Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in December 2019
Page 1 / 3   >   >>
Operational Technology: Why Old Networks Need to Learn New Tricks
Commentary  |  12/31/2019  | 
Cybercriminals are maximizing their opportunity by targeting older vulnerabilities in OT environments. It's time to fight back.
Microsoft Shuts Down 50 Domains Used by North Korean Hacking Group
Quick Hits  |  12/31/2019  | 
'Thallium' nation-state threat group used the domains to target mostly US victims.
How AI and Cybersecurity Will Intersect in 2020
Slideshows  |  12/30/2019  | 
Understanding the new risks and threats posed by increased use of artificial intelligence.
Fraud in the New Decade
Commentary  |  12/30/2019  | 
Like any enterprise that wants to survive, fraudsters and hackers will continue to build on past successes to fuel future growth
The Coolest Hacks of 2019
News  |  12/30/2019  | 
A FaceTime fail, weaponized sound, a 'Prying Eye,' and a wearable fingerprint ring, were among the more novel and odd hacks this year.
As Hackers Target Mobile Payment Apps, Here's How to Keep Them at Bay
Commentary  |  12/27/2019  | 
A little vigilance helps retailers reduce and prevent three of the most common kinds of mobile app fraud
Defensive Wish List for 2020: Faster Responses to Threats
News  |  12/27/2019  | 
Security professionals recommend technology to detect attacks that have already infiltrated a network.
'Honoring' CCPA's Binding Principles Nationally Won't Be Easy
Commentary  |  12/26/2019  | 
Even companies with the reach, capital, and innovative capacity of Microsoft or Google will struggle to adhere to the tenets of California's new consumer privacy law.
Ransomware Situation Goes From Bad to Worse
News  |  12/26/2019  | 
New malware distribution techniques and functionality updates are sure to put more pressure on enterprise organizations in 2020.
The Night Before 'Breachmas'
Commentary  |  12/24/2019  | 
What does identity management have to do with Charles Dickens' classic 'A Christmas Carol'? A lot more than you think.
IoT Security: How Far We've Come, How Far We Have to Go
News  |  12/24/2019  | 
As organizations fear the proliferations of connected devices on enterprise networks, the private and public sector come together to address IoT vulnerabilities.
Citrix Urges Firms to Harden Configurations After Flaw Report
News  |  12/23/2019  | 
A vulnerability in two of the company's appliances opens 80,000 networks up for exploitation.
Mastercard Announces Plan to Purchase RiskRecon
Quick Hits  |  12/23/2019  | 
The acquisition is expected to close in the first quarter of 2020.
Former NY Hospital Employee Admits to Stealing Colleagues' Data
Quick Hits  |  12/23/2019  | 
Richard Liriano pleads guilty to compromising hospital computers and co-workers' email accounts, as well as stealing personal files and photos.
2020 & Beyond: The Evolution of Cybersecurity
Commentary  |  12/23/2019  | 
As new technologies disrupt the industry, remember that security is a process, not a goal. Educate yourself on how you can best secure your corner of the Web.
20 Vulnerabilities to Prioritize Patching Before 2020
News  |  12/23/2019  | 
Researchers list the top 20 vulnerabilities currently exploited by attack groups around the world.
F5 Pays $1 Billion for Shape
Quick Hits  |  12/20/2019  | 
The acquisition adds fraud detection and prevention to the application delivery company's tool collection.
Research Team Demonstrates Perfect Secrecy Implementation
Quick Hits  |  12/20/2019  | 
The technique is notable because it can be implemented using low-cost, standard hardware components.
New Orleans to Boost Cyber Insurance to $10M Post-Ransomware
Quick Hits  |  12/20/2019  | 
Mayor LaToya Cantrell anticipates the recent cyberattack to exceed its current $3 million cyber insurance policy.
6 Traits to Develop for Cybersecurity Success
Slideshows  |  12/20/2019  | 
Cultivate these half-dozen qualities and watch your career soar.
Ambiguity Around CCPA Will Lead to a Slow Start in 2020
Commentary  |  12/20/2019  | 
But longer term, compliance to California's new privacy law represents an opportunity for companies to increase customer trust and market share.
China-Based Cyber Espionage Group Targeting Orgs in 10 Countries
News  |  12/19/2019  | 
Dozens of organizations across multiple sectors have become victims of APT20 in the past two years.
Patch Management: How to Prioritize an Underserved Vulnerability
Commentary  |  12/19/2019  | 
Why is one of the biggest problems in cybersecurity also one that CISOs largely ignore? Here are three reasons and a road map to a modern approach.
Global Cyber Alliance Launches New Security Efforts for Election Officials
Quick Hits  |  12/19/2019  | 
The Craig Newmark Trustworthy Internet and Democracy Program will develop security toolkits -- and enhance existing ones -- ahead of the 2020 presidential election.
Privacy Requirements & Penalties Grow, Causing Firms to Struggle
News  |  12/19/2019  | 
Between Europe's and California's privacy laws, companies have a complex landscape to navigate in 2020. Even data-mature industries, such as financial services, see problems ahead.
Google Cloud External Key Manager Now in Beta
Quick Hits  |  12/19/2019  | 
Cloud EKM is designed to separate data at rest from encryption keys stored in a third-party management system.
How a Password-Free World Could Have Prevented the Biggest Breaches of 2019
Commentary  |  12/19/2019  | 
If history has taught us anything, it's that hackers can (and will) compromise passwords. Innovation in authentication technology is poised to change that in the coming year.
5 Security Resolutions to Prevent a Ransomware Attack in 2020
Commentary  |  12/18/2019  | 
Proactively consider tools to detect anomalous behavior, automatically remediate, and segment threats from moving across the network.
Microsoft Issues Out-of-Cycle SharePoint Update
Quick Hits  |  12/18/2019  | 
The update repairs vulnerabilities that could lead to very effective phishing messages.
Worried About Magecart? Here's How to Check for It
Quick Hits  |  12/18/2019  | 
Researchers share how everyday users can check for malicious code on e-commerce websites.
Trading Online? Steps to Take to Avoid Getting Phished
News  |  12/18/2019  | 
From an IT managers perspective, any employee using such a mobile app on a phone they also use for business opens up risks to the corporate network.
Few Firms Use Segmentation, Despite Security Benefits
News  |  12/18/2019  | 
Network segmentation is considered a key security control to prevent attackers from easily accessing critical assets from compromised, but unprivileged, computers. So why aren't more companies doing it?
Your First Month as a CISO: Forming an Information Security Program
Commentary  |  12/18/2019  | 
It's easy to get overwhelmed in your new position, but these tips and resources will help you get started.
'Password' Falls in the Ranks of Favorite Bad Passwords
News  |  12/18/2019  | 
Facebook, Google named worst password breach offenders.
7 Tips to Keep Your Family Safe Online Over the Holidays
Slideshows  |  12/17/2019  | 
Security experts offer key cyber advice for family members.
15 Million Patient Records Exposed Attack on Canadian Lab
Quick Hits  |  12/17/2019  | 
A cyberattack against LifeLabs exposed personal information on patients in Ontario and British Columbia.
Facebook Fixes WhatsApp Group Chat Security Issue
News  |  12/17/2019  | 
Flaw allowed attackers to repeatedly crash group chat and force users to uninstall and reinstall app, Check Point says.
Higher Degree, Higher Salary? Not for Some Security Pros
News  |  12/17/2019  | 
Turns out, skill beats experience and an academic degree doesn't guarantee higher compensation for five security positions.
Talking to the Board about Cybersecurity
Commentary  |  12/17/2019  | 
A chief financial officer shares five winning strategies for an effective board-level conversation about right-sizing risk.
Don't Make Security Training a 'One-and-Done'
Commentary  |  12/17/2019  | 
How to move beyond one-off campaigns and build a true security awareness program.
Siemens Contractor Sentenced for Writing 'Logic Bombs'
Quick Hits  |  12/17/2019  | 
David Tinley, 62, rigged software he wrote for the company starting in 2014 and into 2016, causing the programs to fail.
Data Security Startup Satori Cyber Launches with $5.25M Seed Round
News  |  12/17/2019  | 
Satori Cyber aims to help businesses better protect and govern their information with its Secure Data Access Cloud.
Weak Crypto Practice Undermining IoT Device Security
News  |  12/16/2019  | 
Keyfactor says it was able to break nearly 250,000 distinct RSA keys - many associated with routers, wireless access points, and other Internet-connected devices.
Financial Services Breaches Less Common, More Damaging, Than Those in Other Sectors
Quick Hits  |  12/16/2019  | 
While far less common than breaches in other industry sectors, financial services breaches were more than twice as expensive, per record exposed, than the average for tech businesses.
Mobile Devices Account for 41% of Application Attack Traffic
News  |  12/16/2019  | 
DNS amplification attacks continue to dominate distributed denial-of-service (DDoS) attacks, while mobile devices make up a larger share of traffic.
Ransomware 'Crisis' in US Schools: More Than 1,000 Hit So Far in 2019
News  |  12/16/2019  | 
Meanwhile, the mayor of the city of New Orleans says no ransom money demands were made as her city struggles to recover from a major ransomware attack launched last week.
SQL Server 2019 Tool Tells Attackers Which Data Is Sensitive
News  |  12/16/2019  | 
The design of SQL Data Discovery & Classification could let attackers pinpoint sensitive information while flying under organizations' radars.
Rooster Teeth Alerts Customers to Magecart Attack
Quick Hits  |  12/16/2019  | 
The entertainment company discovered malicious content on the Shopify platform for its online store and removed it the same day.
Why Enterprises Buy Cybersecurity 'Ferraris'
Commentary  |  12/16/2019  | 
You wouldn't purchase an expensive sports car if you couldn't use it properly. So, why make a pricey security investment before knowing it fits into your ecosystem?
Visa Warns of Targeted PoS Attacks on Gas Station Merchants
News  |  12/13/2019  | 
At least two North American chains have been hit in sophisticated new campaigns for stealing payment card data.
Page 1 / 3   >   >>


5 Ways to Up Your Threat Management Game
Wayne Reynolds, Advisory CISO, Kudelski Security,  2/26/2020
Exploitation, Phishing Top Worries for Mobile Users
Robert Lemos, Contributing Writer,  2/28/2020
Kr00k Wi-Fi Vulnerability Affected a Billion Devices
Robert Lemos, Contributing Writer,  2/26/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3006
PUBLISHED: 2020-02-28
On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. Entropy increases after the system has been up and running for so...
CVE-2015-5361
PUBLISHED: 2020-02-28
Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions (gates) are specific to source and destination IPs and ports of client and server. The design intent of the ftps-extensi...
CVE-2020-6803
PUBLISHED: 2020-02-28
An open redirect is present on the gateway's login page, which could cause a user to be redirected to a malicious site after logging in.
CVE-2020-6804
PUBLISHED: 2020-02-28
A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user's authentication token. When combined with CVE-2020-6803, an attacker could fully compromise the system.
CVE-2019-4301
PUBLISHED: 2020-02-28
BigFix Self-Service Application (SSA) is vulnerable to arbitrary code execution if Javascript code is included in Running Message or Post Message HTML.