News & Commentary

Content posted in March 2018
Page 1 / 4   >   >>
Microsoft Rushes Out Fix for Major Hole Caused by Previous Meltdown Patch
News  |  3/30/2018  | 
Issue affects Windows 7 x64 and Windows Server 2008 R2 x64 systems.
Accused LinkedIn, DropBox Hacker Appears in US Court After Diplomatic Battle
Quick Hits  |  3/30/2018  | 
Russian national indicted for the 2012 LinkedIn hack that led to the theft of 117 million passwords has been extradited from the Czech Republic to the US.
10 Women in Security You May Not Know But Should
Slideshows  |  3/30/2018  | 
The first in a series of articles shining a spotlight on women who are quietly changing the game in cybersecurity.
Under Armour App Breach Exposes 150 Million Records
Quick Hits  |  3/30/2018  | 
A breach in a database for MyFitnessPal exposes information on 150 million users.
The Cybersecurity Mandates Keep On Coming
Commentary  |  3/30/2018  | 
There's a good reason for the proliferation of mandates like the one in New York state, but companies may struggle to answer this question: "Are we in compliance?"
MITRE Evaluates Tools for APT Detection
News  |  3/29/2018  | 
A new service from MITRE will evaluate products based on how well they detect advanced persistent threats.
Deconstructing the DOJ Iranian Hacking Indictment
Commentary  |  3/29/2018  | 
The alleged attackers used fairly simple tools, techniques and procedures to compromise a new victim organization on an almost weekly basis for over five years.
WannaCry Re-emerges at Boeing
Quick Hits  |  3/29/2018  | 
Computers at the aerospace giant were hit by the WannaCry malware but systems are back to normal
FBI IC3: Tech Support Scam Losses Rose 86% in 2017
Quick Hits  |  3/29/2018  | 
Most victims are in the US, but FBI IC3 has logged cases from 85 different countries.
University Networks Become Fertile Ground for Cryptomining
News  |  3/29/2018  | 
Sixty percent of cryptomining detections in a Vectra study occurred on higher-education networks.
US Election Swing States Score Low Marks in Cybersecurity
News  |  3/29/2018  | 
C and D grades for Florida, Michigan, New Hampshire, Nevada, and Ohio, SecurityScorecard assessment shows.
Deconstructing a Business Email Compromise Attack
Partner Perspectives  |  3/29/2018  | 
How a tech-savvy New Jersey couple outwitted a German hacker group and saved their home and life savings.
New Android Cryptojacker Can Brick Phones
News  |  3/28/2018  | 
Mobile cryptojacking malware mines Monero.
Destructive and False Flag Cyberattacks to Escalate
News  |  3/28/2018  | 
Rising geopolitical tensions between the US and Russia, Iran, and others are the perfect recipe for nastier nation-state cyberattacks.
Baltimore Hit with Hack on 911 System
Quick Hits  |  3/28/2018  | 
An attack took down part of Baltimore's 911 system for 17 hours over the weekend, and details are still in short supply.
How Measuring Security for Risk & ROI Can Empower CISOs
Commentary  |  3/28/2018  | 
For the vast majority of business decisions, organizations seek metrics-driven proof. Why is cybersecurity the exception?
Fixing Hacks Has Deadly Impact on Hospitals
News  |  3/28/2018  | 
A study from Vanderbilt University shows that remediating data breaches has a very real impact on mortality rates at hospitals.
Automating Ethics for Cybersecurity
Commentary  |  3/28/2018  | 
Having a code of ethics and enforcing it are two different things.
Kaspersky Lab Open-Sources its Threat-Hunting Tool
Quick Hits  |  3/28/2018  | 
'KLara' was built to speed up and automate the process of identifying malware samples.
Getting Ahead of Internet of Things Security in the Enterprise
Partner Perspectives  |  3/28/2018  | 
In anticipation of an IoT-centric future, CISOs must be rigorous in shoring up defenses that provide real-time insights across all network access points.
UVA Defeats UMBC, in Stunning Upset
Commentary  |  3/27/2018  | 
In first trip to Mid-Atlantic Collegiate Cyber Defense Competition, University of Virginia's Cyber Defense Team defeats reigning national champs from University of Maryland, Baltimore County.
Report Shows Ransomware is the New Normal
Quick Hits  |  3/27/2018  | 
A new report on malware says that the majority of companies globally have been victims of ransomware in the last 12 months.
Attackers Shift From Adobe Flaws to Microsoft Products
News  |  3/27/2018  | 
Seven of the Top 10 most commonly exploited vulnerabilities in 2017 were Microsoft-related - not Adobe Flash as in years past, Recorded Future found.
780 Days in the Life of a Computer Worm
Commentary  |  3/27/2018  | 
This is a story of a worm, from the time it was coded and deployed onto the Internet. It is narrated by the worm in the first person.
Grossman, 'RSnake' Launch Website Asset Inventory Startup
Quick Hits  |  3/27/2018  | 
Bit Discovery gets $2.7 million in seed-round funding; Alex Stamos, Jeff Moss among the investors.
Bad Bots Increasingly Hide Out in Cloud Data Centers
News  |  3/27/2018  | 
Humans accounted for nearly 58% of website traffic in 2017 -- the rest were bad and good bots.
Privacy: Do We Need a National Data Breach Disclosure Law?
Commentary  |  3/27/2018  | 
Some say we need a more consistent approach, while others worry a national law might supersede and water down some state laws already on the books.
New Ransomware Attacks Endpoint Defenses
News  |  3/26/2018  | 
AVCrypt tries to disable anti-malware software before it can be detected and removed.
Leader of Cybercrime APT Behind $1.2 Billion in Bank Heists Arrested
News  |  3/26/2018  | 
The Carbanak group has caused more financial losses to financial institutions than any other cybercrime group since it surfaced in 2013.
Facebook Adds Machine Learning to Fraud Fight
Quick Hits  |  3/26/2018  | 
Machine learning tools will assist trained human reviewers who Facebook says block millions of fake accounts at the time of registration every day.
8 Security Spring Cleaning Tips for the Home Office
Slideshows  |  3/26/2018  | 
Use these ideas to sharpen up your home office machine against potential intruders.
The Overlooked Problem of 'N-Day' Vulnerabilities
Commentary  |  3/26/2018  | 
N-days -- or known vulnerabilities -- are a goldmine for attackers of industrial control systems. It's time for a new defense strategy.
AMD Will Release Fixes for New Processor Flaws in a Few Weeks
News  |  3/23/2018  | 
Security firm that disclosed flaws accuses chipmaker of downplaying flaws; says timeline is overly optimistic.
City of Atlanta Hit with Ransomware Attack
Quick Hits  |  3/23/2018  | 
FBI investigating computer outages in the city's network possibly tied to Samsam-type ransomware variant.
Winners and Losers in Password 'Bracketology'
Quick Hits  |  3/23/2018  | 
A recent study shows that there's a clear winner in the 'most used sports mascot' password competition.
DoJ Indicts 9 Iranians for Hacking into Hundreds of Universities, FERC, Dept. of Labor, Others
News  |  3/23/2018  | 
Suspects were operating on behalf of Iranian government and the Iranian Revolutionary Guard, US officials said.
Looking Back to Look Ahead: Cyber Threat Trends to Watch
Commentary  |  3/23/2018  | 
Data from the fourth quarter of last year shows the state of application exploits, malicious software, and botnets.
Looking Back and Thinking Ahead on Cyberwar, Nation-State Attacks
News  |  3/23/2018  | 
In the domain of cyber warfare, the effective strategies for fighting yesterday's cyberattacks will not work against tomorrow's, experts said.
New Survey Illustrates Real-World Difficulties in Cloud Security
News  |  3/22/2018  | 
Depending on traditional models makes cloud security more challenging for organizations, according to a Barracuda Networks report.
Criminals Using Web Injects to Steal Cryptocurrency
News  |  3/22/2018  | 
Man-in-the-browser attacks targeting Blockchain.info and Coinbase websites, SecurityScorecard says.
Is Application Security Dead?
Commentary  |  3/22/2018  | 
The nature of the field has changed greatly because of the move to the cloud and enterprise digital transformation.
Hunting Cybercriminals with AWS Honey Tokens
News  |  3/22/2018  | 
Researchers at Black Hat Asia demonstrated how they used AWS honey tokens to detect security breaches at scale.
US Federal Spending Bill Includes $380 Million for Securing Election Systems
Quick Hits  |  3/22/2018  | 
Spending bill includes election technology grants for states to shore up security of their voting systems, reports say.
5 Ways to Get Ready for Public Cloud Deployment
Commentary  |  3/22/2018  | 
Syncing security and product development early is now a "must do."
7 Ways to Protect Against Cryptomining Attacks
Slideshows  |  3/22/2018  | 
Implementing basic security hygiene can go a long way in ensuring your systems and website don't get hijacked.
Applications & Identities Initial Targets in 86% of Breaches: Report
Partner Perspectives  |  3/22/2018  | 
The startling numbers of breached data are sobering: 11.8 billion records compromised in 337 of 433 incidents examined by F5 researchers. They include 10.3 billion usernames, passwords, and email accounts.
Supply Chain Cyberattacks Surged 200% in 2017
News  |  3/22/2018  | 
Symantec's annual Internet Security Threat Report also shows that zero-day exploits fizzled and cryptocurrency mining exploded.
GandCrab Ransomware Goes 'Agile'
News  |  3/21/2018  | 
GandCrab ransomware's developers have iterated the code rapidly, researchers found.
Gartner Expects 2018 IoT Security Spending to Reach $1.5 Billion
News  |  3/21/2018  | 
Regulations, breach concerns will push spending to over $3 billion by 2021, analyst firm says.
SOC in Translation: 4 Common Phrases & Why They Raise Flags
Commentary  |  3/21/2018  | 
By keeping an ear out for out for catchphrases like "Just ask Stu" or "I've got a bad feeling about this," CISOs can overcome the barriers that get between business leaders and their security teams.
Page 1 / 4   >   >>


Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: So now we are monitoring the monitor?
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14623
PUBLISHED: 2018-12-14
A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is vulne...
CVE-2018-18093
PUBLISHED: 2018-12-14
Improper file permissions in the installer for Intel VTune Amplifier 2018 Update 3 and before may allow unprivileged user to potentially gain privileged access via local access.
CVE-2018-18096
PUBLISHED: 2018-12-14
Improper memory handling in Intel QuickAssist Technology for Linux (all versions) may allow an authenticated user to potentially enable a denial of service via local access.
CVE-2018-18097
PUBLISHED: 2018-12-14
Improper directory permissions in Intel Solid State Drive Toolbox before 3.5.7 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2018-3704
PUBLISHED: 2018-12-14
Improper directory permissions in the installer for the Intel Parallel Studio before 2019 Gold may allow authenticated users to potentially enable an escalation of privilege via local access.