Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in March 2019
<<   <   Page 2 / 4   >   >>
SaaS Ecosystem Complexity Ratcheting Up Risk of Insider Threats
News  |  3/21/2019  | 
Even with common security platforms like CASBs, organizations struggle to deal with the volume of apps and accounts that interact with business-critical data.
Microsoft Brings Defender Security Tools to Mac
News  |  3/21/2019  | 
Windows Defender becomes Microsoft Defender, and it's available in limited preview for Mac users.
Police Federation of England and Wales Suffers Apparent Ransomware Attack
Quick Hits  |  3/21/2019  | 
National Cyber Security Centre and National Crime Agency investigate random attack that locked down the association's data and deleted backups.
What the Transition to Smart Cards Can Teach the US Healthcare Industry
Commentary  |  3/21/2019  | 
Healthcare information security suffers from the inherent weakness of using passwords to guard information. Chip-based smart cards could change that.
Jackson County Still Recovering After Paying Ryuk Ransom
Joe Stanganelli  |  3/21/2019  | 
Radio silence after reports of a headline-snagging ransomware payment in Jackson County, Ga., presents a possible case study in the pros and cons of paying ransomware attackers.
Researchers Seek Out Ways to Search IPv6 Space
News  |  3/20/2019  | 
Security researchers regularly search IPv4 address space looking for servers with ports exposing vulnerable software. With the massive number of IPv6 addresses, however, they have lost that ability. Can tricks and workarounds save the day?
BEC Scammer Pleads Guilty
Quick Hits  |  3/20/2019  | 
Business email compromise (BEC) operation resulted in $100 million in losses to a multinational technology company and a social media firm, according to the US Attorney's Office.
Google Photos Bug Let Criminals Query Friends, Location
News  |  3/20/2019  | 
The vulnerability, now patched, let attackers query where, when, and with whom victims' photos were taken.
The Insider Threat: It's More Common Than You Think
Commentary  |  3/20/2019  | 
A new study shows why security teams must look holistically across cybersecurity, compliance, technology, and human resources to truly address the business effects of workforce risk.
Less Than 3% of Recycled Computing Devices Properly Wiped
News  |  3/20/2019  | 
Researchers find that companies that refurbish or accept old equipment as donations don't necessarily clean them of data as promised.
'Critical' Denial-of-Service Bug Patched in Facebook Fizz
Quick Hits  |  3/20/2019  | 
Researchers report a now-patched DoS vulnerability in Facebook Fizz, its open source implementation of the TLS protocol.
TLS 1.3: A Good News/Bad News Scenario
Commentary  |  3/20/2019  | 
Stronger encryption standards are improving the privacy of data in motion, but enterprises will need to adapt their security architectures to maintain visibility into network traffic.
Evidence Found of Malware Families Collaborating
Larry Loeb  |  3/20/2019  | 
IBM's X-Force has found that intertwined relationships exist between the Trickbot, Gozi, Ramnit and IcedID malware families – and that spells trouble.
Microsoft Office Dominates Most Exploited List
News  |  3/19/2019  | 
Lone Android vulnerability among the top 10 software flaws most abused by cybercriminals.
DDoS Attack Size Drops 85% in Q4 2018
News  |  3/19/2019  | 
The sharp decline follows an FBI takedown of so-called "booter," or DDoS-for-hire, websites in December 2018.
6 Ways Mature DevOps Teams Are Killing It in Security
Slideshows  |  3/19/2019  | 
New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.
The Case of the Missing Data
Commentary  |  3/19/2019  | 
The latest twist in the Equifax breach has serious implications for organizations.
Norsk Hydro Shuts Plants Amid Ransomware Attack
Quick Hits  |  3/19/2019  | 
The cyberattack, first detected on Monday night, has shut down Norsk's entire global network.
Stealing Corporate Funds Still Top Goal of Messaging Attacks
News  |  3/19/2019  | 
Cybercriminals focus on collecting credentials, blackmailing users with fake sextortion scams, and convincing privileged employees to transfer cash. The latter still causes the most damage, and some signs suggest it is moving to mobile.
Cyber Attacks Grow by 55% in 2018 & Data Theft Dominates – Report
Larry Loeb  |  3/19/2019  | 
The findings from Positive Technologies aren't that, erm, positive.
Crowdsourced vs. Traditional Pen Testing
Commentary  |  3/19/2019  | 
A side-by-side comparison of key test features and when best to apply them based on the constraints within your budget and environment.
New Mirai Version Targets Business IoT Devices
Quick Hits  |  3/19/2019  | 
The notorious Internet of Things botnet is evolving to attack more types of devices including those found in enterprises.
Is Your Supply Chain the Weakest Link?
Steve Durbin  |  3/19/2019  | 
Despite organizations' best efforts to secure intellectual property and other sensitive information, limited progress has been made in effectively managing information risk in the supply chain.
New IoT Security Bill: Third Time's the Charm?
News  |  3/18/2019  | 
The latest bill to set security standards for connected devices sold to the US government has fewer requirements, instead leaving recommendations to the National Institute of Standards and Technology.
New Europol Protocol Addresses Cross-Border Cyberattacks
Quick Hits  |  3/18/2019  | 
The protocol is intended to support EU law enforcement in providing rapid assessment and response for cyberattacks across borders.
Dragos Buys ICS Firm with US Dept. of Energy Roots
Quick Hits  |  3/18/2019  | 
NexDefense ICS security tool will be offered for free by Dragos.
Study Shows Massive Attacks Bypassing MFA
Larry Loeb  |  3/18/2019  | 
Multi-factor authentication is no silver bullet for security problems.
Are You Prepared for a Zombie (Domain) Apocalypse?
Commentary  |  3/18/2019  | 
When a domain registration expires, they can be claimed by new owners. And sometimes, those new owners have malicious intent.
7 Low-Cost Security Tools
Slideshows  |  3/15/2019  | 
Security hardware doesn't have to be expensive or complex to do the job. Here are seven examples of low-cost hardware that could fill a need in your security operations.
Could Beto O'Rourke Become the First Hacker President?
Quick Hits  |  3/15/2019  | 
New report details the Democratic candidate's time as a member of Cult of the Dead Cow.
Proof-of-Concept Tracking System Finds RATs Worldwide
News  |  3/15/2019  | 
Using a combination of Shodan scans and data from partners, Recorded Future finds nearly 500 malware controllers for 14 different families of remote-access Trojans, as well as the corporate networks they have infected.
New IoT Device Regulation Establishes Base Line for Security
Larry Loeb  |  3/15/2019  | 
Legislation seeks to use the spending power of the government, which, if the bill goes through, will only be able to acquire those IoT devices that meet the bill's requirements.
On Norman Castles and the Internet
Commentary  |  3/15/2019  | 
When the Normans conquered England, they built castles to maintain security. But where are the castles of the Internet?
Criminals Use One Line of Code to Steal Card Data from E-Commerce Sites
News  |  3/14/2019  | 
New JavaScript sniffer is similar to malware used in the Magecart campaign last year that affected over 800 sites.
Ransomware's New Normal
News  |  3/14/2019  | 
GandCrab's evolution underscores a shift in ransomware attack methods.
Anomaly Detection Techniques: Defining Normal
Commentary  |  3/14/2019  | 
The challenge is identifying suspicious events in training sets where no anomalies are encountered. Part two of a two-part series.
US Prosecutors Investigate Facebook's Data-Sharing Deals
Quick Hits  |  3/14/2019  | 
The news follows a long, tumultuous period of scandal around Facebook and its privacy practices.
Businesses Increase Investments in AI and Machine Learning
Quick Hits  |  3/14/2019  | 
More than three-quarters of IT pros say they feel safer for having done so, according to a new report.
4 Reasons to Take an 'Inside Out' View of Security
Commentary  |  3/14/2019  | 
When you approach security from the inside out, you're protecting your data by determining the most vital applications and using a risk-based strategy, which focuses on the most valuable and vulnerable assets.
North Korea Circumvents Sanctions Through Cybercrime, Says Report
Larry Loeb  |  3/14/2019  | 
The UN report believes the DPRK has snaffled up half a billion dollars so far through nefarious means.
Convergence: Real Problems When it Comes to Securing the IoT/IIoT
Alan Zeichick  |  3/14/2019  | 
Today, enterprises are dealing with a proliferation of connected devices that probably aren't dedicated to computing think video cameras, inventory sensors, machine tools, thermostats and environmental monitors.
New Malware Shows Marketing Polish
News  |  3/13/2019  | 
A new strain of point-of-sale malware skims credit card numbers and comes via a highly polished marketing campaign.
Three in Five Politicians Websites Dont Use HTTPS
News  |  3/13/2019  | 
Comparitech assessed the websites of more than 7,500 politicians in 37 countries and found 60.8% did not use valid SSL certificates.
Autism, Cybercrime, and Security's Skill Struggle
News  |  3/13/2019  | 
People on the autism spectrum often possess traits that could help them succeed in cybersecurity providing they don't fall into cybercrime first.
GPS Spoof Hits Geneva Motor Show
Quick Hits  |  3/13/2019  | 
Incident leaves GPS units showing a location in England and a date 17 years in the future.
Enterprise Cloud Infrastructure a Big Target for Cryptomining Attacks
News  |  3/13/2019  | 
Despite the declining values of cryptocurrencies, criminals continue to hammer away at container management platforms, cloud APIs, and control panels.
IoT Anomaly Detection 101: Data Science to Predict the Unexpected
Commentary  |  3/13/2019  | 
Yes! You can predict the chance of a mechanical failure or security breach before it happens. Part one of a two-part series.
'SimBad': Android Adware Hits 210 Apps with 150M Downloads
Quick Hits  |  3/13/2019  | 
Google has removed infected applications from the Google Play store after a form of adware potentially affected millions of users.
The Case for Transparency in End-User License Agreements
Commentary  |  3/13/2019  | 
Why it behooves technology companies to consider EULAs as an opportunity to accurately inform customers about privacy issues and other important information.
<<   <   Page 2 / 4   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21195
PUBLISHED: 2021-04-09
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.