News & Commentary

Content posted in November 2016
Page 1 / 3   >   >>
China Cybersecurity Firm Linked With Countrys Intel Agency For Espionage
Quick Hits  |  11/30/2016  | 
Boyusec is working with Chinas intelligence services and military to doctor security products for spying, says Pentagon report.
Georgia Tech Gets $17 Million Defense Deal For Cyberattack Attribution
Quick Hits  |  11/30/2016  | 
US Department of Defense awards research to work on technique for quick attribution of cyberattack with hard evidence.
In Break From Usual, Threat Actors Use RAT To Steal POS Data
News  |  11/30/2016  | 
New NetWire RAT version comes with keylogger for stealing a lot more than just credit and debit card data.
Androids Under Attack: 1 Million Google Accounts Hijacked
News  |  11/30/2016  | 
Two separate attack campaigns were discovered targeting Androids - one that roots them and gains access to Google Gmail, Docs, Drive, accounts and another that steals information and intercepts and sends messages.
Cybercriminals' Next Target: Short-Term Dangers (Part 1 of 2)
Partner Perspectives  |  11/30/2016  | 
With the holidays approaching, the focus will be on lucrative online shopping, email ransomware, phishing for credentials, and infection by holiday-lurking malware.
Windows Malware Infections Spiked 106% From Black Friday To Cyber Monday
News  |  11/30/2016  | 
The number of infected PCs jumped some 106% during the holiday season's first shopping weekend and 118% above normal on Cyber Monday.
The Rise Of SecBizOps & Why It Matters
Commentary  |  11/30/2016  | 
By aligning security dollars and technology with core business requirements, infosec can become a business enabler, not a business impediment.
Just Half Of Organizations Employ Threat Intelligence
News  |  11/30/2016  | 
PwC survey finds half of enterprises worldwide swap actionable information with industry peers, and 45% with ISACs.
Job Loss And Financial Damage: CIOs Main Fears When Adopting Virtualization
Partner Perspectives  |  11/30/2016  | 
Companies arent prepared for the security challenges of hybrid infrastructures, Bitdefender study reveals.
Deutsche Telekom Attacks Suggest Mirai Threat Poised To Become Much Larger
News  |  11/29/2016  | 
With attack, Mirai has added an exploit targeting Web service vulnerability.
Retailers Limit Data Access For Temporary, Seasonal Workers
News  |  11/29/2016  | 
Employers are scaling back on sensitive data access for temporary and contract employees, and increasing visibility into their online activity.
Beware: Scalable Vector Graphics Files Are A New Ransomware Threat
Partner Perspectives  |  11/29/2016  | 
SVG files offer many advantages as far as graphics go, but hackers looking to embed malware on websites can exploit them.
Cybersecurity User Training That Sticks: 3 Steps
Commentary  |  11/29/2016  | 
People are eager for common-sense advice that gives them control over their environment and helps them stay safe online.
European Commission Hit By DDoS Attack
Quick Hits  |  11/29/2016  | 
The cyberattack lasted for several hours and affected output but no loss of data was reported.
German Telco Probes Possible Hack Of 900,000 Customers
Quick Hits  |  11/29/2016  | 
Network outages bring down services of many Deutsche Telekom customers raising suspicion that external parties may be involved.
San Francisco Transit Agency Earns Praise For Denying Ransom Request
News  |  11/28/2016  | 
Despite being forced to give out free rides all weekend, metropolitan transportation authority declines to pay the ransomware operators who locked down ticketing systems.
2016's 7 Worst DDoS Attacks So Far
Slideshows  |  11/28/2016  | 
Rise of booter and stresser services, mostly run on IoT botnets, is fueling DDoS excitement (but the pros aren't impressed).
Q&A: SonicWall CEO Talks Rise Of Ransomware, IoT
News  |  11/28/2016  | 
Bill Conner discusses security risks at top of mind as the newly appointed leader of SonicWall, a company becoming independent for the second time.
Petition Forces Parliament To Reconsider Surveillance Bill
Quick Hits  |  11/28/2016  | 
100,000 signatures require MPs to consider debating Snoopers' Charter again.
5 Links Of The Attack Chain And How To Disrupt Them
Partner Perspectives  |  11/28/2016  | 
By identifying steps in the attack chain, you can deploy appropriate defenses at each stage to prevent breaches from happening in the first place.
Time For Security & Privacy To Come Out Of Their Silos
Commentary  |  11/28/2016  | 
By working separately, these two teams aren't operating as efficiently as they could and are missing huge opportunities.
Researchers Demo Method For Turning A PC Into An Eavesdropping Device
News  |  11/23/2016  | 
The audio chipsets in many modern PCs allow audio jacks to be flipped from lineout to line-in, says team from Israels Ben-Gurion University.
Atlanta Attorneys Office Gets Cybercrime Unit
Quick Hits  |  11/23/2016  | 
New cell created after arrest and extradition of two Nigerians from Malaysia in alleged phishing attacks on US.
European Regulator Probes Yahoos 2015 Secret Email Scan
Quick Hits  |  11/23/2016  | 
Dublin-based Data Protection Commissioner trying to ascertain if Yahoo broke Europes privacy laws.
Security Automation: Striking The Right Balance
Commentary  |  11/23/2016  | 
What a smart toaster oven taught me about the importance of learning how to do a task versus the efficiency of automating the work.
8 Books Security Pros Should Read
Slideshows  |  11/23/2016  | 
Hunting for a good resource on the security industry? Check out these classics from the experts to learn more about hacking, defense, cryptography and more.
178 Arrested In Money Mule Crackdown
Quick Hits  |  11/22/2016  | 
Total of 17 countries involved in second European effort to disrupt cybercriminals' money laundering mechanism.
Symantec To Buy LifeLock At $2.3 Billion
Quick Hits  |  11/22/2016  | 
Deal set to be finalized by Q1 2017 and financed by cash and $750 million of new debt.
Oracle Announces Acquisition Of Dyn
Quick Hits  |  11/22/2016  | 
Oracle says purchase of the recently DDoSed DNS service is aimed expanding the companys cloud computing platform.
Raising The Nation's Cybersecurity IQ: 'Learn To Code'
Commentary  |  11/22/2016  | 
We need to ensure that the students of today are prepared for the security challenges of tomorrow.
WindTalker Attack Finds New Vulnerabilities in Wi-Fi Networks
News  |  11/21/2016  | 
White hat researchers show how hackers read keystrokes to potentially compromise cellphone and tablet users on public Wi-Fi and home networks.
Millions Exposed In Data Breach At UK Telecom Three
Quick Hits  |  11/21/2016  | 
Three, a British ISP and telecom company, suffers major breach of its upgrade database, impacting two-thirds of its 9 million users.
Hackers Attack Canada Army Site, Redirect Visitors To China
Quick Hits  |  11/21/2016  | 
Canada armed forces take down recruitment site after would-be recruits are redirected to official Chinese government page.
Balancing The Risk & Promise Of The Internet Of Things
Commentary  |  11/21/2016  | 
You can't defend against something you don't understand. So make sure you consider IoT's risks before embracing its functionality.
5 Ways Retailers Can Stay Safe Over the Holidays
Slideshows  |  11/21/2016  | 
E-commerce experts offer tips for locking down systems as the busy holiday season approaches.
Ransomware Surveys Fill In Scope, Scale of Extortion Epidemic
News  |  11/21/2016  | 
Half of all surveyed organizations have been hit with ransomware campaigns in the last year, many more than once
NSA Chief Says DNC Email Leak Was Deliberate Act
News  |  11/18/2016  | 
Attack was a conscious effort to achieve a specific effect, Director Michael Rogers told the Wall Street Journal this week.
Cyber Monday, Consumers & The Bottom Line Of A Data Breach
Commentary  |  11/18/2016  | 
Yes retailers can achieve ROI for their investments in cybersecurity during the upcoming holiday season - and for the rest of the year, too! Heres how.
Thinking Ahead: Cybersecurity In The Trump Era
News  |  11/18/2016  | 
In a panel held by the University of California Berkeley Center for Long-Term Cybersecurity and Bipartisan Policy Center, experts discuss challenges facing the incoming presidential administration.
China's Jinping Opens Tech Meet With Calls For 'Fair & Equitable' Internet
Quick Hits  |  11/18/2016  | 
The third Wuzhen World Internet Conference had a strong presence of US tech companies despite criticism of Chinas Internet laws.
Teenager Admits To TalkTalk Hack
Quick Hits  |  11/18/2016  | 
A 17-year-old boy exploited flaws in ISPs web pages to steal confidential data of 150,000 customers.
As Deadline Looms, 35 Percent Of Web Sites Still Rely On SHA-1
News  |  11/17/2016  | 
Over 60 million web sites are relying on a hashing algorithm that will be blocked by major browsers starting Jan 1.
Cloud-driven IT Decentralization Increases Security Risk
News  |  11/17/2016  | 
IT management has become increasingly decentralized, which many businesses think is causing more harm than good - especially for security, a new study says.
NIST Releases Version of Cybersecurity Framework for Small Businesses
News  |  11/17/2016  | 
Researchers offer a step-by-step approach for covering the basics of cybersecurity.
Insider Threat: The Domestic Cyber Terrorist
Commentary  |  11/17/2016  | 
It is dangerously naive for business and government leaders to dismiss the risk of radicalized privileged users inside our critical industries.
8 Public Sources Holding 'Private' Information
Slideshows  |  11/17/2016  | 
Personal information used for nefarious purposes can be found all over the web from genealogy sites to public records and social media.
Adobe To Pay $1 Million Compensation In Data Breach Case
Quick Hits  |  11/17/2016  | 
Personal data of more than 500,000 consumers from 15 states were stolen in the 2013 breach of Adobe server.
'Snoopers Charter' Set To Become Law In UK
Quick Hits  |  11/17/2016  | 
Surveillance bill goes through British Parliament and awaits only the Royal assent to become law before the year ends.
Active Defense Framework Can Help Businesses Defend Against Cyberattacks
Partner Perspectives  |  11/17/2016  | 
New report provides a framework that lets private sector entities defend themselves while at the same time protect individual liberties and privacy, and mitigate the risk of collateral damage.
How To 'PoisonTap' A Locked Computer Using A $5 Raspberry Pi
News  |  11/17/2016  | 
White hat hacker Samy Kamkar has come up with a way of to hijack Internet traffics from a password-protected computer.
Page 1 / 3   >   >>


New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Shhh!  They're watching... And you have a laptop?  
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-3018
PUBLISHED: 2018-05-24
The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354.
CVE-2013-3023
PUBLISHED: 2018-05-24
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 might allow remote attackers to obtain sensitive information about Tomcat credentials by sniffing the network for a session in which HTTP is used. IBM X-Force ID: 84361.
CVE-2013-3024
PUBLISHED: 2018-05-24
IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362.
CVE-2018-5674
PUBLISHED: 2018-05-24
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
CVE-2018-5675
PUBLISHED: 2018-05-24
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...