Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in December 2016
<<   <   Page 2 / 3   >   >>
Amit Yoran Leaves Dell RSA To Join Tenable As New CEO
News  |  12/15/2016  | 
Yoran says recent Dell acquisition of RSA parent company EMC did 'not really' impact his decision to leave.
Real-World Fallout From The Cybersecurity Skills Gap
News  |  12/15/2016  | 
Two new studies connect the dots between an organizations lack of staffing and skills to its ability to fend off cyberattacks.
1 Billion Users Exposed In Another Record Breach From Yahoo
News  |  12/15/2016  | 
Security experts slam Yahoo for the newly disclosed August 2013 intrusion, and fresh questions arise about Verizon's plans to acquire the company.
American Hacker Arrested For 2014 JP Morgan Chase Breach
Quick Hits  |  12/15/2016  | 
Joshua Aaron and his two accomplices are charged with massive hacking of US financial organizations, securities fraud and money laundering.
Ashley Madison To Pay $17.5 Million In Breach Settlement
Quick Hits  |  12/15/2016  | 
Ashley Madison was found guilty of lax data security and also corrupt practices including photo and profile misuse.
Hurricanes, Earthquakes & Threat Intelligence
Commentary  |  12/15/2016  | 
You must be prepared for foreseeable attacks as well as the ones that sneak up on you.
Microsoft Execs: Identity, Threat Intelligence Driving Company's Security Strategy
News  |  12/15/2016  | 
One year after Microsoft announced its $1B investment into a holistic cybersecurity strategy, executives discuss how their plans unfolded and what's on the agenda for 2017.
Are Unconscious Biases Weakening Your Security Posture?
Partner Perspectives  |  12/15/2016  | 
Proactively addressing your biases can help you build a resilient and adaptable security foundation.
Survey: Majority Of Businesses Would Pay Ransomware Attackers
News  |  12/14/2016  | 
Nearly 70% of ransomware victims surveyed by IBM said they paid between $10K and $40K to retrieve their data.
Its Time For Organizations To Automate Security
Partner Perspectives  |  12/14/2016  | 
Security automation makes more efficient use of scarce security resources, freeing them up for more proactive tasks.
8 Most Hackable Holiday Gifts, 2016 Edition
Slideshows  |  12/14/2016  | 
You better watch out! Otherwise, you may be giving the gift of malware or unauthorized access to networks and devices.
Anti-Malware Is Necessary In The Data Center: 3 Examples
Commentary  |  12/14/2016  | 
Simply because data center endpoints dont have the same threat profile as general desktops doesnt mean they dont need anti-malware software. Heres why.
California Grad Student Arrested In International DDoS Crackdown
Quick Hits  |  12/14/2016  | 
Sean Sharma is charged with carrying out distributed denial-of-service attacks against a San Francisco chat website.
Vendor Accountability & The Security Supply Chain
News  |  12/14/2016  | 
A large majority of security leaders say they would switch to suppliers that offer product and service guarantees, according to a new survey.
Bangladesh Police Say Some Bank Officials Involved In Cyberheist
Quick Hits  |  12/14/2016  | 
Mid-ranking officials of Bangladesh Bank deliberately exposed banks network to allow theft of $81 million, says top investigator.
Microsoft Patches Dangerous Backdoor In Skype For Mac OS X
News  |  12/13/2016  | 
Vulnerability would have let attackers record calls, intercept and read messages, and siphon out all kinds of data, Trustwave says.
The Internet Of Things: When Bigger Is Not Better
Commentary  |  12/13/2016  | 
What happens when 10,000 companies add programmability and connectivity to their products, and we increase the Internets attack surface by a million times or more?
Global Cybercrime Sweep Targeted Young DDoS Attackers
Quick Hits  |  12/13/2016  | 
European Cybercrime Centre and EU nations conduct five-day operation and arrest 34 on distributed denial-of-service attack charges.
Security In 2017: Ransomware Will Remain King
Partner Perspectives  |  12/13/2016  | 
Businesses, consumers, and security professionals must face this reality and take the necessary steps to educate each other and protect their networks.
FBI Had Alerted Illinois GOP About Possible Email Hack
Quick Hits  |  12/13/2016  | 
RNC chief says party was not hacked while Trump dismisses CIA report that Russian hackers tried to influence presidential poll.
91% Of Cyberattacks Start With A Phishing Email
News  |  12/13/2016  | 
Phishing remains the number one attack vector, according to a new study that analyzes why users fall for these lures.
Nearly Half Of The Top 1 Million Websites Deemed Risky
News  |  12/13/2016  | 
Forty-six percent of the top million websites, as ranked by Alexa, pose potential malware risks to businesses.
Dark Reading Radio: The Coolest Hacks Of 2016
Commentary  |  12/12/2016  | 
Tune in this Wednesday, Dec. 14 at 1pm ET to hear famed researchers Samy Kamkar and Levi Gundert weigh in on some of the most innovative and creative white-hat hacks from the past year.
CIA: Russian Hackers Aimed To Help Trump Win
News  |  12/12/2016  | 
Intelligence suggests Russia hacked the Republican National Committee but didn't leak its data, a sign experts say is indicative of broader plans to sway US election results.
The Coolest Hacks Of 2016
News  |  12/12/2016  | 
No 400-pound hacker here: Lightbulb and 'do-gooder' worms, machines replacing humans to hack other machines, and high-speed car hacking were among the most innovative white-hat hacks this year.
Whats Naughty & Nice About The Internet Of Things
Commentary  |  12/12/2016  | 
It's easy to catalogue the worst IoT security hazards. But that's not the whole story.
5 Things Security Pros Need To Know About Machine Learning
Slideshows  |  12/12/2016  | 
Experts share best practices for data integrity, pattern recognition and computing power to help enterprises get the most out of machine learning-based technology for cybersecurity.
Machine-Learning Algorithms Improve Detection Time For Modern Threats
Partner Perspectives  |  12/12/2016  | 
Artificial intelligence and machine learning are essential to combat a threat landscape that is larger and more sophisticated than ever.
Senate Votes To Upgrade Cyber Command Into War-Fighting Unit
Quick Hits  |  12/12/2016  | 
NDAA legislation awaits Obama signature; Admiral Mike Rogers will still head both Cyber Command and NSA, at least for now.
Pay Ransom Or Infect Others!
Quick Hits  |  12/12/2016  | 
Still under development, new ransomware will ask victims to free their files by paying 1 bitcoin or by infecting two others.
Obama Orders Inquiry Into Cyberattacks On Democratic Party Websites
News  |  12/9/2016  | 
President wants U.S. intelligence to provide report before he leaves office Jan. 20.
Russian Authorities Make Arrests In Wake Of Central Bank Cyberattack
Quick Hits  |  12/9/2016  | 
Arrests in the $19-million theft were made in a joint operation by FSB and Interior Ministry, says central bank official.
Bangladesh Cybertheft Probe: 5 Bank Officials 'Indirect Accomplices'
Quick Hits  |  12/9/2016  | 
Investigation panel alleges hackers may have exploited inadvertent loopholes left by technicians.
Only 25% Companies Equipped To Handle Data Breaches
Quick Hits  |  12/9/2016  | 
Research by Tripwire on cybersecurity challenges reveals only 3% organizations outsource security issues to experts.
Why Video Game Publishers Must Adopt Enforceable Security Standards
Commentary  |  12/9/2016  | 
Video games have been under attack at an unprecedented rate since 2012, with cyber criminals playing an increasingly significant role.
Data Theft At ThyssenKrupp Highlights Industrial Espionage Threat
News  |  12/8/2016  | 
German conglomerate confirms it was a victim of a cyberattack in which intellectual property belonging to some of its businesses was stolen.
Law Firms' Security Cross-Examined
News  |  12/8/2016  | 
Legal sector earns a respectable score for its cybersecurity posture overall, but a large number of law firms remain weak when it comes to security.
Phishing Services Reap Twice The Profit For Attackers
News  |  12/8/2016  | 
Attackers tap the cloud to reduce costs and increase efficiency of their phony and malicious emails, according to a new Imperva study.
How Retailers Can Fight Holiday Season Hackers
Slideshows  |  12/8/2016  | 
Experts offer tips for locking down retailers point-of-sale systems for the busy holiday shopping season.
Michigan High School Hosts New Cybersecurity Training Facility
Quick Hits  |  12/8/2016  | 
Pinckney Cyber Training Institute's education will be available to high school and college students as well as professionals.
Browser Security FAIL
News  |  12/8/2016  | 
New survey report shows businesses are not adopting best security practices for their users' Web activity.
From Carna To Mirai: Recovering From A Lost Opportunity
Commentary  |  12/8/2016  | 
We had four years to prepare for recent DDoS attacks and failed. How can we learn from our mistakes?
Las Vegas, Rust Belt, Hit Hardest By Ransomware
News  |  12/8/2016  | 
New study by Malwarebytes finds that the US has the most ransomware incidents worldwide.
Researchers Find Backdoors, Bugs In Sony, White Box IP Cameras
News  |  12/7/2016  | 
New vulnerabilities discovered by SEC Consult and Cybereason highight increasing IoT threat to enterprises.
Corporations Cite Reputational Damage As Biggest Cyber Risk
News  |  12/7/2016  | 
New data analyzing SEC disclosures found 83% of publicly traded companies worry most about the risk of brand damage via hacks exposing customer or employee information.
Survey Stresses Importance Of Securing The Internet of Things
Partner Perspectives  |  12/7/2016  | 
If organizations monitor and deploy IoT devices with caution, they can stay ahead of the curve and continue to keep all of their endpoints protected.
Biometric Technology Is Not A Cure-All For Password Woes
Commentary  |  12/7/2016  | 
No single authentication token is infallible. The only real solution is multifactor authentication.
Dailymotion Advises Password Change After Possible Data Breach
Quick Hits  |  12/7/2016  | 
Breach not yet confirmed, but LeakedSource says it has compromised IDs of over 87 million Dailymotion users, protected by bcrypt.
Hacker Of Celeb Emails Goes To Jail For Five Years
Quick Hits  |  12/7/2016  | 
Bahamian Alonzo Knowles was sentenced for illegal access of 130 celebrity email accounts and selling their personal information.
Kaspersky Lab: 323,000 New Malware Samples Found Each Day
Quick Hits  |  12/7/2016  | 
Credit it to mass-produced malware and better detection through machine learning.
<<   <   Page 2 / 3   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27180
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail (aka WorldClient). It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user.
CVE-2021-27181
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the va...
CVE-2021-27182
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail (aka WorldClient). It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user.
CVE-2021-27183
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to modify existing files. This vulnerability may directly lead...
CVE-2021-29449
PUBLISHED: 2021-04-14
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details.