Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in November 2018
<<   <   Page 3 / 4   >   >>
Getting to Know Magecart: An Inside Look at 7 Groups
News  |  11/13/2018  | 
A new report spills the details on Magecart, the criminal groups driving it, and ongoing attacks targeting low- and high-profile victims.
Empathy: The Next Killer App for Cybersecurity?
Commentary  |  11/13/2018  | 
The toughest security problems involve people not technology. Here's how to motivate your frontline employees all the way from the service desk to the corner office.
Google Traffic Temporarily Rerouted via Russia, China
News  |  11/13/2018  | 
The incident, which Google reports is now resolved, could be the result of either technical mistakes or malicious activity.
Netskope Announces Series F Funding Round
Quick Hits  |  11/13/2018  | 
The $168.7 million round will go toward R&D and global expansion, says cloud access security broker provider.
RIP, 'IT Security'
Commentary  |  11/13/2018  | 
Information security is vital, of course. But the concept of "IT security" has never made sense.
Cyber Attacks Becoming Greater Risk for Businesses Worldwide
News Analysis-Security Now  |  11/13/2018  | 
A new study by the World Economic Forum finds that cyber attacks present the greatest risk to businesses in Europe, North America and eastern Asia.
Cloudflare's 1.1.1.1 DNS Service Lands on Android, iOS
News Analysis-Security Now  |  11/13/2018  | 
Following the April announcement of its 1.1.1.1 offering, Cloudflare is bringing its new DNS resolution service to Android and iOS.
Sophisticated Campaign Targets Pakistan's Air Force
News  |  11/13/2018  | 
Espionage campaign uses a variety of new evasion techniques.
2018 on Track to Be One of the Worst Ever for Data Breaches
News  |  11/12/2018  | 
A total of 3,676 breaches involving over 3.6 billion records were reported in the first nine months of this year alone.
Paris Agreement on Cybercrime Falls Short of Unanimous Agreement
Quick Hits  |  11/12/2018  | 
More than 50 nations and 150 global companies agree to join effort to fight cybercrime.
Veterans Find New Roles in Enterprise Cybersecurity
News  |  11/12/2018  | 
Facebook and Synack create programs to educate vets and grow employment opportunities while shrinking the cybersecurity talent gap.
7 Cool New Security Tools to be Revealed at Black Hat Europe
Slideshows  |  11/12/2018  | 
Black Hat Europe's Arsenal lineup will include demoes of new security tools, from AI malware research to container orchestration.
Cyberattacks Top Business Risks in North America, Europe, EAP
Quick Hits  |  11/12/2018  | 
The World Economic Forum reports cyberattacks are a top enterprise concern following WannaCry and the rise of e-commerce.
'CARTA': A New Tool in the Breach Prevention Toolbox
Commentary  |  11/12/2018  | 
Gartner's continuous adaptive risk and trust assessment for averting a data breach addresses the shortcomings of static security programs.
Cryptojacking: Why SMBs Need to Stay on High Alert
News Analysis-Security Now  |  11/12/2018  | 
Cryptojacking is one of the biggest threats circulating these days. While all businesses are at risk, SMBs are especially prone to these types of attacks. Here's how smaller firms can protect themselves.
Metamorfo Trojan Revamped to Evade Antivirus Protections
Larry Loeb  |  11/12/2018  | 
The Metamorfo Trojan, which has targeted banks and other financial institutions in Brazil, has been revamped by threat actors to better evade antivirus and other security protections.
Inside CSAW, a Massive Student-Led Cybersecurity Competition
News  |  11/9/2018  | 
Nearly 400 high school, undergraduate, and graduate students advance to the final round of New York University's CSAW games.
Dropbox Teams with Israeli Security Firm Coronet
Quick Hits  |  11/9/2018  | 
The partnership is expected to improve threat detection for Dropbox while growing Coronet's user base.
What You Should Know About Grayware (and What to Do About It)
Slideshows  |  11/9/2018  | 
Grayware is a tricky security problem, but there are steps you can take to defend your organization when you recognize the risk.
Guilty Plea Made in Massive International Cell Phone Fraud Case
Quick Hits  |  11/9/2018  | 
A former West Palm Beach resident is the fifth defendant to plead guilty in a case involving thousands of victims.
The Morris Worm Turns 30
News  |  11/9/2018  | 
How the historic Internet worm attack of 1988 has shaped security or not.
Vulnerabilities in Our Infrastructure: 5 Ways to Mitigate the Risk
Commentary  |  11/9/2018  | 
By teaming up to address key technical and organizational issues, information and operational security teams can improve the resiliency and safety of their infrastructure systems.
Symantec Offers New Details of North Korean-Backed 'FASTCash' Attack
News Analysis-Security Now  |  11/9/2018  | 
"FASTCash" is a cyber attack targeting ATMs around the world with backing from the North Korean government, and now Symantec has new details about how the scheme works.
DJI Drones Buzzed Over Security Flaw in Company's User Forum
Larry Loeb  |  11/9/2018  | 
Check Point researchers found a flaw in the DJI's online user forum that could allow an attacker to access and steal information from one of the company's drones.
Symantec Uncovers North Korean Group's ATM Attack Malware
News  |  11/8/2018  | 
Lazarus Group has been using FastCash Trojan on obsolete AIX servers to empty tens of millions of dollars from ATMs.
Microsoft President: Governments Must Cooperate on Cybersecurity
News  |  11/8/2018  | 
Microsoft's Brad Smith calls on nations and businesses to work toward "digital peace" and acknowledge the effects of cybercrime.
User Behavior Analytics Could Find a Home in the OT World of the IIoT
Commentary  |  11/8/2018  | 
The technology never really took off in IT, but it could be very helpful in the industrial world.
Banking Malware Takes Aim at Brazilians
Quick Hits  |  11/8/2018  | 
Two malware distribution campaigns are sending banking Trojans to customers of financial institutions in Brazil.
5 Things the Most Secure Software Companies Do (and How You Can Be Like Them)
Commentary  |  11/8/2018  | 
What sets apart the largest and most innovative software engineering organizations? These five approaches are a good way to start, and they won't break the bank.
HSBC Data Breach Shows Failure to Protect Passwords & Access Controls
News Analysis-Security Now  |  11/8/2018  | 
This week, HSBC disclosed a data breach to customers that seems to show the bank failed to properly protect passwords and access controls that secured personal data.
New Botnet Infects 100K Routers to Blast Out Spam
News Analysis-Security Now  |  11/8/2018  | 
Qihoo 360's Netlab has found a new botnet dubbed BCMUPnP_Hunter, which can infect 100,000 home routers at a time to blast out spam by connecting to web servers for Outlook, Hotmail and Yahoo.
New Side-Channel Attacks Target Graphics Processing Units
News  |  11/7/2018  | 
A trio of new attacks bypass CPUs to wring data from vulnerable GPUs.
Finding Gold in the Threat Intelligence Rush
News  |  11/7/2018  | 
Researchers sift through millions of threat intel observations to determine where to best find valuable threat data.
Crytpocurrency Exchange Targeted Via Attack on Web Traffic Analysis Firm
News  |  11/7/2018  | 
"Island-hopping" attackers breached StatCounter so they could get to users of gate.io.
Checkmarx Acquires Custodela
Quick Hits  |  11/7/2018  | 
The purchase adds DevSecOps capabilities to a software exposure platform.
IT-to-OT Solutions That Can Bolster Security in the IIoT
Commentary  |  11/7/2018  | 
Industrial companies can use the hard-won, long-fought lessons of IT to leapfrog to an advanced state of Industrial Internet of Things security.
Why Password Management and Security Strategies Fall Short
News  |  11/7/2018  | 
Researchers say companies need to rethink their password training and take a more holistic approach to security.
Utah Hacker Pleads Guilty to DoS Attacks: DoJ
Quick Hits  |  11/7/2018  | 
Online gaming companies, including Sony Online Entertainment, and servers were main targets.
5 Reasons Why Threat Intelligence Doesn't Work
Commentary  |  11/7/2018  | 
Cybersecurity folks often struggle to get threat intelligence's benefits. Fortunately, there are ways to overcome these problems.
Enterprises Confronting Increasing Volume of Critical Vulnerabilities Study
News Analysis-Security Now  |  11/7/2018  | 
The number of high-alert and critical vulnerabilities continues to grow, with 2018 shaping up to be a record year for security flaws found within corporate networks, according to new research from Tenable.
20 Cybersecurity Firms to Watch
Slideshows  |  11/7/2018  | 
A look at some of the more interesting investments, acquisitions, and strategic moves in the security sector over the past year.
'Outlaw' IRC Bot Roughs Up Windows & Open Source Environments
Larry Loeb  |  11/7/2018  | 
Trend Micro is having a showdown with a IRC bot developed by a group dubbed 'Outlaw,' which is targeting Windows, Ubuntu and even Android environments.
'PortSmash' Brings New Side-Channel Attack to Intel Processors
News  |  11/6/2018  | 
New vulnerability exposes encryption keys in the first proof-of-concept code.
Most Businesses to Add More Cloud Security Tools
News  |  11/6/2018  | 
Cloud adoption drives organizations to spend in 2019 as they learn traditional security practices can't keep up.
Why the CISSP Remains Relevant to Cybersecurity After 28 Years
Commentary  |  11/6/2018  | 
The venerable Certified Information Systems Security Professional certification has been around for a very long time -- and for good reason.
Critical Encryption Bypass Flaws in Popular SSDs Compromise Data Security
News  |  11/6/2018  | 
Vulnerabilities in Samsung, Crucial storage devices enable data recovery without a password or decryption key, researchers reveal.
HSBC: Security Breach Exposes Account, Transaction Data
Quick Hits  |  11/6/2018  | 
Unauthorized users accessed HSBC accounts between Oct. 4 and 14, the bank reports in a letter to customers.
Hidden Costs of IoT Vulnerabilities
Commentary  |  11/6/2018  | 
IoT devices have become part of our work and personal lives. Unfortunately, building security into these devices was largely an afterthought.
Symantec Makes 2 Acquisitions, While Broadcom Dumps CA's Veracode Unit
News Analysis-Security Now  |  11/6/2018  | 
The global cybersecurity market got an early week shakeup as Symantec acquires Javelin Networks and Appthority on the same day. Meanwhile, Broadcom completed its deal for CA Technologies and immediately dumped the company's Veracode security unit.
Cybercrooks Redirect Vote411 Website Searchers to Scareware Page
News Analysis-Security Now  |  11/6/2018  | 
After comedian John Oliver promoted the Vote411 website on his show, cybercrooks started redirecting iOS users to an alternative site that serves up scareware.
<<   <   Page 3 / 4   >   >>


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24288
PUBLISHED: 2021-05-17
When subscribing using AcyMailing, the 'redirect' parameter isn't properly sanitized. Turning the request from POST to GET, an attacker can craft a link containing a potentially malicious landing page and send it to the victim.
CVE-2021-24289
PUBLISHED: 2021-05-17
There is functionality in the Store Locator Plus for WordPress plugin through 5.5.14 that made it possible for authenticated users to update their user meta data to become an administrator on any site using the plugin.
CVE-2021-24290
PUBLISHED: 2021-05-17
There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages.
CVE-2021-24292
PUBLISHED: 2021-05-17
The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy Addons Pro for Elementor WordPress plugin before 1.17.0 have a number of widgets that are vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method: The &acirc;&euro;&oe...
CVE-2021-24295
PUBLISHED: 2021-05-17
It was possible to exploit an Unauthenticated Time-Based Blind SQL Injection vulnerability in the Spam protection, AntiSpam, FireWall by CleanTalk WordPress Plugin before 5.153.4. The update_log function in lib/Cleantalk/ApbctWP/Firewall/SFW.php included a vulnerable query that could be injected via...