Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in November 2017
<<   <   Page 2 / 4   >   >>
3 Ways to Retain Security Operations Staff
Commentary  |  11/20/2017  | 
Finding skilled security analysts is hard enough. Once you do, you'll need to fight to keep them working for you. These tips can help.
The Face of Enterprise Security
Larry Loeb  |  11/20/2017  | 
Facial recognition is starting to grow as a technology on consumer devices; what does that mean for your enterprise security?
Quad9 Brings Secure DNS to the Masses
Curt Franklin  |  11/17/2017  | 
An industry alliance has introduced Quad9, a free DNS service that can protect users from phishing, bots and malware websites.
Friday Haiku: A Shopping Chill
Curt Franklin  |  11/17/2017  | 
A cautionary note for the season in this week's Friday Haiku.
Businesses Can't Tell Good Bots from Bad Bots: Report
Quick Hits  |  11/17/2017  | 
Bots make up more than 75% of total traffic for some businesses, but one in three can't distinguish legitimate bots from malicious ones.
Barracuda Launches Next-Gen Cloud Firewalls
Curt Franklin  |  11/17/2017  | 
A new set of features makes Barracuda's newest firewalls 'cloud-generation' services.
Mobile Malware Incidents Hit 100% of Businesses
News  |  11/17/2017  | 
Attempted malware infections against BYOD and corporate mobile devices are expected to continue to grow, new data shows.
Tips to Protect the DNS from Data Exfiltration
Commentary  |  11/17/2017  | 
If hackers break in via the Domain Name System, most business wouldn't know until it's too late. These tips can help you prepare.
IBM, Nonprofits Team Up in New Free DNS Service
News  |  11/17/2017  | 
Quad9 blocks malicious sites used in phishing, other nefarious activity.
We're Still Not Ready for GDPR? What is Wrong With Us?
Commentary  |  11/17/2017  | 
The canary in the coalmine died 12 years ago, the law went into effect 19 months ago, but many organizations still won't be ready for the new privacy regulations when enforcement begins in May.
Crooks Turn to Delivering Ransomware via RDP
News  |  11/16/2017  | 
In a new twist to an old attack, threats actors are increasingly using the remote access protocol to install ransomware, Sophos says
Terdot Banking Trojan Spies on Email, Social Media
News  |  11/16/2017  | 
Terdot Banking Trojan, inspired by Zeus, can eavesdrop and modify traffic on social media and email in addition to snatching data.
121 Pieces of Malware Flagged on NSA Employee's Home Computer
News  |  11/16/2017  | 
Kaspersky Lab's internal investigation found a backdoor Trojan and other malware on the personal computer of the NSA employee who took home agency hacking tools.
10 Clues That Network Traffic Is Bad
News Analysis-Security Now  |  11/16/2017  | 
Threats often come in the form of bad network traffic. These 10 tips tell you whether bad traffic is worth worrying about.
Optiv Acquires Decision Lab to Expand Big Data Services
Quick Hits  |  11/16/2017  | 
Deal enhances Optiv's big data, automation, and orchestration efforts.
Kaspersky Takes on 2018
Simon Marshall  |  11/16/2017  | 
Kaspersky Labs has released its security predictions for 2018 and there are troubling trends ahead.
Forget APTs: Let's Talk about Advanced Persistent Infrastructure
Commentary  |  11/16/2017  | 
Understanding how bad guys reuse infrastructure will show you the areas of your network to target when investigating new threats and reiteration of old malware.
Death of the Tier 1 SOC Analyst
News  |  11/16/2017  | 
Say goodbye to the entry-level security operations center (SOC) analyst as we know it.
'Reaper': The Professional Bot Herders Thingbot
Partner Perspectives  |  11/16/2017  | 
Is it malicious? So far it's hard to tell. For now it's a giant blinking red light in security researchers faces warning us that wed better figure out how to secure the Internet of Things.
White House Releases New Charter for Using, Disclosing Security Vulnerabilities
News  |  11/15/2017  | 
Updated Vulnerability Equities Process provides transparency into how government will handle new vulnerabilities that it discovers in vendor products and services.
Fred Kwong: The Psychology of Being a CISO
News  |  11/15/2017  | 
Security Pro File: Fred Kwong learned people skills in the classroom and technical skills on the job. The former psychology major, now CISO at Delta Dental, shares his path to cybersecurity and how he applies his liberal arts background to his current role.
Stealthy Android Malware Found in Google Play
News  |  11/15/2017  | 
Eight apps found infected with a new Trojan family that ups the ante in obfuscation with four payload stages.
iPhone's Facial Recognition Shows Cracks
Curt Franklin  |  11/15/2017  | 
A research firm says that it has successfully spoofed the facial recognition technology used in Apple's flagship iPhone X.
Should Security Silos Still Stand?
Simon Marshall  |  11/15/2017  | 
DevSecOps would tear down every functional silo in security. Is that a good thing, or do corporate silos still serve a valuable purpose?
Who Am I? Best Practices for Next-Gen Authentication
Commentary  |  11/15/2017  | 
By their very nature, antiquated, static identifiers like Social Security numbers and dates of birth are worse than passwords.
Forever 21 Informs Shoppers of Data Breach
Quick Hits  |  11/15/2017  | 
Forever 21 learned an unauthorized actor may have accessed payment card data at certain retail stores.
NSA Veterans Land $1.5 Million in Funding for Startup
Quick Hits  |  11/15/2017  | 
ReFirm Labs' launches Centrifuge Platform, which aims to automatically detect security vulnerabilities in IoT firmware.
Insider Threats: Red Flags and Best Practices
Slideshows  |  11/15/2017  | 
Security pros list red flags indicating an insider attack and best practices to protect against accidental and malicious exposure.
Deception Technology: Prevention Reimagined
Commentary  |  11/15/2017  | 
How state-of-the-art tools make it practical and cost-effective to identify and engage attackers in early lateral movement stages to prevent them from reaching critical systems and data.
Microsoft Uses Neural Networks to Make Fuzz Tests Smarter
News  |  11/15/2017  | 
Neural fuzzing can help uncover bugs in software better than traditional tools, company says.
2017 Has Broken the Record for Security Vulnerabilities
Quick Hits  |  11/14/2017  | 
Some 40% of disclosed vulns as of Q3 are rated as severe, new Risk Based Security data shows.
Microsoft Word Vuln Went Unnoticed for 17 Years: Report
News  |  11/14/2017  | 
Researchers claim Microsoft Word vulnerability, patched today, has existed for 17 years.
Enterprise Physical Security Drives IoT Adoption
News  |  11/14/2017  | 
The vast majority of respondents to a new survey are deploying IoT technologies for building safety in the form of security cameras.
The Gift of Simple Security
Simon Marshall  |  11/14/2017  | 
Alert Logic's Marc Willebeek-Lemair has seen complex security and now thinks that simple solutions are the best for most enterprises.
Companies Blindly Believe They've Locked Down Users' Mobile Use
News  |  11/14/2017  | 
IT security teams may be in for a surprise about their mobile exposure as the GDPR compliance deadline approaches, according to a new survey.
What the NFL Teaches Us about Fostering a Champion Security Team
Commentary  |  11/14/2017  | 
Cybersecurity experts can learn how to do a better job by keeping a close eye on the gridiron.
Cloudflare Buys Mobile Firm Neumob
Quick Hits  |  11/14/2017  | 
The deal will give Cloudflare technology to optimize mobile security, performance.
ADT Expands Cybersecurity Business with Purchase of Datashield
News  |  11/14/2017  | 
Home and business security giant launches ADT Cybersecurity to offer managed detection and response (MDR) service.
Russian Developer Snuck Cryptocurrency Mining into Android Apps
News  |  11/14/2017  | 
Apps found in Google Play turned mobile devices into cryptocurrency miners unbeknownst to their users, according to researchers from security firm Ixia.
Frequent Software Releases, Updates May Injure App Security
News  |  11/13/2017  | 
The more frequently you release apps, the more security vulnerabilities you are likely to introduce in the code, a new study confirms.
SOCs Become Service Targets
Curt Franklin  |  11/13/2017  | 
MSSPs are becoming SOCaaS providers. Is it a natural evolution or a short-lived phenomenon in the as-a-service world?
Emerging IT Security Technologies: 13 Categories, 26 Vendors
Slideshows  |  11/13/2017  | 
A rundown of some of the hottest security product areas, and vendors helping to shape them.
New Banking Trojan Similar to Dridex, Zeus, Gozi
News  |  11/13/2017  | 
IBM researchers uncover a new form of banking malware distributed as a second-stage infection via the Emotet Trojan.
Optiv Buys Conexsys for Canadian Market Growth
Quick Hits  |  11/13/2017  | 
Optiv ramps up its growth strategy with an acquisition of Conexsys, security and networking firm based in Toronto.
Cybersecurity Skills Gap Hits Across the Board
Curt Franklin  |  11/13/2017  | 
The massive shortfall in cybersecurity professionals is having an impact on organizations of all types and sizes.
How to Leverage the Rosetta Stone of Information Sharing
Commentary  |  11/13/2017  | 
A common framework will help in the development of cyber-risk management efforts.
No Lock-Pick Required: The Friday Haiku
Curt Franklin  |  11/10/2017  | 
Why pick a lock when keys are so common?
New Research: Phishing Is Worse Than You Thought
Curt Franklin  |  11/10/2017  | 
A new report led by Google researchers shows that phishing attacks are incredibly effective at stealing useful credentials from users.
New Locky Ransomware Takes Another Turn
News  |  11/10/2017  | 
A newly discovered strain of Locky ransomware has been discovered masquerading as legitimate Microsoft Word documents.
Customers Punish Breached Companies
News  |  11/10/2017  | 
Equifax's 25% reduction in share value and other industry-wide stats show that consumers aren't so apathetic about cybersecurity after all.
<<   <   Page 2 / 4   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30485
PUBLISHED: 2021-04-11
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.