Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in February 2018
Page 1 / 4   >   >>
The State of Application Penetration Testing
News  |  2/28/2018  | 
Data from real-world pen tests shows configuration errors and cross-site scripting are the most commonly found vulnerabilities.
Zero-Day Attacks Major Concern in Hybrid Cloud
News  |  2/28/2018  | 
Hybrid cloud environments are particularly vulnerable to zero-day exploits, according to a new study.
New Android Malware Family Highlights Evolving Mobile Threat Capabilities
News  |  2/28/2018  | 
RedDrop can steal data, record audio, and rack up SMS charges for victims, says Wandera.
Hacking on TV: 8 Binge-Worthy and Cringe-Worthy Examples
Slideshows  |  2/28/2018  | 
From the psycho-drama Mr. Robot to portraying the outright dangers of ransomware taking down a hospital in Greys Anatomy, hacking themes now run deep in todays TV shows.
FTC Settles with Venmo on Security Allegations
Quick Hits  |  2/28/2018  | 
Proposed settlement addresses complaints that Venmo misrepresented its security and privacy features.
Why Cryptocurrencies Are Dangerous for Enterprises
Commentary  |  2/28/2018  | 
When employees mine coins with work computers, much can go wrong. But there are some ways to stay safe.
How to Secure 'Permissioned' Blockchains
Commentary  |  2/28/2018  | 
At the heart of every blockchain is a protocol that agrees to the order and security of transactions in the next block. Here's how to maintain the integrity of the chain.
OMG: Mirai Botnet Finds New Life, Again
Larry Loeb  |  2/28/2018  | 
The Mirai botnet refuses to die. This time, it has spawned a new bot called OMG, which Fortinet researchers have seen in the wild, and it's turning IoT devices into proxy servers.
Nearly Half of Cybersecurity Pros Solicited Weekly by Recruiters
News  |  2/28/2018  | 
More than 80% say they are 'open' to new job offers, while 15% are actively on the search, a new (ISC)2 survey shows.
Virtual Private Networks: Why Their Days Are Numbered
Partner Perspectives  |  2/28/2018  | 
As companies move to the cloud and depend less on physical servers and network connections, their reliance on VPNs for security will eventually evolve, if not disappear altogether.
GDPR: The New Price We Pay for Data Privacy
Simon Marshall  |  2/28/2018  | 
When the EU's GDPR regulations come into effect in May, the rules around how companies and individuals regard data privacy will change forever. Even for those outside Europe, this could be an expensive journey to take.
Nation-State Hackers Adopt Russian 'Maskirovka' Strategy
News  |  2/27/2018  | 
New CrowdStrike report shows blurring of state-sponsored and cybercrime hacking methods.
Memcached Servers Being Exploited in Huge DDoS Attacks
News  |  2/27/2018  | 
Multiple vendors this week say they have seen a recent spike in UDP attacks coming in via port 11211.
NSA's Rogers: No White House Request for Action Against Russian Hacking
Quick Hits  |  2/27/2018  | 
US Cyber Command head Michael Rogers told US Senate Armed Services Committee that actions to deter Russian hackers from interfering with upcoming US elections requires an order from the White House.
March Dark Reading Event Calendar Spans BlackOps to SecDevOps
Commentary  |  2/27/2018  | 
These upcoming webinars will help you comprehend the mysterious machinations inside the minds of hackers and in-house developers.
SAML Flaw Lets Hackers Assume Users' Identities
News  |  2/27/2018  | 
Vulnerability affects single sign-on for SAML-reliant services including OneLogin, Duo Security, Clever, and OmniAuth.
Security Starts with the User Experience
Commentary  |  2/27/2018  | 
Preventing a data breach is safer and more cost-effective than dealing with a breach after it has already happened. That means a focus on security in the design phase.
Incident 'Management': What IT Security Can Learn from Public Safety
Commentary  |  2/27/2018  | 
How a framework developed for fighting California wildfires back in the '70s can fortify first responders to a modern cyberattack.
4 Steps to Make Your Website GDPR Compliant
Dawn Kawamoto  |  2/27/2018  | 
Three months remain to whip your website into shape before the May 25 GDPR compliance deadline. Here are several steps to help you get there.
Splunk to Acquire Phantom
Quick Hits  |  2/27/2018  | 
$350 million deal scheduled to close Q1 2018.
Misleading Cyber Foes with Deception Technology
Partner Perspectives  |  2/27/2018  | 
Today's deception products go far beyond the traditional honeypot by catching attackers while they are chasing down non-existent targets inside your networks.
Attackers Sell Growing Number of Legitimate SSL Certificates
Dawn Kawamoto  |  2/27/2018  | 
Network security applications performing deep packet inspections are increasingly getting duped by these rogue legitimate certificates, according to a new report.
Threats from Mobile Ransomware & Banking Malware Are Growing
News  |  2/26/2018  | 
The number of unique mobile malware samples increased sharply in 2017 compared to a year ago, according to Trend Micro.
Adobe Flash Vulnerability Reappears in Malicious Word Files
News  |  2/26/2018  | 
CVE-2018-4878, a Flash zero-day patched earlier this month, has resurfaced in another campaign as attackers capitalize on the bug.
PhishMe Acquired, Rebranded as Cofense in $400M Deal
Quick Hits  |  2/26/2018  | 
Cofense is the new name for PhishMe, which was purchased by a private equity consortium.
7 Key Stats that Size Up the Cybercrime Deluge
Slideshows  |  2/26/2018  | 
Updated data on zero-days, IoT threats, cryptomining and economic costs should keep eyebrows raised in 2018.
GDPR: Your Enterprise Security Checklist
News Analysis-Security Now  |  2/26/2018  | 
With GDPR looming, Security Now wants to help security pros create their checklist to meet the new data privacy rules.
6 Cybersecurity Trends to Watch
Commentary  |  2/26/2018  | 
Expect more as the year goes on: more breaches, more IoT attacks, more fines
US Government Leads World in Data Breaches
Larry Loeb  |  2/26/2018  | 
US government agencies are leading the world when it comes to data breaches, and the issue seems to be getting worse, according to a new report. However, a shift to cloud may help alleviate some problems.
GDPR Non-Compliance: Will Your Enterprise Get Busted?
Dawn Kawamoto  |  2/26/2018  | 
GDPR enforcement begins May 25 and regulators are likely to focus on particular industries and types of companies, according to attorneys and analysts.
93% of Cloud Applications Aren't Enterprise-Ready
News  |  2/23/2018  | 
The average business uses 1,181 cloud services, and most don't meet all recommended security requirements, Netskope says.
'OMG': New Mirai Variant Converts IoT Devices into Proxy Servers
News  |  2/23/2018  | 
The new malware also can turn bots into DDoS attack machines, says Fortinet.
10 Can't-Miss Talks at Black Hat Asia
Slideshows  |  2/23/2018  | 
With threats featuring everything from nation-states to sleep states, the sessions taking place from March 20-23 in Singapore are relevant to security experts around the world.
Visa: EMV Cards Drove 70% Decline in Fraud
Quick Hits  |  2/23/2018  | 
Merchants who adopted chip technology saw a sharp decline in counterfeit fraud between 2015 and 2017, Visa reports.
Leveraging Security to Enable Your Business
Commentary  |  2/23/2018  | 
When done right, security doesn't have to be the barrier to employee productivity that many have come to expect. Here's how.
Equifax, Intel Help Spur SEC to Update Cybersecurity Regulations
Larry Loeb  |  2/23/2018  | 
The Equifax data breach, along with problems at Intel, has spurred the Securities and Exchange Commission to update its rules about the disclosing of cybersecurity incidents that now puts greater responsibility on CEOs and other company officers.
Enabling Better Risk Mitigation with Threat Intelligence
Partner Perspectives  |  2/23/2018  | 
In order to get the maximum benefit from threat intel you need to be able to operationalize it. Here's how.
EU's NIS Directive Compounding GDPR Burdens & Confusion
News Analysis-Security Now  |  2/23/2018  | 
With the eyes of the tech world focused on the day GDPR goes into effect, many have been missing the compounding factor of separate EU member-state InfoSec rules that will coincide with GDPR. Here's a look at the NIS Directive.
Best Practices for Recruiting & Retaining Women in Security
News  |  2/22/2018  | 
Gender diversity can help fill the security talent gap, new Forrester Research report says.
Criminals Obtain Code-Signing Certificates Using Stolen Corporate IDs
News  |  2/22/2018  | 
The certificates are available on demand at prices ranging from $299 to $1,599, says Recorded Future.
It's Not What You Know, It's What You Can Prove That Matters to Investigators
Commentary  |  2/22/2018  | 
Achieving the data visibility to ensure you can provide auditors with the information they need after a breach, and do so in just a few days, has never been more difficult.
SEC: Companies Must Disclose More Info on Cybersecurity Attacks & Risks
Quick Hits  |  2/22/2018  | 
New agency guidance statement also says company officials, execs can't trade stocks if they have unannounced information on a security breach at the company.
IRS Warns of Spike in W-2 Phishing Emails
Quick Hits  |  2/22/2018  | 
The IRS reports an increase in reports of phishing emails asking for W-2 information.
Cisco: 'Ransomware' Seeks Destruction, Not Ransom
News Analysis-Security Now  |  2/22/2018  | 
The Cisco 2018 Annual Cybersecurity report rounds up the state of the threat landscape, including the changing nature of ransomware.
Anatomy of an Attack on the Industrial IoT
Commentary  |  2/22/2018  | 
How cyber vulnerabilities on sensors can lead to production outage and financial loss.
GDPR Blackmail Looms as a Double-Dip Cyber Attack Plan
Dawn Kawamoto  |  2/22/2018  | 
Cybercriminals' targeted attacks may also include extortion fees to keep their breaches quiet and out of the view of GDPR enforcers, researchers find.
Security Liability in an 'Assume Breach' World
Partner Perspectives  |  2/22/2018  | 
Cybersecurity today is more than an IT issue. It's a product quality issue, a customer service issue, an operational issue, and an executive issue. Here's why.
Intel Offering New Microcode to Fix Spectre & Meltdown
News Analysis-Security Now  |  2/22/2018  | 
Intel is releasing new microcode to OEMs to fix the Spectre and Meltdown flaws found in the company's 6th, 7th and 8th Generation processors.
Global Cybercrime Costs Top $600 Billion
News  |  2/21/2018  | 
More than 50% of attacks result in damages of over $500K, two reports show.
The Mobile Threat: 4 out of 10 Businesses Report 'Significant' Risk
News  |  2/21/2018  | 
Organizations put efficiency and profit before security, leading to system downtime and data loss, according to inaugural research from Verizon.
Page 1 / 4   >   >>


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Take me to your BISO 
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20538
PUBLISHED: 2021-05-10
IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive information or perform actions they should not have access to due to incorrect authorization mechanisms. IBM X-Force ID: 198919.
CVE-2021-20559
PUBLISHED: 2021-05-10
IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199228.
CVE-2021-20577
PUBLISHED: 2021-05-10
IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force I...
CVE-2021-29501
PUBLISHED: 2021-05-10
Ticketer is a command based ticket system cog (plugin) for the red discord bot. A vulnerability allowing discord users to expose sensitive information has been found in the Ticketer cog. Please upgrade to version 1.0.1 as soon as possible. As a workaround users may unload the ticketer cog to disable...
CVE-2020-13529
PUBLISHED: 2021-05-10
An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.