Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in November 2018
<<   <   Page 2 / 4   >   >>
To Stockpile or Not to Stockpile Zero-Days?
Commentary  |  11/21/2018  | 
As the debate rages on, there is still no simple answer to the question of whether the government should stockpile or publicly disclose zero-day vulnerabilities.
2018 Hacker Kids Gift Guide
Slideshows  |  11/21/2018  | 
Fun gift choices that foster design thinking and coding skills in kids both young and old.
Geoblocking, Even at Low Levels, Restricts Internet Freedom Study
Larry Loeb  |  11/21/2018  | 
A new research paper from the University of Michigan and Cloudflare finds that geoblocking or geofencing is not as extensive as some believe. However, even at low levels, this practice can restrict Internet freedom.
Russia Linked Group Resurfaces With Large-Scale Phishing Campaign
News  |  11/20/2018  | 
APT29/Cozy Bear is targeting individuals in military, government, and other sectors via email purporting to be from US State Department.
Microsoft Enables Account Sign-In via Security Key
News  |  11/20/2018  | 
Account holders can use a FIDO2-compatible key or Windows Hello to authenticate sans username or password.
Report: Tens of Thousands of E-Commerce Sites at Heightened Security Risk
Quick Hits  |  11/20/2018  | 
Report delivered at Payment Card Industry Security Standards Council meeting flags issues in deployments of Magento, a popular e-commerce platform.
Cybersecurity at the Core
Commentary  |  11/20/2018  | 
For too long, cybersecurity has been looked at as one team's responsibility. If we maintain that mentality, we will fail.
Consumers Are Forgiving After a Data Breach, but Companies Need To Respond Well
News  |  11/20/2018  | 
A solid response and reputation management program will go a long way in surviving a major breach.
6,500 Dark Web Sites Offline After Hosting Service Attacked
Quick Hits  |  11/20/2018  | 
The actor behind the attack on Daniel's Hosting, and their initial point of entry, remain unknown.
8 Security Buzzwords That Are Too Good to Be True
Commentary  |  11/20/2018  | 
If you can't get straight answers about popular industry catchphrases, maybe it's time to ask your vendor: How do you actually use the technology?
Leaderboard Shows Adoption of DMARC Email Security Protocol
News  |  11/20/2018  | 
A new tool from the Global Cyber Alliance shows where companies and organizations are adopting Domain-based Message Authentication, Reporting & Conformance.
IoT Security Problems Can Cost Enterprises Millions
Jeffrey Burt  |  11/20/2018  | 
A survey by DigiCert finds that the IoT is a priority for most companies, but many enterprises struggle when it comes to security and privacy. This can translate into firms losing millions.
Former FBI Agent James Gagliano: 'Cyber Touches Everything'
News Analysis-Security Now  |  11/20/2018  | 
Former FBI Agent James Gagliano sees the worlds of physical security and cybersecurity increasingly merging in the area of critical infrastructure.
Securities Markets at High Risk of Cyberattack
News  |  11/19/2018  | 
A report by BAE Systems and SWIFT shows that financial market areas such as equities trading, bonds, and derivatives face more threats than banking, forex, and trade finance.
Vulnerabilities Dip 7%, but Researchers Are Cautious
News  |  11/19/2018  | 
Risk Based Security reports 16,172 bugs disclosed through the end of October, but researchers warn things may change.
Divide Remains Between Cybersecurity Awareness and Skill
Quick Hits  |  11/19/2018  | 
Organizations understand the need for critical data protection but may lack the resources to respond.
7 Holiday Security Tips for Retailers
Slideshows  |  11/19/2018  | 
It's the most wonderful time of the year and hackers are ready to pounce. Here's how to prevent them from wreaking holiday havoc.
Instagram Privacy Tool Exposed Passwords
Quick Hits  |  11/19/2018  | 
The 'Download Your Data' tool, intended to improve users' privacy, actually became a privacy risk.
Employees Traveling This Holiday? Don't Forget Good Security Practices
Larry Loeb  |  11/19/2018  | 
A survey finds that employees are more likely to bypass good security practices when they travel during the holiday season, but still log onto the corporate network to work.
Security Concerns Increasing as BYOD Programs Continue to Grow
Jeffrey Burt  |  11/19/2018  | 
Businesses are expanding their BYOD programs to include partners, customers and others, but most are behind in securing their mobile environments, according to a Bitglass survey.
DHS Task Force Moves Forward on Playbooks for Supply Chain Security
News  |  11/16/2018  | 
The public/private task force takes early steps toward securing the end-to-end supply chain.
New Bluetooth Hack Affects Millions of Vehicles
Quick Hits  |  11/16/2018  | 
Attack could expose the personal information of drivers who sync their mobile phone to a vehicle entertainment system.
BlackBerry Doubles Down on Security in $1.4B Acquisition of Cylance
News  |  11/16/2018  | 
BlackBerry aims to bring Cylance artificial intelligence and security tools into its software portfolio.
26M Texts Exposed in Poorly Secured Vovox Database
Quick Hits  |  11/16/2018  | 
The server, which lacked password protection, contained tens of millions of SMS messages, two-factor codes, shipping alerts, and other user data.
BlackBerry Acquiring Security & AI Firm Cylance for $1.4B
News Analysis-Security Now  |  11/16/2018  | 
BlackBerry is continuing to move away from its smartphone legacy with the acquisition of Cylance, a firm that specializes in artificial intelligence and security, in a deal worth $1.4 billion.
95% of Organizations Have Cultural Issues Around Cybersecurity
Commentary  |  11/16/2018  | 
Very few organizations have yet baked cybersecurity into their corporate DNA, research finds.
AI Poised to Drive New Wave of Exploits
News  |  11/16/2018  | 
Criminals are ready to use AI to dramatically speed the process of finding zero-day vulnerabilities in systems.
Magecart Attacks Proving Persistent Problem for Online Retailers
News Analysis-Security Now  |  11/16/2018  | 
A research report shows that one in five sites targeted by a Magecart attack become re-infected, with the average skimming operation lasting nearly 2 weeks.
New Spectre & Meltdown Attacks Show Limits of CPU Vulnerabilities
Larry Loeb  |  11/16/2018  | 
A group of researchers from Belgium, Austria and the US have uncovered more Spectre and Meltdown flaws in CPU architectures, but their paper also shows the limits of these vulnerabilities in real-world attacks.
7 Free (or Cheap) Ways to Increase Your Cybersecurity Knowledge
Slideshows  |  11/15/2018  | 
Building cybersecurity skills is a must; paying a lot for the education is optional. Here are seven options for increasing knowledge without depleting a budget.
Congress Passes Bill to Create New Federal Cybersecurity Agency
News  |  11/15/2018  | 
Cybersecurity and Infrastructure Security Agency Act now headed to President Trump for signing into law.
Cyber Crooks Diversify Business with Multi-Intent Malware
Commentary  |  11/15/2018  | 
The makers of malware have realized that if they're going to invest time and money in compromising cyber defenses, they should do everything they can to monetize their achievement.
Cloud, China, Generic Malware Top Security Concerns for 2019
News  |  11/15/2018  | 
FireEye researchers unveil an extensive list of security risks waiting in the new year's wings.
Japan Cyber Minister Says He Has Never Used a Computer
Quick Hits  |  11/15/2018  | 
Yoshitaka Sakurada, who recently took on the role after a cabinet shuffling, says it's up to the government to deal with it.
More Than 50% of Free Mobile VPN Apps Have Chinese Ties
Quick Hits  |  11/15/2018  | 
In addition, most have "unacceptable" privacy policies and "non-existent user support."
From Reactive to Proactive: Security as the Bedrock of the SDLC
Commentary  |  11/15/2018  | 
Secure code development should be a priority, not an afterthought, and adopting the software development life cycle process is a great way to start.
Mylobot Botnet & Khalesi Malware Deliver One-Two Security Punch
News Analysis-Security Now  |  11/15/2018  | 
The recently discovered Mylobot botnet is now delivering Khalesi information stealer malware as part of its payload, according to new research from CenturyLink.
Kubernetes & Containers Stir Security Concerns in the Cloud
News Analysis-Security Now  |  11/15/2018  | 
A study by security startup StackRox finds that in the rush to incorporate Kubernetes and containers into enterprises' cloud plans, security issues are being missed.
WannaCry Continues Rampage 18 Months After First Outbreak
News Analysis-Security Now  |  11/15/2018  | 
A new report from Kaspersky Lab finds that 18 months after WannaCry fist infected Windows machines around the world, the ransomware remain a significant security threat.
Small-Time Cybercriminals Landing Steady Low Blows
News  |  11/14/2018  | 
High-end crime groups are acquiring the sorts of sophisticated capabilities only nation-states once had, while low-tier criminals maintain a steady stream of malicious activity, from cryptomining to PoS malware.
Security Teams Struggle with Container Security Strategy
News  |  11/14/2018  | 
Fewer than 30% of firms have more than a basic container security plan in place.
Cryptojacking, Mobile Malware Growing Threats to the Enterprise
News  |  11/14/2018  | 
At the same time, criminal organizations continue to look for new ways to attack their victims.
Black Hat: European Security Pros Wrestling With Potential Breaches, Privacy Issues
News  |  11/14/2018  | 
Black Hat Europe attendee survey shows European cybersecurity leaders are uncertain of their ability to protect end user data and are fearful of a near-term breach of critical infrastructure.
Airlines Have a Big Problem with Bad Bots
News  |  11/14/2018  | 
Bad bots account for 43.9% of all traffic on their websites, APIs, and mobile apps, according to a new analysis of 100 airlines.
Understanding Evil Twin AP Attacks and How to Prevent Them
Commentary  |  11/14/2018  | 
The attack surface remains largely unprotected from Wi-Fi threats that can result in stolen credentials and sensitive information as well as backdoor/malware payload drops.
Can Businesses Stand Up to Cybercrime? Only 61% Say Yes
Quick Hits  |  11/14/2018  | 
While 96% of US organizations say business resilience should be core to company strategy, only 61% say it actually is.
To Click or Not to Click: The Answer Is Easy
Commentary  |  11/14/2018  | 
Mega hacks like the Facebook breach provide endless ammo for spearphishers. These six tips can help you stay safer.
Sophos: 'Living off the Land' Is the Law of the Land
News Analysis-Security Now  |  11/14/2018  | 
In its annual Threat Report, Sophos Labs researchers find that cybercriminals are using 'living off the Land' techniques more frequently for their attacks. At the same time, the study finds that ransomware is getting more hands-on.
Google Data Center Traffic Rerouted to Nigeria, China & Russia
Larry Loeb  |  11/14/2018  | 
For over an hour this week, some Internet traffic from Google's data centers was rerouted through a Nigerian ISP and possibly sent to Russia and China.
Microsoft Patch Tuesday Recap: 12 Critical Bugs Fixed
Quick Hits  |  11/13/2018  | 
Eight of the 12 critical vulnerabilities addressed this month affect the Chakra Scripting Engine in Microsoft Edge.
<<   <   Page 2 / 4   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27180
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail (aka WorldClient). It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user.
CVE-2021-27181
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the va...
CVE-2021-27182
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail (aka WorldClient). It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user.
CVE-2021-27183
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to modify existing files. This vulnerability may directly lead...
CVE-2021-29449
PUBLISHED: 2021-04-14
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details.