Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in December 2019
Page 1 / 3   >   >>
Operational Technology: Why Old Networks Need to Learn New Tricks
Commentary  |  12/31/2019  | 
Cybercriminals are maximizing their opportunity by targeting older vulnerabilities in OT environments. It's time to fight back.
Microsoft Shuts Down 50 Domains Used by North Korean Hacking Group
Quick Hits  |  12/31/2019  | 
'Thallium' nation-state threat group used the domains to target mostly US victims.
How AI and Cybersecurity Will Intersect in 2020
Slideshows  |  12/30/2019  | 
Understanding the new risks and threats posed by increased use of artificial intelligence.
Fraud in the New Decade
Commentary  |  12/30/2019  | 
Like any enterprise that wants to survive, fraudsters and hackers will continue to build on past successes to fuel future growth
The Coolest Hacks of 2019
News  |  12/30/2019  | 
A FaceTime fail, weaponized sound, a 'Prying Eye,' and a wearable fingerprint ring, were among the more novel and odd hacks this year.
Mac Malware Breaks Into Top 5 Threats of 2019 – Malwarebytes Labs
Larry Loeb  |  12/30/2019  | 
Of the top 25 detections across all platforms, six were Mac threats, the researchers discovered.
As Hackers Target Mobile Payment Apps, Here's How to Keep Them at Bay
Commentary  |  12/27/2019  | 
A little vigilance helps retailers reduce and prevent three of the most common kinds of mobile app fraud
Defensive Wish List for 2020: Faster Responses to Threats
News  |  12/27/2019  | 
Security professionals recommend technology to detect attacks that have already infiltrated a network.
'Honoring' CCPA's Binding Principles Nationally Won't Be Easy
Commentary  |  12/26/2019  | 
Even companies with the reach, capital, and innovative capacity of Microsoft or Google will struggle to adhere to the tenets of California's new consumer privacy law.
Ransomware Situation Goes From Bad to Worse
News  |  12/26/2019  | 
New malware distribution techniques and functionality updates are sure to put more pressure on enterprise organizations in 2020.
New Botnet Uses DHT as Its Foundation
Larry Loeb  |  12/24/2019  | 
Security researchers at 360 Netlab have been watching a new botnet they call Mozi for the last four months. It's a new P2P botnet with implementation that is based on the Distributed Hash Table protocol.
The Night Before 'Breachmas'
Commentary  |  12/24/2019  | 
What does identity management have to do with Charles Dickens' classic 'A Christmas Carol'? A lot more than you think.
IoT Security: How Far We've Come, How Far We Have to Go
News  |  12/24/2019  | 
As organizations fear the proliferations of connected devices on enterprise networks, the private and public sector come together to address IoT vulnerabilities.
Citrix Urges Firms to Harden Configurations After Flaw Report
News  |  12/23/2019  | 
A vulnerability in two of the company's appliances opens 80,000 networks up for exploitation.
5G Security Rests on an Unstable Base
Larry Loeb  |  12/23/2019  | 
Positive Technologies has issued a report on the emerging security problems of 5G signaling networks.
Mastercard Announces Plan to Purchase RiskRecon
Quick Hits  |  12/23/2019  | 
The acquisition is expected to close in the first quarter of 2020.
Former NY Hospital Employee Admits to Stealing Colleagues' Data
Quick Hits  |  12/23/2019  | 
Richard Liriano pleads guilty to compromising hospital computers and co-workers' email accounts, as well as stealing personal files and photos.
2020 & Beyond: The Evolution of Cybersecurity
Commentary  |  12/23/2019  | 
As new technologies disrupt the industry, remember that security is a process, not a goal. Educate yourself on how you can best secure your corner of the Web.
20 Vulnerabilities to Prioritize Patching Before 2020
News  |  12/23/2019  | 
Researchers list the top 20 vulnerabilities currently exploited by attack groups around the world.
Crystal Ball: The Top 3 Global Cybersecurity Threats for 2020
Steve Durbin  |  12/23/2019  | 
In the year ahead, organizations of all sizes must prepare for the unknown so they have the flexibility to withstand unexpected, high-impact cybersecurity events.
F5 Pays $1 Billion for Shape
Quick Hits  |  12/20/2019  | 
The acquisition adds fraud detection and prevention to the application delivery company's tool collection.
Research Team Demonstrates Perfect Secrecy Implementation
Quick Hits  |  12/20/2019  | 
The technique is notable because it can be implemented using low-cost, standard hardware components.
New Orleans to Boost Cyber Insurance to $10M Post-Ransomware
Quick Hits  |  12/20/2019  | 
Mayor LaToya Cantrell anticipates the recent cyberattack to exceed its current $3 million cyber insurance policy.
6 Traits to Develop for Cybersecurity Success
Slideshows  |  12/20/2019  | 
Cultivate these half-dozen qualities and watch your career soar.
Happier Holidays as Ad Threat Declines
Larry Loeb  |  12/20/2019  | 
DEVCON report finds that the number of ad-threat JavaScript attacks in the US diminished year-over-year, but what attacks there were increased in sophistication.
Ambiguity Around CCPA Will Lead to a Slow Start in 2020
Commentary  |  12/20/2019  | 
But longer term, compliance to California's new privacy law represents an opportunity for companies to increase customer trust and market share.
China-Based Cyber Espionage Group Targeting Orgs in 10 Countries
News  |  12/19/2019  | 
Dozens of organizations across multiple sectors have become victims of APT20 in the past two years.
Patch Management: How to Prioritize an Underserved Vulnerability
Commentary  |  12/19/2019  | 
Why is one of the biggest problems in cybersecurity also one that CISOs largely ignore? Here are three reasons and a road map to a modern approach.
Global Cyber Alliance Launches New Security Efforts for Election Officials
Quick Hits  |  12/19/2019  | 
The Craig Newmark Trustworthy Internet and Democracy Program will develop security toolkits -- and enhance existing ones -- ahead of the 2020 presidential election.
Privacy Requirements & Penalties Grow, Causing Firms to Struggle
News  |  12/19/2019  | 
Between Europe's and California's privacy laws, companies have a complex landscape to navigate in 2020. Even data-mature industries, such as financial services, see problems ahead.
Google Cloud External Key Manager Now in Beta
Quick Hits  |  12/19/2019  | 
Cloud EKM is designed to separate data at rest from encryption keys stored in a third-party management system.
How a Password-Free World Could Have Prevented the Biggest Breaches of 2019
Commentary  |  12/19/2019  | 
If history has taught us anything, it's that hackers can (and will) compromise passwords. Innovation in authentication technology is poised to change that in the coming year.
RST Gets Fixed
Larry Loeb  |  12/18/2019  | 
Peleg Hadar of SaveBreach Labs has posted about the vulnerability he found in Intel's Rapid Storage Technology Service.
5 Security Resolutions to Prevent a Ransomware Attack in 2020
Commentary  |  12/18/2019  | 
Proactively consider tools to detect anomalous behavior, automatically remediate, and segment threats from moving across the network.
Microsoft Issues Out-of-Cycle SharePoint Update
Quick Hits  |  12/18/2019  | 
The update repairs vulnerabilities that could lead to very effective phishing messages.
Worried About Magecart? Here's How to Check for It
Quick Hits  |  12/18/2019  | 
Researchers share how everyday users can check for malicious code on e-commerce websites.
Trading Online? Steps to Take to Avoid Getting Phished
News  |  12/18/2019  | 
From an IT managers perspective, any employee using such a mobile app on a phone they also use for business opens up risks to the corporate network.
Few Firms Use Segmentation, Despite Security Benefits
News  |  12/18/2019  | 
Network segmentation is considered a key security control to prevent attackers from easily accessing critical assets from compromised, but unprivileged, computers. So why aren't more companies doing it?
Your First Month as a CISO: Forming an Information Security Program
Commentary  |  12/18/2019  | 
It's easy to get overwhelmed in your new position, but these tips and resources will help you get started.
'Password' Falls in the Ranks of Favorite Bad Passwords
News  |  12/18/2019  | 
Facebook, Google named worst password breach offenders.
7 Tips to Keep Your Family Safe Online Over the Holidays
Slideshows  |  12/17/2019  | 
Security experts offer key cyber advice for family members.
15 Million Patient Records Exposed Attack on Canadian Lab
Quick Hits  |  12/17/2019  | 
A cyberattack against LifeLabs exposed personal information on patients in Ontario and British Columbia.
Facebook Fixes WhatsApp Group Chat Security Issue
News  |  12/17/2019  | 
Flaw allowed attackers to repeatedly crash group chat and force users to uninstall and reinstall app, Check Point says.
Higher Degree, Higher Salary? Not for Some Security Pros
News  |  12/17/2019  | 
Turns out, skill beats experience and an academic degree doesn't guarantee higher compensation for five security positions.
Talking to the Board about Cybersecurity
Commentary  |  12/17/2019  | 
A chief financial officer shares five winning strategies for an effective board-level conversation about right-sizing risk.
Don't Make Security Training a 'One-and-Done'
Commentary  |  12/17/2019  | 
How to move beyond one-off campaigns and build a true security awareness program.
Siemens Contractor Sentenced for Writing 'Logic Bombs'
Quick Hits  |  12/17/2019  | 
David Tinley, 62, rigged software he wrote for the company starting in 2014 and into 2016, causing the programs to fail.
Data Security Startup Satori Cyber Launches with $5.25M Seed Round
News  |  12/17/2019  | 
Satori Cyber aims to help businesses better protect and govern their information with its Secure Data Access Cloud.
TrickBot Drops an Anchor
Larry Loeb  |  12/17/2019  | 
New threat has been used in campaigns against financial, manufacturing, and retail businesses across the US and Europe.
Financial Services Breaches Less Common, More Damaging, Than Those in Other Sectors
Quick Hits  |  12/16/2019  | 
While far less common than breaches in other industry sectors, financial services breaches were more than twice as expensive, per record exposed, than the average for tech businesses.
Page 1 / 3   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Lessons from COVID-19 Cyberattacks: Where Do We Go Next?
Derek Manky, Chief of Security Insights and Global Threat Alliances, FortiGuard Labs,  7/2/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-3931
PUBLISHED: 2020-07-08
Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary command.
CVE-2020-15600
PUBLISHED: 2020-07-07
An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
CVE-2020-15599
PUBLISHED: 2020-07-07
Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field.
CVE-2020-8916
PUBLISHED: 2020-07-07
A memory leak in Openthread's wpantund versions up to commit 0e5d1601febb869f583e944785e5685c6c747be7, when used in an environment where wpanctl is directly interfacing with the control driver (eg: debug environments) can allow an attacker to crash the service (DoS). We recommend updating, or to res...
CVE-2020-12821
PUBLISHED: 2020-07-07
Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.