Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in April 2016
<<   <   Page 2 / 3   >   >>
Android Year In Review: No Successful Stagefright, Certifigate Exploits
News  |  4/19/2016  | 
Plus, Android users who install apps outside of Google Play are 10 times more likely to have installed a potentially harmful application, according to new Google Android Security Year in Review report.
Creepy New Ransomware Riffs Off Popular Horror Film
News  |  4/19/2016  | 
JIGSAW locks, threatens, and deletes files if you dont pay the ransom within 24 hours.
Device Advice: Keeping Fraudsters From Consumer Info
Commentary  |  4/19/2016  | 
Data breaches are the first stop for criminals with intentions to steal personally identifiable information. These tips show how to fight fraud while optimizing the customer experience.
Privacy Debate: Apple & Google Today; AWS or Azure Tomorrow?
Commentary  |  4/18/2016  | 
Why the recent fight over mobile phone security and encryption is moving to the cloud.
Google Finds 800,000 Websites Breached Worldwide
Quick Hits  |  4/18/2016  | 
In the past year, the search engine giant has detected close to 800,000 sites infected with drive-by download malware and other malicious content aimed at nabbing unsuspecting visitors.
9 Years Prison, $1.7 Million Fine For Malicious Insider
News  |  4/18/2016  | 
Former IT engineer stung for destructive attack on law firm.
Which Critical Infrastructure Attack Will Be Our Bangladesh Factory Collapse?
Partner Perspectives  |  4/18/2016  | 
Critical infrastructure security is finally getting the attention it deserves; lets hope that it is enough to prevent a major disaster.
MIT AI Researchers Make Breakthrough On Threat Detection
News  |  4/18/2016  | 
New artificial intelligence platform offers 3x detection capabilities with 5x fewer false positives.
8 Active APT Groups To Watch
Slideshows  |  4/16/2016  | 
Ever wonder who's behind some of the attacks we hear about in the news? Here are eight advanced persistent threat (APT) groups that operate some of the most successful and well-known malware campaigns worldwide.
PowerShell Increasingly Being Used To Hide Malicious Activity
News  |  4/15/2016  | 
Data from 1,100 security investigations shows PowerShell was used in 38 percent of cyberattacks
Rethinking Application Security With Microservices Architectures
Commentary  |  4/15/2016  | 
The advantages offered by the container model go against many of the assumptions of traditional security mechanisms. Here are 5 new concepts & 4 best practices youll need to understand.
How To Prepare For A DDoS Attack: 10 Steps
Slideshows  |  4/15/2016  | 
Like a hurricane or a flood, a DDoS is a crisis. Follow these 10 steps to prepare for an attack before it hits.
Apple QuickTime For Windows: Uninstall It ASAP, Security Firm Warns
Quick Hits  |  4/15/2016  | 
Apple drops support for the app, Trend Micro reveals new critical vulnerabilities in QuickTime for Windows.
'Threat Hunting' On The Rise
News  |  4/14/2016  | 
Rather than wait for the adversary to strike, many enterprises are going out actively looking for them
Healthcare Data Security Performance Stagnates
News  |  4/14/2016  | 
Healthcare organizations are still largely driven by compliance and legacy attitudes.
5 Steps to Improve Your Software Supply Chain Security
Commentary  |  4/14/2016  | 
Organizations that take control of their software supply chains will see tremendous gains in developer productivity, improved quality, and lower risk.
Java Deserialization: Running Faster Than a Bear
Commentary  |  4/14/2016  | 
Software components that were once good can sour instantly when new vulnerabilities are discovered within them. When that happens, the bears are coming, and you have to respond quickly.
6 IoT Security Dangers To The Enterprise
News  |  4/14/2016  | 
Security risks arise as enterprises begin to deploy Internet of Things devices for the business and as employees bring those devices onto the corporate network.
FBI Paid Hackers To Help Unlock San Bernardino Shooters iPhone
Quick Hits  |  4/14/2016  | 
The professional hackers were paid a one-time fee by FBI to help break into Syed Farooks iPhone.
RAND Survey Shows Breaches Have Little Impact On Customer Loyalty
Quick Hits  |  4/14/2016  | 
Only 11% of US adults who received a breach notification were likely to quit doing business with the hacked company, study finds.
10 Things Cyber Insurance Won't Cover
Slideshows  |  4/14/2016  | 
Cyber insurance policies come with some important caveats to keep in mind.
Is Cloud Security An Exaggerated Concern?
Partner Perspectives  |  4/14/2016  | 
Research indicates the challenge has never been about security, but about transparency.
Security 101 For SMBs
News  |  4/13/2016  | 
Just because a company is small doesn't mean its business is immune to cyberattacks. Here's a quick list of best practices for SMBs to get started in security.
EU Privacy Officials Push Back On Privacy Shield
News  |  4/13/2016  | 
Better than Safe Harbor, but not good enough. Should we care what they think?
Securing the Weakest Link: Insiders
Commentary  |  4/13/2016  | 
No longer is a hoodie-wearing malicious hacker the most obvious perpetrator of an inside cyber attack.
Mega Hack Exposes Philippine Voter Database
Quick Hits  |  4/13/2016  | 
A major data breach of Philippines' Commission on Elections database leaves personal data of 55 million Filipinos vulnerable to cybercrime.
IRS Commissioner Warns Of Threats From Cybercriminals
Quick Hits  |  4/13/2016  | 
Identity thieves getting more sophisticated in hacking IRS systems, John Koskinen says
Law Firms Present Tempting Targets For Attackers
News  |  4/12/2016  | 
Panama Papers breach just scratched the surface of the relative lack of budget and resources in the legal sector that leaves many law firms vulnerable to cyberattacks.
Zero-Day Discoveries A Once-A-Week Habit
News  |  4/12/2016  | 
Symantec threat report shows growth in zero-day vulns to enable more targeted attacks.
How To Monetize Stolen Payment Card Data
News  |  4/12/2016  | 
The carding value chain not only relies on carders and buyers, but individuals who don't even know they're involved.
Badlock Bug Declared A Bust--But Patch, Anyway
News  |  4/12/2016  | 
After weeks of speculation and buildup, the big Badlock reveal came today with Microsoft Windows, Samba patches for a flaw that could allow an attacker to hijack sessions and steal files.
Managing The Message Before The Breach
Commentary  |  4/12/2016  | 
No leader wants to see their company exploited by creative cyber villains. Heres how CISOs can stay ahead of the game with a strategic plan.
WordPress Deploys HTTPS Encryption For All Of Its Websites
Quick Hits  |  4/12/2016  | 
WordPress.com now offers encryption by default for all custom blogs and websites hosted on its platform.
FDIC Suffers 'Inadvertent' Data Breach
Quick Hits  |  4/12/2016  | 
A former FDIC employee accidentally triggered a major breach exposing data of 44,000 customers.
Dark Reading Radio: Advancing Your Security Career
Commentary  |  4/12/2016  | 
INCYMI! Join us for a fascinating discussion on key trends and opportunities in the rapidly evolving world of cybersecurity.
Imagining The Ransomware Of The Future
News  |  4/11/2016  | 
Cisco Talos Lab paints a dark picture of what ransomware could have in store next.
Sony Breach Settlement Reached
Quick Hits  |  4/11/2016  | 
Sony agreed to provide three years of identity theft protection to victims of data breach.
FBI Warns Of Business Email Fraud Spike
Quick Hits  |  4/11/2016  | 
FBI warns US companies about rising email scams that have cost businesses up to $2.3 billion since 2013.
How To Raise Your Salary In Cybersecurity
News  |  4/11/2016  | 
The hot skills most in demand today for jobs: threat intelligence, security software development, cloud, auditing, and big data analysis.
The 8 Most Convincing Phishing Schemes Of 2016
Slideshows  |  4/9/2016  | 
The year is young and high-profile phishing attacks keep coming seemingly every week. Here are eight reasons why security pros have to get serious about combating phishing.
Dridex Malware Now Used For Stealing Payment Card Data
News  |  4/8/2016  | 
An analysis of Dridex infrastructure shows dangerous changes, potentially new operators.
7 Profiles Of Highly Risky Insiders
Commentary  |  4/8/2016  | 
To understand who these insiders are and why they pose a risk, start by looking at the root of the problem.
Thousands Of Vulnerabilities Found In Corporate Networks
Quick Hits  |  4/8/2016  | 
F-Secure research discovers tens of thousands of holes in
IRS Warns Of New Phishing Scam Surge In National Capital Area
Quick Hits  |  4/8/2016  | 
IRS issued an alert regarding tax fraud targeting residents in Washington, DC, Maryland, and Virginia.
Adobe Issues Emergency Updates For Zero-Day Flaw in Flash Player
News  |  4/8/2016  | 
Memory corruption flaw is being exploited in the wild to distribute ransomware samples like Locky and Cerber.
Inconsistent API Security Puts App Economy At Risk
News  |  4/7/2016  | 
Better ownership and accountability needed in security APIs, report finds.
10 Cybersecurity Twitter Profiles To Watch
Slideshows  |  4/7/2016  | 
If youre responsible for an information security program, check out these influencers to follow.
Healthcare Organizations Must Consider The Financial Impact Of Ransomware Attacks
Partner Perspectives  |  4/7/2016  | 
Sometimes the impact of an attack can extend well beyond the attack itself.
Hacker From Oklahoma Pleads Guilty In DDoS Attack Case
Quick Hits  |  4/7/2016  | 
Oklahoma City man faces up to 10 years in federal prison for a hacking attempt targeting a cybersecurity company.
Top US Undergraduate Computer Science Programs Skip Cybersecurity Classes
News  |  4/7/2016  | 
New study reveals that none of the top 10 US university computer science and engineering program degrees requires students take a cybersecurity course.
<<   <   Page 2 / 3   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-36260
PUBLISHED: 2021-09-22
A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
CVE-2021-39404
PUBLISHED: 2021-09-22
MaianAffiliate v1.0 allows an authenticated administrative user to save an XSS to the database.
CVE-2021-3583
PUBLISHED: 2021-09-22
A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This...
CVE-2021-39339
PUBLISHED: 2021-09-22
The Telefication WordPress plugin is vulnerable to Open Proxy and Server-Side Request Forgery via the ~/bypass.php file due to a user-supplied URL request value that gets called by a curl requests. This affects versions up to, and including, 1.8.0.
CVE-2021-38153
PUBLISHED: 2021-09-22
Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixe...