Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in November 2017
<<   <   Page 4 / 4
Recorded Future Takes $25M in Final Funding Round
Simon Marshall  |  11/3/2017  | 
Recorded Future finishes venture funding with money to build out a threat intelligence platform.
Mischel Kwon Unplugged
News  |  11/2/2017  | 
Security Pro File: Kwon talks about her tenure at DOJ and US-CERT, winning a WiFi antenna contest at DEF CON, voice lessons - and her brief stint as an industry 'float princess.'
Social Engineer Spills Tricks of the Trade
News  |  11/2/2017  | 
A social engineer points out gaping holes in businesses' human security and shares lessons learned from years of phishing research.
New Ransomware Attack Targets Japan
Curt Franklin  |  11/2/2017  | 
ONI is the latest ransomware attack, but this time encrypted files are just the beginning.
iPhone X Face ID a Facial Biometrics Catalyst?
News  |  11/2/2017  | 
Apple's new multi-factor authentication technology receives mixed reviews in separate surveys.
US May Charge Russian Officials in DNC Hacking Case
Quick Hits  |  11/2/2017  | 
An ongoing investigation into the DNC hack has surfaced the names of six Russian government officials.
10 Mistakes End Users Make That Drive Security Managers Crazy
Slideshows  |  11/2/2017  | 
Here's a list of common, inadvertent missteps end users make that can expose company data.
What Blue Teams Need to Know about Targeted Attacks
Commentary  |  11/2/2017  | 
A malicious intruder only has to be right once. But defenders must be right 100% of the time.
5 Reasons CISOs Should Keep an Open Mind about Cryptocurrency
Partner Perspectives  |  11/2/2017  | 
With untold new markets for Bitcoin and other 'alt-coins,' it's going to be an exciting future -- and security leaders need to get ready for it.
Average Employee Manages Nearly 200 Passwords
News  |  11/1/2017  | 
But single sign-on support lacks in over 50% of the most popular websites and services used by workers.
Will New Ownership Open New Opportunities for Digital Cert Vendors?
News  |  11/1/2017  | 
Francisco Partners acquires majority stake in Comodo CA; DigiCert completes purchase of Symantec's SSL cert business.
Open Source is Getting Safer
Simon Marshall  |  11/1/2017  | 
Open source is not unsafe by nature, and a new report has numbers to back that up. If your software is unsafe, blame programming, not the license.
'Silence' Trojan Mimics Carbanak to Spy, Steal from Banks
News  |  11/1/2017  | 
Attackers break into financial organizations and stay there to record employees' activities, steal data, and use it to steal, similar to the Carbanak group.
WannaCry Was an Avoidable Mess for NHS
Curt Franklin  |  11/1/2017  | 
A new report says that the UK's NHS could have avoided WannaCry entirely. Is it possible to secure a network from the ravages of bottom-line focused management?
iPhone 7, Samsung Galaxy S8, Others Hacked in Pwn2Own
Quick Hits  |  11/1/2017  | 
Researchers participating in the Mobile Pwn2Own 2017 competition developed exploits for the iPhone 7, Samsung Galaxy S8, and others.
Demisto Brings Bots to Security Noise
Simon Marshall  |  11/1/2017  | 
A Security Now company profile of security automation firm Demisto.
How AI Can Help Prevent Data Breaches in 2018 and Beyond
Commentary  |  11/1/2017  | 
Artificial intelligence startups are tackling four key areas that will help companies avoid becoming the next Equifax.
How Wireless Intruders Can Bypass NAC Controls
News  |  11/1/2017  | 
A researcher at this month's SecTor conference will demonstrate the dangers of not employing EAP-TLS wireless security.
<<   <   Page 4 / 4


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-32411
PUBLISHED: 2022-07-01
An issue in the languages config file of HongCMS v3.0 allows attackers to getshell.
CVE-2022-32412
PUBLISHED: 2022-07-01
An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell.
CVE-2022-34903
PUBLISHED: 2022-07-01
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
CVE-2022-32324
PUBLISHED: 2022-07-01
PDFAlto v0.4 was discovered to contain a heap buffer overflow via the component /pdfalto/src/pdfalto.cc.
CVE-2022-32325
PUBLISHED: 2022-07-01
JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c.