Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content
Page 1 / 2   >   >>
DevSecOps Requires a Different Approach to Security
News  |  7/14/2020  | 
Breaking applications into microservices means more difficulty in gaining good visibility into runtime security and performance issues, says startup Traceable.
Microsoft Patches Wormable RCE Flaw in Windows DNS Servers
News  |  7/14/2020  | 
Patch Tuesday security updates address a critical vulnerability in Windows DNS Servers, which researchers believe is likely to be exploited.
'Make Your Bed' and Other Life Lessons for Security
Commentary  |  7/14/2020  | 
Follow this advice from a famous military commanders' commencement speech and watch your infosec team soar.
Google Cloud Unveils 'Confidential VMs' to Protect Data in Use
News  |  7/14/2020  | 
Confidential Virtual Machines, now in beta, will let Google Cloud customers keep data encrypted while it's in use.
Critical Vulnerability Hits SAP Enterprise Applications
Quick Hits  |  7/14/2020  | 
RECON could allow an unauthenticated attacker to take control of SAP enterprise applications through the web interface.
New Mirai Variant Surfaces with Exploits for 9 Vulnerabilities Products
News  |  7/14/2020  | 
Impacted products include routers, IP cameras, DVRs, and smart TVs.
Crypto-Primer: Encryption Basics Every Security Pro Should Know
Commentary  |  7/14/2020  | 
With so many choices for encrypting data and communication, it's important to know the pros and cons of different techniques.
COVID-19: Latest Security News & Commentary
News  |  7/14/2020  | 
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
99% of Websites at Risk of Attack Via JavaScript Plug-ins
News  |  7/14/2020  | 
The average website includes content from 32 different third-party JavaScript programs, new study finds.
Zero-Trust Efforts Rise with the Tide of Remote Working
News  |  7/13/2020  | 
With employees likely to continue to spend much, if not all, of their time working from home, companies are focusing more on technologies to boost the security of their now-distributed workplace.
A Paramedic's Lessons for Cybersecurity Pros
News  |  7/13/2020  | 
A paramedic turned cybersecurity expert shares his experiences in both fields, highlights their similarities, and explains how they can learn from each other.
Lost in Translation: Serious Flaws Found in ICS Protocol Gateways
News  |  7/13/2020  | 
These oft-forgotten devices contain serious vulnerabilities that allow attackers to hack OT systems remotely, researchers will reveal at Black Hat USA next month.
Russian Hacker Convicted for Social Network Hacks
Quick Hits  |  7/13/2020  | 
The Russian national was convicted of hacking into accounts at LinkedIn, Dropbox, and Formspring.
Experts Predict Rise of Data Theft in Ransomware Attacks
Quick Hits  |  7/13/2020  | 
The most attractive targets for data theft are businesses perceived as most likely to pay to prevent exposure of their information.
Decoding the Verizon DBIR Report: An Insider's Look Beyond the Headlines
Commentary  |  7/13/2020  | 
To truly understand cybersecurity trends, we must look beyond the headlines and ask more of the data. What you learn might surprise you.
Mobile App Fraud Jumped in Q1 as Attackers Pivot from Browsers
News  |  7/10/2020  | 
RSA data reveals a continued shift away from browser-based fraud as attackers target mobile apps.
Biden Campaign Hires 2 Top Cybersecurity Executives
Quick Hits  |  7/10/2020  | 
The campaign has filled the positions of CISO and CTO in the runup to the 2020 presidential election.
Zoom Patches Zero-Day Vulnerability in Windows 7
Quick Hits  |  7/10/2020  | 
The flaw also affects older versions of the operating system, even if they're fully patched.
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Commentary  |  7/10/2020  | 
We're continuing to see cybercriminals take advantage of COVID-19, and the extension of Tax Day will be the next technique used in their sophisticated method of attacks.
Using Adversarial Machine Learning, Researchers Look to Foil Facial Recognition
News  |  7/9/2020  | 
For privacy-seeking users, good news: Computer scientists are finding more ways to thwart facial and image recognition. But there's also bad news: Gains will likely be short-lived.
Huge DDoS Attack Launched Against Cloudflare in Late June
Quick Hits  |  7/9/2020  | 
The 754 million packets-per-second peak was part of a four-day attack involving more than 316,000 sending addresses.
Up Close with Evilnum, the APT Group Behind the Malware
News  |  7/9/2020  | 
The group behind Evilnum malware, which continues to target financial institutions, appears to be testing new techniques.
Omdia Research Launches Page on Dark Reading
Commentary  |  7/9/2020  | 
Data and insight from a leading cybersecurity research and analysis team will broaden the information available to security professionals and technology vendors.
'Joker' Android Malware Pulls Another Trick to Land on Google's Play Store
News  |  7/9/2020  | 
Authors of the malware, which signs up mobile users for premium services, are repeatedly finding ways to bypass app review checks.
When WAFs Go Wrong
News  |  7/9/2020  | 
Web application firewalls are increasingly disappointing enterprises today. Here's why.
56% of Large Companies Handle 1,000+ Security Alerts Each Day
Quick Hits  |  7/9/2020  | 
For 70% of IT security professionals, the volume of security alerts has doubled in the past five years, researchers report.
Fight Phishing with Intention
Commentary  |  7/9/2020  | 
Phishing exercises have become a staple, but it helps to be as clear as possible on exactly why you're doing them.
6 Tips for Getting the Most From Nessus
Slideshows  |  7/9/2020  | 
Books have been written on using the powerful network-discovery and vulnerability-scanning tool. These tips will help get you started.
Pen Testing ROI: How to Communicate the Value of Security Testing
Commentary  |  7/9/2020  | 
There are many reasons to pen test, but the financial reasons tend to get ignored.
Study Finds 15 Billion Stolen, Exposed Credentials in Criminal Markets
News  |  7/8/2020  | 
Data is fueling account takeover attacks in a big way, Digital Shadows says.
New Fraud Ring "Bargain Bear" Brings Sophistication to Online Crime
Quick Hits  |  7/8/2020  | 
The ring tests the validity of stolen credentials to be used in fraud through an online marketplace.
More Malware Found Preinstalled on Government Smartphones
Quick Hits  |  7/8/2020  | 
Researchers report the American Network Solutions UL40 smartphone comes with compromised apps.
As More People Return to Travel Sites, So Do Malicious Bots
News  |  7/8/2020  | 
Attacks against travel-related websites are on the rise as the industry begins to slowly recover from COVID-19, new data shows.
US Charges Kazakhstani Citizen With Hacking Into More Than 300 Orgs
News  |  7/8/2020  | 
The accused man, and members of his cybercriminal group, allegedly made at least $1.5 million hacking into companies and selling access to systems over the past three years.
How Advanced Attackers Take Aim at Office 365
News  |  7/8/2020  | 
Researchers discuss how adversaries use components of Office 365 that are poorly understood and not closely monitored.
Fresh Options for Fighting Fraud in Financial Services
Commentary  |  7/8/2020  | 
Fraud prevention requires a consumer-centric, data sharing approach.
Why Cybersecurity's Silence Matters to Black Lives
Commentary  |  7/8/2020  | 
The industry is missing an opportunity to educate the public about bad actors who capitalize off of protest, voting rights education and police brutality petitions through social engineering and phishing attacks.
A Most Personal Threat: Implantable Devices in Secure Spaces
News  |  7/8/2020  | 
Do implantable medical devices pose a threat to secure communication facilities? A Virginia Tech researcher says they do, and the problem is growing.
EDP Renewables Confirms Ransomware Attack
Quick Hits  |  7/7/2020  | 
Its North American branch was notified of the attack because intruders reportedly gained access to 'at least some information' stored in its systems.
Treasury Releases Fraud and Money Mule ID Tips
Quick Hits  |  7/7/2020  | 
A new advisory from FinCEN helps financial institutions spot illicit activities and actors.
Microsoft Seizes Domains Used in COVID-19-Themed Attacks
News  |  7/7/2020  | 
Court grants company's bid to shut down infrastructure used in recent campaigns against Office 365 users.
Drone Path Often Reveals Operator's Location
News  |  7/7/2020  | 
The threat posed by drones to critical infrastructure and other operational technology is made more serious by the inability of law enforcement to locate operators, researchers say.
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
News  |  7/7/2020  | 
Cosmic Lynx takes a sophisticated approach to business email compromise and represents a shift in tactics for Russian cybercriminals.
Framing the Security Story: The Simplest Threats Are the Most Dangerous
Commentary  |  7/7/2020  | 
Don't be distracted by flashy advanced attacks and ignore the more mundane ones.
Applying the 80-20 Rule to Cybersecurity
Commentary  |  7/7/2020  | 
How security teams can achieve 80% of the benefit for 20% of the work.
BEC Busts Take Down Multimillion-Dollar Operations
News  |  7/6/2020  | 
The two extraditions of business email compromise attackers indicate a step forward for international law enforcement collaboration.
Attackers Scan for Vulnerable BIG-IP Devices After Flaw Disclosure
News  |  7/6/2020  | 
The US Cybersecurity and Infrastructure Security Agency encourages organizations to patch a critical flaw in the BIG-IP family of application delivery controllers, as firms find evidence that attackers are scanning for the critical vulnerability.
North Korea's Lazarus Group Diversifies Into Card Skimming
News  |  7/6/2020  | 
Since at least May 2019, the state-sponsored threat actor has stolen card data from dozens of retailers, including major US firms.
Credit-Card Skimmer Seeks Websites Running Microsoft's ASP.NET
Quick Hits  |  7/6/2020  | 
The payment-card skimmer targets websites hosted on Microsoft IIS servers and running the ASP.NET web framework.
Android Adware Tied to Undeletable Malware
Quick Hits  |  7/6/2020  | 
Adware on inexpensive Android smartphone can carry additional malware and be undeletable.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/14/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Why Cybersecurity's Silence Matters to Black Lives
Tiffany Ricks, CEO, HacWare,  7/8/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-1448
PUBLISHED: 2020-07-14
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1446, CVE-2020-1447.
CVE-2020-1449
PUBLISHED: 2020-07-14
A remote code execution vulnerability exists in Microsoft Project software when the software fails to check the source markup of a file, aka 'Microsoft Project Remote Code Execution Vulnerability'.
CVE-2020-1450
PUBLISHED: 2020-07-14
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1451, CVE-2020-1456.
CVE-2020-1451
PUBLISHED: 2020-07-14
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1450, CVE-2020-1456.
CVE-2020-1454
PUBLISHED: 2020-07-14
This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Re...