Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in February 2020
Page 1 / 3   >   >>
New Trickbot Delivery Method Focuses on Windows 10
Quick Hits  |  2/28/2020  | 
Researchers discover attackers abusing the latest version of the remote desktop ActiveX control class introduced for Windows 10.
6 Truths About Disinformation Campaigns
Slideshows  |  2/28/2020  | 
Disinformation goes far beyond just influencing election outcomes. Here's what security pros need to know.
Exploitation, Phishing Top Worries for Mobile Users
News  |  2/28/2020  | 
Reports find that mobile malware appears on the decline, but the exploitation of vulnerabilities along with phishing has led to a rise in compromises, experts say.
Reducing Risk with Data Minimization
Commentary  |  2/28/2020  | 
Putting your company on a data diet that reduces the amount of the sensitive data you store or use is a smart way to achieve compliance with GDPR and CCPA.
Educating Educators: Microsoft's Tips for Security Awareness Training
News  |  2/28/2020  | 
Microsoft's director of security education and awareness shares his approach to helping train employees in defensive practices.
Clearview AI Customers Exposed in Data Breach
Quick Hits  |  2/27/2020  | 
Customers for the controversial facial recognition company were detailed in a log file leaked to news organizations.
Government Employees Unprepared for Ransomware
Quick Hits  |  2/27/2020  | 
Data shows 73% are concerned about municipal ransomware threats but only 38% are trained on preventing these attacks.
How We Enabled Ransomware to Become a Multibillion-Dollar Industry
Commentary  |  2/27/2020  | 
As an industry, we must move beyond one-dimensional approaches to assessing ransomware exposures. Asking these four questions will help.
Intel Analyzes Vulns Reported in its Products Last Year
News  |  2/27/2020  | 
A new Intel report looks at the more than 200 CVEs affecting Intel products in 2019.
What Your Company Needs to Know About Hardware Supply Chain Security
Commentary  |  2/27/2020  | 
By establishing a process and framework, you can ensure you're not giving more advanced attackers carte blanche to your environment.
'Cloud Snooper' Attack Circumvents AWS Firewall Controls
News  |  2/27/2020  | 
Possible nation-state supply chain attack that cheated both cloud and on-premise firewalls acts like a "wolf in sheep's clothing," Sophos says.
US State Dept. Shares Insider Tips to Fight Insider Threats
News  |  2/26/2020  | 
The insider threat is a technology, security, and personnel issue, officials said in explaining an approach that addresses all three factors.
Commonsense Security: Leveraging Dialogue & Collaboration for Better Decisions
Commentary  |  2/26/2020  | 
Sometimes, good old-fashioned tools can help an enterprise create a cost-effective risk management strategy.
Open Cybersecurity Alliance Releases New Language for Security Integration
Quick Hits  |  2/26/2020  | 
OpenDXL Ontology is intended to allow security components to interoperate right out of the box.
Kr00k Wi-Fi Vulnerability Affected a Billion Devices
News  |  2/26/2020  | 
Routers and devices with Broadcom and Cypress Wi-Fi chipsets could be forced to sometimes use encryption keys consisting of all zeroes. Now patched, the issue affected a billion devices, including those from Amazon, Apple, Google, and Samsung.
5 Ways to Up Your Threat Management Game
Commentary  |  2/26/2020  | 
Good security programs start with a mindset that it's not about the tools, it's what you do with them. Here's how to get out of a reactive fire-drill mode with vulnerability management.
Emotet Resurfaces to Drive 145% of Threats in Q4 2019
News  |  2/26/2020  | 
Analysis of 92 billion rejected emails reveals a range of simple and complex attack techniques for the last quarter of 2019.
Cryptographers Panel Tackles Espionage, Elections & Blockchain
News  |  2/26/2020  | 
Encryption experts gave insights into the Crypto AG revelations, delved into complexities of the "right to be forgotten," and more at RSA Conference.
Report: Shadow IoT Emerging as New Enterprise Security Problem
News  |  2/25/2020  | 
Much of the traffic egressing enterprise networks are from poorly protected Internet-connected consumer devices, a Zscaler study finds.
Ensure Your Cloud Security Is as Modern as Your Business
Commentary  |  2/25/2020  | 
Take a comprehensive approach to better protect your organization. Security hygiene is a must, but also look at your risk posture through a data protection lens.
Google Adds More Security Features Via Chronicle Division
News  |  2/25/2020  | 
Order out of chaos? The saga of Chronicle continues with new security features for the Google Cloud Platform.
Cybersecurity Industry: It's Time to Stop the Victim Blame Game
Commentary  |  2/25/2020  | 
There are far more ways to be helpful than adding to the noise of what a company probably did wrong.
McAfee Acquires Light Point for Browser Isolation Tech
Quick Hits  |  2/25/2020  | 
Company plans to integrate Light Point Security's technology into the McAfee Secure Web Gateway and its Mvision UCE platform.
Wanted: Hands-On Cybersecurity Experience
News  |  2/25/2020  | 
Organizations lament a lack of qualified job candidates as they continue to struggle to hire and retain security teams, the new ISACA State of Cybersecurity 2020 report shows.
Verizon: Attacks on Mobile Devices Rise
News  |  2/25/2020  | 
Companies of all sizes are being hit by mobile attacks and feeling the effects for extended periods of time, according to the 2020 Verizon Mobile Security Index.
Security, Networking Collaboration Cuts Breach Cost
News  |  2/24/2020  | 
CISOs report increases in alert fatigue and the number of records breached, as well as the struggle to secure mobile devices in a new Cisco study.
Enterprise Cloud Use Continues to Outpace Security
News  |  2/24/2020  | 
Nearly 60% of IT and security pros say deployment of business services in the cloud has rushed past their ability to secure them.
Solving the Cloud Data Security Conundrum
Commentary  |  2/24/2020  | 
Trusting the cloud involves a change in mindset. You must be ready to use runtime encryption in the cloud.
7 Tips to Improve Your Employees' Mobile Security
Slideshows  |  2/24/2020  | 
Security experts discuss the threats putting mobile devices at risk and how businesses can better defend against them.
All About SASE: What It Is, Why It's Here, How to Use It
News  |  2/22/2020  | 
Secure Access Service Edge is a new name for a known and growing architecture designed to strengthen security in cloud environments.
Emotet Malware Rears Its Ugly Head Again
News  |  2/21/2020  | 
A resurgence in Emotet malware may make it one of the most pervasive security threats of 2020.
California Man Arrested for Politically Motivated DDoS
Quick Hits  |  2/21/2020  | 
The distributed denial-of-service attacks took a congressional candidate's website offline for a total of 21 hours during the campaign for office.
NRC Health Ransomware Attack Prompts Patient Data Concerns
Quick Hits  |  2/21/2020  | 
The organization, which sells patient administration tools to hospitals, could not confirm whether patient data was accessed.
Olympics Could Face Disruption from Regional Powers
News  |  2/21/2020  | 
Destructive attacks and disinformation will likely target the Summer Olympics in Tokyo, two groups of threat experts say.
How to Get CISOs & Boards on the Same Page
Commentary  |  2/21/2020  | 
These two groups have talked past each other for years, each hobbled by their own tunnel vision and misperceptions.
Security Now Merges With Dark Reading
News  |  2/21/2020  | 
Readers of Security Now will join the Dark Reading community, gaining access to a wide range of cybersecurity content.
Popular Mobile Document-Management Apps Put Data at Risk
News  |  2/20/2020  | 
Most iOS and Android apps that Cometdocs has published on Google and Apple app stores transmit entire documents - unencrypted.
Microsoft Announces General Availability of Threat Protection, Insider Risk Management
News  |  2/20/2020  | 
Microsoft made several security announcements ahead of RSA Conference, including its decision to bring Microsoft Defender to iOS and Android.
Ransomware Damage Hit $11.5B in 2019
Quick Hits  |  2/20/2020  | 
A new report shows the scale of ransomware's harm and the growth of that damage year-over-year -- an average of $141,000 per incident.
It's Time to Break the 'Rule of Steve'
Commentary  |  2/20/2020  | 
Today, in a room full of cybersecurity professionals, there are still more people called Steve than there are women.
Personal Info of 10.6M MGM Resort Guests Leaked Online
Quick Hits  |  2/20/2020  | 
Data published on a hacking forum includes phone numbers and email addresses of travelers ranging from everyday tourists to celebrities and tech CEOs.
5 Strategies to Secure Cloud Operations Against Today's Cyber Threats
Commentary  |  2/20/2020  | 
With these fundamentals in mind, organizations can reduce their security and compliance risks as they reap the cloud's many benefits:
Firms Improve Threat Detection but Face Increasingly Disruptive Attacks
News  |  2/20/2020  | 
In addition, more third parties are discovering the attacks rather than the companies themselves.
Researchers Fool Smart Car Camera with a 2-Inch Piece of Electrical Tape
News  |  2/19/2020  | 
McAfee researchers say they were able to get a Tesla to autonomously accelerate by tricking its camera platform into misreading a speed-limit sign.
Users Have Risky Security Habits, but Security Pros Aren't Much Better
News  |  2/19/2020  | 
Researchers spot gaps in users' and IT practitioners' security habits, and between security tools and user preferences.
Zero-Factor Authentication: Owning Our Data
Commentary  |  2/19/2020  | 
Are you asking the right questions to determine how well your vendors will protect your data? Probably not.
44% of Security Threats Start in the Cloud
Quick Hits  |  2/19/2020  | 
Amazon Web Services is a top source of cyberattacks, responsible for 94% of all Web attacks originating in the public cloud.
DHS's CISA Warns of New Critical Infrastructure Ransomware Attack
Quick Hits  |  2/19/2020  | 
An attack on a natural gas compression facility sent the operations offline for two days.
Don't Let Iowa Bring Our Elections Back to the Stone Age
Commentary  |  2/19/2020  | 
The voting experience should be the same whether the vote is in person, by mail, or over the Internet. Let's not allow one bad incident stop us from finding new ways to achieve this.
The Trouble with Free and Open Source Software
News  |  2/18/2020  | 
Insecure developer accounts, legacy software, and nonstandard naming schemes are major problems, Linux Foundation and Harvard study concludes.
Page 1 / 3   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 4/7/2020
The Coronavirus & Cybersecurity: 3 Areas of Exploitation
Robert R. Ackerman Jr., Founder & Managing Director, Allegis Capital,  4/7/2020
'Unkillable' Android Malware App Continues to Infect Devices Worldwide
Jai Vijayan, Contributing Writer,  4/8/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Digitized COVID-19 Prevention
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9499
PUBLISHED: 2020-04-09
Some Dahua products have buffer overflow vulnerabilities. After the successful login of the legal account, the attacker sends a specific DDNS test command, which may cause the device to go down.
CVE-2020-9500
PUBLISHED: 2020-04-09
Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down.
CVE-2020-10603
PUBLISHED: 2020-04-09
WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attacker to inject system commands remotely.
CVE-2020-10617
PUBLISHED: 2020-04-09
There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information.
CVE-2020-10619
PUBLISHED: 2020-04-09
An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control.