Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in December 2017
<<   <   Page 2 / 3   >   >>
'Starwars' Debuts on List of Worst Passwords of 2017
News  |  12/19/2017  | 
Many of the old standbys made this year's list of the 25 stolen - and weakest - passwords found dumped online.
Picker Mentality Supercharges Malware
Larry Loeb  |  12/18/2017  | 
The picker mentality, reusing code and techniques that have worked before, is making malware stronger and more difficult to defend against.
Telegram RAT Escapes Detection via Cloud Apps
Quick Hits  |  12/18/2017  | 
Netskope discovers a new RAT using Dropbox for its payload host and Telegram Messenger for command and control.
Kaspersky Lab Files Lawsuit Over DHS Ban of its Products
News  |  12/18/2017  | 
Security firm petitions US District Court to rescind decision to prohibit its products on US federal government systems.
Businesses Fail in Risk Modeling and Management: Report
News  |  12/18/2017  | 
Businesses struggle to quantify and manage risk, leading to wasted resources and oversight of major problems.
US Government Pays $10,650 Bug Bounty in 'Hack the Air Force' Event
Quick Hits  |  12/18/2017  | 
The bounty, split between two researchers, is the largest single reward by any government bug bounty program to date.
Top 8 Cybersecurity Skills IT Pros Need in 2018
Slideshows  |  12/18/2017  | 
Cloud security architecture skills to customer-service savvy are among the key IT security skills needed next year as CIOs ramp up hiring.
Security for the Broken Business
Curt Franklin  |  12/18/2017  | 
What is the IT security's responsibility when the business itself is intrinsically secure? The first step may be to point out the obvious.
Everything Is Hackable: Now What?
News Analysis-Security Now  |  12/18/2017  | 
When everything is hackable, breach prevention can't be the only tool in the cybersecurity tool chest.
Advanced Deception: How It Works & Why Attackers Hate It
Commentary  |  12/18/2017  | 
While cyberattacks continue to grow, deception-based technology is providing accurate and scalable detection and response to in-network threats.
19 M California Voter Records Held for Ransom in MongoDB Attack
Quick Hits  |  12/15/2017  | 
The records were first exposed in an unsecured MongoDB database, continuing a cyber-extortion trend.
FireEye Researchers Identify Triton Malware in Industrial Systems
News Analysis-Security Now  |  12/15/2017  | 
Researchers with FireEye have found traces of a malware called Triton that has targeted industrial systems and other critical infrastructure in much the same way as Stuxnet was.
Lazarus Group Targets Bitcoin Company
Quick Hits  |  12/15/2017  | 
The cybercrime group blamed for attacks on the SWIFT financial network launches a spearphishing campaign to steal employee credentials at a London cryptocurrency company.
Mobile Device Makers Increasingly Embrace Bug Bounty Programs
News  |  12/15/2017  | 
Samsung is the latest to join a small group of smartphone makers to cast their net wide on catching vulnerabilities in their devices.
Is Your Security Workflow Backwards?
Commentary  |  12/15/2017  | 
The pace at which information security evolves means organizations must work smarter, not harder. Here's how to stay ahead of the threats.
Office 365 Flaw Could Lead to 'Stealthy Admin' Headaches
Simon Marshall  |  12/15/2017  | 
A recently discovered flaw in Microsoft's Office 365 suite could meant that a business's so-called "stealthy admins" could compromise security without even realizing it.
Russian DNS Gobbling Up Internet Traffic
Larry Loeb  |  12/15/2017  | 
BGPMON researchers have found that Russian DNS servers redirected Internet traffic through Russia several times earlier this month. The question is whether it's a test or a harbinger of things to come.
TRITON Attacker Disrupts ICS Operations, While Botching Attempt to Cause Physical Damage
News  |  12/14/2017  | 
TRITON malware is discovered after an attack on a safety monitoring system accidentally triggered the shutdown of an industrial process at an undisclosed organization.
BlueBorne Attack Highlights Flaws in Linux, IoT Security
News  |  12/14/2017  | 
Bluetooth vulnerabilities let attackers control devices running Linux or any OS derived from it, putting much of the Internet of Things at risk, including popular consumer products.
Small Businesses Are Cybercrime Targets
News Analysis-Security Now  |  12/14/2017  | 
Hackers aren't just after the big fish – they're coming after small businesses, as well.
Why Hackers Are in Such High Demand, and How They're Affecting Business Culture
Commentary  |  12/14/2017  | 
White hat hackers bring value to organizations and help them defend against today's advanced threats.
Is a Good Offense the Best Defense Against Hackers?
Partner Perspectives  |  12/14/2017  | 
A proposed new law could make it legal for companies to hack back against attacker. But will it work?
Juniper Looks to Automate Security Policies for Enterprises
News Analysis-Security Now  |  12/14/2017  | 
A skills shortage is making IT security harder: Juniper is looking to address that issue by helping businesses automate the policy process.
2 Million Fake Net Neutrality Comments Stole American Identities
Quick Hits  |  12/14/2017  | 
New York Attorney General Eric Schneiderman updates the investigation into fake content submitted during the net neutrality comment process.
Malware Decompiler Tool Goes Open Source
News  |  12/13/2017  | 
Avast's RetDec machine-code decompiler now available for free on Github.
Google Sheds Light on Data Encryption Practices
News  |  12/13/2017  | 
Google explains the details of how it secures information in the cloud and encrypts data in transit.
Former Rutgers Student, Two Others Plead Guilty to Operating Mirai Botnet
News  |  12/13/2017  | 
Trio faces up to five years in federal prison and fines of up to $250,000
80% of Americans Admit to Risky Cybersecurity Behaviors
Quick Hits  |  12/13/2017  | 
Nearly half of survey respondents use unsecured WiFi networks and a third open unsolicited email attachment, a report finds.
Healthcare Faces Poor Cybersecurity Prognosis
News  |  12/13/2017  | 
Experts say the healthcare industry is underestimating security threats as attackers continue to seek data and monetary gain.
Google Play Offered Fewer Blacklisted Mobile Apps in Q3
News  |  12/13/2017  | 
Third-party AndroidAPKDescargar store carried the most blacklisted mobile apps.
8 Steps for Building an IT Security Career Path Program
Slideshows  |  12/13/2017  | 
A cybersecurity career-path program can help with talent retention and recruitment.
Automation Could Be Widening the Cybersecurity Skills Gap
Commentary  |  12/13/2017  | 
Sticking workers with tedious jobs that AI can't do leads to burnout, but there is a way to achieve balance.
Cloud Security Is an Enterprise Responsibility Report
News Analysis-Security Now  |  12/13/2017  | 
When it comes to the 'shared responsibility,' enterprises and their cloud providers have equally important roles to play. However, the ultimately responsibility for protecting data falls to the business and its IT and security departments, according to NSS Labs.
5 Critical Cloud Security Questions
News Analysis-Security Now  |  12/13/2017  | 
Security has come to the cloud; here are five questions to ask when it's time for cloud security to come to your organization.
Security Compliance: The Less You Spend the More You Pay
News  |  12/12/2017  | 
The costs of complying with data protection requirements are steep, but the costs of non-compliance are even higher, a new study shows.
Microsoft Azure AD Connect Flaw Elevates Employee Privilege
News  |  12/12/2017  | 
An improper default configuration gives employees unnecessary administrative privilege without their knowledge, making them ideal targets for hackers.
Only 5% of Business Leaders Rethought Security After Equifax
Quick Hits  |  12/12/2017  | 
Corporate leaders know little about common security threats like ransomware and phishing, driving their risk for attack.
8 Out of 10 Employees Use Unencrypted USB Devices
Quick Hits  |  12/12/2017  | 
Security policies for USB drivers are severely outdated or inadequate, a report finds.
How Good Privacy Practices Help Protect Your Company Brand
Commentary  |  12/12/2017  | 
Follow these five guidelines to keep your organization's data protected.
Kaspersky Names WannaCry 'Vulnerability of the Year'
Simon Marshall  |  12/12/2017  | 
Of all the breaches, malware and ransomware that security researchers saw this year, WannaCry had the greatest effect, according to Kaspersky Labs.
Employees on Public WiFi Rarely Face Man-in-the-Middle Attacks
News  |  12/12/2017  | 
Employees' corporate mobile devices are connected to WiFi networks on average 74% of the time.
Automation Answers Security Skills Shortage
News Analysis-Security Now  |  12/12/2017  | 
The often-discussed cybersecurity skills shortage may find a solution in security automation.
Russian-Speaking 'MoneyTaker' Group Helps Itself to Millions from US Banks
News  |  12/11/2017  | 
Banks in Latin America appear to be next big target, Group-IB says.
Romanian Nationals Admit to Racketeering Conspiracy, ATM Skimming
Quick Hits  |  12/11/2017  | 
Seven Romanian nationals pleaded guilty in connection with an ATM skimming scheme and RICO conspiracy, in addition to other crimes.
enSilo Researchers: Your NTFS Transactions Belong to Us
Larry Loeb  |  12/11/2017  | 
A pair of researchers from enSilo have disclosed how they created a new vulnerability within Windows-based systems that can compromise NTFS transactions, and the worst part is that security vendors are not prepared.
Oracle Product Rollout Underscores Need for Trust in the Cloud
News  |  12/11/2017  | 
Oracle updates its Identity SOC and management cloud with security tools to verify and manage users trusted with access to cloud-based data and applications.
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Commentary  |  12/11/2017  | 
The number of unfilled jobs in our industry continues to grow. Here's why.
CFOs: Cybersecurity Is About Risk, Not Vendors
News Analysis-Security Now  |  12/11/2017  | 
At a recent forum for CFOs, panelists discussed the pros and cons of cybersecurity products and vendors in a time where major breaches are occurring every few weeks.
Post-Breach Carnage: Worst Ways The Axe Fell in 2017
Slideshows  |  12/11/2017  | 
Executive firings, stock drops, and class action settlements galore, this year was a study in real-world repercussions for cybersecurity lapses.
Machine Learning for Ransomware Defense
News Analysis-Security Now  |  12/11/2017  | 
Ransomware keeps getting more dangerous but defense is improving, too. Machine learning might be the key to actually keeping up with the level of attacks.
<<   <   Page 2 / 3   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27180
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail (aka WorldClient). It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user.
CVE-2021-27181
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the va...
CVE-2021-27182
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail (aka WorldClient). It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user.
CVE-2021-27183
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to modify existing files. This vulnerability may directly lead...
CVE-2021-29449
PUBLISHED: 2021-04-14
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details.