Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in October 2019
<<   <   Page 4 / 4
20M Russians' Personal Tax Records Exposed in Data Leak
Quick Hits  |  10/3/2019  | 
An unprotected Elasticsearch cluster contained personally identifiable information on Russian citizens from 2009 to 2016.
How FISMA Requirements Relate to Firmware Security
Commentary  |  10/3/2019  | 
Federal guidelines can help all organizations pragmatically and meaningfully improve their firmware security.
Stalkerware on the Rise Globally
Quick Hits  |  10/2/2019  | 
Stalkware is being installed on more and more victims' devices, and the trend is only accelerating, according to a new report.
Millions More Embedded Devices Contain Vulnerable IPnet Software
News  |  10/2/2019  | 
FDA, DHS issue fresh warnings on easily exploitable URGENT/11 flaws in medical, SCADA systems, industrial controllers, and other devices.
New Silent Starling Attack Group Puts Spin on BEC
News  |  10/2/2019  | 
The West African cybergang has successfully infiltrated more than 500 companies using a tactic dubbed 'vendor email compromise.'
Quantum-Safe Cryptography: The Time to Prepare Is Now
Commentary  |  10/2/2019  | 
Quantum computing is real and it's evolving fast. Is the security industry up to the challenge?
Google's 'Password Checkup' Tool Tells You When Passwords Are Leaked
Quick Hits  |  10/2/2019  | 
The feature will check the strength of saved passwords and alert users when they're compromised in a breach.
MasterMana Botnet Shows Trouble Comes at Low Cost
News  |  10/2/2019  | 
For less than $200, attackers were able to infect thousands of systems, stealing user credentials, cryptocurrency wallets, and web histories, an analysis finds.
Threat Intelligence Within a Layered Defense
Dan Reis  |  10/2/2019  | 
A layered approach to security will provide the information practitioners need for a proactive threat protection posture.
Controlling Data Leakage in Cloud Test-Dev Environments
Commentary  |  10/2/2019  | 
The focus on digital transformation and compressing development release cycles is appealing, but that means security can be left behind. How should security practitioners address this challenge?
ReliaQuest Acquires Threatcare
Quick Hits  |  10/2/2019  | 
Attack simulation tool will be integrated into ReliaQuest's GreyMatter platform.
Masad Stealer Uses Telegram to Send Its Control Messages to Waiting Bots
Larry Loeb  |  10/2/2019  | 
Juniper Threat Labs has discovered a new Trojan-delivered spyware that uses Telegram to exfiltrate stolen information.
Cisco Webex & Zoom Bug Lets Attackers Spy on Conference Calls
News  |  10/1/2019  | 
The "Prying-Eye" vulnerability could let intruders scan for unprotected meeting IDs and snoop on conference calls.
New Malware Campaign Targets US Petroleum Companies
News  |  10/1/2019  | 
Attackers are using an obfuscated version of Adwind Remote Access Trojan for stealing data, Netskope says.
'Father of Identity Theft' Convicted on 13 Federal Counts
Quick Hits  |  10/1/2019  | 
James Jackson, a 58-year-old Memphis resident, used the identities of deceased individuals to steal money from banks and the estates of the dead.
Navigating Your First Month as a New CISO
Commentary  |  10/1/2019  | 
The single most important thing you can do is to start building the relationships and political capital you'll need to run your security program. Here's how.
Cost of Data Breach Hits $1.4M, Security Budgets Near $19M
Quick Hits  |  10/1/2019  | 
Researchers report businesses with an internal SOC suffer half the average financial damage.
Torvalds Gives In, Linux Kernel Gets Locked Down Early
Larry Loeb  |  10/1/2019  | 
After years of efforts and rewrites, Linus Torvalds has signed off on a new optional feature for Linux that locks down the kernel much earlier in the boot process than was previously the case.
Attackers Focus on More Disruptive Ransomware Infections
News  |  10/1/2019  | 
Details from a campaign tracked over the past five months show how cybercriminals are continuing to refine their strategies and attempting to adjust to victims' resolve to not pay ransoms.
AIOps: The State of Full Packet Capture Enters the Age of Practicality
Commentary  |  10/1/2019  | 
How machine learning and artificial intelligence are changing the game of acting on large volumes of network data in near real time.
Targeted Cybercrime On a Tear
News  |  10/1/2019  | 
CrowdStrike threat hunting data shows major increase in targeted financially motivated attacks in the first six months of 2019.
<<   <   Page 4 / 4


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21195
PUBLISHED: 2021-04-09
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.