready to commit to 'a framework for dialogue and cooperation' at inaugural meeting of the Atlantic Future Forum.
2018 State of Cyber Workforce
Slideshows  |  10/22/2018  | 
Let's start with this eye-opener: The cybersecurity profession is facing a shortfall of 3 million workers worldwide.
Healthcare.gov FFE Breach Compromises 75K Users' Data
Quick Hits  |  10/22/2018  | 
Attackers broke into a sign-up system used by healthcare insurance agents and brokers to help consumers apply for coverage.
Understanding SOCs' 4 Top Deficiencies
Commentary  |  10/22/2018  | 
In most cases, the areas that rankle SANS survey respondents the most about security operations centers can be addressed with the right mix of planning, policies, and procedures.
Gartner Experts Highlight Tech Trends And Their Security Risks
News  |  10/22/2018  | 
Security must be built into systems and applications from the beginning of the design process, they agreed.
Unpatched MikroTik Routers Vulnerable to Cryptomining Malware
Larry Loeb  |  10/22/2018  | 
An alert from Avast Threat Labs finds that a vast majority of MikroTik routers don't have the last firmware update to block a cryptomining campaign.
Ransomware Attacks Target Public & Government Orgs With More Frequency, Ferocity
News Analysis-Security Now  |  10/22/2018  | 
For a while, ransomware attacks, and the actors behind them, targeted businesses and private enterprises. Now, since the start of 2018, it's increasingly a public affair.
EU Takes Step Toward Cyberattack Sanctions
Quick Hits  |  10/19/2018  | 
European leaders complete first step toward establishing a sanctions regime.
Google Patch to Block Spectre Slowdown in Windows 10
Quick Hits  |  10/19/2018  | 
Microsoft will incorporate Google's Retpoline patch to prevent Spectre Variant 2 from slowing down its operating system.
WSJ Report: Facebook Breach the Work of Spammers, Not Nation-State Actors
News  |  10/19/2018  | 
A report by the Wall Street Journal points finger at group that is known to Facebook Security.
Risky Business: Dark Reading Caption Contest Winners
Commentary  |  10/19/2018  | 
Phishing, anti-shoulder surfing, Russia and other hysterical identity management puns and comments. And the winners are ...
MIT Researchers Have a DAWG in the Fight Against Spectre & Meltdown
Larry Loeb  |  10/19/2018  | 
In the fight against Spectre and Metldown vulnerabilities, MIT is pitting its DAWG solution against Intel's CAT.
McAfee: Seasalt Malware Raises Its Head Again
Jeffrey Burt  |  10/19/2018  | 
Code from the Seasalt malware that was last seen in 2010 has been found in new campaigns in North Korea and North America, according to McAfee.
Cyber Espionage Campaign Reuses Code from China's APT1
News  |  10/18/2018  | 
US, Canadian organizations in crosshairs of group with apparent links to a Chinese military hacking unit that wreaked havoc several years ago.
How to Get Consumers to Forgive You for a Breach
Quick Hits  |  10/18/2018  | 
It starts with already-established trust, a new survey shows.
New Security Woes for Popular IoT Protocols
News  |  10/18/2018  | 
Researchers at Black Hat Europe will detail denial-of-service and other flaws in MQTT, CoAP machine-to-machine communications protocols that imperil industrial and other IoT networks online.
Audits: The Missing Layer in Cybersecurity
Commentary  |  10/18/2018  | 
Involving the audit team ensures that technology solutions are not just sitting on the shelf or being underutilized to strategically address security risks.
Former Equifax Manager Sentenced for Insider Trading
Quick Hits  |  10/18/2018  | 
Sudhakar Bonthu bought and sold Equifax stock options prior to the public disclosure of its 2017 data breach.
7 Ways a Collaboration System Could Wreck Your IT Security
Slideshows  |  10/18/2018  | 
The same traits that make collaboration systems so useful for team communications can help hackers, too.
GreyEnergy Group Tied to Power Plant Attacks in Ukraine & Poland
News Analysis-Security Now  |  10/18/2018  | 
Research from ESET has uncovered a new group called GreyEnergy, which appears to have targeted power plants in the Ukraine and Poland. The malware has also been linked to a previous group dubbed BlackEnergy.
Apache Access Vulnerability Could Affect Thousands of Applications
News  |  10/18/2018  | 
A recently discovered issue with a common file access method could be a major new attack surface for malware authors.
Getting Up to Speed with "Always-On SSL"
Commentary  |  10/18/2018  | 
Websites can avoid the negative consequences of a "not secure" label from Google Chrome 68 by following four AOSSL best practices.
Inside the Dark Web's 'Help Wanted' Ads
News  |  10/18/2018  | 
How cybercriminals recruit everyone from car drivers to corporate insiders and pay them according to the risk they assume.
Your People Can't Secure Your Network? Try Tier 0 Automation
Alan Zeichick  |  10/18/2018  | 
Keeping up with modern security requirements requires a multi-prong approach. One way to ensure that threats are being met is to ignore the false alerts. This is where Tier 0 automation comes in.
3 Years After Attacks on Ukraine Power Grid, BlackEnergy Successor Poses Growing Threat
News  |  10/17/2018  | 
In what could be a precursor to future attacks, GreyEnergy is targeting critical infrastructure organizations in Central and Eastern Europe.
Oracle Issues Massive Collection of Critical Security Updates
Quick Hits  |  10/17/2018  | 
The software updates from Oracle address a record number of vulnerabilities.
(ISC) : Global Cybersecurity Workforce Short 3 Million People
News  |  10/17/2018  | 
With the skills gap still wide, security leaders explain the challenges of hiring and retaining security experts.
Cybercrime-as-a-Service: No End in Sight
Commentary  |  10/17/2018  | 
Cybercrime is easy and rewarding, making it a perfect arena for criminals everywhere.
SEC Warns Public Companies on Accounting Control Use
Quick Hits  |  10/17/2018  | 
A new SEC investigative report urges public organizations to keep cyberthreats in mind when implementing internal accounting tools.
Startup Spun Out of Securosis Secures $2.5 Million Seed Investment
News  |  10/17/2018  | 
DistruptOps officially rolls out its SaaS for automating control of cloud operations and security.
The Three Dimensions of the Threat Intelligence Scale Problem
Commentary  |  10/17/2018  | 
To succeed, organizations must be empowered to reduce their attack surface and staff overload so they can get more out of their existing firewall and threat intelligence investments.
Why Killing Off TLS 1.0 & 1.1 Is a Good Thing
Larry Loeb  |  10/17/2018  | 
All good things must come to an end. Apple, Microsoft, Mozilla and Google have decided that's the case for the 1.0 and 1.1 versions of TLS.
IBM's Ginni Rometty: We're the Blockchain & Quantum Computing Leader
News Analysis-Security Now  |  10/17/2018  | 
At the Gartner Symposium/ITXPO, IBM CEO Ginni Rometty talked a lot about the cloud, but also how Big Blue is leading in two cutting-edge developments: Quantum computing and blockchain.
<<   <   Page 2 / 4   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27180
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail (aka WorldClient). It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user.
CVE-2021-27181
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the va...
CVE-2021-27182
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail (aka WorldClient). It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user.
CVE-2021-27183
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to modify existing files. This vulnerability may directly lead...
CVE-2021-29449
PUBLISHED: 2021-04-14
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details.