Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in March 2019
Page 1 / 4   >   >>
NDSU Offers Nation's First Ph.D. in Cybersecurity Education
Quick Hits  |  3/29/2019  | 
The new program focuses on training university-level educators in cybersecurity.
Toyota Customer Information Exposed in Data Breach
Quick Hits  |  3/29/2019  | 
The attackers hit dealer sales systems in Japan, according to the automaker.
7 Malware Families Ready to Ruin Your IoT's Day
Slideshows  |  3/29/2019  | 
This latest list of Internet of Things miscreants doesn't limit itself to botnets, like Mirai.
Android Banking Trojan 'Gustuff' Becomes More Dangerous
Larry Loeb  |  3/29/2019  | 
New report puts Gustuff into the same threat tier as Anubis, Red Alert, Exobot, LokiBot and BankBot.
20 Years of STRIDE: Looking Back, Looking Forward
Commentary  |  3/29/2019  | 
The invention of STRIDE was the key inflection point in the development of threat modeling from art to engineering practice.
UK Watchdog Criticizes Huawei for Lax Software Security, Development
News  |  3/29/2019  | 
Calling the company's software development practices chaotic and unsustainable, a UK government oversight group calls on the company to make measurable progress toward more secure and sustainable code.
Microsoft Takes Down 99 Hacker-Controlled Websites
News  |  3/28/2019  | 
A judge granted Microsoft the injunction allowing them to disrupt a network of sites operated by an Iranian-linked group of hackers.
Artificial Intelligence in Modern Cybersecurity Operations
George Wrenn  |  3/28/2019  | 
As a rapidly evolving field of science, AI has become flexible to new approaches and tools allowing even cutting-edge technology such as quantum computing under its umbrella of methods.
New Android Trojan Targets 100+ Banking Apps
News  |  3/28/2019  | 
'Gustuff' also designed to steal from cryptocurrency wallets, payment services, e-commerce apps.
40% of Organizations Not Doing Enough to Protect Office 365 Data
News  |  3/28/2019  | 
Companies could be leaving themselves vulnerable by not using third-party data backup tools, a new report finds.
Man Pleads Guilty to Hacking Apple Accounts of NFL & NBA Players, Rappers
Quick Hits  |  3/28/2019  | 
Dozens of pro athletes and musicians fell for a phishing scam that pilfered their Apple accounts and credit cards.
Quantum Computing and Code-Breaking
Commentary  |  3/28/2019  | 
Prepare today for the quantum threats of tomorrow.
Enterprise Data Encryption Hits All-time High
Quick Hits  |  3/28/2019  | 
A new report by the Ponemon Institute shows 45% of organizations have a comprehensive encryption policy in place.
Microsoft Tackles IoT Security with New Azure Updates
News  |  3/28/2019  | 
The Azure Security Center for IoT provides teams with an overview of IoT devices and helps monitor their security properties.
Everything I Needed to Know About Third-Party Risk Management, I Learned from Meet the Parents
Commentary  |  3/28/2019  | 
How much do you trust your vendors? You don't have to hook them up to a polygraph machine because there are better ways to establish trust.
Tidying Expert Marie Kondo: Cybersecurity Guru?
News  |  3/28/2019  | 
The "KonMari" method of decluttering can be a huge step toward greater security, according to a growing number of executives.
Inside Cyber Battlefields, the Newest Domain of War
News  |  3/28/2019  | 
In his Black Hat Asia keynote, Mikko Hypponen explored implications of "the next arms race" and why cyber will present challenges never before seen in warfare.
Worldwide Study Finds Limited Advances Against Evolving Threats
Larry Loeb  |  3/28/2019  | 
Security vendor SonicWall has issued its SonicWall Cyber Threat Report based on its experiences in 2018.
6 Things To Know About the Ransomware That Hit Norsk Hydro
News  |  3/27/2019  | 
In just one week, 'LockerGoga' has cost the Norwegian aluminum maker $40 million as it struggles to recover operations across Europe and North America.
New Shodan Tool Warns Organizations of Their Internet-Exposed Devices
News  |  3/27/2019  | 
Shodan Monitor is free to members of the popular Internet search engine.
Threat Hunting 101: Not Mission Impossible for the Resource-Challenged
Commentary  |  3/27/2019  | 
How small and medium-sized businesses can leverage native features of the operating system and freely available, high-quality hunting resources to overcome financial limitations.
GAO Finds Deficiencies in Systems for Handling National Debt
Quick Hits  |  3/27/2019  | 
IT systems at the Bureau of the Fiscal Service and the Federal Reserve Bank show vulnerabilities that could lead them open to exploitation and breach.
Investigation Into LockerGoga Ransomware Finds Flaws in the Code
Larry Loeb  |  3/27/2019  | 
Preliminary analysis of LockerGoga shows it has, in its current forms, limited ability to spread in a network.
The 'Twitterverse' Is Not the Security Community
Commentary  |  3/27/2019  | 
The drama on social media belies the incredible role models, job, training, and networking opportunities found in the real world of traditional cybersecurity.
Russia Regularly Spoofs Regional GPS
News  |  3/26/2019  | 
The nation is a pioneer in spoofing and blocking satellite navigation signals, causing more than 9,800 incidents in the past three years, according to an analysis of navigational data.
ASUS 'ShadowHammer' Attack Underscores Trusted Third-Party Risks
News  |  3/26/2019  | 
Taiwanese computer maker says it has fixed issue that allowed attackers to distribute malware via company's automatic software update mechanism.
Small Businesses Turn to Managed Service Providers for Security
News  |  3/26/2019  | 
The average cost of a cyberattack at an SMB is $54,650, a new study shows.
Insurers Collaborate on Cybersecurity Ratings
Quick Hits  |  3/26/2019  | 
A group of insurers will base rates and terms on whether customers purchase technology that has earned a stamp of approval.
Data Privacy Manifestos: Competitive Advantage or the Start of Something Bigger?
Commentary  |  3/26/2019  | 
Facebook is the latest company to weigh in with a corporate manifesto focused on privacy. Though it's a welcome trend, only time will tell how many follow through.
10 Movies All Security Pros Should Watch
Slideshows  |  3/26/2019  | 
Don't expect to read about any of the classics, like 'War Games' or 'Sneakers,' which have appeared on so many lists before. Rather, we've broadened our horizons with this great mix of documentaries, hacker movies, and flicks based on short stories.
Under Attack: Over Half of SMBs Breached Last Year
Commentary  |  3/26/2019  | 
Many small and midsize businesses work faster and harder than large enterprises, but they're just as vulnerable to cybercrime.
87% of Cloud Pros Say Lack of Visibility Masks Security
Quick Hits  |  3/26/2019  | 
The majority of cloud IT professionals find a direct link between network visibility and business value, new data shows.
Ex-NSA Director Rogers: Insider Threat Prevention a 'Contract'
News  |  3/26/2019  | 
Ret. Admiral Michael Rogers who served as head of the NSA and the US Cyber Command from 2014 to 2018 on how to handle the risk of insiders exposing an organization's sensitive data.
WordPress Zero-Day Vulnerability Found in 'Social Warfare' Plugin
Larry Loeb  |  3/26/2019  | 
'Social Warfare' was open to attacks through use of a stored Cross-Site Scripting (XSS) vulnerability that was introduced with the latest change made to the plugin (3.5.2).
5 Years of the NIST Cybersecurity Framework
Joe Stanganelli  |  3/26/2019  | 
With NIST celebrating the five-year anniversary of its widely adopted and recommended Cybersecurity Framework just last month, a look back over the years illustrates how far the Framework has come.
Pwn2Own: Tesla Hack, Broken VMs, and Skewed Economics
News  |  3/25/2019  | 
In the latest Pwn2Own vulnerability throwdown at the CanSecWest conference, two researchers walk away with the lion's share of rewardsjust like the real marketplace.
Attackers Compromise ASUS Software Update Servers to Distribute Malware
News  |  3/25/2019  | 
ShadowHammer campaign latest to highlight dangers of supply chain attacks.
IT Leaders, Employees Divided on Data Security
Quick Hits  |  3/25/2019  | 
Execs and employees have dramatically different ideas of how much information is being lost and why a gap that puts enterprise data in grave danger.
Dark Readings Kelly Jackson Higgins Honored as Top Cybersecurity Journalist
Quick Hits  |  3/25/2019  | 
In voting conducted by the SANS Institute, Jackson Higgins is named by peers as one of the top 10 journalists in the industry.
Norsk Hydro: This Is How You React to a Ransomware Breach
Larry Loeb  |  3/25/2019  | 
The company's response to a massive ransomware attack is an object lesson in how to do it right.
A Glass Ceiling? Not in Privacy
Commentary  |  3/25/2019  | 
According to a new study, female professionals in the US privacy profession outnumber males 53% to 47%.
Inside Incident Response: 6 Key Tips to Keep in Mind
Slideshows  |  3/22/2019  | 
Experts share the prime window for detecting intruders, when to contact law enforcement, and what they wish they did differently after a breach.
Two Found Guilty in Online Dating, BEC Scheme
Quick Hits  |  3/22/2019  | 
Cybercriminals involved in the operation created fake online dating profiles and tricked victims into sending money to phony bank accounts.
Facebook Exposes Millions of Unencrypted User Passwords
Larry Loeb  |  3/22/2019  | 
It's an internal matter – but it could affect millions of the social network's users.
Security Lessons from My Game Closet
Commentary  |  3/22/2019  | 
In an era of popular video games like Fortnite and Minecraft, there is a lot to be learned about risk, luck, and strategy from some old-fashioned board games.
FIN7 Resurfaces With New Malware Techniques
Larry Loeb  |  3/22/2019  | 
The FIN7 group of cyber criminals is still going strong.
FIN7 Cybercrime Gang Rises Again
News  |  3/21/2019  | 
The group now employs a new administrative interface for managing its campaigns, as well as documents that link to SQL databases for downloading its code.
Businesses Manage 9.7PB of Data but Struggle to Protect It
News  |  3/21/2019  | 
What's more, their attempts to secure it may be putting information at risk, a new report finds.
Facebook Employees for Years Could See Millions of User Passwords in Plain Text
Quick Hits  |  3/21/2019  | 
2,000 Facebook engineers or developers reportedly made some nine million internal queries for data elements with plain text passwords.
Hacker AI vs. Enterprise AI: A New Threat
Commentary  |  3/21/2019  | 
Artificial intelligence and machine learning are being weaponized using the same logic and functionality that legitimate organizations use.
Page 1 / 4   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-41127
PUBLISHED: 2021-10-21
Rasa is an open source machine learning framework to automate text-and voice-based conversations. In affected versions a vulnerability exists in the functionality that loads a trained model `tar.gz` file which allows a malicious actor to craft a `model.tar.gz` file which can overwrite or replace bot...
CVE-2021-41169
PUBLISHED: 2021-10-21
Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade.
CVE-2021-27746
PUBLISHED: 2021-10-21
"HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability"
CVE-2021-36869
PUBLISHED: 2021-10-21
Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory Search plugin (versions <= 4.6.6). Vulnerable parameter: &post.
CVE-2021-39352
PUBLISHED: 2021-10-21
The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrat...