Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in November 2017
<<   <   Page 4 / 4
Recorded Future Takes $25M in Final Funding Round
Simon Marshall  |  11/3/2017  | 
Recorded Future finishes venture funding with money to build out a threat intelligence platform.
Mischel Kwon Unplugged
News  |  11/2/2017  | 
Security Pro File: Kwon talks about her tenure at DOJ and US-CERT, winning a WiFi antenna contest at DEF CON, voice lessons - and her brief stint as an industry 'float princess.'
Social Engineer Spills Tricks of the Trade
News  |  11/2/2017  | 
A social engineer points out gaping holes in businesses' human security and shares lessons learned from years of phishing research.
New Ransomware Attack Targets Japan
Curt Franklin  |  11/2/2017  | 
ONI is the latest ransomware attack, but this time encrypted files are just the beginning.
iPhone X Face ID a Facial Biometrics Catalyst?
News  |  11/2/2017  | 
Apple's new multi-factor authentication technology receives mixed reviews in separate surveys.
US May Charge Russian Officials in DNC Hacking Case
Quick Hits  |  11/2/2017  | 
An ongoing investigation into the DNC hack has surfaced the names of six Russian government officials.
10 Mistakes End Users Make That Drive Security Managers Crazy
Slideshows  |  11/2/2017  | 
Here's a list of common, inadvertent missteps end users make that can expose company data.
What Blue Teams Need to Know about Targeted Attacks
Commentary  |  11/2/2017  | 
A malicious intruder only has to be right once. But defenders must be right 100% of the time.
5 Reasons CISOs Should Keep an Open Mind about Cryptocurrency
Partner Perspectives  |  11/2/2017  | 
With untold new markets for Bitcoin and other 'alt-coins,' it's going to be an exciting future -- and security leaders need to get ready for it.
Average Employee Manages Nearly 200 Passwords
News  |  11/1/2017  | 
But single sign-on support lacks in over 50% of the most popular websites and services used by workers.
Will New Ownership Open New Opportunities for Digital Cert Vendors?
News  |  11/1/2017  | 
Francisco Partners acquires majority stake in Comodo CA; DigiCert completes purchase of Symantec's SSL cert business.
Open Source is Getting Safer
Simon Marshall  |  11/1/2017  | 
Open source is not unsafe by nature, and a new report has numbers to back that up. If your software is unsafe, blame programming, not the license.
'Silence' Trojan Mimics Carbanak to Spy, Steal from Banks
News  |  11/1/2017  | 
Attackers break into financial organizations and stay there to record employees' activities, steal data, and use it to steal, similar to the Carbanak group.
WannaCry Was an Avoidable Mess for NHS
Curt Franklin  |  11/1/2017  | 
A new report says that the UK's NHS could have avoided WannaCry entirely. Is it possible to secure a network from the ravages of bottom-line focused management?
iPhone 7, Samsung Galaxy S8, Others Hacked in Pwn2Own
Quick Hits  |  11/1/2017  | 
Researchers participating in the Mobile Pwn2Own 2017 competition developed exploits for the iPhone 7, Samsung Galaxy S8, and others.
Demisto Brings Bots to Security Noise
Simon Marshall  |  11/1/2017  | 
A Security Now company profile of security automation firm Demisto.
How AI Can Help Prevent Data Breaches in 2018 and Beyond
Commentary  |  11/1/2017  | 
Artificial intelligence startups are tackling four key areas that will help companies avoid becoming the next Equifax.
How Wireless Intruders Can Bypass NAC Controls
News  |  11/1/2017  | 
A researcher at this month's SecTor conference will demonstrate the dangers of not employing EAP-TLS wireless security.
<<   <   Page 4 / 4


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30485
PUBLISHED: 2021-04-11
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.