Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in February 2020
<<   <   Page 2 / 3   >   >>
Dell Sells RSA to Private Equity Firm for $2.1B
News  |  2/18/2020  | 
Deal with private equity entity Symphony Technology Group revealed one week before the security industry's RSA Conference in San Francisco.
Lumu to Emerge from Stealth at RSAC
Quick Hits  |  2/18/2020  | 
The new company will focus on giving customers earlier indications of network and server compromise.
Cyber Fitness Takes More Than a Gym Membership & a Crash Diet
Commentary  |  2/18/2020  | 
Make cybersecurity your top priority, moving away from addressing individual problems with Band-Aids and toward attaining a long-term cyber-fitness plan.
1.7M Nedbank Customers Affected via Third-Party Breach
Quick Hits  |  2/18/2020  | 
A vulnerability in the network of marketing contractor Computer Facilities led to a breach at the South African bank.
Firmware Weaknesses Can Turn Computer Subsystems into Trojans
News  |  2/18/2020  | 
Network cards, video cameras, and graphics adapters are a few of the subsystems whose lack of security could allow attackers to turn them into spy implants.
Staircase to the Cloud: Dark Reading Caption Contest Winners
Commentary  |  2/18/2020  | 
A humorous nod to the lack of gender equity in cybersecurity hiring was our judges' unanimous choice. And the winners are ...
8 Things Users Do That Make Security Pros Miserable
Slideshows  |  2/18/2020  | 
When a user interacts with an enterprise system, the result can be productivity or disaster. Here are eight opportunities for the disaster side to win out over the productive.
Phishing Campaign Targets Mobile Banking Users
News  |  2/14/2020  | 
Consumers in dozens of countries were targeted, Lookout says.
Palm Beach Elections Office Hit with Ransomware Pre-2016 Election
Quick Hits  |  2/14/2020  | 
Palm Beach County's elections supervisor does not believe the attack is linked to Russian hacking attempts targeting Florida.
Ovum to Expand Cybersecurity Research Under New Omdia Group
News  |  2/14/2020  | 
Informa Tech combines Ovum, Heavy Reading, Tractica, and IHS Markit research.
DHS Warns of Cyber Heartbreak
Quick Hits  |  2/14/2020  | 
Fraudulent dating and relationship apps and websites raise the risks for those seeking online romance on Valentine's Day.
The 5 Love Languages of Cybersecurity
Commentary  |  2/14/2020  | 
When it comes to building buy-in from the business, all cybersecurity needs is love -- especially when it comes to communication.
DDoS Attacks Nearly Double Between Q4 2018 and Q4 2019
News  |  2/13/2020  | 
Peer-to-peer botnets, TCP reflection attacks, and increased activity on Sundays are three DDoS attack trends from last quarter.
Architectural Analysis IDs 78 Specific Risks in Machine-Learning Systems
News  |  2/13/2020  | 
The new threat model hones in on ML security at the design state.
Babel of IoT Authentication Poses Security Challenges
News  |  2/13/2020  | 
With more than 80 different schemes for authenticating devices either proposed or implemented, best practices and reference architectures are sorely needed, experts say.
Huawei Charged with RICO Violations in Federal Court
Quick Hits  |  2/13/2020  | 
A new set of indictments adds conspiracy to violate RICO statutes to a list of existing charges against the Chinese telecommunications giant.
7 Tax Season Security Tips
Slideshows  |  2/13/2020  | 
Security pros need be on high alert from now until Tax Day on April 15. Here are seven ways to help keep your company safe.
Small Business Security: 5 Tips on How and Where to Start
Commentary  |  2/13/2020  | 
There is no one-size-fits-all strategy for security, but a robust plan and the implementation of new technologies will help you and your IT team sleep better.
Apps Remain Favorite Mobile Attack Vector
Quick Hits  |  2/13/2020  | 
Mobile apps are used in nearly 80% of attacks targeting mobile devices, followed by network and operating system attacks.
Forget Hacks... Ransomware, Phishing Are Election Year's Real Threats
Commentary  |  2/13/2020  | 
As we gear up for the voting season, let's put aside any links between foreign interference and voting machine security and focus on the actual risks threatening election security.
Third-Party Breaches and the Number of Records Exposed Increased Sharply in 2019
News  |  2/12/2020  | 
Each breach exposed an average of 13 million records, Risk Based Security found.
Avast Under Investigation by Czech Privacy Agency
Quick Hits  |  2/12/2020  | 
The software security maker is suspected of selling data about more than 100 million users to companies including Google, Microsoft, and Home Depot.
FBI: Business Email Compromise Cost Businesses $1.7B in 2019
News  |  2/12/2020  | 
BEC attacks comprised nearly half of cybercrime losses last year, which totaled $3.5 billion overall as Internet-enabled crimes ramped up.
Stop Defending Everything
Commentary  |  2/12/2020  | 
Instead, try prioritizing with the aid of a thorough asset inventory.
5G Adoption Should Change How Organizations Approach Security
News  |  2/12/2020  | 
With 5G adoption, businesses will be able to power more IoT devices and perform tasks more quickly, but there will be security ramifications.
5 Common Errors That Allow Attackers to Go Undetected
Commentary  |  2/12/2020  | 
Make these mistakes and invaders might linger in your systems for years.
Healthcare Ransomware Damage Passes $157M Since 2016
Quick Hits  |  2/11/2020  | 
Researchers found the total cost far exceeded the amount of ransom paid to attackers.
Microsoft Patches Exploited Internet Explorer Flaw
News  |  2/11/2020  | 
This month's Patch Tuesday brings fixes for 99 CVEs, including one IE flaw seen exploited in the wild.
Why Ransomware Will Soon Target the Cloud
Commentary  |  2/11/2020  | 
As businesses' daily operations become more dependent on cloud services, ransomware authors will follow to maximize profits. The good news: Many of the best practices for physical servers also apply to the cloud.
Cybercriminals Swap Phishing for Credential Abuse, Vuln Exploits
News  |  2/11/2020  | 
Infection vectors were evenly divided among phishing, vulnerability exploitation, and unauthorized credential use in 2019.
Macs See More Adware, Unwanted Apps Than PCs
News  |  2/11/2020  | 
The latest data from Malwarebytes show the average Mac sees almost twice as many bad apps as Windows systems, but actual malware continues to be scarce.
CIA's Secret Ownership of Crypto AG Enabled Extensive Espionage
Quick Hits  |  2/11/2020  | 
Crypto AG made millions selling encryption devices to more than 120 countries, which unknowingly transmitted intel back to the CIA.
Keeping a Strong Security Metrics Framework Strong
Commentary  |  2/11/2020  | 
Don't just report metrics -- analyze, understand, monitor, and adjust them. These 10 tips will show you how.
How North Korea's Senior Leaders Harness the Internet
News  |  2/10/2020  | 
Researchers learn how North Korea is expanding its Internet use in order to generate revenue and bypass international sanctions.
Some Democrats Lead Trump in Campaign Domain-Security Efforts
News  |  2/10/2020  | 
Sanders and Trump campaigns lack proper DMARC security enforcement, study finds.
Israel's Entire Voter Registry Exposed in Massive Incident
Quick Hits  |  2/10/2020  | 
Personal details of nearly 6.5 million Israelis were out in the open after the entire registry was uploaded to an notably insecure app.
China's Military Behind 2017 Equifax Breach: DoJ
News  |  2/10/2020  | 
Four members of China's People Liberation Army hacked the information broker, leading to the theft of sensitive data on approximately 145 million citizens.
Unlocked S3 Bucket Lets 36,077 Jail Files Escape
Quick Hits  |  2/10/2020  | 
The leaky repository belongs to JailCore, a cloud management and compliance platform used in several states' correctional facilities.
6 Factors That Raise the Stakes for IoT Security
Slideshows  |  2/10/2020  | 
Developments that exacerbate the risk and complicate making Internet of Things devices more secure.
Day in the Life of a Bot
Commentary  |  2/10/2020  | 
A typical workday for a bot, from its own point of view.
Google Takeout Serves Up Video Files to Strangers
Quick Hits  |  2/7/2020  | 
A limited number of user videos were shared with others in a five-day incident from November.
CCPA and GDPR: The Data Center Pitfalls of the 'Right to be Forgotten'
News  |  2/7/2020  | 
Compliance with the new privacy rules doesn't always fall on data center managers, but when it does, it's more difficult than it may sound.
RobbinHood Kills Security Processes Before Dropping Ransomware
News  |  2/7/2020  | 
Attackers deploy a legitimate, digitally signed hardware driver to delete security software from machines before encrypting files.
5 Measures to Harden Election Technology
Commentary  |  2/7/2020  | 
Voting machinery needs hardware-level security. The stakes are the ultimate, and the attackers among the world's most capable.
Researchers Reveal How Smart Lightbulbs Can Be Hacked to Attack
News  |  2/6/2020  | 
New exploit builds on previous research involving Philips Hue Smart Bulbs.
90% of CISOs Would Cut Pay for Better Work-Life Balance
News  |  2/6/2020  | 
Businesses receive $30,000 of 'free' CISO time as security leaders report job-related stress taking a toll on their health and relationships.
Cybersecurity Vendor Landscape Transforming as Symantec, McAfee Enter New Eras
Commentary  |  2/6/2020  | 
Two years ago, Symantec and McAfee were both primed for a comeback. Today, both face big questions about their future.
Forescout Acquired by Private Equity Team
Quick Hits  |  2/6/2020  | 
The deal, valued at $1.9 billion, is expected to close next quarter.
Facebook Tops Imitated Brands as Attackers Target Tech
Quick Hits  |  2/6/2020  | 
Brand impersonators favor Facebook, Yahoo, Network, and PayPal in phishing attempts to steal credentials from victims.
Invisible Pixel Patterns Can Communicate Data Covertly
News  |  2/6/2020  | 
University researchers show that changing the brightness of monitor pixels can communicate data from air-gapped systems in a way not visible to human eyes.
<<   <   Page 2 / 3   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27706
PUBLISHED: 2021-04-14
Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/&quot;IPMacBindIndex &quot;request. This occurs because the &quot;formIPMacBindDel&quot; function directly passes the parameter &quot;IPMacBind...
CVE-2021-27707
PUBLISHED: 2021-04-14
Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/&quot;portMappingIndex &quot;request. This occurs because the &quot;formDelPortMapping&quot; function directly passes the parameter &quot;portMappingIn...
CVE-2021-28098
PUBLISHED: 2021-04-14
An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and writes logs entries to a file in %PROGRAMDATA%\ForeScout SecureConnector\ that has full permissions for...
CVE-2021-30493
PUBLISHED: 2021-04-14
Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the ChromaBroadcast subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other wor...
CVE-2021-30494
PUBLISHED: 2021-04-14
Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the Razer Chroma SDK subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other wo...