Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in April 2016
<<   <   Page 3 / 3
Hacking Teams License To Sell Spyware Outside Europe Revoked
Quick Hits  |  4/7/2016  | 
Spyware vendor must request permission for future exports outside the EU.
Context & Awareness: Its All About The Apps
Commentary  |  4/7/2016  | 
Why data context, application awareness and training are keys to mitigating security risks,
Understanding The Cloud Threat Surface
Commentary  |  4/6/2016  | 
How todays borderless environment creates new threat vectors from third-party apps, brute force password attacks, and login attempts with stolen credentials.
'Panama Papers' Law Firm: We Were Hacked
Quick Hits  |  4/6/2016  | 
Founding partner of Mossack Fonseca tells Reuters his firm was a victim of an external hacker who leaked its data.
7 Biggest Trends Bubbling Up For Interop
Slideshows  |  4/6/2016  | 
CISOs and security leaders will find security is top of mind at Interop, when risk management intersects with some of the biggest themes likely to come out of the show.
Adobe Warns Of 'Critical' New Flash Player Bug
Quick Hits  |  4/6/2016  | 
Emergency patch on the way for the flaw, which has been spotted being exploited in attacks.
150 Biometric, Two-Factor Authentication Products Now FIDO-Certified
Quick Hits  |  4/6/2016  | 
The Fast IDentity Online (FIDO) Alliance hits a new milestone.
How Some Apple, Android Mobile Tax Apps Put Sensitive Data At Risk
News  |  4/6/2016  | 
A review of 29 Apple iOS and Android apps used for tax filing purposes show many are not fully secure, Appthority says.
7 Lessons From The Panama Papers Leak
News  |  4/5/2016  | 
Hopefully your organization isn't hiding as many dark secrets as Mossack Fonseca, but the incident still brings helpful hints about data security, breach response, and breach impact.
Doctors Mobile Devices Putting Patient At Risk
News  |  4/5/2016  | 
Three-fourths of physicians use more than one mobile device for work, a new study shows.
New Surveys To Gauge Vulnerability Disclosure Awareness And Adoption
Quick Hits  |  4/5/2016  | 
Awareness and Adoption Group urges technology providers, operators, and security researchers to take its new surveys.
How to Hack Your Own Car
Commentary  |  4/5/2016  | 
As vehicles become more software-driven, car manufacturers are keeping the inner workings of electronics systems more secretive. Here's one way to maintain security updates and still preserve your 'freedom to tinker.'
Donald Trumps Hotel Chain Hacked Again: Report
Quick Hits  |  4/5/2016  | 
Hotel chain reportedly faces yet another breach in less than a year.
CyberUL Launched For IoT, Critical Infrastructure Device Security
News  |  4/5/2016  | 
Much-anticipated UL (Underwriters Laboratories) cybersecurity certification program kicks off.
A Day In The Life Of A Security Analyst
News  |  4/4/2016  | 
'The network doesn't lie' and host detection systems are also key tools for the analyst.
CAs Need To Force Rules Around Trust
Commentary  |  4/4/2016  | 
Google Symantec flap reveals worrisome weakness in the CA system.
Panama Papers Leak Exposes Tax Evasion -- And Poor Data Security, Data Integrity Practices
Quick Hits  |  4/4/2016  | 
Whether an insider leak or an outsider hack, an exposure of 11.5 million documents definitely falls under the infosec umbrella.
Cyber Insurance Rates Drop With Decrease In Big Data Breaches
Quick Hits  |  4/4/2016  | 
Insurers cut cyber insurance rates during the first quarter of 2016 as high-profile hacks subsided, Reuters reports.
Knowledge Gap Series: 3 Steps To Deal With The High Turnover In Your Security Department
Partner Perspectives  |  4/4/2016  | 
Follow these suggestions to significantly decrease the probability that your organization is a future security headline.
Hacker 'Guccifer' Extradited To US
Quick Hits  |  4/4/2016  | 
Romanian man accused of breaching several high-profile online accounts including two former US presidents faces multiple hacking charges.
Avoiding Legal Landmines in Data Breach Response
Commentary  |  4/4/2016  | 
Building a legally defensible cybersecurity program means seeking out guidance from legal advisors before a serious incident forces you together.
Ransomware Authors Break New Ground With Petya
News  |  4/1/2016  | 
Instead of encrypting files on disk, Petya goes for the jugular by encrypting the entire disk instead, says F-Secure.
Raising The Stakes For Application Security
Commentary  |  4/1/2016  | 
Why, if we already know most everything we need to know about exploited vulnerabilities in software, do hacks keep happening?
DoD Picks HackerOne To Run Its Historic Bug Bounty Pilot
Quick Hits  |  4/1/2016  | 
HackerOne will run US federal government's first-ever bug bounty pilot 'Hack The Pentagon.'
SecurityScorecard Offers Free Cybersecurity Assessment
Quick Hits  |  4/1/2016  | 
New security assessment tool provides a security "posture score" based on their protection-level and flaws in the network.
<<   <   Page 3 / 3


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21742
PUBLISHED: 2021-09-25
There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive information of users by accessing specific pages.
CVE-2020-20508
PUBLISHED: 2021-09-24
Shopkit v2.7 contains a reflective cross-site scripting (XSS) vulnerability in the /account/register component, which allows attackers to hijack user credentials via a crafted payload in the E-Mail text field.
CVE-2020-20514
PUBLISHED: 2021-09-24
A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/&lt;id&gt;.html allows authenticated attackers to delete all users.
CVE-2016-6555
PUBLISHED: 2021-09-24
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in ver...
CVE-2016-6556
PUBLISHED: 2021-09-24
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This iss...