News & Commentary

Content posted in March 2018
Page 1 / 2   >   >>
AMD Processor Flaws Real, But Limited
News  |  3/19/2018
A vulnerability report threatened falling skies over AMD processor vulnerabilities that are real but limited in impact.
New Method Proposed for Secure Government Access to Encrypted Data
News  |  3/19/2018
'Crumple Zones' in crypto mechanisms can make it possible but astronomically expensive to access encrypted data, say researchers from Boston University and Portland State University.
Russian APT Compromised Cisco Router in Energy Sector Attacks
News  |  3/19/2018
DragonFly hacking team that targeted US critical infrastructure compromised a network router as part of its attack campaign against UK energy firms last year.
Half of Cyberattacks in the Middle East Target Oil & Gas Sector: Siemens
Quick Hits  |  3/19/2018
Nearly one-third of all cyberattacks worldwide are against operations technology (OT), or industrial networks, a new report by Siemens and The Ponemon Institute shows.
Microsoft Offers New Bug Bounties for Spectre, Meltdown-Type Flaws
Quick Hits  |  3/19/2018
Microsoft is offering a short-term bug bounty program for speculative execution side-channel vulnerabilities and threats.
A Data Protection Officer's Guide to the GDPR Galaxy
Commentary  |  3/19/2018
Impending deadline got you freaking out? These five tips might help you calm down, at least a little.
Cybercriminals Launder Up to $200B in Profit Per Year
News  |  3/19/2018
Cybercrime funds make up 8-10% of all illegal profits laundered and amount to $80-200 billion each year.
Phantom Secure 'Uncrackable Phone' Execs Indicted for RICO Crimes
Quick Hits  |  3/16/2018
Executives of Phantom Secure have been indicted on federal RICO charges for encrypting communications among criminals.
Who Does What in Cybersecurity at the C-Level
Slideshows  |  3/16/2018
As security evolve as a corporate priority, so do the roles and responsibilities of the executive team. These seven titles are already feeling the impact.
Google Rolls Out New Security Features for Chrome Enterprise
Quick Hits  |  3/16/2018
The business-friendly browser now includes new admin controls, EMM partnerships, and additions to help manage Active Directory.
The Containerization of Artificial Intelligence
Commentary  |  3/16/2018
AI automates repetitive tasks and alleviates mundane functions that often haunt decision makers. But it's still not a sure substitute for security best practices.
Are DDoS Attacks Increasing or Decreasing? Depends on Whom You Ask
News  |  3/15/2018
Details on DDoS trends can vary, depending on the reporting source.
Microsoft Report: Cybersecurity's Top 3 Threats Intertwine
News  |  3/15/2018
Botnets, ransomware, and simple attack methods dominate the threat landscape and build on each other to drive effectiveness.
Cryptojacking Threat Continues to Rise
News  |  3/15/2018
Unauthorized cryptocurrency mining can consume processing power and make apps unavailable as well as lead to other malware.
Trump Administration Slaps Sanctions on Russian Hackers, Operatives
News  |  3/15/2018
A two-pronged and mostly symbolic strategy names and shames Russia for US election-tampering and hacking of critical infrastructure.
Online Ads vs. Security: An Invisible War
Commentary  |  3/15/2018
Why visiting one website is like visiting 50, and how you can fight back against malvertisers.
Critical Start to Buy Advanced Threat Analytics
Quick Hits  |  3/15/2018
Firms previously had teamed up in SOC services.
Palo Alto Buys to Secure the Cloud
News  |  3/15/2018
The $300 million deal is part of an industry-wide consolidation of cloud, data, and network security companies.
Voice-Operated Devices, Enterprise Security & the 'Big Truck' Attack
Commentary  |  3/15/2018
The problem with having smart speakers and digital assistants in the workplace is akin to having a secure computer inside your office while its wireless keyboard is left outside for everyone to use.
(ISC)2 Report: Glaring Disparity in Diversity for US Cybersecurity
News  |  3/15/2018
While the average US security salary is $122,000, the average salary for people of color is $115,000, with men identifying as minorities making $6000 more than minority women.
New 'Mac-A-Mal' Tool Automates Mac Malware Hunting & Analysis
News  |  3/14/2018
Researchers at Black Hat Asia will demonstrate a new framework they created for catching and studying Apple MacOS malware.
New Hosted Service Lowers Barriers to Malware Distribution
News  |  3/14/2018
BlackTDS is a traffic distribution service for directing users to malware and exploit kits based on specific parameters.
77% of Businesses Lack Proper Incident Response Plans
News  |  3/14/2018
New research shows security leaders have false confidence in their ability to respond to security incidents.
Segmentation: The Neglected (Yet Essential) Control
Commentary  |  3/14/2018
Failure to deploy measures to contain unauthorized intruders is a recipe for digital disaster.
SEC Charges Former Equifax Exec with Insider Trading
Quick Hits  |  3/14/2018
CIO of a US business unit within Equifax had reportedly learned of the company's data breach and sold his shares for nearly $1 million.
Electric Utility Hit with Record Fine for Vulnerabilities
Quick Hits  |  3/14/2018
An unnamed power company has consented to a record fine for leaving critical records exposed.
A Secure Enterprise Starts with a Cyber-Aware Staff
Commentary  |  3/14/2018
An attack doesn't have to be super high-tech to cause a lot of damage. Make sure your employees know how to spot an old-fashioned phishing campaign.
Medical Apps Come Packaged with Hardcoded Credentials
News  |  3/14/2018
Vulnerabilities in DocuTrac applications also include weak encryption, according to Rapid7.
How to Interpret the SECs Latest Guidance on Data Breach Disclosure
Partner Perspectives  |  3/14/2018
Forward-looking organizations should view this as an opportunity to reevaluate their cybersecurity posture and install best practices that should have already been in place.
Microsoft Report Details Different Forms of Cryptominers
News  |  3/13/2018
A new report explores different ways legitimate and malicious coin miners are appearing in the enterprise.
Microsoft Patch Tuesday: Prioritize Browser Updates
Quick Hits  |  3/13/2018
All of the critical vulnerabilities Microsoft patched on March 13 were within, and related to, browsers.
AMD Investigating Report of Vulnerabilities in its Microprocessors
Quick Hits  |  3/13/2018
Israel-based firm says it found critical bugs in AMD's newest chip families.
What CISOs Should Know About Quantum Computing
Slideshows  |  3/13/2018
As quantum computing approaches real-world viability, it also poses a huge threat to today's encryption measures.
Google 'Distrust Dates' Are Coming Fast
Commentary  |  3/13/2018
All the tools are in place for the migration of SSL digital certificates on a scale that is unprecedented for the certificate authority industry. Are you ready?
Microsoft Remote Access Protocol Flaw Affects All Windows Machines
News  |  3/13/2018
Attackers can exploit newly discovered critical crypto bug in CredSSP via a man-in-the-middle attack and then move laterally within a victim network.
What's the C-Suite Doing About Mobile Security?
Commentary  |  3/13/2018
While most companies have security infrastructure for on-premises servers, networks, and endpoints, too many are ignoring mobile security. They'd better get moving.
Malware 'Cocktails' Raise Attack Risk
News  |  3/13/2018
Malware mash-ups hiding in encrypted traffic are boosting attack numbers and increasing the danger to data, according to recent reports.
Asia's Security Leaders Feel Underprepared for Future Threats: Report
News  |  3/12/2018
A new study highlights major concerns of cybersecurity leaders in Asia, where most fear critical infrastructure attacks, advanced threats, and social engineering.
Malware Leveraging PowerShell Grew 432% in 2017
News  |  3/12/2018
Cryptocurrency mining and ransomware were other major threats.
Chinese APT Backdoor Found in CCleaner Supply Chain Attack
News  |  3/12/2018
Avast discovers ShadowPad tool for use in apparent planned third stage of the targeted attack campaign.
FlawedAmmyy RAT Campaign Puts New Spin on Old Threat
News  |  3/12/2018
A remote access Trojan, in use since 2016, has a new tactic: combining zip files with the SMB protocol to infect target systems.
Disappearing Act: Dark Reading Caption Contest Winners
Commentary  |  3/12/2018
A standout field with hysterical puns about security policies, Meltdown, Amazon Web Services, and the right to be forgotten. And the winner is
Georgia Man Pleads Guilty to Business Email Compromise Attacks
Quick Hits  |  3/12/2018
Kerby Rigaud has pleaded guilty to using BEC attacks in attempts to steal more than $1 million from US businesses.
CyberArk Buys Vaultive for Privileged Account Security Technology
Quick Hits  |  3/12/2018
The account security firm will use Vaultive's tech to protect privileged users at heightened risk for cyberattacks.
IoT Product Safety: If It Appears Too Good to Be True, It Probably Is
Commentary  |  3/12/2018
Proposed new connected-product repair laws will provide hackers with more tools to make our lives less secure.
What Happens When You Hold Robots for Ransom?
News  |  3/10/2018
Researchers explore why an attacker would target robots with ransomware, and the implications of what might happen if they did.
Microsoft Windows Defender Prevents 400,000 Dofoil Infections
Quick Hits  |  3/9/2018
Improved anti-malware detection prevented spread of cryptomining software this week, says Microsoft.
China's Vulnerability Database Altered to Hide Govt. Influence
News  |  3/9/2018
Recorded Future says move designed to hide fact that CNNVD routinely delays publication of high-risk flaws so government can assess them for offensive use.
'Slingshot' Cyber Espionage Campaign Hacks Network Routers
News  |  3/9/2018
Advanced hacking group appears to be native English speakers targeting Africa, Middle East.
Tennessee Senate Campaign Sees Possible Hack
Quick Hits  |  3/9/2018
Phil Bredesen's campaign for US senate sees a hacker's hand in email messages
Page 1 / 2   >   >>

Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
New 'Mac-A-Mal' Tool Automates Mac Malware Hunting & Analysis
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/14/2018
Microsoft Report Details Different Forms of Cryptominers
Kelly Sheridan, Staff Editor, Dark Reading,  3/13/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.