Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in November 2016
<<   <   Page 3 / 3
Microsoft Extends Support For Doomed EMET To July 2018
News  |  11/5/2016  | 
After that date, Microsoft officially will pull the plug on a toolkit that enterprises have used for years to protect against advanced threats.
Election 2016 & WikiLeaks: Bad, But Not Your Worst Nightmare
Commentary  |  11/4/2016  | 
John Podesta may be the poster child for poor user security practices but the real problem is rigid regulatory compliance frameworks that perpetuate ineffective perimeter defenses.
Man Arrested For Hacking University Emails
Quick Hits  |  11/4/2016  | 
Phoenix resident allegedly attacked more than 1,000 email accounts, reset 1,050 passwords, and stole confidential data.
Ransomware Attacks Have More Than Doubled In Q3, Says Report
Quick Hits  |  11/4/2016  | 
Q3 cyber threat study by Kaspersky Lab says ransomware modifications have risen 3.5 times and newer countries are coming under attack.
Automate And Orchestrate Workflows For Better Security
Partner Perspectives  |  11/4/2016  | 
Security automation has become a central goal for many organizations as they try to respond faster to more threats with limited resources.
How Businesses, Employees Can Navigate The Security Hiring Process
News  |  11/4/2016  | 
At Black Hat Europe 2016, security experts weigh in on how companies can build strong security teams, and how employees can educate themselves to meet business needs.
'Heisenberg Cloud' Spots Exposed Database Services, Misconfigurations
News  |  11/3/2016  | 
A Rapid7 honeypot project yielded some surprising -- and some not-so suprising -- cloud security nuggets.
Threat Hunting: Going After The Big Game
Threat Hunting: Going After The Big Game
Dark Reading Videos  |  11/3/2016  | 
The Black Hat News Desk welcomes Jian Zhen from Endgame.
Surveys: Security Pros Overwhelmed, Not Communicating, Threat Intel Data
News  |  11/3/2016  | 
Two new studies underscore the challenges of making threat intelligence part of the enterprise arsenal.
Managing Multi-Cloud Security Whether You Want to or Not
Commentary  |  11/3/2016  | 
Yes, it is possible to orchestrate security across multiple clouds without creating performance hurdles. Heres how.
Photobucket Hacker Sent To Prison
Quick Hits  |  11/3/2016  | 
Brandon Bourret sold software used to invade privacy of Photobucket customers, stealing their private images for blackmail.
8 Hot Skills Sought By IT Security Departments
Slideshows  |  11/3/2016  | 
No company wants to leak customer data, have intellectual property stolen, or experience business services taken offline. Those that recognize these risks are thus scrambling to hire the right people to fill their information security roles.
LastPass Offers Free Password Sync Across Devices
Quick Hits  |  11/3/2016  | 
The new scheme will allow LastPass to be synced on all Internet-enabled mobile and desktop devices.
New DMCA Exemptions Give White Hats License To Hack Cars, Medical Devices
News  |  11/2/2016  | 
But there are important caveats to the new Digital Millennium Copyright Act rules.
Catching Online Scammers, Dealers & Drug Dealers With DNS
News  |  11/2/2016  | 
Researchers at Black Hat Europe this week will demonstrate a streamlined technique for spotting and identifying illicit narcotics, counterfeiters, and other scammer websites and operations.
Business Security Confidence Contradicts High Success Rate Of Attacks
News  |  11/2/2016  | 
Research indicates one in three cyberattacks results in a security breach, but most organizations are confident in their defense tactics.
Microsoft Fires Back At Google For Windows 0-Day Disclosure
News  |  11/2/2016  | 
Software giant to issue patch on Nov. 8. Meanwhile, Russian hacker group exploits flaw in targeted attacks.
Tool For Cybersecurity Job Hunters Launched
Quick Hits  |  11/2/2016  | 
CyberSeek to help candidates understand the market and locate the right opening, thus narrowing cybersecurity employment gap.
NullCrew Hacker Gets 45-Month Jail Term
Quick Hits  |  11/2/2016  | 
As member of NullCrew hacking group, Timothy Justen French carried out cyberattacks across global institutions, causing $792,000 in losses.
Phishing Threat Continues To Loom Large
Partner Perspectives  |  11/2/2016  | 
Phishing and spear phishing will only get worse unless companies proactively train employees to recognize a scam when they see one.
It's Time To Address The Cybersecurity Gender Gap Before It's Too Late
Commentary  |  11/2/2016  | 
It will take years to substantively raise the percentage of women in cybersecurity, so the tech industry better start working at it now.
WeMo IoT Vulnerability Lets Attackers Run Code On Android Phone
News  |  11/2/2016  | 
Vulnerabilities in Belkin's WeMo home automation device, now fixed, could exploit Android smartphones or grant root to WeMo.
ShadowBrokers Release More Alleged Equation Group Data
News  |  11/1/2016  | 
Data purports to show configuration details of servers that NSA allegedly hacked and used to host exploits
Why Enterprise Security Teams Must Grow Their Mac Skills
Commentary  |  11/1/2016  | 
From coffee shops to corporate boardrooms, Apple devices are everywhere. So why are organizations so doggedly focused on Windows-only machines?
We Must Become Good Digital Citizens
Partner Perspectives  |  11/1/2016  | 
Digital citizenship carries many capabilities and benefits, but there also have to be some rules and responsibilities.
Google Adwords Malvertising Campaign Targets Apple Macs
News  |  11/1/2016  | 
Cheeky attackers make their lure an ad for Google Chrome.
7 Security Lessons The Video Game Industry Can Teach IoT Manufacturers
Commentary  |  11/1/2016  | 
The Internet of Things has alarming holes in security. The industry should look to video games for some answers.
Ex-FBI Chief Reviews Security For Booz Allen After NSA Contractor Arrest
Quick Hits  |  11/1/2016  | 
Robert Mueller hired after Booz Allen staff arrested for allegedly stealing classified information at NSA.
Anthem Breach Victims Go To Court Over Cybersecurity Audit Release
Quick Hits  |  11/1/2016  | 
Class-action lawsuit against health insurer seeks disclosure of network security details following data breach of 80 million members.
7 Reasons Consumers Dont Take Action on Cybersecurity
Slideshows  |  11/1/2016  | 
Security awareness is high but its hard to turn personal knowledge into effective practices.
Here Are Some Scary Stats About Windows Devices
News  |  11/1/2016  | 
DuoSecurity analyzes Windows endpoints used by its customers and finds some dusty old applications in use.
<<   <   Page 3 / 3


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27180
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail (aka WorldClient). It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user.
CVE-2021-27181
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the va...
CVE-2021-27182
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail (aka WorldClient). It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user.
CVE-2021-27183
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to modify existing files. This vulnerability may directly lead...
CVE-2021-29449
PUBLISHED: 2021-04-14
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details.