Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in November 2016
<<   <   Page 2 / 3   >   >>
Security Experts Call For Regulation On IoT Cybersecurity
News  |  11/16/2016  | 
During a House Committee hearing today, Bruce Schneier also asks for the establishment of a new government agency devoted to cybersecurity.
Windows 10 Updates Target Ransomware Threats
News  |  11/16/2016  | 
Microsoft strengthens Windows 10 security with measures to prevent, detect, and respond to ransomware attacks. But they are only useful for businesses using all the right tools.
Thank Ransomware For Next-Gen Endpoint Security Momentum
News  |  11/16/2016  | 
More organizations are getting serious about making the move to newer endpoint security technologies that go beyond signature-based detection.
Digital Shadows Narrows Down Causes Of Tesco Hack
Quick Hits  |  11/16/2016  | 
Security firm Digital Shadows uses the "analysis of competing hypothesis" to narrow down possible causes of the $3.1 million Tesco bank theft.
Internet Of Things 'Pollutants' & The Case For A Cyber EPA
Commentary  |  11/16/2016  | 
Recent IoT-executed DDoS attacks have been annoying, not life threatening. Should device makers be held liable if something worse happens?
Symantec Study Shows Consumers Suffer From Security Overload
News  |  11/16/2016  | 
New survey finds that consumers are overwhelmed by the need to protect their devices from cybercriminals.
Firmware Secretly Sent Text, Call Data On Android Users To China
News  |  11/15/2016  | 
Several Android models sold in the US likely impacted, says Kryptowire
Dark Reading Radio: 'Bug Bounties & The Zero-Day Trade'
Commentary  |  11/15/2016  | 
Join us, HackerOne's Alex Rice, and Veracode's Chris Wysopal for the next episode of Dark Reading Radio, today, Wednesday Nov. 16, at 1pmET.
More Than Half Of Android Devices Run Outdated Browsers
News  |  11/15/2016  | 
Researchers discovered 59% of Android devices run out-of-date Chrome browsers, increasing enterprise exposure to hackers.
TAG Unveils Anti-Malware Certification For Online Ad Industry
Quick Hits  |  11/15/2016  | 
As the ad industry continues its fight against malware, the Trustworthy Accountability Group launches a threat-sharing hub to provide intelligence on attacks.
Back To Basics: Maximizing Cybersecurity Capabilities
Commentary  |  11/15/2016  | 
A number of prevention techniques that have existed for years remain fundamental components of any modern security program.
The 7 Most Significant Government Data Breaches
Slideshows  |  11/15/2016  | 
Mega compromises at federal and state agencies over the past three years has compromised everything from personal data on millions to national security secrets.
Dark Reading Virtual Event Seeks To Break Security Myths, Conventional Wisdom
Commentary  |  11/14/2016  | 
Three keynotes, two panel sessions offer new ways to think about enterprise information security.
US Army Challenges Security Researchers To 'Bring It On'
News  |  11/14/2016  | 
Army to offer cash rewards to bug hunters who find security vulnerabilities in its recruiting sites and database systems that have ties to the Armys core operational systems.
412 Million Users Exposed In Adult Friend Finder, Penthouse Breach
Quick Hits  |  11/14/2016  | 
16 million deleted accounts are among the victims in breach that's 'ten times worse' than that of Ashley Madison.
Preparing For The Future Of Online Threats
Commentary  |  11/14/2016  | 
Gaze into the crystal balls of a panel of forward-thinking security experts during Dark Readings virtual event Nov. 15.
8 Ways Businesses Can Better Secure Their Remote Workers
Partner Perspectives  |  11/14/2016  | 
Remote workers may present challenges for IT staff, but a combination of cybersecurity best practices, strong policy, and a dedicated user awareness campaign could keep company data safe.
6 Tips For Stronger SOCs
News  |  11/14/2016  | 
New guide offers ways for companies to more effectively organize, manage, and staff their security operations centers.
Learning To Trust Cloud Security
Commentary  |  11/14/2016  | 
Cloud-centric computing is inevitable, so you need to face your concerns and be realistic about risks.
Security Metrics Checklist
Slideshows  |  11/12/2016  | 
Which metrics are the best indicators of a strong cybersecurity team? Experts say security pros should be recording and reporting these data points to demonstrate their success.
5 Russian Banks Hit By IoT DDoS Attack
Quick Hits  |  11/11/2016  | 
State-owned Sperbank among the victims in one of the largest DDoS attacks ever seen against Russian banks.
Microsoft Abusing Market Dominance In AV Space, Kaspersky Lab Says
News  |  11/11/2016  | 
Redmond is unfairly shutting out rivals and uninstalling third-party tools without user permission, Kaspersky says.
Sharing Threat Intel: Easier Said Than Done
Commentary  |  11/11/2016  | 
For cyber intelligence-sharing to work, organizations need two things: to trust each other and better processes to collect, exchange, and act on information quickly.
Shoppers Up Their Online Security Game, Survey Says
News  |  11/10/2016  | 
While they check SSL certificates and liability policies more often, many remain wary of biometric authentication, Computop reports
Russian Hackers Behind DNC Breach Wage Post-US Election Attacks
News  |  11/10/2016  | 
Less than six hours after Donald Trump was named President-Elect of the US, Cozy Bear/APT29/CozyDuke nation-state hackers kicked off waves of spearphishing attacks.
How To Build A Comprehensive Security Architecture
Commentary  |  11/10/2016  | 
Dark Reading's virtual event features a panel discussion on what it takes to get away from the daily firefighting method of responding to threats and attacks.
The Drug Dealer In Your Web Browser
Commentary  |  11/10/2016  | 
Illicit dealings once isolated to the Dark Web are spilling out into the light.
Free Cloud Storage Putting Small Business Data At Risk
Quick Hits  |  11/10/2016  | 
SMBs are putting sensitive information at risk by using free cloud storage services that lack strong security measures, new research shows.
How Security Scorecards Advance Security, Reduce Risk
Commentary  |  11/10/2016  | 
CISO Josh Koplik offers practical advice about bridging the gap between security and business goals in a consumer-facing media and Internet company.
DTCC Survey: Cyber Threat Ranked #1 Risk To Global Financial System
News  |  11/9/2016  | 
Despite geopolitical uncertainties, cyber threats are the financial industry's biggest worry, new data shows.
75,000 Data Protection Officers Needed By 2018 To Handle EU Law
News  |  11/9/2016  | 
US alone will need 9,000 DPOs to meet GDPR mandates, says International Association of Privacy Professionals - but don't expect that many new job listings.
Bangladesh Bank Team In Manila To Recover $15 Million Lost In Hack
Quick Hits  |  11/9/2016  | 
Philippine court orders return of part of the stolen money retrieved from casino boss to Bangladesh bank.
ID Theft Ringleader Gets Prison Sentence Of 16+ Years
Quick Hits  |  11/9/2016  | 
Tampa resident and his gang had cheated more than 1,000 people and 35 financial institutions causing loss of $700,000.
The Big Lesson We Must Learn From The Dyn DDoS Attack
Commentary  |  11/9/2016  | 
The vulnerabilities that make IoT devices susceptible to being used in a botnet also make them the perfect avenue into our data centers and clouds.
Microsoft November Security Updates Include Fix For Zero-Day Flaw
News  |  11/8/2016  | 
In total, company released 14 security bulletins, six of which addressed Critical flaws
Every Minute Of Security Planning Will Save You 10 Minutes In Execution
Partner Perspectives  |  11/8/2016  | 
Leveraging automation, orchestration, and interoperability in your cybersecurity plans now will save you significant time later.
Stay Vigilant To The Evolving Threat Of Social Engineering
Commentary  |  11/8/2016  | 
Even the most cyber-savvy individuals can easily get tripped up by a social engineering attack. But users can trip-up a threat simply by paying attention.
The 7 Types Of Security Jobs, According To NIST
Slideshows  |  11/8/2016  | 
NISTs Cybersecurity Workforce Framework gives the security industry a way to classify specific specialty areas and work roles and identify a path for career growth.
Ransomware Doesnt Have To Mean Game Over
Partner Perspectives  |  11/8/2016  | 
3 methods can help you recover from a ransomware attack relatively unscathed.
Is Fingerprint Authentication Making The Password Problem Worse?
Commentary  |  11/8/2016  | 
Problems emerge when users switch to a new phone.
Synopsys Expands Software Security With Cigital, Codiscope Acquisitions
Quick Hits  |  11/8/2016  | 
Deal is expected to close by December 2016 and will be funded with combination of US cash and debt.
China Passes Controversial Cybersecurity Law
Quick Hits  |  11/8/2016  | 
Global business and rights groups raise concern about the censorship that could impact foreign business interests.
New Free Mirai Scanner Tools Spot Infected, Vulnerable IoT Devices
News  |  11/8/2016  | 
Imperva and Rapid7 have built scanners to discover IoT devices vulnerable or infected with Mirai malware.
Was Theft Of Money From 20,000 Tesco Bank Customers An Inside Job?
News  |  11/7/2016  | 
UK bank confirms attack, but so far has not used the word 'hack.'
Some SuperPAC Websites Are Not Super-Secure
News  |  11/7/2016  | 
Researchers find weaknesses in public websites that could expose personal information of donors and other sensitive data.
4G Cellular Networks At Risk Of DoS Attacks
News  |  11/7/2016  | 
Black Hat Europe researcher shows how hackers can conduct denial-of-service attacks on 4G cellular devices around the world.
Changing IoT Passwords Won't Stop Attacks. Here's What Will.
Commentary  |  11/7/2016  | 
The solution will take an industry-wide effort, it won't happen overnight, and the problem is not the users' fault!
US Governors Affirm Confidence In Cybersecurity Of Election Systems
Quick Hits  |  11/7/2016  | 
Statement from National Governors Association say presidential election outcome will accurately reflect voters choice.
After Mirai, Hacking Tool Marketplace Shuts Down Web-Attack Section
Quick Hits  |  11/7/2016  | 
Hack Forums section closure prompted by the powerful Oct. 21 DDoS attacks that took down popular social media websites.
Transitioning From The Server Room To The Boardroom
Commentary  |  11/5/2016  | 
How can IT professionals balance business goals and information security?
<<   <   Page 2 / 3   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Data Breaches Affect the Enterprise
Data breaches continue to cause negative outcomes for companies worldwide. However, many organizations report that major impacts have declined significantly compared with a year ago, suggesting that many have gotten better at containing breach fallout. Download Dark Reading's Report "How Data Breaches Affect the Enterprise" to delve more into this timely topic.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-36328
PUBLISHED: 2021-11-30
Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions and retrieve sensitive information from the database.
CVE-2021-36329
PUBLISHED: 2021-11-30
Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information.
CVE-2021-36330
PUBLISHED: 2021-11-30
Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to reuse old session artifacts to impersonate a legitimate user.
CVE-2021-41256
PUBLISHED: 2021-11-30
nextcloud news-android is an Android client for the Nextcloud news/feed reader app. In affected versions the Nextcloud News for Android app has a security issue by which a malicious application installed on the same device can send it an arbitrary Intent that gets reflected back, unintentionally giv...
CVE-2021-36326
PUBLISHED: 2021-11-30
Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface (UI). A remote unauthenticated attacker could potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted format...