Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in April 2016
<<   <   Page 3 / 3
Hacking Teams License To Sell Spyware Outside Europe Revoked
Quick Hits  |  4/7/2016  | 
Spyware vendor must request permission for future exports outside the EU.
Context & Awareness: Its All About The Apps
Commentary  |  4/7/2016  | 
Why data context, application awareness and training are keys to mitigating security risks,
Understanding The Cloud Threat Surface
Commentary  |  4/6/2016  | 
How todays borderless environment creates new threat vectors from third-party apps, brute force password attacks, and login attempts with stolen credentials.
'Panama Papers' Law Firm: We Were Hacked
Quick Hits  |  4/6/2016  | 
Founding partner of Mossack Fonseca tells Reuters his firm was a victim of an external hacker who leaked its data.
7 Biggest Trends Bubbling Up For Interop
Slideshows  |  4/6/2016  | 
CISOs and security leaders will find security is top of mind at Interop, when risk management intersects with some of the biggest themes likely to come out of the show.
Adobe Warns Of 'Critical' New Flash Player Bug
Quick Hits  |  4/6/2016  | 
Emergency patch on the way for the flaw, which has been spotted being exploited in attacks.
150 Biometric, Two-Factor Authentication Products Now FIDO-Certified
Quick Hits  |  4/6/2016  | 
The Fast IDentity Online (FIDO) Alliance hits a new milestone.
How Some Apple, Android Mobile Tax Apps Put Sensitive Data At Risk
News  |  4/6/2016  | 
A review of 29 Apple iOS and Android apps used for tax filing purposes show many are not fully secure, Appthority says.
7 Lessons From The Panama Papers Leak
News  |  4/5/2016  | 
Hopefully your organization isn't hiding as many dark secrets as Mossack Fonseca, but the incident still brings helpful hints about data security, breach response, and breach impact.
Doctors Mobile Devices Putting Patient At Risk
News  |  4/5/2016  | 
Three-fourths of physicians use more than one mobile device for work, a new study shows.
New Surveys To Gauge Vulnerability Disclosure Awareness And Adoption
Quick Hits  |  4/5/2016  | 
Awareness and Adoption Group urges technology providers, operators, and security researchers to take its new surveys.
How to Hack Your Own Car
Commentary  |  4/5/2016  | 
As vehicles become more software-driven, car manufacturers are keeping the inner workings of electronics systems more secretive. Here's one way to maintain security updates and still preserve your 'freedom to tinker.'
Donald Trumps Hotel Chain Hacked Again: Report
Quick Hits  |  4/5/2016  | 
Hotel chain reportedly faces yet another breach in less than a year.
CyberUL Launched For IoT, Critical Infrastructure Device Security
News  |  4/5/2016  | 
Much-anticipated UL (Underwriters Laboratories) cybersecurity certification program kicks off.
A Day In The Life Of A Security Analyst
News  |  4/4/2016  | 
'The network doesn't lie' and host detection systems are also key tools for the analyst.
CAs Need To Force Rules Around Trust
Commentary  |  4/4/2016  | 
Google Symantec flap reveals worrisome weakness in the CA system.
Panama Papers Leak Exposes Tax Evasion -- And Poor Data Security, Data Integrity Practices
Quick Hits  |  4/4/2016  | 
Whether an insider leak or an outsider hack, an exposure of 11.5 million documents definitely falls under the infosec umbrella.
Cyber Insurance Rates Drop With Decrease In Big Data Breaches
Quick Hits  |  4/4/2016  | 
Insurers cut cyber insurance rates during the first quarter of 2016 as high-profile hacks subsided, Reuters reports.
Knowledge Gap Series: 3 Steps To Deal With The High Turnover In Your Security Department
Partner Perspectives  |  4/4/2016  | 
Follow these suggestions to significantly decrease the probability that your organization is a future security headline.
Hacker 'Guccifer' Extradited To US
Quick Hits  |  4/4/2016  | 
Romanian man accused of breaching several high-profile online accounts including two former US presidents faces multiple hacking charges.
Avoiding Legal Landmines in Data Breach Response
Commentary  |  4/4/2016  | 
Building a legally defensible cybersecurity program means seeking out guidance from legal advisors before a serious incident forces you together.
Ransomware Authors Break New Ground With Petya
News  |  4/1/2016  | 
Instead of encrypting files on disk, Petya goes for the jugular by encrypting the entire disk instead, says F-Secure.
Raising The Stakes For Application Security
Commentary  |  4/1/2016  | 
Why, if we already know most everything we need to know about exploited vulnerabilities in software, do hacks keep happening?
DoD Picks HackerOne To Run Its Historic Bug Bounty Pilot
Quick Hits  |  4/1/2016  | 
HackerOne will run US federal government's first-ever bug bounty pilot 'Hack The Pentagon.'
SecurityScorecard Offers Free Cybersecurity Assessment
Quick Hits  |  4/1/2016  | 
New security assessment tool provides a security "posture score" based on their protection-level and flaws in the network.
<<   <   Page 3 / 3


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-41154
PUBLISHED: 2021-10-18
Tuleap is a Free &amp; Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a &quot;SVN core&quot; repository could execute arbitrary SQL queries. The following versions contain the fix: Tuleap Community Edition 11.1...
CVE-2021-41155
PUBLISHED: 2021-10-18
Tuleap is a Free &amp; Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following versions contain the fix...
CVE-2021-41152
PUBLISHED: 2021-10-18
OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacker can modify the path of a requested file download in the folder component to point to anywhere on t...
CVE-2021-41153
PUBLISHED: 2021-10-18
The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In `evm` crate `&lt; 0.31.0`, `JUMPI` opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. Thi...
CVE-2021-41156
PUBLISHED: 2021-10-18
anuko/timetracker is an, open source time tracking system. In affected versions Time Tracker uses browser_today hidden control on a few pages to collect the today's date from user browsers. Because of not checking this parameter for sanity in versions prior to 1.19.30.5601, it was possible to craft ...