Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in November 2019
<<   <   Page 2 / 3   >   >>
TPM-Fail: What It Means & What to Do About It
Commentary  |  11/19/2019  | 
Trusted Platform Modules are well-suited to a wide range of applications, but for the strongest security, architect them into "defense-in-depth" designs.
Most Companies Lag Behind '1-10-60' Benchmark for Breach Response
News  |  11/19/2019  | 
Average company needs 162 hours to detect, triage, and contain a breach, according to a new CrowdStrike survey.
I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Commentary  |  11/19/2019  | 
A feature that's supposed to make your account more secure -- adding a cellphone number -- has become a vector of attack in SIM-swapping incidents. Here's how it's done and how you can protect yourself.
Security & the Internet of Things: What You Need to Know
Steve Durbin  |  11/19/2019  | 
The Internet of Things (IoT) has burst into the connected world and promises much: from enabling the digital organization, to making domestic life richer and easier. However, with those promises come inevitable risks: the rush to adoption has highlighted serious deficiencies in both the security design of IoT devices and their implementation.
Magecart Hits Macy's: Retailer Discloses Data Breach
Quick Hits  |  11/19/2019  | 
The retail giant discovered malicious code designed to capture customer data planted on its payment page.
A Security Strategy That Centers on Humans, Not Bugs
Commentary  |  11/19/2019  | 
The industry's fixation on complex exploits has come at the expense of making fundamentals easy and intuitive for end users.
Americans Fed Up with Lack of Data Privacy
News  |  11/18/2019  | 
Eight out of every 10 US adults are worried over their inability to control how data about them is used, a new Pew Research survey shows.
Disney+ Credentials Land in Dark Web Hours After Service Launch
Quick Hits  |  11/18/2019  | 
The credentials, priced from free to $11 per account, appear to be due to victims' re-use of logins and passwords.
Windows Hello for Business Opens Door to New Attack Vectors
News  |  11/18/2019  | 
Researchers exploring Windows Hello for Business found an Active Directory backdoor and other attack vectors that could lead to privilege escalation.
GitHub Initiative Seeks to Secure Open Source Code
News  |  11/18/2019  | 
New Security Lab will give researchers, developers, code maintainers, and organizations a way to coordinate efforts on addressing vulnerabilities.
Human Nature vs. AI: A False Dichotomy?
Commentary  |  11/18/2019  | 
How the helping hand of artificial intelligence allows security teams to remain human while protecting themselves from their own humanity being used against them.
Facebook Discloses WhatsApp MP4 Video Vulnerability
Quick Hits  |  11/18/2019  | 
A stack-based buffer overflow bug can be exploited by sending a specially crafted video file to a WhatsApp user.
Iran Rustles Up Its Own VPN to Hide Itself
Larry Loeb  |  11/18/2019  | 
Trend Micro has found recent traces of APT33 operations, with about a dozen Command and Control servers being used for extremely narrow targeting.
Quantum Computing Breakthrough Accelerates the Need for Future-Proofed PKI
Commentary  |  11/18/2019  | 
Public key infrastructure is a foundational security tool that has evolved to become a critical base for future advancements. Today's generation of PKI can be coupled with quantum-resistant algorithms to extend the lifespan of digital certificates for decades.
13 Security Pros Share Their Most Valuable Experiences
Slideshows  |  11/18/2019  | 
From serving as an artillery Marine to working a help desk, infosec practitioners pinpoint experiences that had the greatest influence on their careers.
Illegal Booter Connected with DDoSes Sentenced to Prison, Fine
Quick Hits  |  11/15/2019  | 
The Illinois-based man operated a criminal service that launched millions of DDoS attacks and brought in hundreds of thousands of dollars.
12 Tips for Dealing with a Manipulative Security Manager
Commentary  |  11/15/2019  | 
Don't let yourself be stuck in an unhealthy work environment with a toxic manager who takes advantage of your talent.
Attackers' Costs Increasing as Businesses Focus on Security
News  |  11/15/2019  | 
Based on penetration tests and vulnerability assessments, attackers' costs to compromise a company's network increases significantly when security is continuously tested, a report finds.
DevSecOps: The Answer to the Cloud Security Skills Gap
Commentary  |  11/15/2019  | 
There's a skills and resources gap industrywide, but a DevSecOps approach can go a long way toward closing that gap.
Symantec, McAfee Patch Privilege Escalation Bugs
News  |  11/14/2019  | 
All versions of endpoint protection software from both vendors were susceptible to near identical issue, SafeBreach says.
BSIMM10 Shows Industry Vertical Maturity
Commentary  |  11/14/2019  | 
The Building Security In Maturity Model is the only detailed measuring stick for software security initiatives, and it continues to evolve.
Capture the Flag Planned to Find Missing Persons Information
Quick Hits  |  11/14/2019  | 
The competition, launched by SANS and Trace Labs, will put to use open source information in search of new clues.
Attacks on Healthcare Jump 60% in 2019 - So Far
News  |  11/14/2019  | 
Well-known Trojans Emotet and Trickbot are cybercriminals' favorite weapons in their campaigns.
5 Cybersecurity CISO Priorities for the Future
Commentary  |  11/14/2019  | 
Seven chief information security officers share their pain points and two-year spending plans.
US-CERT Warns of Remotely Exploitable Bugs in Medical Devices
Quick Hits  |  11/14/2019  | 
Vulnerabilities in key surgical equipment could be remotely exploited by a low-skill attacker.
Problems With EU Payment Security Persist
Oliver Schonschek  |  11/14/2019  | 
Proposed new security procedures within the EU have troubled some payment service providers, leading to the postponement of their implementation.
Keeping It Real Can Pay Off for Old-School Attacks
Larry Loeb  |  11/14/2019  | 
Even a previously known attack can fool the security team if it is well crafted.
How Does Your Cyber Resilience Measure Up?
Commentary  |  11/14/2019  | 
The security measures companies take today may not be enough for tomorrow's cyber assault, but switching to a proactive, risk-based framework may better protect your organization.
Self-Cleaning Payment Card-Skimmer Infects E-Commerce Sites
News  |  11/13/2019  | 
'Pipka' JavaScript skimmer has infected at least 16 e-commerce websites so far, according to Visa's Payment Fraud Disruption Group.
Cybersecurity: An Organizationwide Responsibility
Commentary  |  11/13/2019  | 
C-suite execs must set an example of good practices while also supporting the IT department with enough budget to protect the organization from next-generation cyberattacks.
The Ripple Effect of Data Breaches: How Damage Spreads
News  |  11/13/2019  | 
The financial loss from so-called 'ripple events' is thirteen times greater than the cost of single-party security incidents.
2019 Trending as Worst Year on Record for Data Breaches
Quick Hits  |  11/13/2019  | 
New Risk Based Security report shows data breaches up 33.3% over last year so far.
Breaches Are Inevitable, So Embrace the Chaos
Commentary  |  11/13/2019  | 
Avoid sinking security with principles of shipbuilding known since the 15th century.
How PureLocker Ransomware Bypasses AV Checks
Larry Loeb  |  11/13/2019  | 
Intezer and IBM X-Force have found a new ransomware targeted at production servers. And it's sneaky...
Cardplanet Operator Extradited for Facilitating Credit Card Fraud
Quick Hits  |  11/13/2019  | 
Russian national Aleksei Burkov is charged with wire fraud, access device fraud, and conspiracy to commit identity theft, among other crimes.
Unreasonable Security Best Practices vs. Good Risk Management
Commentary  |  11/13/2019  | 
Perfection is impossible, and pretending otherwise just makes things worse. Instead, make risk-based decisions.
While CISOs Fret, Business Leaders Tout Security Robustness
News  |  11/12/2019  | 
A new Nominet survey shows a familiar disconnect between business and security teams on the matter of cyber preparedness.
Companies Increasingly Fail Interim Security Test, But Gap Narrows
News  |  11/12/2019  | 
Stability of PCI DSS helps companies cope and create more mature security programs, but some parts of the Payment Card Industry's Data Secure Standard continue to cause headaches.
Microsoft Patches IE Zero-Day Among 74 Vulnerabilities
News  |  11/12/2019  | 
The November Patch Tuesday update fixed 13 critical flaws, including a zero-day bug in Internet Explorer.
The Myths of Multifactor Authentication
Commentary  |  11/12/2019  | 
Organizations without MFA are wide open to attack when employees fall for phishing scams or share passwords. What's holding them back?
New DDoS Attacks Leverage TCP Amplification
News  |  11/12/2019  | 
Attackers over the past month have been using a rarely seen approach to disrupt services at large organizations in several countries.
Researchers Disclose New Vulnerabilities in Windows Drivers
News  |  11/12/2019  | 
Attackers could take advantage of simple design flaws in widely distributed drivers to gain control over Windows systems.
SHAKEN/STIR: Finally! A Solution to Caller ID Spoofing?
Commentary  |  11/12/2019  | 
The ubiquitous Caller ID hasn't changed much over the years, but the technology to exploit it has exploded. That may be about to change.
DDoS Attack Targets UK Labour Party Weeks Ahead of Election
Quick Hits  |  11/12/2019  | 
Cybercriminals tried to take the Labour Party's digital platforms offline weeks before the election on December 12.
TCP DDoS Reflection Attacks on the Rise
Larry Loeb  |  11/12/2019  | 
Radware report picks up on a change in attacker strategy.
Why Cyber-Risk Is a C-Suite Issue
Commentary  |  11/12/2019  | 
Organizations realize the scale of cyber-risk but lack counter-actions to build resilience.
Researchers Find New Approach to Attacking Cloud Infrastructure
News  |  11/11/2019  | 
Cloud APIs' accessibility over the Internet opens a new window for adversaries to gain highly privileged access to cloud assets.
OpenText to Buy Carbonite for $800M Cash in $1.42B Deal
Quick Hits  |  11/11/2019  | 
The acquisition was confirmed just six months after Carbonite bought Webroot.
Joker's Stash Puts $130M Price Tag on Credit Card Database
Quick Hits  |  11/11/2019  | 
A new analysis advises security teams on what they should know about the underground payment card seller.
5 Security Processes You Shouldn't Overlook During M&A
Commentary  |  11/11/2019  | 
Security needs to be a central element of due diligence if a merger or acquisition is to succeed
<<   <   Page 2 / 3   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27491
PUBLISHED: 2021-07-30
Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,The Ypsomed mylife Cloud discloses password hashes during the registration process.
CVE-2021-27495
PUBLISHED: 2021-07-30
Ypsomed mylife Cloud, mylife Mobile Application:Ypsomed mylife Cloud,All versions prior to 1.7.2,Ypsomed mylife App,All versions prior to 1.7.5,he Ypsomed mylife Cloud reflects the user password during the login process after redirecting the user from a HTTPS endpoint to a HTTP endpoint.
CVE-2021-32807
PUBLISHED: 2021-07-30
The module `AccessControl` defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of `Script (Python)` objects. The policies defined in `AccessControl` severely restrict acce...
CVE-2021-22521
PUBLISHED: 2021-07-30
A privileged escalation vulnerability has been identified in Micro Focus ZENworks Configuration Management, affecting version 2020 Update 1 and all prior versions. The vulnerability could be exploited to gain unauthorized system privileges.
CVE-2021-34629
PUBLISHED: 2021-07-30
The SendGrid WordPress plugin is vulnerable to authorization bypass via the get_ajax_statistics function found in the ~/lib/class-sendgrid-statistics.php file which allows authenticated users to export statistic for a WordPress multi-site main site, in versions up to and including 1.11.8.