News & Commentary

Content posted in February 2018
Page 1 / 3   >   >>
The State of Application Penetration Testing
News  |  2/28/2018  | 
Data from real-world pen tests shows configuration errors and cross-site scripting are the most commonly found vulnerabilities.
Zero-Day Attacks Major Concern in Hybrid Cloud
News  |  2/28/2018  | 
Hybrid cloud environments are particularly vulnerable to zero-day exploits, according to a new study.
New Android Malware Family Highlights Evolving Mobile Threat Capabilities
News  |  2/28/2018  | 
RedDrop can steal data, record audio, and rack up SMS charges for victims, says Wandera.
Hacking on TV: 8 Binge-Worthy and Cringe-Worthy Examples
Slideshows  |  2/28/2018  | 
From the psycho-drama Mr. Robot to portraying the outright dangers of ransomware taking down a hospital in Greys Anatomy, hacking themes now run deep in todays TV shows.
FTC Settles with Venmo on Security Allegations
Quick Hits  |  2/28/2018  | 
Proposed settlement addresses complaints that Venmo misrepresented its security and privacy features.
Why Cryptocurrencies Are Dangerous for Enterprises
Commentary  |  2/28/2018  | 
When employees mine coins with work computers, much can go wrong. But there are some ways to stay safe.
How to Secure 'Permissioned' Blockchains
Commentary  |  2/28/2018  | 
At the heart of every blockchain is a protocol that agrees to the order and security of transactions in the next block. Here's how to maintain the integrity of the chain.
Nearly Half of Cybersecurity Pros Solicited Weekly by Recruiters
News  |  2/28/2018  | 
More than 80% say they are 'open' to new job offers, while 15% are actively on the search, a new (ISC)2 survey shows.
Virtual Private Networks: Why Their Days Are Numbered
Partner Perspectives  |  2/28/2018  | 
As companies move to the cloud and depend less on physical servers and network connections, their reliance on VPNs for security will eventually evolve, if not disappear altogether.
Nation-State Hackers Adopt Russian 'Maskirovka' Strategy
News  |  2/27/2018  | 
New CrowdStrike report shows blurring of state-sponsored and cybercrime hacking methods.
Memcached Servers Being Exploited in Huge DDoS Attacks
News  |  2/27/2018  | 
Multiple vendors this week say they have seen a recent spike in UDP attacks coming in via port 11211.
NSA's Rogers: No White House Request for Action Against Russian Hacking
Quick Hits  |  2/27/2018  | 
US Cyber Command head Michael Rogers told US Senate Armed Services Committee that actions to deter Russian hackers from interfering with upcoming US elections requires an order from the White House.
March Dark Reading Event Calendar Spans BlackOps to SecDevOps
Commentary  |  2/27/2018  | 
These upcoming webinars will help you comprehend the mysterious machinations inside the minds of hackers and in-house developers.
SAML Flaw Lets Hackers Assume Users' Identities
News  |  2/27/2018  | 
Vulnerability affects single sign-on for SAML-reliant services including OneLogin, Duo Security, Clever, and OmniAuth.
Security Starts with the User Experience
Commentary  |  2/27/2018  | 
Preventing a data breach is safer and more cost-effective than dealing with a breach after it has already happened. That means a focus on security in the design phase.
Incident 'Management': What IT Security Can Learn from Public Safety
Commentary  |  2/27/2018  | 
How a framework developed for fighting California wildfires back in the '70s can fortify first responders to a modern cyberattack.
Splunk to Acquire Phantom
Quick Hits  |  2/27/2018  | 
$350 million deal scheduled to close Q1 2018.
Misleading Cyber Foes with Deception Technology
Partner Perspectives  |  2/27/2018  | 
Today's deception products go far beyond the traditional honeypot by catching attackers while they are chasing down non-existent targets inside your networks.
Threats from Mobile Ransomware & Banking Malware Are Growing
News  |  2/26/2018  | 
The number of unique mobile malware samples increased sharply in 2017 compared to a year ago, according to Trend Micro.
Adobe Flash Vulnerability Reappears in Malicious Word Files
News  |  2/26/2018  | 
CVE-2018-4878, a Flash zero-day patched earlier this month, has resurfaced in another campaign as attackers capitalize on the bug.
PhishMe Acquired, Rebranded as Cofense in $400M Deal
Quick Hits  |  2/26/2018  | 
Cofense is the new name for PhishMe, which was purchased by a private equity consortium.
7 Key Stats that Size Up the Cybercrime Deluge
Slideshows  |  2/26/2018  | 
Updated data on zero-days, IoT threats, cryptomining and economic costs should keep eyebrows raised in 2018.
6 Cybersecurity Trends to Watch
Commentary  |  2/26/2018  | 
Expect more as the year goes on: more breaches, more IoT attacks, more fines
93% of Cloud Applications Aren't Enterprise-Ready
News  |  2/23/2018  | 
The average business uses 1,181 cloud services, and most don't meet all recommended security requirements, Netskope says.
'OMG': New Mirai Variant Converts IoT Devices into Proxy Servers
News  |  2/23/2018  | 
The new malware also can turn bots into DDoS attack machines, says Fortinet.
10 Can't-Miss Talks at Black Hat Asia
Slideshows  |  2/23/2018  | 
With threats featuring everything from nation-states to sleep states, the sessions taking place from March 20-23 in Singapore are relevant to security experts around the world.
Visa: EMV Cards Drove 70% Decline in Fraud
Quick Hits  |  2/23/2018  | 
Merchants who adopted chip technology saw a sharp decline in counterfeit fraud between 2015 and 2017, Visa reports.
Leveraging Security to Enable Your Business
Commentary  |  2/23/2018  | 
When done right, security doesn't have to be the barrier to employee productivity that many have come to expect. Here's how.
Enabling Better Risk Mitigation with Threat Intelligence
Partner Perspectives  |  2/23/2018  | 
In order to get the maximum benefit from threat intel you need to be able to operationalize it. Here's how.
Best Practices for Recruiting & Retaining Women in Security
News  |  2/22/2018  | 
Gender diversity can help fill the security talent gap, new Forrester Research report says.
Criminals Obtain Code-Signing Certificates Using Stolen Corporate IDs
News  |  2/22/2018  | 
The certificates are available on demand at prices ranging from $299 to $1,599, says Recorded Future.
It's Not What You Know, It's What You Can Prove That Matters to Investigators
Commentary  |  2/22/2018  | 
Achieving the data visibility to ensure you can provide auditors with the information they need after a breach, and do so in just a few days, has never been more difficult.
SEC: Companies Must Disclose More Info on Cybersecurity Attacks & Risks
Quick Hits  |  2/22/2018  | 
New agency guidance statement also says company officials, execs can't trade stocks if they have unannounced information on a security breach at the company.
IRS Warns of Spike in W-2 Phishing Emails
Quick Hits  |  2/22/2018  | 
The IRS reports an increase in reports of phishing emails asking for W-2 information.
Anatomy of an Attack on the Industrial IoT
Commentary  |  2/22/2018  | 
How cyber vulnerabilities on sensors can lead to production outage and financial loss.
Security Liability in an 'Assume Breach' World
Partner Perspectives  |  2/22/2018  | 
Cybersecurity today is more than an IT issue. It's a product quality issue, a customer service issue, an operational issue, and an executive issue. Here's why.
Global Cybercrime Costs Top $600 Billion
News  |  2/21/2018  | 
More than 50% of attacks result in damages of over $500K, two reports show.
The Mobile Threat: 4 out of 10 Businesses Report 'Significant' Risk
News  |  2/21/2018  | 
Organizations put efficiency and profit before security, leading to system downtime and data loss, according to inaugural research from Verizon.
Trucking Industry Launches Info Sharing, Cybercrime Reporting Service
Quick Hits  |  2/21/2018  | 
American Trucking Associations developed new Fleet CyWatch threat reporting, information sharing service in conjunction with FBI.
Takeaways from the Russia-Linked US Senate Phishing Attacks
Commentary  |  2/21/2018  | 
The Zero Trust Security approach could empower organizations and protect their customers in ways that go far beyond typical security concerns.
7 Cryptominers & Cryptomining Botnets You Can't Ignore
Slideshows  |  2/21/2018  | 
Cryptominers have emerged as a major threat to organizations worldwide. Here are seven you cannot afford to ignore.
C-Suite Divided Over Security Concerns
News  |  2/21/2018  | 
Survey shows 60% of CEOs plan to invest the most resources in malware prevention, but CISOs, CIOs, and CTOs are on a different page.
Getting Started with IoT Security in Healthcare
Partner Perspectives  |  2/21/2018  | 
Theres a hazard that comes with introducing any new element into patient care whether it's a new drug or a connected device. These four steps will help keep patients safe.
Researcher to Release Free Attack Obfuscation Tool
News  |  2/20/2018  | 
Cybercrime gang FIN7, aka Carbanak, spotted hiding behind another Windows function, according to research to be presented at Black Hat Asia next month.
Facebook Aims to Make Security More Social
News  |  2/20/2018  | 
Facebook's massive user base creates an opportunity to educate billions on security.
SWIFT Network Used in $2 Million Heist at Indian Bank
Quick Hits  |  2/20/2018  | 
The theft at India's City Union Bank comes on the heels of news that attackers stole $6 million from a Russian bank via SWIFT network last year.
Meltdown/Spectre: The First Large-Scale Example of a 'Genetic' Threat
Commentary  |  2/20/2018  | 
These vulnerabilities mark an evolutionary leap forward, and companies must make fighting back a priority.
Vulnerabilities Broke Records Yet Again in 2017
News  |  2/20/2018  | 
Meanwhile, organizations still struggle to manage remediation.
Proactive Threat Hunting: Taking the Fight to the Enemy
Partner Perspectives  |  2/20/2018  | 
Pulling together everything your security team needs to be effective at threat hunting is not easy but it's definitely worthwhile. Here's why.
13 Russians Indicted for Massive Operation to Sway US Election
News  |  2/16/2018  | 
Russian nationals reportedly used stolen American identities and infrastructure to influence the 2016 election outcome.
Page 1 / 3   >   >>


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Data Privacy Careers Are Helping to Close the IT Gender Gap
Dana Simberkoff, Chief Risk, Privacy, and Information Security Officer, AvePoint, Inc.,  8/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-17305
PUBLISHED: 2018-08-21
Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a Bleichenbacher Oracle vulnerability in the IPSEC IKEv1 implementations. Remote attackers can decrypt IPSEC tunnel ciphertext data by leveraging a Bleichenbacher R...
CVE-2017-17311
PUBLISHED: 2018-08-21
Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a DoS vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products. Due to improper handling of the malformed messages, an attacker may sent crafted...
CVE-2017-17312
PUBLISHED: 2018-08-21
Some Huawei Firewall products USG2205BSR V300R001C10SPC600; USG2220BSR V300R001C00; USG5120BSR V300R001C00; USG5150BSR V300R001C00 have a DoS vulnerability in the IPSEC IKEv1 implementations of Huawei Firewall products. Due to improper handling of the malformed messages, an attacker may sent crafted...
CVE-2018-12115
PUBLISHED: 2018-08-21
In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second...
CVE-2018-7166
PUBLISHED: 2018-08-21
In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misint...