Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in December 2016
<<   <   Page 3 / 3
Most iOS Apps In Enterprises Not Using Apple Encryption Feature
News  |  12/7/2016  | 
Despite a January 1, 2017 deadline, not many app vendors have switched on the Apple App Transport Security, according to a study by Appthority.
Pennsylvania State Prosecutor's Office Paid Ransom In 'Avalanche' Ransomware Attack
Quick Hits  |  12/6/2016  | 
Allegheny County state prosecutor's office paid attackers $1,400 in Bitcoin to free its data.
US Presidential Commission Outlines Key Cybersecurity Actions For Future Administrations
News  |  12/6/2016  | 
Report outlines ways to lock down critical infrastructure as well as IoT - and the urgent need to expand the security workforce by 2020 with 100,000 new jobs.
PoisonTap USB Device Can Hack A Locked PC In A Minute
Partner Perspectives  |  12/6/2016  | 
This is just one example of an emerging technology that enables anyone with physical access to a computers USB port to potentially harvest data and gain access by spoofing an Internet ecosystem.
Derivative Suit Against Home Depot For 2014 Data Breach Dismissed
Quick Hits  |  12/6/2016  | 
Judge says defendants may have been slow to spike up network security, but did not fail to act.
Web Gateways: 5 Big Security Challenges
Commentary  |  12/6/2016  | 
Overreliance on Web gateways is putting data, users, customers, organizations, and reputation in harm's way.
The 7 Most Sensational Breaches Of 2016
Slideshows  |  12/6/2016  | 
The biggest hacks, data exposures, and thefts that left companies and government entities reeling.
Adobe Flash Flaws Dominate Exploit Kits In 2016
News  |  12/6/2016  | 
The top 10 vulnerabilities this year were mostly Adobe Flash, followed by Internet Explorer, according to a Recorded Future study.
Cybersecurity Readiness Confidence Declined In 2016
News  |  12/5/2016  | 
New report querying security pros shows increase in worry about risks with mobile and cloud environments.
Protect Your Company From Hackable Holiday Gifts
Partner Perspectives  |  12/5/2016  | 
This holiday season promises to be full of devices, apps, and connectivity. Planning and executing appropriate security precautions now will save your business from a serious breach later.
Hackers Steal $31 Million From Russia's Central Bank
Quick Hits  |  12/5/2016  | 
Bank says cybercriminals faked client credentials to break into accounts and attempted to steal 5 billion rubles.
Software Salesman Pleads Guilty To PoS Scam
Quick Hits  |  12/5/2016  | 
Washington's John Yin allegedly sold point-of-sale systems with revenue suppression software, incurring government monetary loss of $3.4 million.
Avalanche Cybercrime Platform Takedown Leaves A Lot To Clean Up
Partner Perspectives  |  12/5/2016  | 
Help us wipe out the remaining bots and put an end to Avalanche once and for all.
Reality Check: Getting Serious About IoT Security
Commentary  |  12/5/2016  | 
The Department of Homeland Security is fully justified in urging security standards for the Internet of Things.
Where Cybercriminals Go To Buy Your Stolen Data
Slideshows  |  12/3/2016  | 
What malicious sites provide both free and paid access to stolen credit cards, company databases, malware and more?
'Frighteningly Easy' Hack Guesses Full Credit Card Details In 6 Seconds
News  |  12/2/2016  | 
Attack works only on Visa network, Newcastle University researchers say.
Dark Web Vendor Gets 50 Months Jail For ID Theft
Quick Hits  |  12/2/2016  | 
Minnesota resident Aaron Glende aka IcyEagle caught selling stolen bank details on AlphaBay market.
MasterCard, Visa Push Gas Pump EMV Migration Deadline To 2020
Quick Hits  |  12/2/2016  | 
Fuel merchants get three extra years to deploy the secure chip-enabled payment infrastructure in their complex environments.
The Human Firewall: Why People Are Critical To Email Security
Commentary  |  12/2/2016  | 
Technology is just the beginning; employees must be fully on board with security procedures.
Avalanche Botnet Comes Tumbling Down In Largest-Ever Sinkholing Operation
News  |  12/1/2016  | 
800,000 domains seized, sinkholed, or blocked, and five individuals arrested, in international effort to bring down botnet linked to 17 major malware families.
Mandia: Russian State Hackers Changed The Game
News  |  12/1/2016  | 
Founder of Mandiant and FireEye CEO says Russia doesn't appear to want to cover its tracks anymore.
Organizations In Saudi Arabia Reportedly Hit In Destructive New Shamoon Attacks
News  |  12/1/2016  | 
Thousands of computers at countrys main civil aviation authority and other entities rendered unusable by same malware that destroyed 30,000 computers at Aramco in 2012.
Holiday Weekend Online Payment Card Fraud 20% Higher In 2016
Quick Hits  |  12/1/2016  | 
In the face of EMV chips, criminals turned online to commit card-not-present fraud this Black Friday and Cyber Monday.
Cybercriminals Next Target: Long-Term Prizes (Part 2 of 2)
Partner Perspectives  |  12/1/2016  | 
Attacks of a more strategic nature will test early blockchain implementations and continue to explore ways to monetize weak IoT devices.
DMARC Continues To Confound Users, Report Says
News  |  12/1/2016  | 
Almost three-quarters of those who deploy email authentication standard fail to get its full benefits, ValiMail says.
20 Questions Smart Security Pros Should Ask About 'Intelligence'
Commentary  |  12/1/2016  | 
Threat intel is a hot but complicated topic that encompasses a lot more than just data feeds. Here's how to get beyond the fear, uncertainty, and doubt to maximize its potential.
Gaming Company Sues Ex-Employees Over Data Theft
Quick Hits  |  12/1/2016  | 
San Francisco-based Zynga alleges former workers took sensitive information with them when they joined rival company.
Microsoft 'Father Of SDL' Named To Top Post At SAFECode
News  |  12/1/2016  | 
Steve Lipner, the former Microsoft security leader credited with spearheading its security development lifecycle (SDL) initiative, takes on a new role as executive director at SAFECode.
<<   <   Page 3 / 3


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-39229
PUBLISHED: 2021-09-20
Apprise is an open source library which allows you to send a notification to almost all of the most popular notification services available. In affected versions users who use Apprise granting them access to the IFTTT plugin (which just comes out of the box) are subject to a denial of service attack...
CVE-2021-41083
PUBLISHED: 2021-09-20
Dada Mail is a web-based e-mail list management system. In affected versions a bad actor could give someone a carefully crafted web page via email, SMS, etc, that - when visited, allows them control of the list control panel as if the bad actor was logged in themselves. This includes changing any ma...
CVE-2021-34650
PUBLISHED: 2021-09-20
The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the ~/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.6.
CVE-2021-41082
PUBLISHED: 2021-09-20
Discourse is a platform for community discussion. In affected versions any private message that includes a group had its title and participating user exposed to users that do not have access to the private messages. However, access control for the private messages was not compromised as users were n...
CVE-2020-16630
PUBLISHED: 2021-09-20
TI&acirc;&euro;&trade;s BLE stack caches and reuses the LTK&acirc;&euro;&trade;s property for a bonded mobile. A LTK can be an unauthenticated-and-no-MITM-protection key created by Just Works or an authenticated-and-MITM-protection key created by Passkey Entry, Numeric Comparison or OOB. Assume that...