Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in November 2019
Page 1 / 3   >   >>
SQL Injection Errors No Longer the Top Software Security Issue
News  |  11/27/2019  | 
In newly updated Common Weakness Enumeration (CWE), SQL injection now ranks sixth.
Analysis of Jira Bug Stresses Impact of SSRF in Public Cloud
News  |  11/27/2019  | 
More than 3,100 Jira instances are still vulnerable to a server-side request forgery vulnerability patched in August.
Google Details Its Responses to Cyber Attacks, Disinformation
Quick Hits  |  11/27/2019  | 
Government groups continue to attack user credentials and distribute disinformation according to a new blog post from Google's Threat Analysis Group.
New Free Emulator Challenges Apple's Control of iOS
News  |  11/27/2019  | 
An open-source tool gives researchers and jailbreakers a free option for researching vulnerabilities in the operating system and gives Apple a new headache.
How to Get Prepared for Privacy Legislation
Commentary  |  11/27/2019  | 
All the various pieces of legislation, both in the US and worldwide, can feel overwhelming. But getting privacy basics right is a solid foundation.
Practical Principles for Security Metrics
Commentary  |  11/27/2019  | 
A proactive approach to cybersecurity requires the right tools, not more tools.
7 Ways to Hang Up on Voice Fraud
Slideshows  |  11/27/2019  | 
Criminals are coming at us from all direction, including our phones. Don't answer that next call without reading this tips first.
The Implications of Last Week's Exposure of 1.2B Records
News  |  11/26/2019  | 
Large sums of organized data, whether public or private, are worth their weight in gold to cybercriminals.
An Alarming Number of Software Teams Are Missing Cybersecurity Expertise
News  |  11/26/2019  | 
The overwhelming majority of developers worry about security and consider it important, yet many lack a dedicated cybersecurity leader.
'Dexphot': A Sophisticated, Everyday Threat
News  |  11/26/2019  | 
Though the cryptominer has received little attention, it exemplifies the complexity of modern malware, Microsoft says.
On the Border Warns of Data Breach
Quick Hits  |  11/26/2019  | 
Malware on a payment system could have stolen credit card info from customers in 28 states, according to the company.
DDoS: An Underestimated Threat
Commentary  |  11/26/2019  | 
Distributed denial-of-service (DDoS) attacks have become more common, more powerful, and more useful to attackers. Here's how to fight back.
NYPD Pulls Fingerprint Database Offline Due to Ransomware Scare
Quick Hits  |  11/26/2019  | 
An infected minicomputer distributed an unidentified threat to 23 machines connected to the LiveScan fingerprint tracking system.
5 Ways to Champion and Increase Your 2020 Security Budget
Commentary  |  11/26/2019  | 
Give your organization's leadership an impactful, out-of-office experience so they know what's at stake with their budgeting decisions.
Tushu, Take Twoshu: Malicious SDK Reappears in Google Play
News  |  11/25/2019  | 
Months after the Tushu SDK was found infecting Android apps on Google Play, its operators are back with new evasive techniques.
Most Organizations Have Incomplete Vulnerability Information
News  |  11/25/2019  | 
Companies that rely solely on CVE/NVD are missing 33% of disclosed flaws, Risk Based Security says.
T-Mobile Prepaid Hit by Significant Data Breach
Quick Hits  |  11/25/2019  | 
The breach, estimated to have affected more than a million customers, came from malicious external actors.
They See You When You're Shopping: Holiday Cybercrime Starts Early
Quick Hits  |  11/25/2019  | 
Researchers notice year-end phishing attacks starting in July and ramping up in September.
Time to Warn Users About Black Friday & Cyber Monday Scams
Commentary  |  11/25/2019  | 
Warn your employees to avoid the inevitable scams associated with these two "holidays," or you risk compromising your company's network.
Researchers Explore How Mental Health Is Tracked Online
News  |  11/22/2019  | 
An analysis of popular mental health-related websites revealed a vast number of trackers, many of which are used for targeted advertising.
Target Seeks $74M in Data Breach Reimbursement from Insurance Company
Quick Hits  |  11/22/2019  | 
The funds would cover some of the money Target paid to reimburse financial institutions for credit card replacement after the 2013 breach.
Black Hat Europe Q&A: Unveiling the Underground World of Anti-Cheats
News  |  11/22/2019  | 
Security consultant Joel Noguera describes how he got involved in testing anti-cheat software security, and what to expect from his upcoming Black Hat Europe talk.
1.2B Records Exposed in Massive Server Leak
Quick Hits  |  11/22/2019  | 
A single server leaked 4 terabytes of personal data, including social media profiles, work histories, and home and mobile phone numbers.
The 5-Step Methodology for Spotting Malicious Bot Activity on Your Network
Commentary  |  11/22/2019  | 
Bot detection over IP networks isn't easy, but it's becoming a fundamental part of network security practice.
Leaks of NSA, CIA Tools Have Leveled Nation-State Cybercriminal Capabilities
News  |  11/21/2019  | 
The wide availability of tools leaked by the Shadow Brokers and WikiLeaks in 2016 and 2017 have given emerging cyber powers a way to catch up, DarkOwl says.
Government Agency Partners on New Tool for Election Security
Quick Hits  |  11/21/2019  | 
The Cybersecurity and Infrastructure Security Agency has partnered with VotingWorks on an open source tool to aid election result audits.
3 Fundamentals for Better Security and IT Management
Commentary  |  11/21/2019  | 
Nail these security fundamentals, and your organization will be well-positioned to succeed next year and in the years to come.
Google Increases Top Android Hacking Prize to $1M
Quick Hits  |  11/21/2019  | 
Google expands its Android Security Rewards program and multiplies its top cash prize from $200,000 to $1 million.
6 Top Nontechnical Degrees for Cybersecurity
Slideshows  |  11/21/2019  | 
A computer science degree isn't the only path into a cybersecurity career.
The 'Department of No': Why CISOs Need to Cultivate a Middle Way
Commentary  |  11/21/2019  | 
A chief information security officer's job inherently involves conflict, but a go-along-to-get-along approach carries its own vulnerabilities and risks.
Anatomy of a BEC Scam
News  |  11/21/2019  | 
A look at the characteristics of real-world business email compromise attacks and what makes them tick.
As Retailers Prepare for the Holiday Season, So Do Cybercriminals
News  |  11/20/2019  | 
Online shoppers need to be wary about domain spoofing, fraudulent giveaways, and other scams, ZeroFOX study shows.
Patch 'Easily Exploitable' Oracle EBS Flaws ASAP: Onapsis
News  |  11/20/2019  | 
Organizations that have not yet applied a pair of months-old critical patches from Oracle for E-Business Suite are at risk of attacks on their financial systems, the application security firm says.
Google Cloud Update Gives Users Greater Data Control
Quick Hits  |  11/20/2019  | 
External Key Manager and Key Access Justification are intended to give organizations greater visibility into requests for data access.
Employee Privacy in a Mobile Workplace
Commentary  |  11/20/2019  | 
Why businesses need guidelines for managing their employees' personal information -- without compromising on security.
Former White House CIO Shares Enduring Security Strategies
News  |  11/20/2019  | 
Theresa Payton explains the strategies organizations should consider as they integrate layers of new technology.
Black Hat Europe Q&A: Exposing the Weaknesses in Contactless Payments
News  |  11/20/2019  | 
Researchers Leigh-Anne Galloway and Tim Yunusov chat about their work testing Visas contactless payments security system vulnerabilities.
Why Multifactor Authentication Is Now a Hacker Target
Commentary  |  11/20/2019  | 
SIM swaps, insecure web design, phishing, and channel-jacking are four ways attackers are circumventing MFA technology, according to the FBI.
Vulnerability Could Give Criminals Camera Control on Millions of Android Smartphones
Quick Hits  |  11/20/2019  | 
Unauthorized activities could be triggered even if a phone is locked, its screen is turned off, or a person is in the middle of a call.
Ransomware Surge & Living-Off-the-Land Tactics Remain Big Threats
News  |  11/19/2019  | 
Group-IB's and Rapid7's separate analysis of attack activity in recent months shows threat actors are making life harder for enterprise organizations in a variety of ways.
Attacker Mistake Botches Cyborg Ransomware Campaign
News  |  11/19/2019  | 
Cybercriminals attempted to install Cyborg ransomware on target machines by deceiving victims with a fraudulent Windows update.
DDoS Attacks Up Sharply in Third Quarter of 2019
Quick Hits  |  11/19/2019  | 
DDoS attacks of all sorts were up by triple-digit percentages, with smaller volume attacks growing most rapidly.
TPM-Fail: What It Means & What to Do About It
Commentary  |  11/19/2019  | 
Trusted Platform Modules are well-suited to a wide range of applications, but for the strongest security, architect them into "defense-in-depth" designs.
Most Companies Lag Behind '1-10-60' Benchmark for Breach Response
News  |  11/19/2019  | 
Average company needs 162 hours to detect, triage, and contain a breach, according to a new CrowdStrike survey.
I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Commentary  |  11/19/2019  | 
A feature that's supposed to make your account more secure -- adding a cellphone number -- has become a vector of attack in SIM-swapping incidents. Here's how it's done and how you can protect yourself.
Magecart Hits Macy's: Retailer Discloses Data Breach
Quick Hits  |  11/19/2019  | 
The retail giant discovered malicious code designed to capture customer data planted on its payment page.
A Security Strategy That Centers on Humans, Not Bugs
Commentary  |  11/19/2019  | 
The industry's fixation on complex exploits has come at the expense of making fundamentals easy and intuitive for end users.
Americans Fed Up with Lack of Data Privacy
News  |  11/18/2019  | 
Eight out of every 10 US adults are worried over their inability to control how data about them is used, a new Pew Research survey shows.
Disney+ Credentials Land in Dark Web Hours After Service Launch
Quick Hits  |  11/18/2019  | 
The credentials, priced from free to $11 per account, appear to be due to victims' re-use of logins and passwords.
Windows Hello for Business Opens Door to New Attack Vectors
News  |  11/18/2019  | 
Researchers exploring Windows Hello for Business found an Active Directory backdoor and other attack vectors that could lead to privilege escalation.
Page 1 / 3   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2016-11047
PUBLISHED: 2020-04-07
An issue was discovered on Samsung mobile devices with JBP(4.2) and KK(4.4) (Marvell chipsets) software. The ACIPC-MSOCKET driver allows local privilege escalation via a stack-based buffer overflow. The Samsung ID is SVE-2016-5393 (April 2016).
CVE-2016-11048
PUBLISHED: 2020-04-07
An issue was discovered on Samsung mobile devices with L(5.0/5.1) (Spreadtrum or Marvell chipsets) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2016-5421 (March 2016).
CVE-2016-11049
PUBLISHED: 2020-04-07
An issue was discovered on Samsung mobile devices with software through 2016-01-16 (Shannon333/308/310 chipsets). The IMEI may be retrieved and modified because of an error in managing key information. The Samsung ID is SVE-2016-5435 (March 2016).
CVE-2016-11050
PUBLISHED: 2020-04-07
An issue was discovered on Samsung mobile devices with S3(KK), Note2(KK), S4(L), Note3(L), and S5(L) software. An attacker can rewrite the IMEI by flashing crafted firmware. The Samsung ID is SVE-2016-5562 (March 2016).
CVE-2016-11051
PUBLISHED: 2020-04-07
An issue was discovered on Samsung mobile devices with J(4.2) (Qualcomm Wi-Fi chipsets) software. There is a buffer overflow in the Qualcomm WLAN Driver. The Samsung ID is SVE-2016-5326 (February 2016).