Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content
<<   <   Page 2 / 2
Attackers Scanning for PoS Software in New Sodinokibi Ransomware Campaign
News  |  6/23/2020  | 
Making extra money from victims appears to be the goal, Symantec says.
Back to Basics with Cloud Permissions Management
Commentary  |  6/23/2020  | 
By using the AAA permissions management framework for cloud operations, organizations can address authentication, authorization, and auditing.
Cybercrime Infrastructure Never Really Dies
News  |  6/23/2020  | 
Despite the takedown of the "CyberBunker" threat operators in 2019, command-and-control traffic continues to report back to the defunct network address space.
5 Steps for Implementing Multicloud Identity
Commentary  |  6/23/2020  | 
Why embracing, not fighting, decentralization will pave the way to smoother cloud migrations.
Pandemic Accelerates Priceline's 'Coffee Shop' Remote-Access Strategy
News  |  6/22/2020  | 
The travel-booking giant had been slowly starting to transition away from VPN dependence. Then COVID-19 happened, and suddenly 700 third-party call-center workers were working from home.
Microsoft Acquires IoT/OT Security Firm CyberX
Quick Hits  |  6/22/2020  | 
Deal extends Microsoft Azure for legacy industrial devices.
Firmware Flaw Allows Attackers to Evade Security on Some Home Routers
News  |  6/22/2020  | 
Networking devices sold under at least one major brand have a firmware vulnerability that allows hackers to take control of the device, a cybersecurity firm claims.
Employees Say They're Working From Home Without Security Guidance
Quick Hits  |  6/22/2020  | 
Working from home is new for many enterprise employees, yet many say they've received little in the way of new training or technology to keep them safe.
Long-Term Effects of COVID-19 on the Cybersecurity Industry
Commentary  |  6/22/2020  | 
The maelstrom of change we're going through presents a unique opportunity to become enablers. And to do that requires flexibility.
Cloud Threats and Priorities as We Head Into the Second Half of 2020
Slideshows  |  6/22/2020  | 
With millions working from home and relying on the cloud, security leaders are under increasing pressure to keep their enterprises breach-free.
Australian Government Under Ongoing Cyberattack
Quick Hits  |  6/19/2020  | 
Experts believe China is behind the attack campaign, but China denies responsibility.
Cloud Security Alliance Offers Tips to Protect Telehealth Data
News  |  6/19/2020  | 
As telehealth grows more common, security experts address the privacy and security concerns of storing health data in the cloud.
How to Secure Machine Learning
Expert Insights  |  6/19/2020  | 
Part two of a series on avoiding potential security risks with ML.
'New Normal' Caption Contest Winners
Commentary  |  6/19/2020  | 
Competitors submitted lots of clever virus puns, and the prizes go to ...
Healthcare CISOs Share COVID-19 Response Stories
News  |  6/18/2020  | 
Cybersecurity leaders discussed the threats and challenges that arose during the pandemic, and how they responded, during a virtual roundtable.
Cisco Patches Flaw in Webex Videoconferencing App
News  |  6/18/2020  | 
Vulnerability would have allowed an attacker to gain access to sensitive information on a system, Trustwave's SpiderLabs says.
Have Your Say: Dark Reading Video News Desk Seeks Reader Contributions
News  |  6/18/2020  | 
We've got questions for you on black infosec, burnout, vulnerabilities, COVID-19, and much more. Send us your video responses and we'll play them in our News Desk broadcast during Black Hat Virtual.
The Bigger the News, the Bigger the Cyber Threats
Commentary  |  6/18/2020  | 
Criminals use disasters, wars, and now pandemics as air cover to focus collective anxiety and fear into highly targeted, malicious messaging.
60% of Businesses Plan to Spend More on Cyber Insurance
Quick Hits  |  6/18/2020  | 
New data reveals 65% of SMEs plan to invest more in cyber insurance, compared with 58% of large enterprises.
O365 Phishing Campaign Leveraged Legit Domains
Quick Hits  |  6/18/2020  | 
A sophisticated scheme used legitimate redirection tools to convince victims to give up Office 365 credentials.
Most Contact-Tracing Apps Fail Basic Security
News  |  6/18/2020  | 
A survey of 17 Android applications for informing citizens if they had potential contact with a COVD-19-infected individual finds few have adopted code-hardening techniques.
CISO Dialogue: How to Optimize Your Security Budget
Commentary  |  6/18/2020  | 
CISOs are never going to have all the finances they want. Hard choices must be made. The CISO of Amazon Prime Video discusses his approaches to a slimmed-down budget.
7 Tips for Employers Navigating Remote Recruitment
Slideshows  |  6/17/2020  | 
Hiring experts explain how companies should approach recruitment when employers and candidates are working remotely.
Zoom Changes Course on End-to-End Encryption
Quick Hits  |  6/17/2020  | 
The videoconferencing company now says it will offer end-to-end encryption to all users beginning in July.
Lazarus Group May Have Been Behind 2019 Attacks on European Targets
News  |  6/17/2020  | 
Telemetry hints that the North Korean actor was behind major cyber-espionage campaign focused on military and aerospace companies, ESET says.
What's Anonymous Up to Now?
News  |  6/17/2020  | 
The hacker group recently took credit for two high-profile incidents -- but its actions aren't quite the same as they once were, some say.
3 Things Wilderness Survival Can Teach Us About Email Security
Commentary  |  6/17/2020  | 
It's a short hop from shows like 'Naked and Afraid' and 'Alone' to your email server and how you secure it
Collaboration Undermined When Security Teams Work Remotely, Some Argue
News  |  6/17/2020  | 
Knowledge workers are perfectly suited for remote work, but the benefits of collaboration and the requirements of proving identity make fully remote security teams problematic.
Images Play Persuasive Role in Disinformation Campaigns
News  |  6/17/2020  | 
If the 2016 election is any indication, images included in state-sponsored social media posts are effective at disseminating propaganda, new analysis shows.
Too Big to Cyber Fail?
Commentary  |  6/17/2020  | 
How systemic cyber-risk threatens US banks and financial services companies
BEC Attacks on the C-Suite Dropped 37% in Q1
News  |  6/17/2020  | 
New research shows attackers are targeting and establishing relationships with accounts payable departments.
'Ripple20' Bugs Plague Enterprise, Industrial & Medical IoT Devices
News  |  6/16/2020  | 
Researchers discover 19 vulnerabilities in a TCP/IP software library manufacturers have used in connected devices for 20 years.
Hosting Provider Hit With Largest-Ever DDoS Attack
News  |  6/16/2020  | 
Likely looking to make a statement, attackers targeted specific websites hosted by a single provider with a 1.44 terabit-per-second distributed denial-of-service attack, according to Akamai.
CIA's 'Lax' Security Led to 2017 Compromise of Its Hacking Tools
Quick Hits  |  6/16/2020  | 
Internal CIA report released today shows poor security controls surrounding the intelligence agency's hacking tools.
Adobe Releases PDF Protected Mode for Acrobat DC
Quick Hits  |  6/16/2020  | 
The preview, open to Windows users, opens PDF files in a sandbox to protect users who open malicious Acrobat documents.
83% of Forbes 2000 Companies' Web Domains Are Poorly Protected
News  |  6/16/2020  | 
Only a handful have controls against domain-name hijacking, DNS modifications, and other threats, a new CSC study finds.
Ransomware from Your Lawyer's Perspective
Commentary  |  6/16/2020  | 
Three good reasons why your incident response team's first call after a data breach should be to outside counsel.
Cisco Brings SecureX into Full Security Lineup to Cut Complexity
News  |  6/16/2020  | 
This step is intended to address growing enterprise concerns around security and complexity, both top of mind among CISOs and CIOs.
Half of Firms Likely Running Vulnerable Oracle E-Business Suite
News  |  6/16/2020  | 
Two security vulnerabilities could open up companies to financial attacks and compliance violations if the software is not updated, Onapsis says.
IoT Security Trends & Challenges in the Wake of COVID-19
Commentary  |  6/16/2020  | 
The demand for Internet of Things security practices that protect sensitive medical equipment and data will double within the next five years. Here's why.
Ryuk Continues to Dominate Ransomware Response Cases
News  |  6/15/2020  | 
Analysis reveals how Ryuk's operators are changing their techniques and using new means to break in.
Now-Former eBay Security Team Members Charged in Bizarre Cyberstalking Campaign
Quick Hits  |  6/15/2020  | 
A bloody pig mask, doxing threats, and a foiled surveillance attempt were among the actions six ex-eBay employees took against an editor and publisher of a newsletter.
Intel Tackles Malware Related to Memory Security at Hardware Level
News  |  6/15/2020  | 
New control-flow enforcement technology will become available with upcoming Tiger Lake mobile processor, chipmaker says.
Microsoft Releases Update for DoS Flaw in .NET Core
Quick Hits  |  6/15/2020  | 
Customers are advised to install the latest version of PowerShell to fully address CVE-2020-1108.
The Bright Side of the Dark Web
Commentary  |  6/15/2020  | 
As the hitmen and fraudsters retreat, the Dark Web could become freedom's most important ally.
15 Individuals Plead Guilty to Multimillion-Dollar Online Auction Fraud Scheme
News  |  6/12/2020  | 
Members of Romanian gang used fraudulent ads for nonexistent products to extract money from US Internet users, DoJ says.
Cryptominers Found in Azure Kubernetes Containers
Quick Hits  |  6/12/2020  | 
Images from a public repository contained cryptominers that Microsoft researchers found in Kubeflow instances running on Azure.
Knoxville Pulls IT Systems Offline Following Ransomware Attack
Quick Hits  |  6/12/2020  | 
Knoxville's government took its network offline and turned off infected servers and workstations after a ransomware attack this week.
7 Must-Haves for a Rockin' Red Team
Slideshows  |  6/12/2020  | 
Follow these tips for running red-team exercises that will deliver added insight into your operations.
Building Security into Software
Expert Insights  |  6/12/2020  | 
Part 1 of a two-part series about securing machine learning.
<<   <   Page 2 / 2


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM &amp;amp; Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.