Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in October 2018
<<   <   Page 3 / 4   >   >>
Gartner: Cybersecurity & AI Are Top Spending Priorities for CIOs
News Analysis-Security Now  |  10/17/2018  | 
Gartner's latest survey of CIOs finds that spending on cybersecurity and artificial intelligence is increasing.
FICO & US Chamber of Commerce Score Cyber-Risk Across 10 Sectors
News  |  10/16/2018  | 
Media, telecom, and technology firms are far more likely to experience a data breach in the near future than organizations in sectors including energy, construction, and transportation.
A Cybersecurity Weak Link: Linux and IoT
Commentary  |  10/16/2018  | 
Linux powers many of the IoT devices on which we've come to rely -- something that enterprises must address.
NC Water Utility Fights Post-Hurricane Ransomware
News  |  10/16/2018  | 
North Carolina's Onslow Water and Sewer Authority was hit with an advanced attack in the wake of Hurricane Florence.
Rapid7 Acquires tCell
Quick Hits  |  10/16/2018  | 
The purchase brings together a cloud security platform with a web application firewall.
6 Reasons Why Employees Violate Security Policies
Slideshows  |  10/16/2018  | 
Get into their heads to find out why they're flouting your corporate cybersecurity rules.
Spies Among Us: Tracking, IoT & the Truly Inside Threat
Commentary  |  10/16/2018  | 
In today's ultra-connected world, it's important for users to understand how to safeguard security while browsing the web and using electronic devices.
Security Needs to Start Speaking the Language of Business
News Analysis-Security Now  |  10/16/2018  | 
At the Gartner Symposium/ITXPO, upcoming security trends for the next year include learning to speak the language of business.
Privacy & AI Changing the Digital Transformation Game
News Analysis-Security Now  |  10/16/2018  | 
At Gartner's Symposium/ITXPO, analysts have come up with the term 'ContinuousNEXT' to show how digital transformation is evolving. However, businesses need to address concerns over privacy and AI.
IBM's Cybersecurity Operations Center Hits the Road
News Analysis-Security Now  |  10/16/2018  | 
Big Blue has converted a 23-ton Mercedes tractor trailer into a mobile security command center.
6 Security Trends for 2018/2019
News  |  10/15/2018  | 
Speaking at the Gartner Symposium/ITxpo, analyst Peter Firstbrook's list of trends is likely to inform executive committee conversations for the next 12 months.
IBM Builds 'SOC on Wheels' to Drive Cybersecurity Training
News  |  10/15/2018  | 
A tractor trailer housing a Cyber Tactical Operation Center will travel throughout the US and Europe for incident response training, security support, and education.
Millions of Voter Records Found for Sale on the Dark Web
Quick Hits  |  10/15/2018  | 
Voter registration databases from 19 US states are being hawked in an underground hacking forum, researchers say.
3 Out of 4 Employees Pose a Security Risk
News  |  10/15/2018  | 
New MediaPRO study also finds that management performed worse than entry- and mid-level employees in how to handle a suspected phishing email.
DoD Travel System Breach Exposed Data of 30K Civilian, Military Employees
Quick Hits  |  10/15/2018  | 
Defense Dept. says contractor that handles travel management services was hacked.
4 Ways to Fight the Email Security Threat
Commentary  |  10/15/2018  | 
It's time to reimagine employee training with fresh, more aggressive approaches that better treat email security as a fundamentally human problem.
Living With Compromised Technology Supply Chains in a Post-Supermicro World
Joe Stanganelli  |  10/15/2018  | 
In the wake of Bloomberg's jarring expos on tainted motherboards from mega-manufacturer Supermicro, practical questions remain for enterprise organizations on how they can cope with the scary prospect of compromised hardware.
Gallmaker Attackers Living Off the Land, Symantec Finds
Jeffrey Burt  |  10/15/2018  | 
Gallmaker, a new state-sponsored threat group, eschews custom malware for legitimate hacking tools and techniques to run under the radar while attacking government and military organizations in eastern Europe and the Middle East, according to recent research from Symantec.
Most IT Security Pros Want to Change Jobs
Quick Hits  |  10/12/2018  | 
They cite five main reasons for wanting to move on and what it would take to retain them.
Facebook Update: 30 Million Users Actually Hit in its Recent Breach
News  |  10/12/2018  | 
The good news: That number is less than the original estimate of 50 million. The bad news: It might not have been the only attack.
Facebook Revises Data Breach Number Down to 30M Users
News Analysis-Security Now  |  10/12/2018  | 
Facebook updated some details of the data breach where attackers stole users' security tokens. The social media giant now believes 30 million users were affected as opposed to the 50 million originally thought.
Threat Hunters & Security Analysts: A Dynamic Duo
Commentary  |  10/12/2018  | 
Fighting spying with spying, threat hunters bring the proactive mindset of network reconnaissance and repair to the enterprise security team.
Intel's 9th Gen Processors Offer Protections Against Spectre & Meltdown
Larry Loeb  |  10/12/2018  | 
While talking up its 9th Gen processors this week, Intel offer some subtle hints about plans to protect its CPUs against the Spectre and Meltdown vulnerabilities that have plague x86 processors.
12 Free, Ready-to-Use Security Tools
Slideshows  |  10/12/2018  | 
There's no excuse for not knowing your exposure. These free tools can help you analyze what your company is up against and point ways to developing a more thorough security program.
DHS Raps Juniper Over the Knuckles for 40 Junos OS Vulnerabilities
Larry Loeb  |  10/12/2018  | 
The Department of Homeland Security felt it necessary to take Juniper Networks to the woodshed for 40 vulnerabilities, many critical, that affected the company's Junos OS.
Senators Demand More Information on Google+ Vulnerability
News Analysis-Security Now  |  10/12/2018  | 
A letter from the Senate's Commerce Committee chairman is asking Google CEO Sundar Pichai for additional information about a bug in Google+ social media platform that may have exposed data on 500,000 users.
Pair of Reports Paint Picture of Enterprise Security Struggling to Keep Up
News  |  10/11/2018  | 
Many organizations have yet to create an effective cybersecurity strategy and it's costing them millions.
Chinese Intelligence Officer Under Arrest for Trade Secret Theft
News  |  10/11/2018  | 
Yanjun Xu attempted to steal data on advanced aviation technology that GE Aviation, among others, had spent billions developing.
Window Snyder Shares Her Plans for Intel Security
News  |  10/11/2018  | 
The security leader, known for her role in securing Microsoft, Apple, and Mozilla, discusses her new gig and what she's working on now.
Most Malware Arrives Via Email
Quick Hits  |  10/11/2018  | 
Watch out for messages with the word "invoice" in the subject line, too.
Google Adds New Identity, Security Tools to Cloud Platform
News  |  10/11/2018  | 
A wave of cloud news includes new tools for identity and access management and policies for stronger controls on cloud resources.
Not All Multifactor Authentication Is Created Equal
Commentary  |  10/11/2018  | 
Users should be aware of the strengths and weaknesses of the various MFA methods.
One-Third of US Adults Hit with Identity Theft
Quick Hits  |  10/11/2018  | 
That's double the global average and more than three times the rate of French and German adults.
The Better Way: Threat Analysis & IIoT Security
Commentary  |  10/11/2018  | 
Threat analysis offers a more nuanced and multidimensional approach than go/no-go patching in the Industrial Internet of Things. But first, vendors must agree on how they report and address vulnerabilities.
Russian & Chinese Hacking Forums Have Distinct Characteristics
News Analysis-Security Now  |  10/11/2018  | 
A year-long deep dive by Recorded Future finds that Russian and Chinese hacking forums differ in many respects.
GAO: Pentagon's New Weapons Systems Vulnerable to Cyber Attacks
News Analysis-Security Now  |  10/11/2018  | 
A report from the Government Accountability Office finds that the Defense Department is buying and developing new weapons that are vulnerable to numerous cyber attacks.
Meet 5 Women Shaping Microsoft's Security Strategy
Slideshows  |  10/10/2018  | 
Profiles of some of the women currently leading Microsoft security operations - and their efforts to drive inclusivity.
Russian Hacking Groups Intersect in Recent Cyberattacks
News  |  10/10/2018  | 
Two different hacking teams best known as Turla and Fancy Bear employed the same stealthy attack method in an unusual overlap of hacking activity.
New Threat Group Conducts Malwareless Cyber Espionage
News  |  10/10/2018  | 
Gallmaker group is relying exclusively on legitimate tools and living-off-the-land tactics to make detection very difficult.
Imperva to Be Acquired by Thoma Bravo for $2.1 Billion
Quick Hits  |  10/10/2018  | 
But two law firms are investigating whether the security vendor breached its fiduciary duty to shareholders by not actively seeking buyers offering a higher price.
IIS Attacks Skyrocket, Hit 1.7M in Q2
Quick Hits  |  10/10/2018  | 
Drupal and Oracle WebLogic also were hit with more cyberattacks during same quarter.
Security Researchers Struggle with Bot Management Programs
Commentary  |  10/10/2018  | 
Bots are a known problem, but researchers will tell you that bot defenses create problems of their own when it comes to valuable data.
Gemalto: 4.5B Records Breached in First Half of 2018
Larry Loeb  |  10/10/2018  | 
Gemalto's Breach Level Index showed a staggering 133% increase in data breaches between the first half of 2017 and the first six months of this year. However, most of this malicious activity is attributable to two incidents one involving Facebook.
Magecart Attempted Supply Chain Attack Against Shopper Approved
News Analysis-Security Now  |  10/10/2018  | 
RiskIQ has identified yet another attack by the Magecart group against Shopper Approved, third-party provider of reviews and other services to larger e-commerce sites.
Bloomberg: Major Telecom Also Found Hacked Supermicro Servers
News Analysis-Security Now  |  10/10/2018  | 
As questions swirled around a Bloomberg story about hardware hacked by Chinese spies, a second story finds that a major telecom also discovered compromised Supermicro servers.
Google+ Vulnerability Hits Service, Leads to Shutdown
News  |  10/9/2018  | 
In response to the breach, Google is changing policies, modifying APIs, and shutting down Google+.
Git Gets Patched for Newly Found Flaw
Quick Hits  |  10/9/2018  | 
A vulnerability in Git could allow an attacker to place malicious, auto-executing code in a sub-module.
Lesser Skilled Cybercriminals Adopt Nation-State Hacking Methods
News  |  10/9/2018  | 
The trend underscores the need for organizations of all sizes to be prepared to detect and respond to threats faster, CrowdStrike says.
Constructing the Future of ICS Cybersecurity
News  |  10/9/2018  | 
As industrial control systems are connected to the cloud and the IoT, experts discuss security challenges.
Microsoft Fixes Privilege Escalation 0Day Under Active Attack
News  |  10/9/2018  | 
This month's Patch Tuesday includes 49 patches, two of which are ranked Critical, and two security advisories.
<<   <   Page 3 / 4   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/28/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11844
PUBLISHED: 2020-05-29
There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.
CVE-2020-6937
PUBLISHED: 2020-05-29
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
CVE-2020-7648
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk's internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`
CVE-2020-7650
PUBLISHED: 2020-05-29
All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk's internal network of any files ending in the following extensions: yaml, yml or json.
CVE-2020-7654
PUBLISHED: 2020-05-29
All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.