Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in December 2017
<<   <   Page 3 / 3
Gartner: IT Security Spending to Reach $96 Billion in 2018
News  |  12/8/2017  | 
Identity access management and security services to drive worldwide spending growth.
What Slugs in a Garden Can Teach Us About Security
Commentary  |  12/8/2017  | 
Design principles observed in nature serve as a valuable model to improve organizations' security approaches.
Startup Attivo Advocates for 'Deceptive' Security Protection
Simon Marshall  |  12/8/2017  | 
When it comes to security, how deceptive should enterprises be to thwart cybercriminals? Attivo Networks and a number of other security startups are advocating a different approach.
Microsoft Issues Emergency Patch for 'Critical' Flaw in Windows Security
Quick Hits  |  12/8/2017  | 
Remote code execution vulnerability in Microsoft Malware Protection Engine was found by UK spy agency's National Cyber Security Centre (NCSC).
More Security Might Not Cure Ransomware
News Analysis-Security Now  |  12/8/2017  | 
Ransomware is definitely a security issue, but 'more security' may not be the solution so many are looking for.
Conficker: The Worm That Won't Die
News  |  12/7/2017  | 
More than nine years after it infected millions of systems worldwide, the malware continues to be highly active, according to a Trend Micro report.
Android Ransomware Kits on the Rise in the Dark Web
News  |  12/7/2017  | 
More than 5,000 Android ransomware kit listings have been spotted so far this year, with the median price range hitting $200.
Rutkowska: Trust Makes Us Vulnerable
News  |  12/7/2017  | 
Offensive security researcher Joanna Rutkowska explains why trust in technology can put users at risk.
Man-in-the-Middle Flaw in Major Banking, VPN Apps Exposes Millions
News  |  12/7/2017  | 
New research from University of Birmingham emphasizes importance of securing high-risk mobile apps.
Bitcoin Miner NiceHash Hacked, Possibly Losing $62 Million in Bitcoin
Quick Hits  |  12/7/2017  | 
Breach occurred just prior to bitcoin's debut on two major US exchanges, the AP reports.
Global Security Spending Will Top $96B in 2018 Report
News Analysis-Security Now  |  12/7/2017  | 
Gartner is predicting that worldwide spending on security will increase 8% between 2017 and 2018 to reach $96 billion. New regulations, such as the GDPR in Europe, are forcing enterprises to spend more.
Uber Used $100K Bug Bounty to Pay, Silence Florida Hacker: Report
Quick Hits  |  12/7/2017  | 
Uber also performed a forensic analysis of the man's computer to ensure he had deleted the stolen information, Reuters said.
Ransomware Meets 'Grey's Anatomy'
Commentary  |  12/7/2017  | 
Fictional Grey Sloan Memorial Hospital is locked out of its electronic medical records, but in the real world, healthcare organizations face even greater risks.
Attacker 'Dwell Time' Average Dips Slightly to 86 Days
News  |  12/7/2017  | 
Real-world incident response investigation data from CrowdStrike reveals attacker trends with fileless malware, ransomware, and other weapons.
Equifax Breach Points to Similar Security Concerns Report
Simon Marshall  |  12/7/2017  | 
The Equifax breach earlier this year exposed more than 140 million personal records, shocking many people. However, a new Fortinet report shows that the vulnerabilities used in that attack are becoming more common.
Why Third-Party Security Is your Security
Partner Perspectives  |  12/7/2017  | 
Managing third-party risk isn't just a good idea, in many cases, it's the law. This security framework can help you minimize the threat.
Keys to Moving Security to the Cloud
News Analysis-Security Now  |  12/7/2017  | 
Security in the cloud may be the security you need; here is how to know where your security should live.
NIST Releases New Cybersecurity Framework Draft
News  |  12/6/2017  | 
Updated version includes changes to some existing guidelines - and adds some new ones.
Nearly 2/3 of Industrial Companies Lack Security Monitoring
Quick Hits  |  12/6/2017  | 
New Honeywell survey shows more than half of industrial sector organizations have suffered cyberattacks.
Most Retailers Haven't Fully Tested Their Breach Response Plans
Quick Hits  |  12/6/2017  | 
More than 20% lack a breach response plan altogether, a new survey shows.
Why Cybersecurity Must Be an International Effort
News  |  12/6/2017  | 
The former head of cyber for the US State Department calls for agreements across countries to improve government cybersecurity.
How the Major Intel ME Firmware Flaw Lets Attackers Get 'God Mode' on a Machine
News  |  12/6/2017  | 
Researchers at Black Hat Europe today revealed how a buffer overflow they discovered in the chip's firmware can be abused to take control of a machine - even when it's turned 'off.'
Cyberattack: It Can't Happen to Us (Until It Does)
Commentary  |  12/6/2017  | 
Just because your small or medium-sized business isn't as well known as Equifax or Yahoo doesn't mean you're immune to becoming a cybercrime victim.
Crypto Wars: The Show That Never Ends
Larry Loeb  |  12/6/2017  | 
The German Interior Ministry is spearheading an effort to create a new law that would require tech companies to provide backdoors for a range of devices. It's the latest salvo in the war over encryption.
Surviving the Holiday Bot Security Surge
News Analysis-Security Now  |  12/6/2017  | 
Bots can make security life interesting at any time. In the holiday shopping frenzy they're going to cause problems for retailers, wholesalers and anyone else touching the public Internet.
Study: Simulated Attacks Uncover Real-World Problems in IT Security
News  |  12/5/2017  | 
Some 70% of simulated attacks on real networks were able to move laterally within the network, while more than half infiltrated the perimeter and exfiltrated data.
Bitcoin Sites Become Hot Targets for DDoS Attacks
News  |  12/5/2017  | 
The Bitcoin industry is now one of the top 10 most-targeted industries for DDoS campaigns. Price manipulation could be one goal, Imperva says.
Andromeda Botnet Dismantled by International Law Enforcement Coalition
News Analysis-Security Now  |  12/5/2017  | 
The FBI, along with several other European law enforcement agencies, shut down the massive Andromeda Botnet, which was involved in 80 different malware families and infected millions of PCs.
6 Personality Profiles of White-Hat Hackers
Slideshows  |  12/5/2017  | 
From making the Internet safer to promoting their security careers, bug bounty hunters have a broad range of motivators for hacking most just like the challenge.
Android Developer Tools Contain Vulnerabilities
Quick Hits  |  12/5/2017  | 
Several of the most popular cloud-based and downloadable tools Android developers use are affected.
Improve Signal-to-Noise Ratio with 'Content Curation:' 5 Steps
Commentary  |  12/5/2017  | 
By intelligently managing signatures, correlation rules, filters and searches, you can see where your security architecture falls down, and how your tools can better defend the network.
The Security Risk Lurking in the Board of Directors
Simon Marshall  |  12/5/2017  | 
Corporate boards are a significant security concern, according to new research from Palo Alto Networks. However, there are ways for CSOs to mitigate this internal threat.
Security Lessons From Japanese Castles
News Analysis-Security Now  |  12/5/2017  | 
The design of feudal Japanese castles can teach us a lot about modern computer security.
FBI, Europol, Microsoft, ESET Team Up, Dismantle One of World's Largest Malware Operations
News  |  12/4/2017  | 
Avalanche, aka Gamarue, aka Wauchos, malware enterprise spanned hundreds of botnets and 88 different malware families.
NSA Employee Pleads Guilty to Illegally Retaining National Defense Secrets
News  |  12/4/2017  | 
Nghia Hoang Pho faces up to eight years in prison for removing highly classified NSA data from workplace and storing it at home.
PayPal's TIO Networks Suffered Data Breach Exposing Data on 1.6 Million Customers
Quick Hits  |  12/4/2017  | 
PayPal states TIO Networks, a payment processing company it acquired this summer, is not part of its network and PayPal remains unaffected by the breach.
The Rising Dangers of Unsecured IoT Technology
Commentary  |  12/4/2017  | 
As government regulation looms, the security industry must take a leading role in determining whether the convenience of the Internet of Things is worth the risk and compromise of unsecured devices.
Tips for Writing Better Infosec Job Descriptions
News  |  12/4/2017  | 
Security leaders frustrated with their talent search may be searching for the wrong skills and qualifications.
Device Servers May Have Leaked Telnet Passwords for Years
Larry Loeb  |  12/4/2017  | 
A security researcher has found that servers that connect older, industrial hardware to the Internet have been leaking Telnet passwords, possibly for years.
Too Many Alerts: A Holiday Infosec Horror Story
News Analysis-Security Now  |  12/4/2017  | 
Too many alerts can be as catastrophic as too few. But how do you manage to get just enough warning messages?
Hacked IV Pumps and Digital Smart Pens Can Lead to Data Breaches
News  |  12/4/2017  | 
Researcher to reveal IoT medical device dangers at Black Hat Europe this week.
Wearables Bring Privacy & Security Headaches to the Enterprise
Curt Franklin  |  12/1/2017  | 
A new generation of wearables is creating a new level of vulnerability for business networks.
Identity Issues: A Friday Haiku
Curt Franklin  |  12/1/2017  | 
Identity matters; the real question is how to figure out who you really are.
Email Bug Shows Flaws in Reporting System
Larry Loeb  |  12/1/2017  | 
When one of the world's most commonly used email applications doesn't have a bug-reporting system, things get very public very quickly.
Deception: Why It's Not Just Another Honeypot
Commentary  |  12/1/2017  | 
The technology has made huge strides in evolving from limited, static capabilities to adaptive, machine learning deception.
Security Geek Gift Guide
Slideshows  |  12/1/2017  | 
Fun gifts for cybersecurity co-workers and bosses alike.
Sallie Mae CISO: 4 Technologies That Will Shape IT Security
News  |  12/1/2017  | 
'The world as we know it will vanish,' according to Jerry Archer.
'Blocking and Tackling' in the New Age of Security
News  |  12/1/2017  | 
In a pep talk to CISOs, the chief security strategist at PSCU advises teams to prioritize resilience in addition to security.
<<   <   Page 3 / 3


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30485
PUBLISHED: 2021-04-11
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.