Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in December 2018
Page 1 / 4   >   >>
4 Global Cybersecurity Threats for 2019
News Analysis-Security Now  |  12/31/2018  | 
As the calendar turns to 2018, ISF is urging members to watch out for four specific security issues: ransomware, legislation, IoT and supply chain.
US Petroleum Employee Charged with Stealing Trade Secrets for Chinese Firm
Quick Hits  |  12/28/2018  | 
Longtime US resident allegedly stole information for petroleum firm in China that had offered him a position.
Start Preparing Now for the Post-Quantum Future
Commentary  |  12/28/2018  | 
Quantum computing will break most of the encryption schemes on which we rely today. These five tips will help you get ready.
5G Network Security Needs a Comprehensive Approach in 2019
News Analysis-Security Now  |  12/28/2018  | 
As the first 5G rollouts are anticipated to start in 2019, service providers need to take a more holistic and comprehensive approach to securing these new networks and the businesses and customers using them.
The Coolest Hacks of 2018
News  |  12/28/2018  | 
In-flight airplanes, social engineers, and robotic vacuums were among the targets of resourceful white-hat hackers this year.
IoT Bug Grants Access to Home Video Surveillance
Quick Hits  |  12/27/2018  | 
Due to a shared Amazon S3 credential, all users of a certain model of the Guardzilla All-In-One Video Security System can view each other's videos.
Toxic Data: How 'Deepfakes' Threaten Cybersecurity
Commentary  |  12/27/2018  | 
The joining of 'deep learning' and 'fake news' makes it possible to create audio and video of real people saying words they never spoke or things they never did.
Healthcare Industry Still in Ransomware Crosshairs
Jeffrey Burt  |  12/27/2018  | 
A report by Kaspersky researchers has found that healthcare organizations in the US and Canada are still at heightened risk of ransomware attacks.
2018: The Year Machine Intelligence Arrived in Cybersecurity
News  |  12/27/2018  | 
Machine intelligence, in its many forms, began having a significant impact on cybersecurity this year setting the stage for growing intelligence in security automation for 2019.
Attackers Use Google Cloud to Target US, UK Banks
Quick Hits  |  12/26/2018  | 
Employees at financial services firms hit with an email attack campaign abusing a Google Cloud storage service.
Spending Spree: What's on Security Investors' Minds for 2019
News  |  12/26/2018  | 
Cybersecurity threats, technology, and investment trends that are poised to dictate venture capital funding in 2019.
3 Steps for Cybersecurity Leaders to Bridge the Gender Equality Gap
Commentary  |  12/26/2018  | 
By encouraging female participation through education and retaining this interest through an inclusive culture and visible role models, we can begin to close the skill and gender gap in cybersecurity.
Security Leaders Need to Heed the Harsh Security Lessons of 2018
News Analysis-Security Now  |  12/26/2018  | 
The sheer number of incidents from 2018 has put even more of the spotlight on enterprise security. Over the next 12 months, businesses need be on the lookout for email and stolen privileges schemes, nation-state attacks and increases in compliance legislation.
6 Ways to Anger Attackers on Your Network
Slideshows  |  12/26/2018  | 
Because you can't hack back without breaking the law, these tactics will frustrate, deceive, and annoy intruders instead.
SOP Story: Why Protecting Web Browsers Remains a Security Cornerstone
Larry Loeb  |  12/24/2018  | 
One of the oldest ways to protect content on the web is SOP. However, it's not always implemented in the same way on all browsers. This can complicate one of the main cornerstones of Internet security.
Top 10 Security Stories of 2018
Slideshows-Security Now  |  12/24/2018  | 
With 2018 drawing to a close, Security Now looks back at the last 12 months to find which stories made the biggest impression on our readers and why these topics remain important even after the stories have faded from the headlines.
7 Business Metrics Security Pros Need to Know
Slideshows  |  12/21/2018  | 
These days, security has to speak the language of business. These KPIs will get you started.
Unpatched Kernel-Level Vuln in IBM Security Tool for Apple MacOS Revealed
Quick Hits  |  12/21/2018  | 
Researchers disclose signedness bug in driver used by IBM Trusteer Rapport endpoint security tool after IBM fails to deliver timely patch.
Amazon Slip-Up Shows How Much Alexa Really Knows
Quick Hits  |  12/21/2018  | 
Amazon mistakenly sent one user's Alexa recordings to a stranger but neglected to disclose the error.
I Spy: Dark Reading Caption Contest Winners
Commentary  |  12/21/2018  | 
No shortage of political humor and inside security jokes in this batch of cartoon caption contenders. And the winners are ...
Criminals Move Markets to Remain in the Shadows
News  |  12/21/2018  | 
While malware families and targets continue to evolve, the most important shift might be happening in the background.
Huawei Routers Vulnerable to Simplified Credential Stuffing Attack
Larry Loeb  |  12/21/2018  | 
Security researchers at NewSky have found a vulnerability in Huawei's HG routers that leave these devices open to a brute force attack. The company has been notified, but it's not clear what, if any fix, has been applied.
APT10 Indictments Show Expansion of MSP Targeting, Cloud Hopper Campaign
News  |  12/21/2018  | 
US brings more indictments against the APT10 cyber espionage group operating in China for its Operation Cloud Hopper campaign against managed service providers, but what will those indictments accomplish?
Justice Department Ties 2 Chinese Nationals to Notorious APT10 Group
News Analysis-Security Now  |  12/21/2018  | 
In another indictment aimed at China's cyberespionage infrastructure, the Justice Department has charged two Chinese nationals with belonging to the notorious APT10 group, which targeted industries in the US, Japan and other countries.
3 Reasons to Train Security Pros to Code
News  |  12/20/2018  | 
United Health chief security strategist explains the benefits the organization reaped when it made basic coding training a requirement for security staff.
Security 101: How Businesses and Schools Bridge the Talent Gap
News  |  12/20/2018  | 
Security experts share the skills companies are looking for, the skills students are learning, and how to best find talent you need.
Attackers Use Scripting Flaw in Internet Explorer, Forcing Microsoft Patch
News  |  12/20/2018  | 
Microsoft issues an emergency update to its IE browser after researchers notified the company that a scripting engine flaw is being used to compromised systems.
How to Optimize Security Spending While Reducing Risk
Commentary  |  12/20/2018  | 
Risk scoring is a way of getting everyone on the same page with a consistent, reliable method of gathering and analyzing security data.
US Indicts 2 APT10 Members for Years-Long Hacking Campaign
Quick Hits  |  12/20/2018  | 
In an indictment unsealed this morning, the US ties China's state security agency to a widespread campaign of personal and corporate information theft.
Hackers Bypass Gmail, Yahoo 2FA at Scale
Quick Hits  |  12/20/2018  | 
A new Amnesty International report explains how cyberattackers are phishing second-factor authentication codes sent via SMS.
2018 In the Rearview Mirror
Commentary  |  12/20/2018  | 
Among this year's biggest news stories: epic hardware vulnerabilities, a more lethal form of DDoS attack, Olympic 'false flags,' hijacked home routers, fileless malware and a new world's record for data breaches.
Automating a DevOps-Friendly Security Policy
Commentary  |  12/20/2018  | 
There can be a clash of missions between security and IT Ops teams, but automation can help.
Cloud Backup: How It Can Protect Against Ransomware
Jeffrey Burt  |  12/20/2018  | 
For enterprises anxious to avoid being extorted by attackers using ransomware, backing up data to the cloud is an option to consider, though it's not the answer for everyone.
Email Spam: Don't Be a Chump or a Jerk
Alan Zeichick  |  12/20/2018  | 
For decades, spam emails have clogged up corporate email inboxes. However, there are some simple rules and guidelines IT pros, as well as marketers, can use to cut down on this, and make everyone more secure.
McAfee: IoT & Crypomining Malware Growth Exploded in Q3
News Analysis-Security Now  |  12/20/2018  | 
In its new quarterly threat report, McAfee Labs researchers found that malware targeting IoT devices, as well as cryptomining, continued to grow, specifically by taking advantage of lax security practices.
US Names, Sanctions Russian GRU Officials for 2016 Election Hacks
Quick Hits  |  12/19/2018  | 
Treasury Department names and imposes economic sanctions on the alleged major players behind the Russian election-meddling operation, as well as the World Anti-Doping Agency breach.
How to Remotely Brick a Server
News  |  12/19/2018  | 
Researchers demonstrate the process of remotely bricking a server, which carries serious and irreversible consequences for businesses.
NASA Investigating Breach That Exposed PII on Employees, Ex-Workers
News  |  12/19/2018  | 
Incident is latest manifestation of continuing security challenges at agency, where over 3,000 security incidents have been reported in recent years.
Attack Campaign Targets Financial Firms Via Old But Reliable Tricks
News  |  12/19/2018  | 
Among other tried-and-true cyberattack methods, the attackers hosted malware on the Google Cloud Storage service domain storage.googleapis.com to mask their activity.
Privacy Futures: Fed-up Consumers Take Their Data Back
Commentary  |  12/19/2018  | 
In 2019, usable security will become the new buzzword and signal a rejection of the argument that there must be a trade-off between convenience and security and privacy.
Facebook Data Deals Extend to Microsoft, Amazon, Netflix
Quick Hits  |  12/19/2018  | 
An explosive new report sheds light on data-sharing deals that benefited 150 companies as Facebook handed over unknowing users' information.
DOJ Announces Indictment in Nigerian Banking Scam
Quick Hits  |  12/19/2018  | 
International investment scam laundered funds through US bank accounts before being sent to Nigeria.
Cybersecurity in 2019: From IoT & Struts to Gray Hats & Honeypots
Commentary  |  12/19/2018  | 
While you prepare your defenses against the next big thing, also pay attention to the longstanding threats that the industry still hasn't put to rest.
Jenkins Flaw Can Allow Attackers to Log In as Admins
Larry Loeb  |  12/19/2018  | 
New research from CyberArk finds a critical flaw in Jenkins servers that can allow an attacker to log in as an administrator, which can lead to any number of compromises and malicious activity.
Many Enterprises Still Blind to Security Risk, Study Finds
Jeffrey Burt  |  12/19/2018  | 
Even as organizations continue to get hit with cyber attacks, they're struggling to accurately measure the costs of such events to their operations, a report by Tenable and the Ponemon Institute found.
When Cryptocurrency Falls, What Happens to Cryptominers?
News  |  12/18/2018  | 
The fall of cryptocurrency's value doesn't signify an end to cryptomining, but attackers may be more particular about when they use it.
Memes on Twitter Used to Communicate With Malware
News  |  12/18/2018  | 
Steganography via tweet images gave attackers a way to pass on malicious instructions to Trojan, researchers say.
Trend Micro Finds Major Flaws in HolaVPN
Quick Hits  |  12/18/2018  | 
A popular free VPN is found to have a very high cost for users.
Twitter Hack May Have State-Sponsored Ties
Quick Hits  |  12/18/2018  | 
A data leak was disclosed after attackers targeted a support form, which had "unusual activity."
Cryptographic Erasure: Moving Beyond Hard Drive Destruction
Commentary  |  12/18/2018  | 
In the good old days, incinerating backup tapes or shredding a few hard drives would have solved the problem. Today, we have a bigger challenge.
Page 1 / 4   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-41127
PUBLISHED: 2021-10-21
Rasa is an open source machine learning framework to automate text-and voice-based conversations. In affected versions a vulnerability exists in the functionality that loads a trained model `tar.gz` file which allows a malicious actor to craft a `model.tar.gz` file which can overwrite or replace bot...
CVE-2021-41169
PUBLISHED: 2021-10-21
Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade.
CVE-2021-27746
PUBLISHED: 2021-10-21
"HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability"
CVE-2021-36869
PUBLISHED: 2021-10-21
Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory Search plugin (versions <= 4.6.6). Vulnerable parameter: &post.
CVE-2021-39352
PUBLISHED: 2021-10-21
The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrat...