Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in October 2018
<<   <   Page 4 / 4
Lessons Learned from the Facebook Breach: Why Logic Errors Are So Hard to Catch
Commentary  |  10/9/2018  | 
By ensuring that each layer of protection scours an application for unintended uses, you can find the flaws before the bad guys do.
DoD Weapon Systems Contain Security Vulnerabilities
Quick Hits  |  10/9/2018  | 
GAO report outlines challenges for the US Department of Defense to handle security flaws in weapon systems.
New Domains: A Wide-Open Playing Field for Cybercrime
Commentary  |  10/9/2018  | 
As bad actors increasingly exploit new domains for financial gain and other nefarious purposes, security teams need to employ policies and practices to neutralize the threat in real time. Here's why and how.
Bloomberg Hardware Hacking Story Faces Fierce Backlash From Apple & DHS
News Analysis-Security Now  |  10/9/2018  | 
Over the weekend, Apple, Amazon, the Department of Homeland Security and others began to strongly push back against a Bloomberg story that reported Chinese hackers implanted chips in hardware to spy on companies.
Google+ Bug Exposed Personal Data of 500K Users Report
News Analysis-Security Now  |  10/9/2018  | 
The Wall Street Journal reported that a security flaw in Google's social network exposed the records of thousands of users to third-party developers. The company did not disclose the leak because it feared data privacy regulations and additional scrutiny.
Rotten Fruit: 4 Insider Threats to Watch Out For
Alan Zeichick  |  10/8/2018  | 
When it comes to insider threats, it's best not to trust anyone. However, different employees pose different types of threats to the network. Here are the four types of 'rotten fruit' to look out for in your business.
Teach Your AI Well: A Potential New Bottleneck for Cybersecurity
News  |  10/8/2018  | 
Artificial intelligence (AI) holds the promise of easing the skills shortage in cybersecurity, but implementing AI may result in a talent gap of its own for the industry.
DanaBot Banking Trojan Is Now Finding Its Way to the US
Jeffrey Burt  |  10/8/2018  | 
The DanaBot Trojan first targeting organizations in Australia earlier this year has expanded into Europe and now is aiming at US, according to Proofpoint.
Mandia: Tipping Point Now Here for Rules of Cyber Engagement
News  |  10/5/2018  | 
FireEye CEO and nation-state hacking expert Kevin Mandia says Russia began changing the game in 2015.
Most Home Routers Are Full of Vulnerabilities
Quick Hits  |  10/5/2018  | 
More than 80% of surveyed routers had, on average, 172 security vulnerabilities, new research shows.
Successful Scammers Call After Lunch
News  |  10/5/2018  | 
Analysis of 20,000 voice phishing, or vishing, calls reveals patterns in how social engineers operate and how targets respond.
12 AppSec Activities Enterprises Can't Afford to Skip
Slideshows  |  10/5/2018  | 
The latest Building Security in Maturity Model (BSIMM9) report offers a statistically backed, bare-minimum benchmark for software security initiatives.
Who Do You Trust? Parsing the Issues of Privacy, Transparency & Control
Commentary  |  10/5/2018  | 
Technology such as Apple's device trust score that decides "you" is not you is a good thing. But only if it works well.
US Voting Machines Riddled With Vulnerabilities & Security Flaws
Larry Loeb  |  10/5/2018  | 
The highly anticipated report form the DEF CON Voting Machine Hacking Village finds that any number of voting machines used in US elections are vulnerable to any number of attacks or hacks.
7 Russian Spies Indicted in US for Hacking Anti-Doping Agencies
News Analysis-Security Now  |  10/5/2018  | 
The Justice Department has indicted seven Russian spies for attempting to hack into and spread false information about anti-doping agencies. It appears to be a retaliatory campaign following the 2014 Winter Olympics in Russia.
China Hacks Hardware in Spying Attempt on Apple, Amazon & Others Report
News Analysis-Security Now  |  10/5/2018  | 
Bloomberg dropped a bombshell report this week, claiming that servers produced by Supermicro contained a specialized chip designed to allow China to spy on the industrial secrets of Apple, Amazon and others, as well as the US government.
US Indicts 7 Russian Intel Officers for Hacking Anti-Doping Organizations
News  |  10/4/2018  | 
Netherlands expels four of the suspects trying to break into an organization investigating a chemical used in the recent attack on a former Russian spy in Britain.
7 Steps to Start Your Risk Assessment
Slideshows  |  10/4/2018  | 
Risk assessment can be complex, but it's vital for making good decisions about IT security. Here are steps to start you down the path toward a meaningful risk assessment process.
Report: In Huge Hack, Chinese Manufacturer Sneaks Backdoors Onto Motherboards
Quick Hits  |  10/4/2018  | 
If true, the attack using Supermicro motherboards could be the most comprehensive cyber breach in history.
For $14.71, You Can Buy A Passport Scan on the Dark Web
News  |  10/4/2018  | 
That's the average price of a digital passport scan, and it goes up with proof of identification, a new study finds.
GDPR Report Card: Some Early Gains but More Work Ahead
Commentary  |  10/4/2018  | 
US companies paid the most, to date, to meet the EU's General Data Protection Regulation, according to a recent study, but UK companies made greater progress in achieving compliance goals.
Attackers Can Compromise Corporate Email Accounts for $150
News Analysis-Security Now  |  10/4/2018  | 
With corporate email account hacking tools available on criminal forums for as little as $150, a report from Digital Shadows finds that this has led to an increase in Business Email Compromise and Email Account Compromise attacks.
US Warns About ATM Thefts Linked to North Korea's Hidden Cobra Group
News Analysis-Security Now  |  10/4/2018  | 
US CERT has issued a warning about an ongoing scheme called 'FASTCash' that is targeting ATMs around the world. It's believed that the North Korea-based Hidden Cobra group is behind it.
APIs, App Updates Create New Vulnerabilities
News Analysis-Security Now  |  10/4/2018  | 
Enterprises need to build more security into API gateways and applications including encryption and authentication, Radware survey shows.
Inside the North Korean Hacking Operation Behind SWIFT Bank Attacks
News  |  10/3/2018  | 
FireEye details how this money-stealing operation it now calls APT 38 has emerged in the past four years and how it operates.
Malware Outbreak Causes Disruptions, Closures at Canadian Restaurant Chain
News  |  10/3/2018  | 
But Recipe Unlimited denies it was the victim of a ransomware attack, as some have reported.
An Intro to Intra, the Android App for DNS Encryption
News  |  10/3/2018  | 
Alphabet's Jigsaw has released Intra, a free security app that aims to prevent government censorship.
Palo Alto Networks Buys RedLock to Strengthen Cloud Security
Quick Hits  |  10/3/2018  | 
The transaction, valued at $173 million, is intended to bring analytics and threat detection to Palo Alto Networks' cloud security offering.
Adobe, Foxit PDF Vulnerabilities Show Danger of Remote Code Execution
News Analysis-Security Now  |  10/3/2018  | 
Within the last week, Adobe and Foxit each rolled out dozens of patches to their PDF products that specifically fixed issues that could lead to an attack using remote code execution.
Putting Security on Par with DevOps
Commentary  |  10/3/2018  | 
Inside the cloud, innovation and automation shouldn't take a toll on protection.
Twitter Cracks Down on Fake Accounts & Hacked Data Before US Election
News Analysis-Security Now  |  10/3/2018  | 
As Election Day approaches in the US, Twitter is updating its rules to ban fake accounts and crack down on those that disseminate hacked material.
100,000-Plus Home Routers Hijacked in Campaign to Steal Banking Credentials
News  |  10/3/2018  | 
The GhostDNS campaign, which has been mainly targeting consumers in Brazil, has exploded in scope since August.
Microsoft Is Waking Up to 'Fileless' Malware Threats
Larry Loeb  |  10/3/2018  | 
It took a while, but Microsoft's security engineers are starting to address concerns about 'fileless' malware. Redmond is looking to build additional defenses into Windows Defender ATP.
Financial Sector Data Breaches Soar Despite Heavy Security Spending
News  |  10/2/2018  | 
Banks and other financial firms have disclosed three times as many breaches so far this year than they did in 2016, Bitglass says.
When Facebook Gets Hacked, Everyone Gets Hacked
News  |  10/2/2018  | 
Facebook's attackers may have gained access to several third-party apps and websites via Facebook Login.
Hacker 'AlfabetoVirtual' Pleads Guilty to NYC Comptroller, West Point Website Defacements
Quick Hits  |  10/2/2018  | 
Two felony counts each carry a maximum 10-year prison sentence.
The Award for Most Dangerous Celebrity Goes To
Quick Hits  |  10/2/2018  | 
A new study highlights which celebrities are associated with the most malicious websites, making them risky search subjects.
Stop Saying 'Digital Pearl Harbor'
Commentary  |  10/2/2018  | 
Yes, there are serious dangers posed by malevolent nation-states. But the hype is distracting us from the reality of the threats.
CISOs: How to Answer the 5 Questions Boards Will Ask You
Commentary  |  10/2/2018  | 
As boards learn the importance of cybersecurity, certain issues arise on a regular basis. These tips can help you address them.
Facebook's Data Breach: Will It Be First Test of GDPR?
News Analysis-Security Now  |  10/2/2018  | 
With a software flaw exposing the records of some 50 million Facebook users, it seems that some European regulators might try and test the EU's new GDPR provisions for the first time.
North Korean-Linked Reaper Group Tied to New Malware Family
News Analysis-Security Now  |  10/2/2018  | 
Palo Alto Network's Unit 42 division has tied the mysterious North Korea-linked Reaper group to a new malware family dubbed NOKKI, thanks to the same macros used in the attacks.
'Short, Brutal Lives': Life Expectancy for Malicious Domains
News  |  10/1/2018  | 
Using a cooling-off period for domain names can help catch those registered by known bad actors.
October Events at Dark Reading You Can't Miss
News  |  10/1/2018  | 
Cybersecurity Month at Dark Reading is packed with educational webinars, from data breach response to small business security.
Employees Share Average of 6 Passwords With Co-Workers
Quick Hits  |  10/1/2018  | 
Password-sharing and reuse is still prominent, but multifactor authentication is on the rise, new study shows.
California Enacts First-in-Nation IoT Security Law
Quick Hits  |  10/1/2018  | 
The new law requires some form of authentication for most connected devices.
Microsoft Lights Up IoT 'Dark Matter'
News Analysis-Security Now  |  10/1/2018  | 
Microsoft released tools and services to help developers secure the Internet of Things.
The Right Diagnosis: A Cybersecurity Perspective
Commentary  |  10/1/2018  | 
A healthy body and a healthy security organization have a lot more in common than most people think.
Torii Is a New Evolution in Botnet Malware
Larry Loeb  |  10/1/2018  | 
Move over Mirai. A Bulgarian security researcher and Avast have found a new botnet dubbed Torii, which can bring these types of attacks to a new level.
Exclusive: Cisco, Duo Execs Share Plans for the Future
News  |  10/1/2018  | 
Cisco's Gee Rittenhouse and Duo's Dug Song offer ideas and goals for the merged companies as Duo folds under the Cisco umbrella.
USB Devices Still a Threat to Businesses, Kaspersky Finds
Jeffrey Burt  |  10/1/2018  | 
The use of removable storage media to deliver malware is declining, but threat actors are putting coin miners into USB devices and targeting emerging areas, a new study by Kaspersky finds.
<<   <   Page 4 / 4


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24028
PUBLISHED: 2021-04-14
An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.
CVE-2021-29370
PUBLISHED: 2021-04-13
A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website.
CVE-2021-3460
PUBLISHED: 2021-04-13
The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.
CVE-2021-3462
PUBLISHED: 2021-04-13
A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.
CVE-2021-3463
PUBLISHED: 2021-04-13
A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error.