Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in November 2017
Page 1 / 4   >   >>
Lawsuits Pile Up on Uber
News  |  11/30/2017  | 
Washington AG files multimillion-dollar consumer protection lawsuit; multiple states also confirm they are investigating the Uber breach, which means more lawsuits may follow.
IoT Regulation Could Save the Internet
News Analysis-Security Now  |  11/30/2017  | 
Momentum may be building for meaningful (and useful) security regulations for the IoT.
The Critical Difference Between Vulnerabilities Equities & Threat Equities
Commentary  |  11/30/2017  | 
Why the government has an obligation to share its knowledge of flaws in software and hardware to strengthen digital infrastructure in the face of growing cyberthreats.
5 Free or Low-Cost Security Tools for Defenders
News  |  11/30/2017  | 
Not all security tools are pricey.
Qualys Buys NetWatcher Assets for Cloud-based Threat Intel
Quick Hits  |  11/30/2017  | 
The cloud security company plans to add threat detection, incident response, and compliance management to its platform.
The Good News about Breaches: It Wasn't You this Time
Partner Perspectives  |  11/30/2017  | 
Somewhere in every application there is a vulnerability waiting to be exploited. You can attack the problem by having the right mindset and answering two simple questions
AWS Adds Security Management to Growing Portfolio
Simon Marshall  |  11/30/2017  | 
AWS has announced major new security management features for its massive public cloud infrastructure.
First US Federal CISO Shares Security Lessons Learned
News  |  11/29/2017  | 
Greg Touhill's advice for security leaders includes knowing the value of information, hardening their workforce, and prioritizing security by design.
Major Apple Flaw Found, Fixed & Still Dangerous
Curt Franklin  |  11/29/2017  | 
A vulnerability in MacOS High Sierra could leave Macs open and vulnerable in the world of the Internet.
Intel Management Engine Has a Big Problem
Larry Loeb  |  11/29/2017  | 
Intel's Management Engine has a vulnerability that could allow an attacker to own your entire system. And they aren't planning to fix it.
Big Apple Flaw Allows Root Access to Macs without Password
News  |  11/29/2017  | 
Vulnerability affects machines running High Sierra operating system.
Why Security Depends on Usability -- and How to Achieve Both
Commentary  |  11/29/2017  | 
Any initiative that reduces usability will have consequences that make security less effective.
AI Prepares for Security Spotlight
Simon Marshall  |  11/29/2017  | 
Versive puts AI to work finding and identifying cybersecurity threats.
Samsung's Mobile Device Bug Bounty Program Gets a Boost
Quick Hits  |  11/29/2017  | 
Samsung Electronics partners with Bugcrowd to deliver timely payments for its Mobile Security Rewards Program.
Suspect in Yahoo Breach Case Pleads Guilty
Quick Hits  |  11/28/2017  | 
Karim Baratov admits he worked on behalf of Russia's FSB.
Git Some Security: Locking Down GitHub Hygiene
News  |  11/28/2017  | 
In the age of DevOps and agile development practices that lean heavily on GitHub and other cloud resources, strong controls are more important than ever.
Aporeto Launches Zero Trust Security Solution
Curt Franklin  |  11/28/2017  | 
A new security approach from Aporeto assumes that your network security is leaky as a sieve.
Retail and Hospitality Breaches Declined Over Past 2 Years
News  |  11/28/2017  | 
A drop in publicly disclosed breaches for the two industries is due in part to fewer point-of-sale breaches.
PreVeil Pushes Encryption Past the End
Simon Marshall  |  11/28/2017  | 
PreVeil is pushing encryption beyond its normal endpoints to protect data wherever it is.
The Looming War of Good AI vs. Bad AI
Commentary  |  11/28/2017  | 
The rise of artificial intelligence, machine learning, hivenets, and next-generation morphic malware is leading to an arms race that enterprises must prepare for now.
Trend Micro Buys Immunio
Quick Hits  |  11/28/2017  | 
The acquisition is aimed at balancing the speed of DevOps with application security.
Developers Can Do More to Up Their Security Game: Report
News  |  11/28/2017  | 
Developers can play a vital role in accelerating the adoption of AppSec practices, security vendor says.
New BankBot Version Avoids Detection in Google Play -- Again
News  |  11/27/2017  | 
Mobile banking Trojan BankBot uses a unique payload downloading technique to skip past Google Play Protect.
McAfee Buys SkyHigh Networks for CASB Functions
Curt Franklin  |  11/27/2017  | 
McAfee has announced that it is purchasing CASB pioneer Skyhigh Networks to bring cloud security to the endpoint security giant.
Uber's Security Slip-ups: What Went Wrong
News  |  11/27/2017  | 
The ride-sharing company's decisions leading to a 2016 data breach and its handling of the incident should serve as a cautionary tale for enterprises facing a breach.
McAfee Looks to Cloud with Skyhigh Acquisition
Quick Hits  |  11/27/2017  | 
McAfee agrees to buy CASB provider Skyhigh Networks, demonstrating a strong focus on cloud security.
DDoS Attacks Trend in a Bad Direction
Simon Marshall  |  11/27/2017  | 
DDoS attacks aren't going away; they're becoming larger, more frequent and more frequently used in conjunction with other attacks.
Microsoft Misses Memory Mistake: The Security That Wasn't
Larry Loeb  |  11/27/2017  | 
An error in implementing a security routine means millions of users thought to be protected against a particular attack were actually more vulnerable than ever.
Thoma Bravo to Acquire Barracuda Networks for $1.6 billion
Quick Hits  |  11/27/2017  | 
The cloud email security and management company accepts buyout offer as a means to accelerate its growth.
Cyber Forensics: The Next Frontier in Cybersecurity
Commentary  |  11/27/2017  | 
We can now recover evidence from the RAM on a cellphone, even if the account is locked, and use it to prosecute a case.
8 Low or No-Cost Sources of Threat Intelligence
Slideshows  |  11/27/2017  | 
Heres a list of sites that for little or no cost give you plenty of ideas for where to find first-rate threat intelligence.
3 Pillars of Cyberthreat Intelligence
Commentary  |  11/22/2017  | 
Strong enterprise cybersecurity programs must be a built on a framework that incorporates strategic, operational, and tactical leadership and goals.
Time to Pull an Uber and Disclose Your Data Breach Now
Commentary  |  11/22/2017  | 
There is never a good time to reveal a cyberattack. But with EU's GDPR looming, the fallout is only going to get harder and more expensive if you wait.
Security Executives Respond to Uber Breach News
Curt Franklin  |  11/22/2017  | 
The news from Uber is rippling across the business landscape. Executives and leaders have a variety of responses to the breach and its aftermath. Here's a roundup of some of those reactions.
Uber Paid Hackers $100K to Conceal 2016 Data Breach
News  |  11/22/2017  | 
The ride-sharing company has confirmed an October 2016 data breach that compromised 57 million accounts.
Intel Firmware Flaws Found
News  |  11/22/2017  | 
Another big firmware security issue affecting Intel processors, requires OEM updates.
Uber Loses Customer Data: Customers Yawn & Keep Riding
News Analysis-Security Now  |  11/22/2017  | 
Uber's latest breach revelations offer lessons in how not to respond to a breach. Is it a good thing, or a bad thing, that customers don't seem to care?
Samsung Pay Leaks Mobile Device Information
News  |  11/22/2017  | 
Researcher at Black Hat Europe will show how Samsung Pay's security falls short and ways attackers could potentially bypass it.
New OWASP Top 10 List Includes Three New Web Vulns
News  |  11/21/2017  | 
But dropping cross-site request forgeries from list is a mistake, some analysts say.
A Call for Greater Regulation of Digital Currencies
News  |  11/21/2017  | 
A new report calls for international collaboration to create more transparency with virtual currencies and track money used for cybercrime.
Iranian Nation-State Hacker Indicted for HBO Hack, Extortion
Quick Hits  |  11/21/2017  | 
'Winter is coming,' DoJ official says of overseas hackers such as the alleged HBO hacker who steal intellectual property from the US.
Half of Americans Unsure of Online Shopping Safety
Quick Hits  |  11/21/2017  | 
Consumers struggle to determine the safety of online shopping websites, putting them at risk for holiday hacking.
6 Real Black Friday Phishing Lures
Slideshows  |  11/21/2017  | 
As the mega-shopping day approaches, here's a look at six examples of phishing attacks - and ways to avoid taking the bait.
Let's Take a Page from the Credit Card Industry's Playbook
Commentary  |  11/21/2017  | 
Internal security departments would do well to follow the processes of major credit cards.
Common Sense Means Rethinking NIST Password Rules
News Analysis-Security Now  |  11/21/2017  | 
NIST has provided guidance on passwords but those rules conflict with the real world. The world isn't changing, so the guidance should shift.
It's Inevitable: You've Been Hacked
Curt Franklin  |  11/20/2017  | 
If your personal information is available on the Internet, you should assume that a hacker has it.
Researcher Finds Hole in Windows ASLR Security Defense
News  |  11/20/2017  | 
A security expert found a way to work around Microsoft's Address Space Randomization Layer, which protects the OS from memory-based attacks.
North Korea's Lazarus Group Evolves Tactics, Goes Mobile
News  |  11/20/2017  | 
The group believed to be behind the Sony breach and attacks on the SWIFT network pivots from targeted to mass attacks.
DDoS Attack Attempts Doubled in 6 Months
Quick Hits  |  11/20/2017  | 
Organizations face an average of eight attempts a day, up from an average of four per day at the beginning of this year.
New Guide for Political Campaign Cybersecurity Debuts
Quick Hits  |  11/20/2017  | 
The Cybersecurity Campaign Playbook created by bipartisan Defending Digital Democracy Project (D3P) group provides political campaigns with tips for securing data, accounts.
Page 1 / 4   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21195
PUBLISHED: 2021-04-09
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.