Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in November 2018
Page 1 / 4   >   >>
Holiday Hacks: 6 Cyberthreats to Watch Right Now
Slideshows  |  11/30/2018  | 
'Tis the season for holiday crafted phishes, scams, and a range of cyberattacks. Experts list the hottest holiday hacks for 2018.
Retailers Make Big Strides In Offering Clear Unsubscribe Links
News  |  11/30/2018  | 
They're also honoring unsubscribe requests as soon as they're made, according to the Online Trust Alliance.
Massive Starwood Hotels Breach Hits 500 Million Guests
News  |  11/30/2018  | 
Among the unknowns: who is behind the breach and how many of the affected records have been sold or used by criminals.
Threat Hunting: Improving Bot Detection in Enterprise SD-WANs
Commentary  |  11/30/2018  | 
How security researchers tracked down Kuai and Bujoi malware through multiple vectors including client type, traffic frequency, and destination.
39 Arrested in Tech Support Scam Crackdown: Microsoft
Quick Hits  |  11/30/2018  | 
Law enforcement officials in India raided 16 call center locations that conned primarily American and Canadian victims.
Marriott: 500 Million Guest Records Compromised in Data Breach
News Analysis-Security Now  |  11/30/2018  | 
Marriott is investigating a possible data breach that may have compromised the personal data of 500 million Starwood guests, including credit card information, names, addresses and more.
UPnProxy Still Infecting Thousands of Home & Small Business Routers
Larry Loeb  |  11/30/2018  | 
An analysis by Akamai finds that UPnProxy is still out in the wild and still targeting routers mainly used in homes and by small businesses.
MITRE Changes the Game in Security Product Testing
News  |  11/29/2018  | 
Nonprofit has published its first-ever evaluation of popular endpoint security tools - measured against its ATT&CK model.
Overall Volume of Thanksgiving Weekend Malware Attacks Lower This Year
News  |  11/29/2018  | 
But ransomware attacks go through the roof, new threat data from SonicWall shows.
Anti-Botnet Guide Aims to Tackle Automated Threats
News  |  11/29/2018  | 
The international guide is intended to help organizations defend their networks and systems from automated and distributed attacks.
Dell Forces Password Reset for Online Customers Following Data Breach
News  |  11/29/2018  | 
Move prompts questions about scope of intrusion and strength of company's password hashing.
Establishing True Trust in a Zero-Trust World
Commentary  |  11/29/2018  | 
Our goal should not be to merely accept zero trust but gain the visibility required to establish true trust.
Dell: Your Personal Info May, or May Not, Have Been Stolen
News Analysis-Security Now  |  11/29/2018  | 
It appears attackers attempted to penetrate Dell's network in early November. While the company does not believe any personal data was taken, Dell cannot guarantee no one was compromised.
Dunkin' Donuts Serves Up Data Breach Alert
Quick Hits  |  11/29/2018  | 
Forces potentially affected DD Perks customers to reset their passwords after learning of unauthorized access to their personal data.
Beware the Malware-Laden Brexit News
News  |  11/29/2018  | 
New Fancy Bear attack campaign lures victims with phony Brexit-themed document to deliver Zekapab payload.
The Return of Email Flooding
Commentary  |  11/29/2018  | 
An old attack technique is making its way back into the mainstream with an onslaught of messages that legacy tools and script writing can't easily detect.
Ransomware, New Privacy Laws Are Top Security Concerns for 2019
News Analysis-Security Now  |  11/29/2018  | 
It's never too early for New Year's predictions. The Information Security Forum is focused on four areas for 2019: ransomware; new privacy laws and regulations; IoT; and supply chain.
New Report Details Rise, Spread of Email-based Attacks
News  |  11/29/2018  | 
Criminals are diversifying their target list and tactics in a continuing effort to keep email a valuable attack vector against enterprise victims.
Iranian Hackers Charged With Creating SamSam Ransomware
News Analysis-Security Now  |  11/29/2018  | 
The Justice Department has charged two Iranian hackers with creating the SamSam ransomware that helped them collect about $6 million in Bitcoin ransom and caused about $30 million in damage.
Incorrect Assessments of Data Value Putting Organizations at Risk
News  |  11/28/2018  | 
Information security groups often underestimate or overestimate the true value of data assets, making it harder to prioritize controls.
Federal Indictments in SamSam Ransomware Campaign
News  |  11/28/2018  | 
Two Iranian nationals have been indicted on multiple counts by a federal grand jury in connection with the SamSam ransomware attacks that struck government, critical infrastructure, and healthcare organizations.
Google, White Ops, Industry Players Dismantle 3ve Ad Fraud Operation
News  |  11/28/2018  | 
3ve, an ad fraud operation amassing 1.7M infected machines, was taken down in an operation driven by law enforcement, Google, White Ops, and several security companies.
Middle East, North Africa Cybercrime Ups Its Game
News  |  11/28/2018  | 
Ransomware, DDoS extortion, and encrypted communications abound as cybercriminals in the region refine their tradecraft.
Data Breach Threats Bigger Than Ever
Commentary  |  11/28/2018  | 
A quarter of IT and security leaders expect a major data breach in the next year.
Atrium Health Breach Exposes 2.65 Million Patient Records
Quick Hits  |  11/28/2018  | 
Supplier that handles billing and online payments for health-care provider became aware of incident Oct. 1.
Amazon Rolls Out AWS Security Hub
Quick Hits  |  11/28/2018  | 
New security platform aggregates information from Amazon Web Services cloud accounts and third-party tools.
The "Typical" Security Engineer: Hiring Myths & Stereotypes
Commentary  |  11/28/2018  | 
In an environment where talent is scarce, it's critical that hiring managers remove artificial barriers to those whose mental operating systems are different.
New Worm Helps Spread Fileless Version of Bladabindi RAT
Larry Loeb  |  11/28/2018  | 
An updated version of the Bladabindi RAT is fileless and can now be spread through removable USB and other storage devices.
Feds Charge 8 in Large-Scale Ad Fraud & Botnet Scheme
News Analysis-Security Now  |  11/28/2018  | 
The Justice Department has charged eight people with operating a large-scale ad fraud scheme that involved a pair of botnets based on malware dubbed Kovter and Boaxxe.
UK & Dutch Authorities Slap Uber With Fines Over 2016 Data Breach
News Analysis-Security Now  |  11/28/2018  | 
On the same day, authorities in the UK and the Netherlands each fined Uber for a data breach that occurred in 2016 and affected millions of customers, as well as Uber drivers.
New Hacker Group Behind 'DNSpionage' Attacks in Middle East
News  |  11/27/2018  | 
Motives are not fully clear, though data exfiltration is one possibility, Cisco Talos says.
Who's the Weakest Link in Your Supply Chain?
News  |  11/27/2018  | 
Nearly 60% of organizations have suffered data breaches resulting from a third party, as suppliers pose a growing risk to enterprise security.
Another Microsoft MFA Outage Affects Multiple Services
Quick Hits  |  11/27/2018  | 
Once again, multifactor authentication issues have caused login problems for users across Office 365 and Azure, among other services.
Uber Hit With $1.2 Million Additional Fines for 2016 Data Breach
Quick Hits  |  11/27/2018  | 
Now the penalties are coming from Europe.
How to Find a Privacy Job That You'll Love (& Why)
Commentary  |  11/27/2018  | 
Advice from a millennial woman who has done it: Find your niche and master your craft. You will be amazed at how significant your work will be.
8 Tips for Preventing Credential Theft Attacks on Critical Infrastructure
Commentary  |  11/27/2018  | 
Stolen credentials for industrial control system workstations are fast becoming the modus operandi for ICS attacks by cybercriminals.
Rowhammer Vulnerability Can Bypass ECC Memory Chips
Larry Loeb  |  11/27/2018  | 
New research finds that the Rowhammer vulnerability can be adjusted to bypass ECC memory chips, exposing processors to an attack.
12 Cloud Backup Tips to Protect Your Business's Back-End Servers
Alan Zeichick  |  11/27/2018  | 
The cloud can offer cost-effective backups for enterprise web servers, file servers and other critical infrastructure. Here are a dozen tips on how to make cloud backups safe and efficient.
Buckle Up: A Closer Look at Airline Security Breaches
News  |  11/26/2018  | 
Cyberattacks on airports and airlines are often unrelated to passenger safety but that's no reason to dismiss them, experts say.
USPS Web Vuln Exposes Data of 60 Million
Quick Hits  |  11/26/2018  | 
The US Postal Service recently fixed a security bug that allowed any USPS.com account holder to view or change other users' data.
Ransomware Attack Forced Ohio Hospital System to Divert ER Patients
Quick Hits  |  11/26/2018  | 
Malware infection fallout sent ambulances away from East Ohio Regional Hospital and Ohio Valley Medical Center over the Thanksgiving weekend.
Transforming into a CISO Security Leader
Commentary  |  11/26/2018  | 
Are you thinking of changing your career route from techie to CISO? Are you making the right choice? Only you know for sure.
Carbon Black: Cyber Attacks Could Jump 60% During Holidays
Jeffrey Burt  |  11/26/2018  | 
Spear-phishing campaigns are the most common form of attack as shoppers go to the stores and online and employees hit the road, according to a survey from Carbon Black.
7 Real-Life Dangers That Threaten Cybersecurity
Slideshows  |  11/26/2018  | 
Cybersecurity means more than bits and bytes; threats are out there IRL, and IT pros need to be prepared.
Cross-Functional Communication Can Better Secure Your Enterprise
News Analysis-Security Now  |  11/26/2018  | 
Security teams are being asked to not only handle a greater threat landscape, but help the entire enterprise stay secure. Cross-functional communication can help your security work more effectively outside the InfoSec department.
Paper Trail Absence May Still Plague 2020 Election
Quick Hits  |  11/25/2018  | 
The recommendation for paper ballots may go unheeded in all or part of at least 6 states in the next national election.
GDPR Presents New Challenges in Backup & Disaster Recovery Management
Joe Stanganelli  |  11/23/2018  | 
GDPR applies not only to primary systems, but also to backup and recovery systems. Cloud storage, combined with a modicum of common sense, may prove essential to helping with GDPR compliance for these systems.
Perceptual Ad Blockers Have Security Flaws, Too
Larry Loeb  |  11/22/2018  | 
Blocking ads is more than stopping annoying pop-ups. There's a security component as well. However, a crop of perceptual ad blockers that use machine learning have their own flaws and shortcomings.
Mirai Evolves From IoT Devices to Linux Servers
News  |  11/21/2018  | 
Netscout says it has observed at least one dozen Mirai variants attempting to exploit a recently disclosed flaw in Hadoop YARN on Intel servers.
Amazon Low-Key Reveals Breach of Some Customer Data
Quick Hits  |  11/21/2018  | 
'Technical error' exposed names and email addresses.
Page 1 / 4   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-42258
PUBLISHED: 2021-10-22
BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include ...
CVE-2020-28968
PUBLISHED: 2021-10-22
Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Configuration module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username input field.
CVE-2020-28969
PUBLISHED: 2021-10-22
Aplioxio PDF ShapingUp 5.0.0.139 contains a buffer overflow which allows attackers to cause a denial of service (DoS) via a crafted PDF file.
CVE-2020-36485
PUBLISHED: 2021-10-22
Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file.
CVE-2020-36486
PUBLISHED: 2021-10-22
Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling.