Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in November 2017
Page 1 / 4   >   >>
Lawsuits Pile Up on Uber
News  |  11/30/2017  | 
Washington AG files multimillion-dollar consumer protection lawsuit; multiple states also confirm they are investigating the Uber breach, which means more lawsuits may follow.
IoT Regulation Could Save the Internet
News Analysis-Security Now  |  11/30/2017  | 
Momentum may be building for meaningful (and useful) security regulations for the IoT.
The Critical Difference Between Vulnerabilities Equities & Threat Equities
Commentary  |  11/30/2017  | 
Why the government has an obligation to share its knowledge of flaws in software and hardware to strengthen digital infrastructure in the face of growing cyberthreats.
5 Free or Low-Cost Security Tools for Defenders
News  |  11/30/2017  | 
Not all security tools are pricey.
Qualys Buys NetWatcher Assets for Cloud-based Threat Intel
Quick Hits  |  11/30/2017  | 
The cloud security company plans to add threat detection, incident response, and compliance management to its platform.
The Good News about Breaches: It Wasn't You this Time
Partner Perspectives  |  11/30/2017  | 
Somewhere in every application there is a vulnerability waiting to be exploited. You can attack the problem by having the right mindset and answering two simple questions
AWS Adds Security Management to Growing Portfolio
Simon Marshall  |  11/30/2017  | 
AWS has announced major new security management features for its massive public cloud infrastructure.
First US Federal CISO Shares Security Lessons Learned
News  |  11/29/2017  | 
Greg Touhill's advice for security leaders includes knowing the value of information, hardening their workforce, and prioritizing security by design.
Major Apple Flaw Found, Fixed & Still Dangerous
Curt Franklin  |  11/29/2017  | 
A vulnerability in MacOS High Sierra could leave Macs open and vulnerable in the world of the Internet.
Intel Management Engine Has a Big Problem
Larry Loeb  |  11/29/2017  | 
Intel's Management Engine has a vulnerability that could allow an attacker to own your entire system. And they aren't planning to fix it.
Big Apple Flaw Allows Root Access to Macs without Password
News  |  11/29/2017  | 
Vulnerability affects machines running High Sierra operating system.
Why Security Depends on Usability -- and How to Achieve Both
Commentary  |  11/29/2017  | 
Any initiative that reduces usability will have consequences that make security less effective.
AI Prepares for Security Spotlight
Simon Marshall  |  11/29/2017  | 
Versive puts AI to work finding and identifying cybersecurity threats.
Samsung's Mobile Device Bug Bounty Program Gets a Boost
Quick Hits  |  11/29/2017  | 
Samsung Electronics partners with Bugcrowd to deliver timely payments for its Mobile Security Rewards Program.
Suspect in Yahoo Breach Case Pleads Guilty
Quick Hits  |  11/28/2017  | 
Karim Baratov admits he worked on behalf of Russia's FSB.
Git Some Security: Locking Down GitHub Hygiene
News  |  11/28/2017  | 
In the age of DevOps and agile development practices that lean heavily on GitHub and other cloud resources, strong controls are more important than ever.
Aporeto Launches Zero Trust Security Solution
Curt Franklin  |  11/28/2017  | 
A new security approach from Aporeto assumes that your network security is leaky as a sieve.
Retail and Hospitality Breaches Declined Over Past 2 Years
News  |  11/28/2017  | 
A drop in publicly disclosed breaches for the two industries is due in part to fewer point-of-sale breaches.
PreVeil Pushes Encryption Past the End
Simon Marshall  |  11/28/2017  | 
PreVeil is pushing encryption beyond its normal endpoints to protect data wherever it is.
The Looming War of Good AI vs. Bad AI
Commentary  |  11/28/2017  | 
The rise of artificial intelligence, machine learning, hivenets, and next-generation morphic malware is leading to an arms race that enterprises must prepare for now.
Trend Micro Buys Immunio
Quick Hits  |  11/28/2017  | 
The acquisition is aimed at balancing the speed of DevOps with application security.
Developers Can Do More to Up Their Security Game: Report
News  |  11/28/2017  | 
Developers can play a vital role in accelerating the adoption of AppSec practices, security vendor says.
New BankBot Version Avoids Detection in Google Play -- Again
News  |  11/27/2017  | 
Mobile banking Trojan BankBot uses a unique payload downloading technique to skip past Google Play Protect.
McAfee Buys SkyHigh Networks for CASB Functions
Curt Franklin  |  11/27/2017  | 
McAfee has announced that it is purchasing CASB pioneer Skyhigh Networks to bring cloud security to the endpoint security giant.
Uber's Security Slip-ups: What Went Wrong
News  |  11/27/2017  | 
The ride-sharing company's decisions leading to a 2016 data breach and its handling of the incident should serve as a cautionary tale for enterprises facing a breach.
McAfee Looks to Cloud with Skyhigh Acquisition
Quick Hits  |  11/27/2017  | 
McAfee agrees to buy CASB provider Skyhigh Networks, demonstrating a strong focus on cloud security.
DDoS Attacks Trend in a Bad Direction
Simon Marshall  |  11/27/2017  | 
DDoS attacks aren't going away; they're becoming larger, more frequent and more frequently used in conjunction with other attacks.
Microsoft Misses Memory Mistake: The Security That Wasn't
Larry Loeb  |  11/27/2017  | 
An error in implementing a security routine means millions of users thought to be protected against a particular attack were actually more vulnerable than ever.
Thoma Bravo to Acquire Barracuda Networks for $1.6 billion
Quick Hits  |  11/27/2017  | 
The cloud email security and management company accepts buyout offer as a means to accelerate its growth.
Cyber Forensics: The Next Frontier in Cybersecurity
Commentary  |  11/27/2017  | 
We can now recover evidence from the RAM on a cellphone, even if the account is locked, and use it to prosecute a case.
8 Low or No-Cost Sources of Threat Intelligence
Slideshows  |  11/27/2017  | 
Heres a list of sites that for little or no cost give you plenty of ideas for where to find first-rate threat intelligence.
3 Pillars of Cyberthreat Intelligence
Commentary  |  11/22/2017  | 
Strong enterprise cybersecurity programs must be a built on a framework that incorporates strategic, operational, and tactical leadership and goals.
Time to Pull an Uber and Disclose Your Data Breach Now
Commentary  |  11/22/2017  | 
There is never a good time to reveal a cyberattack. But with EU's GDPR looming, the fallout is only going to get harder and more expensive if you wait.
Security Executives Respond to Uber Breach News
Curt Franklin  |  11/22/2017  | 
The news from Uber is rippling across the business landscape. Executives and leaders have a variety of responses to the breach and its aftermath. Here's a roundup of some of those reactions.
Uber Paid Hackers $100K to Conceal 2016 Data Breach
News  |  11/22/2017  | 
The ride-sharing company has confirmed an October 2016 data breach that compromised 57 million accounts.
Intel Firmware Flaws Found
News  |  11/22/2017  | 
Another big firmware security issue affecting Intel processors, requires OEM updates.
Uber Loses Customer Data: Customers Yawn & Keep Riding
News Analysis-Security Now  |  11/22/2017  | 
Uber's latest breach revelations offer lessons in how not to respond to a breach. Is it a good thing, or a bad thing, that customers don't seem to care?
Samsung Pay Leaks Mobile Device Information
News  |  11/22/2017  | 
Researcher at Black Hat Europe will show how Samsung Pay's security falls short and ways attackers could potentially bypass it.
New OWASP Top 10 List Includes Three New Web Vulns
News  |  11/21/2017  | 
But dropping cross-site request forgeries from list is a mistake, some analysts say.
A Call for Greater Regulation of Digital Currencies
News  |  11/21/2017  | 
A new report calls for international collaboration to create more transparency with virtual currencies and track money used for cybercrime.
Iranian Nation-State Hacker Indicted for HBO Hack, Extortion
Quick Hits  |  11/21/2017  | 
'Winter is coming,' DoJ official says of overseas hackers such as the alleged HBO hacker who steal intellectual property from the US.
Half of Americans Unsure of Online Shopping Safety
Quick Hits  |  11/21/2017  | 
Consumers struggle to determine the safety of online shopping websites, putting them at risk for holiday hacking.
6 Real Black Friday Phishing Lures
Slideshows  |  11/21/2017  | 
As the mega-shopping day approaches, here's a look at six examples of phishing attacks - and ways to avoid taking the bait.
Let's Take a Page from the Credit Card Industry's Playbook
Commentary  |  11/21/2017  | 
Internal security departments would do well to follow the processes of major credit cards.
Common Sense Means Rethinking NIST Password Rules
News Analysis-Security Now  |  11/21/2017  | 
NIST has provided guidance on passwords but those rules conflict with the real world. The world isn't changing, so the guidance should shift.
It's Inevitable: You've Been Hacked
Curt Franklin  |  11/20/2017  | 
If your personal information is available on the Internet, you should assume that a hacker has it.
Researcher Finds Hole in Windows ASLR Security Defense
News  |  11/20/2017  | 
A security expert found a way to work around Microsoft's Address Space Randomization Layer, which protects the OS from memory-based attacks.
North Korea's Lazarus Group Evolves Tactics, Goes Mobile
News  |  11/20/2017  | 
The group believed to be behind the Sony breach and attacks on the SWIFT network pivots from targeted to mass attacks.
DDoS Attack Attempts Doubled in 6 Months
Quick Hits  |  11/20/2017  | 
Organizations face an average of eight attempts a day, up from an average of four per day at the beginning of this year.
New Guide for Political Campaign Cybersecurity Debuts
Quick Hits  |  11/20/2017  | 
The Cybersecurity Campaign Playbook created by bipartisan Defending Digital Democracy Project (D3P) group provides political campaigns with tips for securing data, accounts.
Page 1 / 4   >   >>


Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-28042
PUBLISHED: 2021-03-05
Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. This can lead to remote code execution.
CVE-2021-28041
PUBLISHED: 2021-03-05
ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host.
CVE-2021-3377
PUBLISHED: 2021-03-05
The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting (XSS) vulnerability. This issue is fixed in v5.0.0.
CVE-2021-3420
PUBLISHED: 2021-03-05
A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer and then to a heap-based buffer overflow.
CVE-2020-29020
PUBLISHED: 2021-03-05
Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware.