Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in October 2019
Page 1 / 3   >   >>
32,000+ WiFi Routers Potentially Exposed to New Gafgyt Variant
News  |  10/31/2019  | 
Researchers detect an updated Gafgyt variant that targets flaws in small office and home wireless routers from Zyxel, Huawei, and Realtek.
Slow Retreat from Python 2 Threatens Code Security
News  |  10/31/2019  | 
The end of life is near for Python 2, and there will be no rising from the grave this time. So why are some companies and developers risking a lack of security patches to stay with the old version of the programming language?
Chinese Cyber Espionage Group Steals SMS Messages via Telco Networks
News  |  10/31/2019  | 
APT41's new campaign is latest to highlight trend by Chinese threat groups to attack upstream service providers as a way to reach its intended targets, FireEye says.
Coalfire CEO Wants Criminal Charges Against His Employees Dropped
Quick Hits  |  10/31/2019  | 
Felony charges against two employees tasked with testing the physical security of the Dallas County, Iowa, courthouse have been lessened, but that's not enough, CEO says.
Quantifying Security Results to Justify Costs
Commentary  |  10/31/2019  | 
The CISO job isn't to protect the entire business from all threats for any budget. It's to spell out what level of protection executives can expect for a given budget.
New Office 365 Phishing Scam Leaves A Voicemail
Quick Hits  |  10/31/2019  | 
A fake voice message lures victims to a fake Microsoft 365 login page that prompts them to enter credentials.
9 Ways Data Vampires Are Bleeding Your Sensitive Information
Commentary  |  10/31/2019  | 
Pull a Van Helsing on those sucking the lifeblood from your data and intellectual property.
As Phishing Kits Evolve, Their Lifespans Shorten
News  |  10/30/2019  | 
Most phishing kits last less than 20 days, a sign defenders are keeping up in the race against cybercrime.
Facebook Says Israeli Firm Was Involved in Recent WhatsApp Intrusion
News  |  10/30/2019  | 
Evidence suggests NSO Group used WhatsApps servers to distribute mobile spyware to targeted devices.
Ransomware Attack Hits Las Cruces, New Mexico Public Schools
Quick Hits  |  10/30/2019  | 
The attack early in the morning of October 29 has taken all of the school district's systems offline.
Security Pros Fear Insider Attacks Stem from Cloud Apps
Quick Hits  |  10/30/2019  | 
More than half of security practitioners surveyed say insider attack detection has grown more difficult since migrating to cloud.
Email Threats Poised to Haunt Security Pros into Next Decade
Commentary  |  10/30/2019  | 
Decentralized threat intel sharing, more public-private collaboration, and greater use of automated incident response are what's needed to combat phishing
8 Trends in Vulnerability and Patch Management
Slideshows  |  10/30/2019  | 
Unpatched flaws continue to be a major security issue for many organizations.
Hacking Phones: How Law Enforcement Is Saving Privacy
Commentary  |  10/30/2019  | 
It's no longer true that society must choose to either weaken everybody's privacy or let criminals run rampant.
Old RAT, New Moves: Adwind Hides in Java Commands to Target Windows
News  |  10/29/2019  | 
The Adwind remote access Trojan conceals malicious activity in Java commands to slip past threat intelligence tools and steal user data.
Why Cloud-Native Applications Need Cloud-Native Security
Commentary  |  10/29/2019  | 
Today's developers and the enterprises they work for must prioritize security in order to reap the speed and feature benefits these applications and new architectures provide.
Google Cloud Adds New Security Management Tools to G Suite
Quick Hits  |  10/29/2019  | 
Desktop devices that log into G Suite will have device management enabled by default, streamlining processes for IT admins.
Who Made the List Of 2019's Nastiest Malware?
Quick Hits  |  10/29/2019  | 
This year's compilation features well-known ransomware, botnet, and cryptomining software.
Cybersecurity Trumps Political, Reputational Concerns for Companies
News  |  10/29/2019  | 
The average company has seen its risk increase, with cybersecurity topping the list of business threats, followed by damage to reputation and financial risks, a report finds.
Why It's Imperative to Bridge the IT & OT Cultural Divide
Commentary  |  10/29/2019  | 
As industrial enterprises face the disruptive forces of an increasingly connected world, these two cultures must learn to coexist.
Fortinet Bolsters Endpoint Security with enSilo Acquisition
News  |  10/28/2019  | 
As companies reduce their vendor count, consolidation will likely continue to accelerate in the next year.
Pwn2Own Adds Industrial Control Systems to Hacking Contest
News  |  10/28/2019  | 
The Zero Day Initiative will bring its first ICS Pwn2Own competition to the S4x20 conference in January.
US Lawmakers Fear Chinese-Owned TikTok Poses Security Risk
Quick Hits  |  10/28/2019  | 
The popular video app has more than 110 million downloads in the United States and could give China access to users' personal data, they say.
Database Error Exposes 7.5 Million Adobe Customer Records
Quick Hits  |  10/28/2019  | 
The database was open for approximately one week before the problem was discovered.
5 Things the Hoodie & the Hard Hat Need to Know About Each Other
Commentary  |  10/28/2019  | 
Traditionally, the worlds of IT (the hoodie) and OT (the hard hat) have been separate. That must change.
Microsoft Office Bug Remains Top Malware Delivery Vector
News  |  10/25/2019  | 
CVE-2017-11882 has been attackers' favorite malware delivery mechanism throughout the second and third quarters of 2019.
Online Beauty Store Hit by Magecart Attack
Quick Hits  |  10/25/2019  | 
An e-skimmer placed on the Procter & Gambleowned First Aid Beauty site to steal payment card data went undetected for five months.
Second Ransomware Attack Strikes Johannesburg
Quick Hits  |  10/25/2019  | 
Attackers who broke into the city's network demand four Bitcoins in ransom or threaten to share stolen personal and financial data.
4 Security Lessons Federal IT Pros Can Teach the Private Sector
Commentary  |  10/25/2019  | 
With a little research and basic planning, small companies can make big strides against the cybersecurity threats they face. Here's how.
40% of Security Pros Job Hunting as Satisfaction Drops
News  |  10/24/2019  | 
Symptoms of job dissatisfaction creep into an industry already plagued with gaps in diversity and work-life balance.
FBI Expands Election Security Initiative
Quick Hits  |  10/24/2019  | 
The program offers resources and advice to help protect elections at every level within the US.
Apple Boots 17 Trojan-Laden Apps From Mobile Store
News  |  10/24/2019  | 
Malware was designed to carry out click-fraud, Wandera says.
It's Time to Improve Website Identity Indicators, Not Remove Them
Commentary  |  10/24/2019  | 
Why Google and Mozilla are wrong about the benefits of Extended Validation certificates that aim to prevent fraud and protect user privacy.
Eight-Hour DDoS Attack Struck AWS Customers
Quick Hits  |  10/24/2019  | 
Google Cloud Platform suffered issues around the same time as Amazon Web Services but claims they were not caused by DDoS.
Mobile Users Targeted With Malware, Tracked by Advertisers
News  |  10/24/2019  | 
Cybercriminals continue to seed app stores with malicious apps, advanced attackers successfully compromise mobile devices, and advertisers continue to track users, new reports show.
Why Organizations Must Quantify Cyber-Risk in Business Terms
Commentary  |  10/24/2019  | 
The rising costs of breaches and regulatory fines are driving demand for better measurement and articulation of business impacts.
FTC Warns Consumers About Stalking Apps
Quick Hits  |  10/23/2019  | 
Agency offers tips on how to detect and eradicate the spyware.
IoTopia Framework Aims to Bring Security to Device Manufacturers
News  |  10/23/2019  | 
GlobalPlatform launches an initiative to help companies secure connected devices and services across markets.
Oracle Releases Free Tool for Monitoring Internet Routing Security
News  |  10/23/2019  | 
IXP Filter Check gives Internet Exchange Points a way to verify whether they are properly filtering out incorrect and malicious routes.
Planning a Zero-Trust Initiative? Here's How to Prioritize
Commentary  |  10/23/2019  | 
If you start by focusing on users, data, access, and managed devices, you will make major strides toward achieving better security.
10% of Small Businesses Breached Shut Down in 2019
Quick Hits  |  10/23/2019  | 
As a result of cybercrime, 69% of small organizations were forced offline for a limited time and 37% experienced financial loss.
Report: 2020 Presidential Campaigns Still Vulnerable to Web Attacks
Commentary  |  10/23/2019  | 
Nine out of 12 Democratic candidates have yet to enable DNSSEC, a simple set of extensions that stops most targeted domain-based attacks.
8 Tips for More Secure Mobile Computing
Slideshows  |  10/23/2019  | 
Mobile devices are a huge part of enterprise IT. Here's what to advise their users to do to keep their devices and critical business data best protected.
About 50% of Apps Are Accruing Unaddressed Vulnerabilities
News  |  10/22/2019  | 
In rush to fix newly discovered security issues, developers are neglecting to address older ones, Veracode study finds.
Alliance Forms to Focus on Securing Operational Technology
News  |  10/22/2019  | 
While mainly made up of vendors, the Operational Technology Cyber Security Alliance aims to offer security best practices for infrastructure operators and industrial partners.
FIDO-Based Authentication Arrives for Smartwatches
News  |  10/22/2019  | 
The Nok Nok App SDK for Smart Watch is designed to let businesses implement FIDO-based authentication on smartwatches.
The AI (R)evolution: Why Humans Will Always Have a Place in the SOC
Commentary  |  10/22/2019  | 
In cybersecurity, the combination of men, women and machines can do what neither can do alone -- form a complementary team capable of upholding order and fighting the forces of evil.
NordVPN Breached Via Data Center Provider's Error
Quick Hits  |  10/22/2019  | 
The VPN company said that one of its 3,000 servers in a third-party data center was open to exploitation through a misconfigured management tool.
Autoclerk Database Spills 179GB of Customer, US Government Data
Quick Hits  |  10/22/2019  | 
An open Elasticsearch database exposed hundreds of thousands of hotel booking reservations, compromising data from full names to room numbers.
Keeping Too Many Cooks out of the Security Kitchen
Commentary  |  10/22/2019  | 
A good security team helps the business help itself operate more securely -- soliciting input while adhering to a unified strategy, vision, goals, and priorities.
Page 1 / 3   >   >>


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5087
PUBLISHED: 2019-11-21
An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools 1.0.7. An integer overflow can occur while calculating the row's allocation size, that could be exploited to corrupt memory and eventually execute arbitrary code....
CVE-2019-5509
PUBLISHED: 2019-11-21
ONTAP Select Deploy administration utility versions 2.11.2 through 2.12.2 are susceptible to a code injection vulnerability which when successfully exploited could allow an unauthenticated remote attacker to enable and use a privileged user account.
CVE-2019-6693
PUBLISHED: 2019-11-21
Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords (except the admini...
CVE-2019-17272
PUBLISHED: 2019-11-21
All versions of ONTAP Select Deploy administration utility are susceptible to a vulnerability which when successfully exploited could allow an administrative user to escalate their privileges.
CVE-2019-17650
PUBLISHED: 2019-11-21
An Improper Neutralization of Special Elements used in a Command vulnerability in one of FortiClient for Mac OS root processes, may allow a local user of the system on which FortiClient is running to execute unauthorized code as root by bypassing a security check.