Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in February 2018
Page 1 / 4   >   >>
The State of Application Penetration Testing
News  |  2/28/2018  | 
Data from real-world pen tests shows configuration errors and cross-site scripting are the most commonly found vulnerabilities.
Zero-Day Attacks Major Concern in Hybrid Cloud
News  |  2/28/2018  | 
Hybrid cloud environments are particularly vulnerable to zero-day exploits, according to a new study.
New Android Malware Family Highlights Evolving Mobile Threat Capabilities
News  |  2/28/2018  | 
RedDrop can steal data, record audio, and rack up SMS charges for victims, says Wandera.
Hacking on TV: 8 Binge-Worthy and Cringe-Worthy Examples
Slideshows  |  2/28/2018  | 
From the psycho-drama Mr. Robot to portraying the outright dangers of ransomware taking down a hospital in Greys Anatomy, hacking themes now run deep in todays TV shows.
FTC Settles with Venmo on Security Allegations
Quick Hits  |  2/28/2018  | 
Proposed settlement addresses complaints that Venmo misrepresented its security and privacy features.
Why Cryptocurrencies Are Dangerous for Enterprises
Commentary  |  2/28/2018  | 
When employees mine coins with work computers, much can go wrong. But there are some ways to stay safe.
How to Secure 'Permissioned' Blockchains
Commentary  |  2/28/2018  | 
At the heart of every blockchain is a protocol that agrees to the order and security of transactions in the next block. Here's how to maintain the integrity of the chain.
OMG: Mirai Botnet Finds New Life, Again
Larry Loeb  |  2/28/2018  | 
The Mirai botnet refuses to die. This time, it has spawned a new bot called OMG, which Fortinet researchers have seen in the wild, and it's turning IoT devices into proxy servers.
Nearly Half of Cybersecurity Pros Solicited Weekly by Recruiters
News  |  2/28/2018  | 
More than 80% say they are 'open' to new job offers, while 15% are actively on the search, a new (ISC)2 survey shows.
Virtual Private Networks: Why Their Days Are Numbered
Partner Perspectives  |  2/28/2018  | 
As companies move to the cloud and depend less on physical servers and network connections, their reliance on VPNs for security will eventually evolve, if not disappear altogether.
GDPR: The New Price We Pay for Data Privacy
Simon Marshall  |  2/28/2018  | 
When the EU's GDPR regulations come into effect in May, the rules around how companies and individuals regard data privacy will change forever. Even for those outside Europe, this could be an expensive journey to take.
Nation-State Hackers Adopt Russian 'Maskirovka' Strategy
News  |  2/27/2018  | 
New CrowdStrike report shows blurring of state-sponsored and cybercrime hacking methods.
Memcached Servers Being Exploited in Huge DDoS Attacks
News  |  2/27/2018  | 
Multiple vendors this week say they have seen a recent spike in UDP attacks coming in via port 11211.
NSA's Rogers: No White House Request for Action Against Russian Hacking
Quick Hits  |  2/27/2018  | 
US Cyber Command head Michael Rogers told US Senate Armed Services Committee that actions to deter Russian hackers from interfering with upcoming US elections requires an order from the White House.
March Dark Reading Event Calendar Spans BlackOps to SecDevOps
Commentary  |  2/27/2018  | 
These upcoming webinars will help you comprehend the mysterious machinations inside the minds of hackers and in-house developers.
SAML Flaw Lets Hackers Assume Users' Identities
News  |  2/27/2018  | 
Vulnerability affects single sign-on for SAML-reliant services including OneLogin, Duo Security, Clever, and OmniAuth.
Security Starts with the User Experience
Commentary  |  2/27/2018  | 
Preventing a data breach is safer and more cost-effective than dealing with a breach after it has already happened. That means a focus on security in the design phase.
Incident 'Management': What IT Security Can Learn from Public Safety
Commentary  |  2/27/2018  | 
How a framework developed for fighting California wildfires back in the '70s can fortify first responders to a modern cyberattack.
4 Steps to Make Your Website GDPR Compliant
Dawn Kawamoto  |  2/27/2018  | 
Three months remain to whip your website into shape before the May 25 GDPR compliance deadline. Here are several steps to help you get there.
Splunk to Acquire Phantom
Quick Hits  |  2/27/2018  | 
$350 million deal scheduled to close Q1 2018.
Misleading Cyber Foes with Deception Technology
Partner Perspectives  |  2/27/2018  | 
Today's deception products go far beyond the traditional honeypot by catching attackers while they are chasing down non-existent targets inside your networks.
Attackers Sell Growing Number of Legitimate SSL Certificates
Dawn Kawamoto  |  2/27/2018  | 
Network security applications performing deep packet inspections are increasingly getting duped by these rogue legitimate certificates, according to a new report.
Threats from Mobile Ransomware & Banking Malware Are Growing
News  |  2/26/2018  | 
The number of unique mobile malware samples increased sharply in 2017 compared to a year ago, according to Trend Micro.
Adobe Flash Vulnerability Reappears in Malicious Word Files
News  |  2/26/2018  | 
CVE-2018-4878, a Flash zero-day patched earlier this month, has resurfaced in another campaign as attackers capitalize on the bug.
PhishMe Acquired, Rebranded as Cofense in $400M Deal
Quick Hits  |  2/26/2018  | 
Cofense is the new name for PhishMe, which was purchased by a private equity consortium.
7 Key Stats that Size Up the Cybercrime Deluge
Slideshows  |  2/26/2018  | 
Updated data on zero-days, IoT threats, cryptomining and economic costs should keep eyebrows raised in 2018.
GDPR: Your Enterprise Security Checklist
News Analysis-Security Now  |  2/26/2018  | 
With GDPR looming, Security Now wants to help security pros create their checklist to meet the new data privacy rules.
6 Cybersecurity Trends to Watch
Commentary  |  2/26/2018  | 
Expect more as the year goes on: more breaches, more IoT attacks, more fines
US Government Leads World in Data Breaches
Larry Loeb  |  2/26/2018  | 
US government agencies are leading the world when it comes to data breaches, and the issue seems to be getting worse, according to a new report. However, a shift to cloud may help alleviate some problems.
GDPR Non-Compliance: Will Your Enterprise Get Busted?
Dawn Kawamoto  |  2/26/2018  | 
GDPR enforcement begins May 25 and regulators are likely to focus on particular industries and types of companies, according to attorneys and analysts.
93% of Cloud Applications Aren't Enterprise-Ready
News  |  2/23/2018  | 
The average business uses 1,181 cloud services, and most don't meet all recommended security requirements, Netskope says.
'OMG': New Mirai Variant Converts IoT Devices into Proxy Servers
News  |  2/23/2018  | 
The new malware also can turn bots into DDoS attack machines, says Fortinet.
10 Can't-Miss Talks at Black Hat Asia
Slideshows  |  2/23/2018  | 
With threats featuring everything from nation-states to sleep states, the sessions taking place from March 20-23 in Singapore are relevant to security experts around the world.
Visa: EMV Cards Drove 70% Decline in Fraud
Quick Hits  |  2/23/2018  | 
Merchants who adopted chip technology saw a sharp decline in counterfeit fraud between 2015 and 2017, Visa reports.
Leveraging Security to Enable Your Business
Commentary  |  2/23/2018  | 
When done right, security doesn't have to be the barrier to employee productivity that many have come to expect. Here's how.
Equifax, Intel Help Spur SEC to Update Cybersecurity Regulations
Larry Loeb  |  2/23/2018  | 
The Equifax data breach, along with problems at Intel, has spurred the Securities and Exchange Commission to update its rules about the disclosing of cybersecurity incidents that now puts greater responsibility on CEOs and other company officers.
Enabling Better Risk Mitigation with Threat Intelligence
Partner Perspectives  |  2/23/2018  | 
In order to get the maximum benefit from threat intel you need to be able to operationalize it. Here's how.
EU's NIS Directive Compounding GDPR Burdens & Confusion
News Analysis-Security Now  |  2/23/2018  | 
With the eyes of the tech world focused on the day GDPR goes into effect, many have been missing the compounding factor of separate EU member-state InfoSec rules that will coincide with GDPR. Here's a look at the NIS Directive.
Best Practices for Recruiting & Retaining Women in Security
News  |  2/22/2018  | 
Gender diversity can help fill the security talent gap, new Forrester Research report says.
Criminals Obtain Code-Signing Certificates Using Stolen Corporate IDs
News  |  2/22/2018  | 
The certificates are available on demand at prices ranging from $299 to $1,599, says Recorded Future.
It's Not What You Know, It's What You Can Prove That Matters to Investigators
Commentary  |  2/22/2018  | 
Achieving the data visibility to ensure you can provide auditors with the information they need after a breach, and do so in just a few days, has never been more difficult.
SEC: Companies Must Disclose More Info on Cybersecurity Attacks & Risks
Quick Hits  |  2/22/2018  | 
New agency guidance statement also says company officials, execs can't trade stocks if they have unannounced information on a security breach at the company.
IRS Warns of Spike in W-2 Phishing Emails
Quick Hits  |  2/22/2018  | 
The IRS reports an increase in reports of phishing emails asking for W-2 information.
Cisco: 'Ransomware' Seeks Destruction, Not Ransom
News Analysis-Security Now  |  2/22/2018  | 
The Cisco 2018 Annual Cybersecurity report rounds up the state of the threat landscape, including the changing nature of ransomware.
Anatomy of an Attack on the Industrial IoT
Commentary  |  2/22/2018  | 
How cyber vulnerabilities on sensors can lead to production outage and financial loss.
GDPR Blackmail Looms as a Double-Dip Cyber Attack Plan
Dawn Kawamoto  |  2/22/2018  | 
Cybercriminals' targeted attacks may also include extortion fees to keep their breaches quiet and out of the view of GDPR enforcers, researchers find.
Security Liability in an 'Assume Breach' World
Partner Perspectives  |  2/22/2018  | 
Cybersecurity today is more than an IT issue. It's a product quality issue, a customer service issue, an operational issue, and an executive issue. Here's why.
Intel Offering New Microcode to Fix Spectre & Meltdown
News Analysis-Security Now  |  2/22/2018  | 
Intel is releasing new microcode to OEMs to fix the Spectre and Meltdown flaws found in the company's 6th, 7th and 8th Generation processors.
Global Cybercrime Costs Top $600 Billion
News  |  2/21/2018  | 
More than 50% of attacks result in damages of over $500K, two reports show.
The Mobile Threat: 4 out of 10 Businesses Report 'Significant' Risk
News  |  2/21/2018  | 
Organizations put efficiency and profit before security, leading to system downtime and data loss, according to inaugural research from Verizon.
Page 1 / 4   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-42258
PUBLISHED: 2021-10-22
BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include ...
CVE-2020-28968
PUBLISHED: 2021-10-22
Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Configuration module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username input field.
CVE-2020-28969
PUBLISHED: 2021-10-22
Aplioxio PDF ShapingUp 5.0.0.139 contains a buffer overflow which allows attackers to cause a denial of service (DoS) via a crafted PDF file.
CVE-2020-36485
PUBLISHED: 2021-10-22
Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file.
CVE-2020-36486
PUBLISHED: 2021-10-22
Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling.