Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in December 2017
Page 1 / 3   >   >>
Retail Security Threat Season is in Full Swing
Simon Marshall  |  12/29/2017  | 
Christmas shopping season is over, but shopping -- and threats to retailers and their customers -- is still going strong.
21st Century Oncology Faces $2.3M HIPAA Settlement Cost after Breach
Quick Hits  |  12/29/2017  | 
Company to pay US Department of Health and Human Services over potential HIPAA violations after patient medical data was stolen by cyberthieves.
China Shuts Down 13,000 Websites for Breaking Internet Laws
Quick Hits  |  12/29/2017  | 
The government says its rules are to protect security and stability, but some say they are repressive.
Avoiding Micro-Segmentation Pitfalls: A Phased Approach to Implementation
Commentary  |  12/29/2017  | 
Micro-segmentation is very achievable. While it can feel daunting, you can succeed by proactively being aware of and avoiding these roadblocks.
17 Things We Should Have Learned in 2017 But Probably Didn't
Commentary  |  12/29/2017  | 
The worm has returned and the Yahoos have all been exposed, but did 2017 teach us any genuinely new lessons we shouldn't already have known?
My Cybersecurity Predictions for 2018, Part 3: Protecting Killer Cars
News Analysis-Security Now  |  12/28/2017  | 
Death by autonomous auto is coming unless the industry gets security very right. The question is really whether it's already too late.
Jailed Hacker Claims Proof He Breached DNC on Russia's Orders
Quick Hits  |  12/28/2017  | 
A Russian national in jail for hacking the Democratic National Committee says a data signature proves he acted on the Kremlin's orders.
Mozilla Issues Critical Security Patch for Thunderbird Flaw
Quick Hits  |  12/28/2017  | 
Mozilla released five patches for Thunderbird security vulnerabilities, including one critical buffer overflow bug affecting Windows machines.
The Disconnect Between Cybersecurity & the C-Suite
Commentary  |  12/28/2017  | 
Most corporate boards are not taking tangible actions to shape their companies' security strategies or investment plans, a PwC study shows.
Rapid Growth in Security Market Raises Question: How to Pick a Startup
News  |  12/28/2017  | 
VCs weigh in with their advice on how to select a startup with staying power when purchasing security solutions and services.
Nissan Canada Finance Alerts 1.13 Million Customers of Data Breach
Quick Hits  |  12/27/2017  | 
Attackers gain access to personal information of Nissan Canada Finance and Infiniti Financial Services Canada customers.
Hacker Targeted Huawei Router 0-Day in Attempt to Create New Mirai Botnet
Quick Hits  |  12/27/2017  | 
Thousands of attempts have been made to exploit a zero-day vulnerability in the Huawei home router HG532.
The Financial Impact of Cyber Threats
Commentary  |  12/27/2017  | 
Determining the financial impact of specific IT vulnerabilities is a good way to prioritize remediation and prevent attacks.
The Coolest Hacks of 2017
News  |  12/27/2017  | 
Robots, voting machines, machine learning, and the wind were among the hacks security researchers pulled off this year.
Nasties Abound: Symantec's Q3 Threat Report
Larry Loeb  |  12/27/2017  | 
Symantec's Threat Report from the 2017 Q3 shows that malware writers are busier than ever.
6 Tips to Protect Against Technical Support Fraud
Slideshows  |  12/27/2017  | 
Just when youre having fun over the holidays and not paying attention, you can be hit with a tech support scam. Here's how to stay safe into the new year.
2017 Security Predictions through the Rear Window
Commentary  |  12/26/2017  | 
If you're going to forecast the future, go big.
Cloud Security Is a Shared Responsibility
Curt Franklin  |  12/26/2017  | 
In the answer to a question from a recent webinar, editor Curtis Franklin looks at who's responsible for data security in the cloud.
Exposed File From Ancestry's RootsWeb.com Contains Data on 300,000 Users
Quick Hits  |  12/26/2017  | 
A file containing hundreds of thousands of RootsWeb users' email, login information, and passwords was found externally exposed, genealogy site says.
CISOs Play Rising Role In Business
News  |  12/26/2017  | 
CISO hiring trends show more external hires, longer tenures, and an increase in MBAs as tech pros are required to understand the business.
EtherDelta Hack Begins Rocky Weekend for Crypto
News  |  12/26/2017  | 
Popular cryptocurrency exchange EtherDelta announces a potential DNS attack and suspends service just days before Bitcoin hit a five-day drop.
Hit the Cyber Underground for the Hottest Travel Deals
News  |  12/22/2017  | 
You can get everything from inexpensive flights and hotels to fake passports in the cyber underground, says Trend Micro.
Network Printer & Scanner Spoofing Campaign Targets Millions
Quick Hits  |  12/22/2017  | 
Cybercriminals distribute malicious email attachments purportedly coming from three common brands of network printer-scanner devices.
Block Threats Faster: Pattern Recognition in Exploit Kits
Commentary  |  12/22/2017  | 
When analysts investigate an indicator of compromise, our primary goal is to determine if it is malicious as quickly as possible. Identifying attack patterns helps you mitigate quicker.
CISO Holiday Miracle Wish List
Slideshows  |  12/22/2017  | 
If CISOs could make a wish to solve a problem, these would be among the top choices.
Businesses Go on Pre-Holiday Cloud Acquisition Spree
News  |  12/21/2017  | 
VMware, McAfee, and Trend Micro announce a series of acquisitions that indicate a strong focus on cloud security.
Russia's Fancy Bear APT Group Gets More Dangerous
News  |  12/21/2017  | 
Encryption and code refreshes to group's main attack tool have made it stealthier and harder to stop, ESET says.
Digital Forensics & the Illusion of Privacy
Commentary  |  12/21/2017  | 
Forensic examiners don't work for bounties. They do what is required to catch criminals, pedophiles, or corporate embezzlers, and now their important security research is finally being acknowledged.
US Census Bureau: Data Exposed in Alteryx Leak Already Public
Quick Hits  |  12/21/2017  | 
The US Census Bureau says no personally identifiable information it collected was compromised in this week's Alteryx leak.
Fileless Malware Attacks Hit Milestone in 2017
News  |  12/21/2017  | 
Non-malware attacks account for the majority of all attacks this year, and ransomware grows to a $5 billion industry, new data shows.
Facebook Helps Users Detect Phishing Emails
Quick Hits  |  12/21/2017  | 
A new Facebook tool shares recent security-related emails so users can verify whether messages are legitimate.
The Hard Work of Pointing Fingers
Larry Loeb  |  12/21/2017  | 
Pointing the finger at a perpetrator is difficult. Pointing it at the right perpetrator is even harder. That doesn't stop many organizations from trying.
Why Network Visibility Is Critical to Removing Security Blind Spots
Commentary  |  12/21/2017  | 
You can't secure what you can't see. Here are four ways to shine a light on the dark spaces of your corporate infrastructure.
Small,Targeted Ransomware Attacks Emerge
News  |  12/21/2017  | 
Cybercriminals narrow their focus on specific industries, geographies, or size for a better return on investment, security experts say.
Be a More Effective CISO by Aligning Security to the Business
Partner Perspectives  |  12/21/2017  | 
These five steps will you help marshal the internal resources you need to reduce risk, break down barriers, and thwart cyber attacks.
My Cybersecurity Predictions for 2018, Part 2: GDPR Hype Is Hype
News Analysis-Security Now  |  12/21/2017  | 
GDPR is the biggest thing in IT privacy and security in a decade. Or its not. Joe Stanganelli on what 2018 will hold in GDPR-driven privacy.
9 Banking Trojans & Trends Costing Businesses in 2017
Slideshows  |  12/20/2017  | 
New Trojans appeared, old ones resurfaced, and delivery methods evolved as cybercriminals set their sights on financial data.
Attack Attribution Tricky Say Some as US Blames North Korea for WannaCry
News  |  12/20/2017  | 
There's not enough evidence to conclusively tie the rogue regime to the ransomware attacks, some security experts say.
IoT Security Is a Matter of Life & Death
Simon Marshall  |  12/20/2017  | 
When the IoT enters the hospital room, its security becomes a matter of literal life and death.
Five Arrested for Cerber, CTB-Locker Ransomware Spread
Quick Hits  |  12/20/2017  | 
Authorities arrest three Romanian suspects for spreading CTB-Locker malware and two for a ransomware case linked to the United States.
Breach Reveals Data on All US Households
Curt Franklin  |  12/20/2017  | 
Information on every US household has now been stolen. What does that mean for IT security?
Security Worries? Let Policies Automate the Right Thing
Commentary  |  12/20/2017  | 
By programming 'good' cybersecurity practices, organizations can override bad behavior, reduce risk, and improve the bottom line.
Another Cyberattack Spotted Targeting Mideast Critical Infrastructure Organizations
News  |  12/19/2017  | 
Operation Copperfield appears focused on data theft and reconnaissance, Nyotron says.
My Cybersecurity Predictions for 2018, Part 1: Following Trends & the FTC
News Analysis-Security Now  |  12/19/2017  | 
2017 was a wild ride in cybersecurity. It's looking like 2018 won't offer any calmer ride.
Microsoft Office Docs New Vessel for Loki Malware
News  |  12/19/2017  | 
Loki malware, built to steal credentials, is distributed via Microsoft Excel and other Office applications rigged with malicious 'scriptlets' to evade detection.
New Database Botnet Leveraged for Bitcoin Mining
News  |  12/19/2017  | 
Attackers are quietly building an attack infrastructure using very sensitive machines.
Massive Cloud Leak Exposes Alteryx, Experian, US Census Bureau Data
Quick Hits  |  12/19/2017  | 
A misconfigured Amazon Web Services S3 storage bucket exposed sensitive data on consumers' financial histories, contact information, and mortgage ownership.
Dirty Practices Make for Difficult Security
Simon Marshall  |  12/19/2017  | 
Data hygiene is low on the priority list for most IT users, and IT security departments end up cleaning up the mess.
Trump Adviser: North Korea Waged WannaCry Attack
News  |  12/19/2017  | 
White House declares the North Korean government as perpetrators of the epic ransomware attack that spread around the globe in early May.
Comprehensive Endpoint Protection Requires the Right Cyber Threat Intelligence
Commentary  |  12/19/2017  | 
CTI falls into three main categories -- tactical, operational, and strategic -- and answers questions related to the "who, what, and why" of a cyber attack.
Page 1 / 3   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-41127
PUBLISHED: 2021-10-21
Rasa is an open source machine learning framework to automate text-and voice-based conversations. In affected versions a vulnerability exists in the functionality that loads a trained model `tar.gz` file which allows a malicious actor to craft a `model.tar.gz` file which can overwrite or replace bot...
CVE-2021-41169
PUBLISHED: 2021-10-21
Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade.
CVE-2021-27746
PUBLISHED: 2021-10-21
"HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability"
CVE-2021-36869
PUBLISHED: 2021-10-21
Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory Search plugin (versions <= 4.6.6). Vulnerable parameter: &post.
CVE-2021-39352
PUBLISHED: 2021-10-21
The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrat...