Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in December 2016
<<   <   Page 2 / 3   >   >>
Amit Yoran Leaves Dell RSA To Join Tenable As New CEO
News  |  12/15/2016  | 
Yoran says recent Dell acquisition of RSA parent company EMC did 'not really' impact his decision to leave.
Real-World Fallout From The Cybersecurity Skills Gap
News  |  12/15/2016  | 
Two new studies connect the dots between an organizations lack of staffing and skills to its ability to fend off cyberattacks.
1 Billion Users Exposed In Another Record Breach From Yahoo
News  |  12/15/2016  | 
Security experts slam Yahoo for the newly disclosed August 2013 intrusion, and fresh questions arise about Verizon's plans to acquire the company.
American Hacker Arrested For 2014 JP Morgan Chase Breach
Quick Hits  |  12/15/2016  | 
Joshua Aaron and his two accomplices are charged with massive hacking of US financial organizations, securities fraud and money laundering.
Ashley Madison To Pay $17.5 Million In Breach Settlement
Quick Hits  |  12/15/2016  | 
Ashley Madison was found guilty of lax data security and also corrupt practices including photo and profile misuse.
Hurricanes, Earthquakes & Threat Intelligence
Commentary  |  12/15/2016  | 
You must be prepared for foreseeable attacks as well as the ones that sneak up on you.
Microsoft Execs: Identity, Threat Intelligence Driving Company's Security Strategy
News  |  12/15/2016  | 
One year after Microsoft announced its $1B investment into a holistic cybersecurity strategy, executives discuss how their plans unfolded and what's on the agenda for 2017.
Are Unconscious Biases Weakening Your Security Posture?
Partner Perspectives  |  12/15/2016  | 
Proactively addressing your biases can help you build a resilient and adaptable security foundation.
Survey: Majority Of Businesses Would Pay Ransomware Attackers
News  |  12/14/2016  | 
Nearly 70% of ransomware victims surveyed by IBM said they paid between $10K and $40K to retrieve their data.
Its Time For Organizations To Automate Security
Partner Perspectives  |  12/14/2016  | 
Security automation makes more efficient use of scarce security resources, freeing them up for more proactive tasks.
8 Most Hackable Holiday Gifts, 2016 Edition
Slideshows  |  12/14/2016  | 
You better watch out! Otherwise, you may be giving the gift of malware or unauthorized access to networks and devices.
Anti-Malware Is Necessary In The Data Center: 3 Examples
Commentary  |  12/14/2016  | 
Simply because data center endpoints dont have the same threat profile as general desktops doesnt mean they dont need anti-malware software. Heres why.
California Grad Student Arrested In International DDoS Crackdown
Quick Hits  |  12/14/2016  | 
Sean Sharma is charged with carrying out distributed denial-of-service attacks against a San Francisco chat website.
Vendor Accountability & The Security Supply Chain
News  |  12/14/2016  | 
A large majority of security leaders say they would switch to suppliers that offer product and service guarantees, according to a new survey.
Bangladesh Police Say Some Bank Officials Involved In Cyberheist
Quick Hits  |  12/14/2016  | 
Mid-ranking officials of Bangladesh Bank deliberately exposed banks network to allow theft of $81 million, says top investigator.
Microsoft Patches Dangerous Backdoor In Skype For Mac OS X
News  |  12/13/2016  | 
Vulnerability would have let attackers record calls, intercept and read messages, and siphon out all kinds of data, Trustwave says.
The Internet Of Things: When Bigger Is Not Better
Commentary  |  12/13/2016  | 
What happens when 10,000 companies add programmability and connectivity to their products, and we increase the Internets attack surface by a million times or more?
Global Cybercrime Sweep Targeted Young DDoS Attackers
Quick Hits  |  12/13/2016  | 
European Cybercrime Centre and EU nations conduct five-day operation and arrest 34 on distributed denial-of-service attack charges.
Security In 2017: Ransomware Will Remain King
Partner Perspectives  |  12/13/2016  | 
Businesses, consumers, and security professionals must face this reality and take the necessary steps to educate each other and protect their networks.
FBI Had Alerted Illinois GOP About Possible Email Hack
Quick Hits  |  12/13/2016  | 
RNC chief says party was not hacked while Trump dismisses CIA report that Russian hackers tried to influence presidential poll.
91% Of Cyberattacks Start With A Phishing Email
News  |  12/13/2016  | 
Phishing remains the number one attack vector, according to a new study that analyzes why users fall for these lures.
Nearly Half Of The Top 1 Million Websites Deemed Risky
News  |  12/13/2016  | 
Forty-six percent of the top million websites, as ranked by Alexa, pose potential malware risks to businesses.
Dark Reading Radio: The Coolest Hacks Of 2016
Commentary  |  12/12/2016  | 
Tune in this Wednesday, Dec. 14 at 1pm ET to hear famed researchers Samy Kamkar and Levi Gundert weigh in on some of the most innovative and creative white-hat hacks from the past year.
CIA: Russian Hackers Aimed To Help Trump Win
News  |  12/12/2016  | 
Intelligence suggests Russia hacked the Republican National Committee but didn't leak its data, a sign experts say is indicative of broader plans to sway US election results.
The Coolest Hacks Of 2016
News  |  12/12/2016  | 
No 400-pound hacker here: Lightbulb and 'do-gooder' worms, machines replacing humans to hack other machines, and high-speed car hacking were among the most innovative white-hat hacks this year.
Whats Naughty & Nice About The Internet Of Things
Commentary  |  12/12/2016  | 
It's easy to catalogue the worst IoT security hazards. But that's not the whole story.
5 Things Security Pros Need To Know About Machine Learning
Slideshows  |  12/12/2016  | 
Experts share best practices for data integrity, pattern recognition and computing power to help enterprises get the most out of machine learning-based technology for cybersecurity.
Machine-Learning Algorithms Improve Detection Time For Modern Threats
Partner Perspectives  |  12/12/2016  | 
Artificial intelligence and machine learning are essential to combat a threat landscape that is larger and more sophisticated than ever.
Senate Votes To Upgrade Cyber Command Into War-Fighting Unit
Quick Hits  |  12/12/2016  | 
NDAA legislation awaits Obama signature; Admiral Mike Rogers will still head both Cyber Command and NSA, at least for now.
Pay Ransom Or Infect Others!
Quick Hits  |  12/12/2016  | 
Still under development, new ransomware will ask victims to free their files by paying 1 bitcoin or by infecting two others.
Obama Orders Inquiry Into Cyberattacks On Democratic Party Websites
News  |  12/9/2016  | 
President wants U.S. intelligence to provide report before he leaves office Jan. 20.
Russian Authorities Make Arrests In Wake Of Central Bank Cyberattack
Quick Hits  |  12/9/2016  | 
Arrests in the $19-million theft were made in a joint operation by FSB and Interior Ministry, says central bank official.
Bangladesh Cybertheft Probe: 5 Bank Officials 'Indirect Accomplices'
Quick Hits  |  12/9/2016  | 
Investigation panel alleges hackers may have exploited inadvertent loopholes left by technicians.
Only 25% Companies Equipped To Handle Data Breaches
Quick Hits  |  12/9/2016  | 
Research by Tripwire on cybersecurity challenges reveals only 3% organizations outsource security issues to experts.
Why Video Game Publishers Must Adopt Enforceable Security Standards
Commentary  |  12/9/2016  | 
Video games have been under attack at an unprecedented rate since 2012, with cyber criminals playing an increasingly significant role.
Data Theft At ThyssenKrupp Highlights Industrial Espionage Threat
News  |  12/8/2016  | 
German conglomerate confirms it was a victim of a cyberattack in which intellectual property belonging to some of its businesses was stolen.
Law Firms' Security Cross-Examined
News  |  12/8/2016  | 
Legal sector earns a respectable score for its cybersecurity posture overall, but a large number of law firms remain weak when it comes to security.
Phishing Services Reap Twice The Profit For Attackers
News  |  12/8/2016  | 
Attackers tap the cloud to reduce costs and increase efficiency of their phony and malicious emails, according to a new Imperva study.
How Retailers Can Fight Holiday Season Hackers
Slideshows  |  12/8/2016  | 
Experts offer tips for locking down retailers point-of-sale systems for the busy holiday shopping season.
Michigan High School Hosts New Cybersecurity Training Facility
Quick Hits  |  12/8/2016  | 
Pinckney Cyber Training Institute's education will be available to high school and college students as well as professionals.
Browser Security FAIL
News  |  12/8/2016  | 
New survey report shows businesses are not adopting best security practices for their users' Web activity.
From Carna To Mirai: Recovering From A Lost Opportunity
Commentary  |  12/8/2016  | 
We had four years to prepare for recent DDoS attacks and failed. How can we learn from our mistakes?
Las Vegas, Rust Belt, Hit Hardest By Ransomware
News  |  12/8/2016  | 
New study by Malwarebytes finds that the US has the most ransomware incidents worldwide.
Researchers Find Backdoors, Bugs In Sony, White Box IP Cameras
News  |  12/7/2016  | 
New vulnerabilities discovered by SEC Consult and Cybereason highight increasing IoT threat to enterprises.
Corporations Cite Reputational Damage As Biggest Cyber Risk
News  |  12/7/2016  | 
New data analyzing SEC disclosures found 83% of publicly traded companies worry most about the risk of brand damage via hacks exposing customer or employee information.
Survey Stresses Importance Of Securing The Internet of Things
Partner Perspectives  |  12/7/2016  | 
If organizations monitor and deploy IoT devices with caution, they can stay ahead of the curve and continue to keep all of their endpoints protected.
Biometric Technology Is Not A Cure-All For Password Woes
Commentary  |  12/7/2016  | 
No single authentication token is infallible. The only real solution is multifactor authentication.
Dailymotion Advises Password Change After Possible Data Breach
Quick Hits  |  12/7/2016  | 
Breach not yet confirmed, but LeakedSource says it has compromised IDs of over 87 million Dailymotion users, protected by bcrypt.
Hacker Of Celeb Emails Goes To Jail For Five Years
Quick Hits  |  12/7/2016  | 
Bahamian Alonzo Knowles was sentenced for illegal access of 130 celebrity email accounts and selling their personal information.
Kaspersky Lab: 323,000 New Malware Samples Found Each Day
Quick Hits  |  12/7/2016  | 
Credit it to mass-produced malware and better detection through machine learning.
<<   <   Page 2 / 3   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-39229
PUBLISHED: 2021-09-20
Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. In affected versions users who use Apprise granting them access to the IFTTT plugin (which just comes out of the box) are subject to a denial of service attack...
CVE-2021-41083
PUBLISHED: 2021-09-20
Dada Mail is a web-based e-mail list management system. In affected versions a bad actor could give someone a carefully crafted web page via email, SMS, etc, that - when visited, allows them control of the list control panel as if the bad actor was logged in themselves. This includes changing any ma...
CVE-2021-34650
PUBLISHED: 2021-09-20
The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the ~/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.6.
CVE-2021-41082
PUBLISHED: 2021-09-20
Discourse is a platform for community discussion. In affected versions any private message that includes a group had its title and participating user exposed to users that do not have access to the private messages. However, access control for the private messages was not compromised as users were n...
CVE-2020-16630
PUBLISHED: 2021-09-20
TI&acirc;&euro;&trade;s BLE stack caches and reuses the LTK&acirc;&euro;&trade;s property for a bonded mobile. A LTK can be an unauthenticated-and-no-MITM-protection key created by Just Works or an authenticated-and-MITM-protection key created by Passkey Entry, Numeric Comparison or OOB. Assume that...