Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in November 2017
<<   <   Page 2 / 4   >   >>
3 Ways to Retain Security Operations Staff
Commentary  |  11/20/2017  | 
Finding skilled security analysts is hard enough. Once you do, you'll need to fight to keep them working for you. These tips can help.
The Face of Enterprise Security
Larry Loeb  |  11/20/2017  | 
Facial recognition is starting to grow as a technology on consumer devices; what does that mean for your enterprise security?
Quad9 Brings Secure DNS to the Masses
Curt Franklin  |  11/17/2017  | 
An industry alliance has introduced Quad9, a free DNS service that can protect users from phishing, bots and malware websites.
Friday Haiku: A Shopping Chill
Curt Franklin  |  11/17/2017  | 
A cautionary note for the season in this week's Friday Haiku.
Businesses Can't Tell Good Bots from Bad Bots: Report
Quick Hits  |  11/17/2017  | 
Bots make up more than 75% of total traffic for some businesses, but one in three can't distinguish legitimate bots from malicious ones.
Barracuda Launches Next-Gen Cloud Firewalls
Curt Franklin  |  11/17/2017  | 
A new set of features makes Barracuda's newest firewalls 'cloud-generation' services.
Mobile Malware Incidents Hit 100% of Businesses
News  |  11/17/2017  | 
Attempted malware infections against BYOD and corporate mobile devices are expected to continue to grow, new data shows.
Tips to Protect the DNS from Data Exfiltration
Commentary  |  11/17/2017  | 
If hackers break in via the Domain Name System, most business wouldn't know until it's too late. These tips can help you prepare.
IBM, Nonprofits Team Up in New Free DNS Service
News  |  11/17/2017  | 
Quad9 blocks malicious sites used in phishing, other nefarious activity.
We're Still Not Ready for GDPR? What is Wrong With Us?
Commentary  |  11/17/2017  | 
The canary in the coalmine died 12 years ago, the law went into effect 19 months ago, but many organizations still won't be ready for the new privacy regulations when enforcement begins in May.
Crooks Turn to Delivering Ransomware via RDP
News  |  11/16/2017  | 
In a new twist to an old attack, threats actors are increasingly using the remote access protocol to install ransomware, Sophos says
Terdot Banking Trojan Spies on Email, Social Media
News  |  11/16/2017  | 
Terdot Banking Trojan, inspired by Zeus, can eavesdrop and modify traffic on social media and email in addition to snatching data.
121 Pieces of Malware Flagged on NSA Employee's Home Computer
News  |  11/16/2017  | 
Kaspersky Lab's internal investigation found a backdoor Trojan and other malware on the personal computer of the NSA employee who took home agency hacking tools.
10 Clues That Network Traffic Is Bad
News Analysis-Security Now  |  11/16/2017  | 
Threats often come in the form of bad network traffic. These 10 tips tell you whether bad traffic is worth worrying about.
Optiv Acquires Decision Lab to Expand Big Data Services
Quick Hits  |  11/16/2017  | 
Deal enhances Optiv's big data, automation, and orchestration efforts.
Kaspersky Takes on 2018
Simon Marshall  |  11/16/2017  | 
Kaspersky Labs has released its security predictions for 2018 and there are troubling trends ahead.
Forget APTs: Let's Talk about Advanced Persistent Infrastructure
Commentary  |  11/16/2017  | 
Understanding how bad guys reuse infrastructure will show you the areas of your network to target when investigating new threats and reiteration of old malware.
Death of the Tier 1 SOC Analyst
News  |  11/16/2017  | 
Say goodbye to the entry-level security operations center (SOC) analyst as we know it.
'Reaper': The Professional Bot Herders Thingbot
Partner Perspectives  |  11/16/2017  | 
Is it malicious? So far it's hard to tell. For now it's a giant blinking red light in security researchers faces warning us that wed better figure out how to secure the Internet of Things.
White House Releases New Charter for Using, Disclosing Security Vulnerabilities
News  |  11/15/2017  | 
Updated Vulnerability Equities Process provides transparency into how government will handle new vulnerabilities that it discovers in vendor products and services.
Fred Kwong: The Psychology of Being a CISO
News  |  11/15/2017  | 
Security Pro File: Fred Kwong learned people skills in the classroom and technical skills on the job. The former psychology major, now CISO at Delta Dental, shares his path to cybersecurity and how he applies his liberal arts background to his current role.
Stealthy Android Malware Found in Google Play
News  |  11/15/2017  | 
Eight apps found infected with a new Trojan family that ups the ante in obfuscation with four payload stages.
iPhone's Facial Recognition Shows Cracks
Curt Franklin  |  11/15/2017  | 
A research firm says that it has successfully spoofed the facial recognition technology used in Apple's flagship iPhone X.
Should Security Silos Still Stand?
Simon Marshall  |  11/15/2017  | 
DevSecOps would tear down every functional silo in security. Is that a good thing, or do corporate silos still serve a valuable purpose?
Who Am I? Best Practices for Next-Gen Authentication
Commentary  |  11/15/2017  | 
By their very nature, antiquated, static identifiers like Social Security numbers and dates of birth are worse than passwords.
Forever 21 Informs Shoppers of Data Breach
Quick Hits  |  11/15/2017  | 
Forever 21 learned an unauthorized actor may have accessed payment card data at certain retail stores.
NSA Veterans Land $1.5 Million in Funding for Startup
Quick Hits  |  11/15/2017  | 
ReFirm Labs' launches Centrifuge Platform, which aims to automatically detect security vulnerabilities in IoT firmware.
Insider Threats: Red Flags and Best Practices
Slideshows  |  11/15/2017  | 
Security pros list red flags indicating an insider attack and best practices to protect against accidental and malicious exposure.
Deception Technology: Prevention Reimagined
Commentary  |  11/15/2017  | 
How state-of-the-art tools make it practical and cost-effective to identify and engage attackers in early lateral movement stages to prevent them from reaching critical systems and data.
Microsoft Uses Neural Networks to Make Fuzz Tests Smarter
News  |  11/15/2017  | 
Neural fuzzing can help uncover bugs in software better than traditional tools, company says.
2017 Has Broken the Record for Security Vulnerabilities
Quick Hits  |  11/14/2017  | 
Some 40% of disclosed vulns as of Q3 are rated as severe, new Risk Based Security data shows.
Microsoft Word Vuln Went Unnoticed for 17 Years: Report
News  |  11/14/2017  | 
Researchers claim Microsoft Word vulnerability, patched today, has existed for 17 years.
Enterprise Physical Security Drives IoT Adoption
News  |  11/14/2017  | 
The vast majority of respondents to a new survey are deploying IoT technologies for building safety in the form of security cameras.
The Gift of Simple Security
Simon Marshall  |  11/14/2017  | 
Alert Logic's Marc Willebeek-Lemair has seen complex security and now thinks that simple solutions are the best for most enterprises.
Companies Blindly Believe They've Locked Down Users' Mobile Use
News  |  11/14/2017  | 
IT security teams may be in for a surprise about their mobile exposure as the GDPR compliance deadline approaches, according to a new survey.
What the NFL Teaches Us about Fostering a Champion Security Team
Commentary  |  11/14/2017  | 
Cybersecurity experts can learn how to do a better job by keeping a close eye on the gridiron.
Cloudflare Buys Mobile Firm Neumob
Quick Hits  |  11/14/2017  | 
The deal will give Cloudflare technology to optimize mobile security, performance.
ADT Expands Cybersecurity Business with Purchase of Datashield
News  |  11/14/2017  | 
Home and business security giant launches ADT Cybersecurity to offer managed detection and response (MDR) service.
Russian Developer Snuck Cryptocurrency Mining into Android Apps
News  |  11/14/2017  | 
Apps found in Google Play turned mobile devices into cryptocurrency miners unbeknownst to their users, according to researchers from security firm Ixia.
Frequent Software Releases, Updates May Injure App Security
News  |  11/13/2017  | 
The more frequently you release apps, the more security vulnerabilities you are likely to introduce in the code, a new study confirms.
SOCs Become Service Targets
Curt Franklin  |  11/13/2017  | 
MSSPs are becoming SOCaaS providers. Is it a natural evolution or a short-lived phenomenon in the as-a-service world?
Emerging IT Security Technologies: 13 Categories, 26 Vendors
Slideshows  |  11/13/2017  | 
A rundown of some of the hottest security product areas, and vendors helping to shape them.
New Banking Trojan Similar to Dridex, Zeus, Gozi
News  |  11/13/2017  | 
IBM researchers uncover a new form of banking malware distributed as a second-stage infection via the Emotet Trojan.
Optiv Buys Conexsys for Canadian Market Growth
Quick Hits  |  11/13/2017  | 
Optiv ramps up its growth strategy with an acquisition of Conexsys, security and networking firm based in Toronto.
Cybersecurity Skills Gap Hits Across the Board
Curt Franklin  |  11/13/2017  | 
The massive shortfall in cybersecurity professionals is having an impact on organizations of all types and sizes.
How to Leverage the Rosetta Stone of Information Sharing
Commentary  |  11/13/2017  | 
A common framework will help in the development of cyber-risk management efforts.
No Lock-Pick Required: The Friday Haiku
Curt Franklin  |  11/10/2017  | 
Why pick a lock when keys are so common?
New Research: Phishing Is Worse Than You Thought
Curt Franklin  |  11/10/2017  | 
A new report led by Google researchers shows that phishing attacks are incredibly effective at stealing useful credentials from users.
New Locky Ransomware Takes Another Turn
News  |  11/10/2017  | 
A newly discovered strain of Locky ransomware has been discovered masquerading as legitimate Microsoft Word documents.
Customers Punish Breached Companies
News  |  11/10/2017  | 
Equifax's 25% reduction in share value and other industry-wide stats show that consumers aren't so apathetic about cybersecurity after all.
<<   <   Page 2 / 4   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-32411
PUBLISHED: 2022-07-01
An issue in the languages config file of HongCMS v3.0 allows attackers to getshell.
CVE-2022-32412
PUBLISHED: 2022-07-01
An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell.
CVE-2022-34903
PUBLISHED: 2022-07-01
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
CVE-2022-32324
PUBLISHED: 2022-07-01
PDFAlto v0.4 was discovered to contain a heap buffer overflow via the component /pdfalto/src/pdfalto.cc.
CVE-2022-32325
PUBLISHED: 2022-07-01
JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c.