Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in February 2019
Page 1 / 4   >   >>
Turkish Group Using Phishing Emails to Hijack Popular Instagram Profiles
News  |  2/28/2019  | 
In some cases, attackers have demanded ransom, nude photos/videos of victims in exchange for stolen account, Trend Micro says.
Solving Security: Repetition or Redundancy?
Commentary  |  2/28/2019  | 
To effectively defend against today's risks and threats, organizations must examine their failings as well as their successes.
Data Leak Exposes Dow Jones Watchlist Database
Quick Hits  |  2/28/2019  | 
The Watchlist, which contained the identities of government officials, politicians, and people of political interest, is used to identify risk when researching someone.
Microsoft Debuts Azure Sentinel SIEM, Threat Experts Service
News  |  2/28/2019  | 
New services, which are both available in preview, arrive at a time when two major trends are converging on security.
Bots Plague Ticketing Industry
News  |  2/28/2019  | 
Bots now account for 39.9% of all ticketing traffic, mostly originating in North America.
In 2019, Cryptomining Just Might Have an Even Better Year
Commentary  |  2/28/2019  | 
The practice today is so pervasive that cryptojacking scripts are said to be running on an estimated 3% of all sites that users visit.
Endpoint-Security Companies in High Demand for Buyouts, Partnerships
Joe Stanganelli  |  2/28/2019  | 
Since last year, endpoint-protection firms have been among the biggest movers and shakers in the cybersecurity realm – with the endpoint-security market seeing more than a typical share of acquisitions and strategic partnerships. Joe Stanganelli takes a look at why this might be happening.
Attack Code 'MarioNet' Is Pulling Strings in Your Web Browser
Larry Loeb  |  2/28/2019  | 
JavaScript APIs have stretched the boundaries of what is run in the browser to enable feature-rich web applications. But this comes at a price...
IoT, APIs, and Criminal Bots Pose Evolving Dangers
News  |  2/27/2019  | 
A pair of reports reach similar conclusions about some of the threats growing in cyberspace and the industries likely to be most affected.
More Than 22,000 Vulns Were Disclosed in 2018, 27% Without Fixes
News  |  2/27/2019  | 
As in previous years, input validation vulnerabilities accounted for a substantial proportion of total, Risk Based Security report shows.
Intel Focuses on Data Center, Firmware Security Ahead of RSAC
News  |  2/27/2019  | 
The new Intel SGX Card is intended to extend application memory security using Intel SGX in existing data center infrastructure.
Persistent Attackers Rarely Use Bespoke Malware
News  |  2/27/2019  | 
Study of the Bronze Union groupalso known as APT27 or Emissary Pandaunderscores how most advanced persistent threat (APT) groups now use administrative tools or slight variants of well-known tools.
Booter Owner Pleads Guilty in Federal Court
Quick Hits  |  2/27/2019  | 
Illinois man offered "DDoS for hire" services that hit millions of victims.
Security Firm to Offer Free Hacking Toolkit
News  |  2/27/2019  | 
CQTools suite includes both exploit kits and information-extraction functions, its developers say.
Stay Ahead of the Curve by Using AI in Compliance
Commentary  |  2/27/2019  | 
Although human oversight is required, advanced technologies built on AI will become pivotal in building safer financial markets and a safer world.
Former Albany College Student Charged with Computer Damage
Quick Hits  |  2/27/2019  | 
Vishwanath Akuthota has been accused of using a 'USB killer device' to destroy dozens of computers, officials report.
Whose Line Is It? When Voice Phishing Attacks Get Sneaky
News  |  2/27/2019  | 
Researchers investigate malicious apps designed to intercept calls to legitimate numbers, making voice phishing attacks harder to detect.
Digital Transformation With IoT: Assessing Risk Through Standards & Visibility
Joe Stanganelli  |  2/27/2019  | 
IoT transformation is a gift and a curse that carries both business agility and business risk. As the world digitally transforms into something "smarter" than itself, IoT devices proliferate, demanding a lot of resources to keep up with them all – and, by extension, secure them all.
Weak Human Link Still Main Enterprise Security Concern
Larry Loeb  |  2/27/2019  | 
KnowBe4 study confirms what we pretty much knew already.
Embracing DevSecOps: 5 Processes to Improve DevOps Security
Commentary  |  2/27/2019  | 
In the cyber threat climate of the 21st century, sticking with DevOps is no longer an option.
Researchers Build Framework for Browser-Based Botnets
News  |  2/26/2019  | 
HTML5 used to build persistent malware on victims' computers.
Former Kaspersky Lab Expert Sentenced in Russia for Treason
Quick Hits  |  2/26/2019  | 
Ruslan Stoyanov gets 14 years in Russian prison.
Social Media Platforms Double as Major Malware Distribution Centers
News  |  2/26/2019  | 
Because many organizations tend to overlook or underestimate the threat, social media sites, including Facebook, Twitter, and Instagram, are a huge blind spot in enterprise defenses.
DIY Botnet Detection: Techniques and Challenges
Commentary  |  2/26/2019  | 
Botnets continue to spread to places never dreamed of a few years ago. But you can fight them off, and these tips can help.
'Cloudborne': Bare-Metal Cloud Servers Vulnerable to Attack
News  |  2/26/2019  | 
Firmware vulnerabilities provide direct access to server hardware, enabling attackers to install malware that can pass from customer to customer.
Kenna Security and Sonatype Partner for Open Source Vulnerability Intelligence
Quick Hits  |  2/26/2019  | 
The pairing brings Sonatype data on open source components to the Kenna Security platform.
Attackers Continue to Focus on Users, Well-Worn Techniques
News  |  2/26/2019  | 
From WannaCry and phishing to credential stuffing and cryptomining, attackers relied on many oldie-but-goodie attacks in 2018, according to a pair of new security threat reports.
A 'Cloudy' Future for OSSEC
Commentary  |  2/26/2019  | 
As more organizations move to the public cloud and to DevOps and DevSecOps processes, the open source alternative for host-based intrusion detection is finding new uses.
Your Employees Want to Learn. How Should You Teach Them?
Slideshows  |  2/26/2019  | 
Security practitioners are most likely to stay at organizations that offer career development. Here are eight tips to consider as you plan your course of action.
ToRPEDO Attack Surfaces to Hit 5G
Larry Loeb  |  2/26/2019  | 
GSMA had better start looking at ways around it, and fast.
New Arm Certification Aims to Secure IoT Devices
News  |  2/25/2019  | 
A three-tier certification regimen shows adherence to the Platform Security Architecture.
Russian Hacker Pleads Guilty to Bank Fraud
Quick Hits  |  2/25/2019  | 
The hacker ran a botnet that spread 'NeverQuest' malware for three years and collected millions of banking credentials.
TurboTax Hit with Credential Stuffing Attack, Tax Returns Compromised
Quick Hits  |  2/25/2019  | 
Officials report an unauthorized party obtained tax return data by using credentials obtained from an outside source.
Is There a Silver Bullet for Zero-Day Attacks?
Larry Loeb  |  2/25/2019  | 
Silicon Valley startup K2 Cyber Security says it has a product that will stop any zero-day attack. So where's the proof?
Secure the System, Help the User
Commentary  |  2/25/2019  | 
The enterprise must do its part in deploying and maintaining secure systems so that end users stand a chance against attackers.
Lessons From the War on Malicious Mobile Apps
News  |  2/22/2019  | 
Despite the openness of the Android platform, Google has managed to keep its Play store mainly free of malware and malicious apps. Outside of the marketplace is a different matter.
New Malware Campaign Targets Job Seekers
Quick Hits  |  2/22/2019  | 
LinkedIn profiles provide a persistent, patient threat actor with the information required to craft spear-phishing messages.
6 Tips for Getting the Most from Your VPN
Slideshows  |  2/22/2019  | 
VPNs are critical for information security. But simply having these cozy security tunnels in the toolkit isn't enough to keep an organization's data safe.
New Legislation Builds on California Data Breach Law
Quick Hits  |  2/22/2019  | 
This bill requires businesses to notify consumers of compromised passport numbers and biometric data.
To Mitigate Advanced Threats, Put People Ahead of Tech
Commentary  |  2/22/2019  | 
Preventative technologies are only part of the picture and often come at the expense of the humans behind them.
Here it Comes Internet Privacy Regulation
Larry Loeb  |  2/22/2019  | 
A new report by the US Government Accountability Office could be the catalyst for meaningful change on the Internet privacy front.
Researchers Propose New Approach to Address Online Password-Guessing Attacks
News  |  2/21/2019  | 
Recommended best practices not effective against certain types of attacks, they say.
Attack Campaign Experiments with Rapid Changes in Email Lure Content
News  |  2/21/2019  | 
It's like polymorphic behavior only the changes are in the email lures themselves, with randomized changes to headers, subject lines, and body content.
Human Negligence to Blame for the Majority of Insider Threats
News  |  2/21/2019  | 
In 98% of the assessments conducted for its research, Dtex found employees exposed proprietary company information on the Web a 20% jump from 2018.
Why Cybersecurity Burnout Is Real (and What to Do About It)
Commentary  |  2/21/2019  | 
The constant stresses from advanced malware to zero-day vulnerabilities can easily turn into employee overload with potentially dangerous consequences. Here's how to turn down the pressure.
New Free Tool Scans for Chrome Extension Safety
Quick Hits  |  2/21/2019  | 
CRXcavator scans extensions in real time based on factors including permissions, external calls, and third-party libraries.
Cyber Extortionists Can Earn $360,000 a Year
News  |  2/21/2019  | 
Extortion scams capitalize on compromised credentials, sensitive data, and technical vulnerabilities on Internet-facing applications to pressure victims to pay up.
Security Analysts Are Only Human
Commentary  |  2/21/2019  | 
SOC security analysts shoulder the largest cybersecurity burden. Automation is the way to circumvent the unavoidable human factor. Third in a six-part series.
Supply Chain Attacks Increase 78%
Larry Loeb  |  2/21/2019  | 
The kinds of threats an organization encounters are changing as the defenses that are brought to bear upon them change.
Insurer Offers GDPR-Specific Coverage for SMBs
News  |  2/20/2019  | 
Companies covered under the EU mandate can get policies for up to $10 million for fines, penalties, and other costs.
Page 1 / 4   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Incorporating a Prevention Mindset into Threat Detection and Response
Threat detection and response systems, by definition, are reactive because they have to wait for damage to be done before finding the attack. With a prevention-mindset, security teams can proactively anticipate the attacker's next move, rather than reacting to specific threats or trying to detect the latest techniques in real-time. The report covers areas enterprises should focus on: What positive response looks like. Improving security hygiene. Combining preventive actions with red team efforts.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-42654
PUBLISHED: 2022-05-24
SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which could be used to execute arbitrary code.
CVE-2021-42655
PUBLISHED: 2022-05-24
SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability.
CVE-2021-42656
PUBLISHED: 2022-05-24
SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability.
CVE-2022-1848
PUBLISHED: 2022-05-24
Business Logic Errors in GitHub repository erudika/para prior to 1.45.11.
CVE-2022-30454
PUBLISHED: 2022-05-24
Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product.