Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in November 2016
<<   <   Page 3 / 3
Microsoft Extends Support For Doomed EMET To July 2018
News  |  11/5/2016  | 
After that date, Microsoft officially will pull the plug on a toolkit that enterprises have used for years to protect against advanced threats.
Election 2016 & WikiLeaks: Bad, But Not Your Worst Nightmare
Commentary  |  11/4/2016  | 
John Podesta may be the poster child for poor user security practices but the real problem is rigid regulatory compliance frameworks that perpetuate ineffective perimeter defenses.
Man Arrested For Hacking University Emails
Quick Hits  |  11/4/2016  | 
Phoenix resident allegedly attacked more than 1,000 email accounts, reset 1,050 passwords, and stole confidential data.
Ransomware Attacks Have More Than Doubled In Q3, Says Report
Quick Hits  |  11/4/2016  | 
Q3 cyber threat study by Kaspersky Lab says ransomware modifications have risen 3.5 times and newer countries are coming under attack.
Automate And Orchestrate Workflows For Better Security
Partner Perspectives  |  11/4/2016  | 
Security automation has become a central goal for many organizations as they try to respond faster to more threats with limited resources.
How Businesses, Employees Can Navigate The Security Hiring Process
News  |  11/4/2016  | 
At Black Hat Europe 2016, security experts weigh in on how companies can build strong security teams, and how employees can educate themselves to meet business needs.
'Heisenberg Cloud' Spots Exposed Database Services, Misconfigurations
News  |  11/3/2016  | 
A Rapid7 honeypot project yielded some surprising -- and some not-so suprising -- cloud security nuggets.
Threat Hunting: Going After The Big Game
Threat Hunting: Going After The Big Game
Dark Reading Videos  |  11/3/2016  | 
The Black Hat News Desk welcomes Jian Zhen from Endgame.
Surveys: Security Pros Overwhelmed, Not Communicating, Threat Intel Data
News  |  11/3/2016  | 
Two new studies underscore the challenges of making threat intelligence part of the enterprise arsenal.
Managing Multi-Cloud Security Whether You Want to or Not
Commentary  |  11/3/2016  | 
Yes, it is possible to orchestrate security across multiple clouds without creating performance hurdles. Heres how.
Photobucket Hacker Sent To Prison
Quick Hits  |  11/3/2016  | 
Brandon Bourret sold software used to invade privacy of Photobucket customers, stealing their private images for blackmail.
8 Hot Skills Sought By IT Security Departments
Slideshows  |  11/3/2016  | 
No company wants to leak customer data, have intellectual property stolen, or experience business services taken offline. Those that recognize these risks are thus scrambling to hire the right people to fill their information security roles.
LastPass Offers Free Password Sync Across Devices
Quick Hits  |  11/3/2016  | 
The new scheme will allow LastPass to be synced on all Internet-enabled mobile and desktop devices.
New DMCA Exemptions Give White Hats License To Hack Cars, Medical Devices
News  |  11/2/2016  | 
But there are important caveats to the new Digital Millennium Copyright Act rules.
Catching Online Scammers, Dealers & Drug Dealers With DNS
News  |  11/2/2016  | 
Researchers at Black Hat Europe this week will demonstrate a streamlined technique for spotting and identifying illicit narcotics, counterfeiters, and other scammer websites and operations.
Business Security Confidence Contradicts High Success Rate Of Attacks
News  |  11/2/2016  | 
Research indicates one in three cyberattacks results in a security breach, but most organizations are confident in their defense tactics.
Microsoft Fires Back At Google For Windows 0-Day Disclosure
News  |  11/2/2016  | 
Software giant to issue patch on Nov. 8. Meanwhile, Russian hacker group exploits flaw in targeted attacks.
Tool For Cybersecurity Job Hunters Launched
Quick Hits  |  11/2/2016  | 
CyberSeek to help candidates understand the market and locate the right opening, thus narrowing cybersecurity employment gap.
NullCrew Hacker Gets 45-Month Jail Term
Quick Hits  |  11/2/2016  | 
As member of NullCrew hacking group, Timothy Justen French carried out cyberattacks across global institutions, causing $792,000 in losses.
Phishing Threat Continues To Loom Large
Partner Perspectives  |  11/2/2016  | 
Phishing and spear phishing will only get worse unless companies proactively train employees to recognize a scam when they see one.
It's Time To Address The Cybersecurity Gender Gap Before It's Too Late
Commentary  |  11/2/2016  | 
It will take years to substantively raise the percentage of women in cybersecurity, so the tech industry better start working at it now.
WeMo IoT Vulnerability Lets Attackers Run Code On Android Phone
News  |  11/2/2016  | 
Vulnerabilities in Belkin's WeMo home automation device, now fixed, could exploit Android smartphones or grant root to WeMo.
ShadowBrokers Release More Alleged Equation Group Data
News  |  11/1/2016  | 
Data purports to show configuration details of servers that NSA allegedly hacked and used to host exploits
Why Enterprise Security Teams Must Grow Their Mac Skills
Commentary  |  11/1/2016  | 
From coffee shops to corporate boardrooms, Apple devices are everywhere. So why are organizations so doggedly focused on Windows-only machines?
We Must Become Good Digital Citizens
Partner Perspectives  |  11/1/2016  | 
Digital citizenship carries many capabilities and benefits, but there also have to be some rules and responsibilities.
Google Adwords Malvertising Campaign Targets Apple Macs
News  |  11/1/2016  | 
Cheeky attackers make their lure an ad for Google Chrome.
7 Security Lessons The Video Game Industry Can Teach IoT Manufacturers
Commentary  |  11/1/2016  | 
The Internet of Things has alarming holes in security. The industry should look to video games for some answers.
Ex-FBI Chief Reviews Security For Booz Allen After NSA Contractor Arrest
Quick Hits  |  11/1/2016  | 
Robert Mueller hired after Booz Allen staff arrested for allegedly stealing classified information at NSA.
Anthem Breach Victims Go To Court Over Cybersecurity Audit Release
Quick Hits  |  11/1/2016  | 
Class-action lawsuit against health insurer seeks disclosure of network security details following data breach of 80 million members.
7 Reasons Consumers Dont Take Action on Cybersecurity
Slideshows  |  11/1/2016  | 
Security awareness is high but its hard to turn personal knowledge into effective practices.
Here Are Some Scary Stats About Windows Devices
News  |  11/1/2016  | 
DuoSecurity analyzes Windows endpoints used by its customers and finds some dusty old applications in use.
<<   <   Page 3 / 3


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Data Breaches Affect the Enterprise
Data breaches continue to cause negative outcomes for companies worldwide. However, many organizations report that major impacts have declined significantly compared with a year ago, suggesting that many have gotten better at containing breach fallout. Download Dark Reading's Report "How Data Breaches Affect the Enterprise" to delve more into this timely topic.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-36328
PUBLISHED: 2021-11-30
Dell EMC Streaming Data Platform versions before 1.3 contain a SQL Injection Vulnerability. A remote malicious user may potentially exploit this vulnerability to execute SQL commands to perform unauthorized actions and retrieve sensitive information from the database.
CVE-2021-36329
PUBLISHED: 2021-11-30
Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference Vulnerability. A remote malicious user may potentially exploit this vulnerability to gain sensitive information.
CVE-2021-36330
PUBLISHED: 2021-11-30
Dell EMC Streaming Data Platform versions before 1.3 contain an Insufficient Session Expiration Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to reuse old session artifacts to impersonate a legitimate user.
CVE-2021-41256
PUBLISHED: 2021-11-30
nextcloud news-android is an Android client for the Nextcloud news/feed reader app. In affected versions the Nextcloud News for Android app has a security issue by which a malicious application installed on the same device can send it an arbitrary Intent that gets reflected back, unintentionally giv...
CVE-2021-36326
PUBLISHED: 2021-11-30
Dell EMC Streaming Data Platform, versions prior to 1.3 contain an SSL Strip Vulnerability in the User Interface (UI). A remote unauthenticated attacker could potentially exploit this vulnerability, leading to a downgrade in the communications between the client and server into an unencrypted format...