Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in November 2018
Page 1 / 3   >   >>
Holiday Hacks: 6 Cyberthreats to Watch Right Now
Slideshows  |  11/30/2018  | 
'Tis the season for holiday crafted phishes, scams, and a range of cyberattacks. Experts list the hottest holiday hacks for 2018.
Retailers Make Big Strides In Offering Clear Unsubscribe Links
News  |  11/30/2018  | 
They're also honoring unsubscribe requests as soon as they're made, according to the Online Trust Alliance.
Massive Starwood Hotels Breach Hits 500 Million Guests
News  |  11/30/2018  | 
Among the unknowns: who is behind the breach and how many of the affected records have been sold or used by criminals.
Threat Hunting: Improving Bot Detection in Enterprise SD-WANs
Commentary  |  11/30/2018  | 
How security researchers tracked down Kuai and Bujoi malware through multiple vectors including client type, traffic frequency, and destination.
39 Arrested in Tech Support Scam Crackdown: Microsoft
Quick Hits  |  11/30/2018  | 
Law enforcement officials in India raided 16 call center locations that conned primarily American and Canadian victims.
MITRE Changes the Game in Security Product Testing
News  |  11/29/2018  | 
Nonprofit has published its first-ever evaluation of popular endpoint security tools - measured against its ATT&CK model.
Overall Volume of Thanksgiving Weekend Malware Attacks Lower This Year
News  |  11/29/2018  | 
But ransomware attacks go through the roof, new threat data from SonicWall shows.
Anti-Botnet Guide Aims to Tackle Automated Threats
News  |  11/29/2018  | 
The international guide is intended to help organizations defend their networks and systems from automated and distributed attacks.
Dell Forces Password Reset for Online Customers Following Data Breach
News  |  11/29/2018  | 
Move prompts questions about scope of intrusion and strength of company's password hashing.
Establishing True Trust in a Zero-Trust World
Commentary  |  11/29/2018  | 
Our goal should not be to merely accept zero trust but gain the visibility required to establish true trust.
Dunkin' Donuts Serves Up Data Breach Alert
Quick Hits  |  11/29/2018  | 
Forces potentially affected DD Perks customers to reset their passwords after learning of unauthorized access to their personal data.
Beware the Malware-Laden Brexit News
News  |  11/29/2018  | 
New Fancy Bear attack campaign lures victims with phony Brexit-themed document to deliver Zekapab payload.
The Return of Email Flooding
Commentary  |  11/29/2018  | 
An old attack technique is making its way back into the mainstream with an onslaught of messages that legacy tools and script writing can't easily detect.
New Report Details Rise, Spread of Email-based Attacks
News  |  11/29/2018  | 
Criminals are diversifying their target list and tactics in a continuing effort to keep email a valuable attack vector against enterprise victims.
Incorrect Assessments of Data Value Putting Organizations at Risk
News  |  11/28/2018  | 
Information security groups often underestimate or overestimate the true value of data assets, making it harder to prioritize controls.
Federal Indictments in SamSam Ransomware Campaign
News  |  11/28/2018  | 
Two Iranian nationals have been indicted on multiple counts by a federal grand jury in connection with the SamSam ransomware attacks that struck government, critical infrastructure, and healthcare organizations.
Google, White Ops, Industry Players Dismantle 3ve Ad Fraud Operation
News  |  11/28/2018  | 
3ve, an ad fraud operation amassing 1.7M infected machines, was taken down in an operation driven by law enforcement, Google, White Ops, and several security companies.
Middle East, North Africa Cybercrime Ups Its Game
News  |  11/28/2018  | 
Ransomware, DDoS extortion, and encrypted communications abound as cybercriminals in the region refine their tradecraft.
Atrium Health Breach Exposes 2.65 Million Patient Records
Quick Hits  |  11/28/2018  | 
Supplier that handles billing and online payments for health-care provider became aware of incident Oct. 1.
Data Breach Threats Bigger Than Ever
Commentary  |  11/28/2018  | 
A quarter of IT and security leaders expect a major data breach in the next year.
Amazon Rolls Out AWS Security Hub
Quick Hits  |  11/28/2018  | 
New security platform aggregates information from Amazon Web Services cloud accounts and third-party tools.
The "Typical" Security Engineer: Hiring Myths & Stereotypes
Commentary  |  11/28/2018  | 
In an environment where talent is scarce, it's critical that hiring managers remove artificial barriers to those whose mental operating systems are different.
New Hacker Group Behind 'DNSpionage' Attacks in Middle East
News  |  11/27/2018  | 
Motives are not fully clear, though data exfiltration is one possibility, Cisco Talos says.
Who's the Weakest Link in Your Supply Chain?
News  |  11/27/2018  | 
Nearly 60% of organizations have suffered data breaches resulting from a third party, as suppliers pose a growing risk to enterprise security.
Another Microsoft MFA Outage Affects Multiple Services
Quick Hits  |  11/27/2018  | 
Once again, multifactor authentication issues have caused login problems for users across Office 365 and Azure, among other services.
Uber Hit With $1.2 Million Additional Fines for 2016 Data Breach
Quick Hits  |  11/27/2018  | 
Now the penalties are coming from Europe.
How to Find a Privacy Job That You'll Love (& Why)
Commentary  |  11/27/2018  | 
Advice from a millennial woman who has done it: Find your niche and master your craft. You will be amazed at how significant your work will be.
8 Tips for Preventing Credential Theft Attacks on Critical Infrastructure
Commentary  |  11/27/2018  | 
Stolen credentials for industrial control system workstations are fast becoming the modus operandi for ICS attacks by cybercriminals.
Buckle Up: A Closer Look at Airline Security Breaches
News  |  11/26/2018  | 
Cyberattacks on airports and airlines are often unrelated to passenger safety but that's no reason to dismiss them, experts say.
USPS Web Vuln Exposes Data of 60 Million
Quick Hits  |  11/26/2018  | 
The US Postal Service recently fixed a security bug that allowed any USPS.com account holder to view or change other users' data.
Ransomware Attack Forced Ohio Hospital System to Divert ER Patients
Quick Hits  |  11/26/2018  | 
Malware infection fallout sent ambulances away from East Ohio Regional Hospital and Ohio Valley Medical Center over the Thanksgiving weekend.
Transforming into a CISO Security Leader
Commentary  |  11/26/2018  | 
Are you thinking of changing your career route from techie to CISO? Are you making the right choice? Only you know for sure.
7 Real-Life Dangers That Threaten Cybersecurity
Slideshows  |  11/26/2018  | 
Cybersecurity means more than bits and bytes; threats are out there IRL, and IT pros need to be prepared.
Paper Trail Absence May Still Plague 2020 Election
Quick Hits  |  11/25/2018  | 
The recommendation for paper ballots may go unheeded in all or part of at least 6 states in the next national election.
Mirai Evolves From IoT Devices to Linux Servers
News  |  11/21/2018  | 
Netscout says it has observed at least one dozen Mirai variants attempting to exploit a recently disclosed flaw in Hadoop YARN on Intel servers.
Amazon Low-Key Reveals Breach of Some Customer Data
Quick Hits  |  11/21/2018  | 
'Technical error' exposed names and email addresses.
To Stockpile or Not to Stockpile Zero-Days?
Commentary  |  11/21/2018  | 
As the debate rages on, there is still no simple answer to the question of whether the government should stockpile or publicly disclose zero-day vulnerabilities.
2018 Hacker Kids Gift Guide
Slideshows  |  11/21/2018  | 
Fun gift choices that foster design thinking and coding skills in kids both young and old.
Russia Linked Group Resurfaces With Large-Scale Phishing Campaign
News  |  11/20/2018  | 
APT29/Cozy Bear is targeting individuals in military, government, and other sectors via email purporting to be from US State Department.
Microsoft Enables Account Sign-In via Security Key
News  |  11/20/2018  | 
Account holders can use a FIDO2-compatible key or Windows Hello to authenticate sans username or password.
Report: Tens of Thousands of E-Commerce Sites at Heightened Security Risk
Quick Hits  |  11/20/2018  | 
Report delivered at Payment Card Industry Security Standards Council meeting flags issues in deployments of Magento, a popular e-commerce platform.
Cybersecurity at the Core
Commentary  |  11/20/2018  | 
For too long, cybersecurity has been looked at as one team's responsibility. If we maintain that mentality, we will fail.
Consumers Are Forgiving After a Data Breach, but Companies Need To Respond Well
News  |  11/20/2018  | 
A solid response and reputation management program will go a long way in surviving a major breach.
6,500 Dark Web Sites Offline After Hosting Service Attacked
Quick Hits  |  11/20/2018  | 
The actor behind the attack on Daniel's Hosting, and their initial point of entry, remain unknown.
8 Security Buzzwords That Are Too Good to Be True
Commentary  |  11/20/2018  | 
If you can't get straight answers about popular industry catchphrases, maybe it's time to ask your vendor: How do you actually use the technology?
Leaderboard Shows Adoption of DMARC Email Security Protocol
News  |  11/20/2018  | 
A new tool from the Global Cyber Alliance shows where companies and organizations are adopting Domain-based Message Authentication, Reporting & Conformance.
Securities Markets at High Risk of Cyberattack
News  |  11/19/2018  | 
A report by BAE Systems and SWIFT shows that financial market areas such as equities trading, bonds, and derivatives face more threats than banking, forex, and trade finance.
Vulnerabilities Dip 7%, but Researchers Are Cautious
News  |  11/19/2018  | 
Risk Based Security reports 16,172 bugs disclosed through the end of October, but researchers warn things may change.
Divide Remains Between Cybersecurity Awareness and Skill
Quick Hits  |  11/19/2018  | 
Organizations understand the need for critical data protection but may lack the resources to respond.
7 Holiday Security Tips for Retailers
Slideshows  |  11/19/2018  | 
It's the most wonderful time of the year and hackers are ready to pounce. Here's how to prevent them from wreaking holiday havoc.
Page 1 / 3   >   >>


97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
How Security Vendors Can Address the Cybersecurity Talent Shortage
Rob Rashotte, VP of Global Training and Technical Field Enablement at Fortinet,  5/24/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7068
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7069
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7070
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7071
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2019-7072
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .