Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in March 2019
<<   <   Page 4 / 4
NTT Security Confirms WhiteHat Acquisition
Quick Hits  |  3/6/2019  | 
WhiteHat Security will continue to operate as an independent subsidiary of NTT Security following the deal.
Consumers Care About Privacy, but Not Enough to Act on It
News  |  3/5/2019  | 
People claim to value data privacy and don't trust businesses to protect them but most fail to protect themselves.
Word Bug Allows Attackers to Sneak Exploits Past Anti-Malware Defenses
News  |  3/5/2019  | 
Problem lies in the manner in which Word handles integer overflow errors in OLE file format, Mimecast says.
Trust, or Lack of It, Is a Key Theme on RSAC Keynote Stage
News  |  3/5/2019  | 
Neither machines nor humans might be entirely trustworthy, but the cooperation of the two might be the answer to issues of misinformation, deep fake videos, and other issues of trust, say security leaders.
Cybercriminals Target Young Gamers
News  |  3/5/2019  | 
Deceptive and inappropriate tactics are prevalent in free gaming apps, according to a new report to be released at the RSA Conference.
Care and Feeding of Your SIEM
Commentary  |  3/5/2019  | 
Six simple steps to mitigate the grunt work and keep your organization safe.
Lazarus Research Highlights Threat from North Korea
News  |  3/5/2019  | 
A widespread attack against companies and government agencies have been linked to the North Korean Lazarus group, underscoring that the countries hackers are becoming more brazen.
Axonius' 'Unsexy' Tool Wins RSAC Innovation Sandbox
News  |  3/5/2019  | 
Judges award top honor to new company solving an old, unsolved problem: asset discovery and management.
6 Questions to Ask While Buying a Connected Car
Slideshows  |  3/5/2019  | 
Here are six questions to keep in mind when you walk into the showroom to buy a networked car.
Artificial Intelligence: The Terminator of Malware
Commentary  |  3/5/2019  | 
Is it possible that the combination of AI, facial recognition, and the coalescence of global mass-hack data could lead us toward a Skynet-like future?
Organizations Taking Less Time to Detect Breaches
News  |  3/5/2019  | 
But by the time they became aware, attackers have been on their networks for more than six months, new 2018 data shows.
Qbot Mutation Poses Global Threat
Larry Loeb  |  3/5/2019  | 
Once again, we can see how malware change will defeat static signature analysis.
Incident Response: Having a Plan Isn't Enough
News  |  3/5/2019  | 
Data shows organizations neglect to review and update breach response plans as employees and processes change, putting data at risk.
Boosted Rowhammer & Cache Attacks Spell Bad News for Intel
Larry Loeb  |  3/5/2019  | 
Researchers from Worcester Polytechnic Institute in Massachusetts and the University of Lbeck in Germany have published a paper that is really bad news for Intel.
Chronicle Releases Chapter One: Backstory
News  |  3/4/2019  | 
Google spin-off Alphabet rolls out a new cloud-based security data platform that ultimately could displace some security tools in organizations.
Bounty Hunters Find 100K+ Bugs Under HackerOne Program in 2018
News  |  3/4/2019  | 
Organizations signed up with the vulnerability disclosure platform shelled out a record $19 million for bug discoveries in their systems.
Fixing Fragmentation Can Yield Tangible Benefits
News  |  3/4/2019  | 
Consolidating technology and breaking down functional silos can bring solid financial results, a new study finds.
CrowdStrike Debuts Mobile Threat Detection System at RSA Conference
News  |  3/4/2019  | 
Falcon for Mobile offers detection and response capabilities for mobile platforms.
Startup Armor Scientific Launches Multifactor Identity System
News  |  3/4/2019  | 
Company aims to replace usernames and passwords by combining GPS location, biometrics, and keys issued through a blockchain-based network.
Here's What Happened When a SOC Embraced Automation
Commentary  |  3/4/2019  | 
Despite initial apprehension, security engineers and analysts immediately began to notice a variety of benefits.
Akamai's Stats Reveal Retail's Vulnerability
Larry Loeb  |  3/4/2019  | 
A single AIO bot can target more than 120 retailers at once.
Security Experts, Not Users, Are the Weakest Link
Commentary  |  3/1/2019  | 
CISOs: Stop abdicating responsibility for problems with users it's part of your job.
Security Pros Agree: Cloud Adoption Outpaces Security
News  |  3/1/2019  | 
Oftentimes, responsibility for securing the cloud falls to IT instead of the security organization, researchers report.
Encryption Offers Safe Haven for Criminals and Malware
News  |  3/1/2019  | 
The same encryption that secures private enterprise data also provides security to malware authors and criminal networks.
Digital Signatures Can Be Forged in PDF Docs
Larry Loeb  |  3/1/2019  | 
Researchers in Germany have figured out three different ways to forge digital signatures in PDF documents.
<<   <   Page 4 / 4


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-22879
PUBLISHED: 2021-04-14
Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation.
CVE-2021-27989
PUBLISHED: 2021-04-14
Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in multiple parameters within /medianet/sgcontentset.aspx.
CVE-2021-25316
PUBLISHED: 2021-04-14
A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attackers to prevent VM live migrations This issue affects: SUSE Linux Enterprise Server 12-SP5 s390-tools versions prior to 2.1.0-18.29.1. SUSE Linux Enterp...
CVE-2021-28797
PUBLISHED: 2021-04-14
A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (an...
CVE-2020-36323
PUBLISHED: 2021-04-14
In the standard library in Rust before 1.50.3, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.