Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in November 2018
<<   <   Page 4 / 4
'Trump' Tops Election-Spam Subject Lines
Quick Hits  |  11/5/2018  | 
Fake email messages aka spam contain the president's name in 2,811% of median message sampling.
Energy Sector's IT Networks in the Bulls-Eye
News  |  11/5/2018  | 
Attackers are actively infiltrating energy organizations and utilities for reconnaissance purposes.
Thoma Bravo Buys Veracode
News  |  11/5/2018  | 
Broadcom will sell Veracode, acquired last year by CA, for $950M to Thoma Bravo as it broadens its security portfolio.
7 Non-Computer Hacks That Should Never Happen
Slideshows  |  11/5/2018  | 
From paper to IoT, security researchers offer tips for protecting common attack surfaces that you're probably overlooking.
Symantec Acquires Appthority And Javelin Networks
Quick Hits  |  11/5/2018  | 
Both buys bolster the cybersecurity company's endpoint security business.
After the Breach: Tracing the 'Smoking Gun'
Commentary  |  11/5/2018  | 
Systems, technology, and threats change, and your response plan should, too. Here are three steps to turn your post-breach assessment into a set of workable best practices.
'BLEEDINGBIT' Bluetooth Vulnerability Leaves Enterprises Exposed to Attacks
Larry Loeb  |  11/5/2018  | 
Security firm Armis has found two, zero-day vulnerabilities in the BLE protocol of Texas Instrument chips that researchers call 'BLEEDINGBIT.'
On Eve of 2018 Midterm Elections, All Eyes Still on Cybersecurity
Jeffrey Burt  |  11/5/2018  | 
Netscout and McAfee executives talk about the myriad challenges facing state and county election officials as voting for the 2018 midterm elections is about to get underway.
Worst Malware and Threat Actors of 2018
News  |  11/2/2018  | 
Two reports call out the most serious malware attacks and attackers of the year (so far).
Ex-Employees Allegedly Steal Micron Trade Secrets Valued At Over $400 Million
News  |  11/2/2018  | 
Three individuals who worked for DRAM maker's Taiwan subsidiary stole Micron IP to benefit company controlled by China's government, US says in indictment.
NITTF Releases New Model for Insider Threat Program
Quick Hits  |  11/2/2018  | 
The Insider Threat Program Maturity Framework is intended to help government agencies strengthen their programs.
Cisco Reports SIP Inspection Vulnerability
Quick Hits  |  11/2/2018  | 
Advisory addresses active exploitation of vuln in the wild, with no clear solution in sight.
Tackling Cybersecurity from the Inside Out
Commentary  |  11/2/2018  | 
New online threats require new solutions.
RDP Attacks Prompt New Slate of Security Warnings
Larry Loeb  |  11/2/2018  | 
Following a warning by the FBI, Trend Micro has issued its own alert about an increase in RDP attacks that have targeted enterprises all around the world.
Kraken Cryptor Update Points to Rise of Ransomware-as-a-Service
News Analysis-Security Now  |  11/2/2018  | 
With the group behind the Fallout Exploit Kit distributing a new version of Kraken Cryptor, a joint investigation by McAfee and Recorded Future finds that ransomware-as-a-service is on the rise.
Speed Up AppSec Improvement With an Adversary-Driven Approach
News  |  11/2/2018  | 
Stop overwhelming developers and start using real-world attack behavior to prioritize application vulnerability fixes.
New Bluetooth Vulnerabilities Exposed in Aruba, Cisco, Meraki Access Points
News  |  11/1/2018  | 
'BleedingBit' could give attackers control of the wireless network from a remote vantage point.
Microsoft, Amazon Top BEC's Favorite Brands
News  |  11/1/2018  | 
When attackers want to impersonate a brand via email, the majority turn to Microsoft and Amazon because of their ubiquity in enterprise environments.
Where Is the Consumer Outrage about Data Breaches?
Commentary  |  11/1/2018  | 
Facebook, Equifax, Cambridge Analytica Why do breaches of incomprehensible magnitude lead to a quick recovery for the businesses that lost or abused the data and such little lasting impact for the people whose information is stolen.
Radisson Rewards Program Targeted in Data Breach
Quick Hits  |  11/1/2018  | 
It's the latest in a series of attacks targeting the travel industry, following incidents at British Airways and Cathay Pacific.
FIFA Reveals Second Hack
Quick Hits  |  11/1/2018  | 
Successful phishing campaign leads attackers to confidential information of world soccer's governing body.
Not Every Security Flaw Is Created Equal
Commentary  |  11/1/2018  | 
You need smart prioritization to close the riskiest vulnerabilities. Effective DevSecOps leads the way, according to a new study.
Let's Get Physical: Why Protecting Hardware Is Essential to Good Cybersecurity
Alan Zeichick  |  11/1/2018  | 
Enterprises need to consider physical security as part of any comprehensive cybersecurity plan.
New 'Sextortion' Schemes Fueled by Stolen Passwords & Credentials
News Analysis-Security Now  |  11/1/2018  | 
Cybercriminals are using a cache of old, stolen credentials and passwords to fuel a new spate of 'sextortion' campaigns aimed at embarrassing individual users, according to data compiled by Barracuda Networks.
DoJ Charges 10 Chinese Nationals in Elaborate Cyberespionage Case
News Analysis-Security Now  |  11/1/2018  | 
The Justice Department has indicted 10 Chinese nationals as part of an elaborate cyberespionage case that involved stealing plans for a new turbonfan engine and infecting computers with malware.
<<   <   Page 4 / 4


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-35198
PUBLISHED: 2021-05-12
An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
CVE-2021-23872
PUBLISHED: 2021-05-12
Privilege Escalation vulnerability in the File Lock component of McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by manipulating a symbolic link in the IOTL interface.
CVE-2021-23891
PUBLISHED: 2021-05-12
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.32 allows a local user to gain elevated privileges by impersonating a client token which could lead to the bypassing of MTP self-defense.
CVE-2021-23892
PUBLISHED: 2021-05-12
By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitra...
CVE-2020-36289
PUBLISHED: 2021-05-12
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and fro...