Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in April 2018
Page 1 / 4   >   >>
WhatsApp Founder to Depart Facebook Amid Privacy, Encryption Dispute
Quick Hits  |  4/30/2018  | 
Jan Koum also plans to step down from Facebook's board of directors.
Old Worm, New Tricks: FacexWorm Targets Crypto Platforms
News  |  4/30/2018  | 
Malicious Chrome extension FacexWorm has reappeared with new capabilities, targeting cryptocurrency platforms and lifting user data.
Speed at Which New Drupal Flaw Was Exploited Highlights Patching Challenges
News  |  4/30/2018  | 
In the rush to patch, organizations can create fresh problems for themselves.
Slack Releases Open Source SDL Tool
News  |  4/30/2018  | 
After building an SDL tool for their own use, Slack has released it on Github under an open source license.
10 Security Innovators to Watch
Slideshows  |  4/30/2018  | 
Startups in the RSA Conference Innovation Sandbox competed for the title of "Most Innovative."
What Meltdown and Spectre Mean for Mobile Device Security
Commentary  |  4/30/2018  | 
Here are four tips to keep your mobile users safe from similar attacks.
3 Ways to Maximize Security and Minimize Business Challenges
Partner Perspectives  |  4/30/2018  | 
The best strategy for choosing security tools and architecting networks is to focus on staffing and resources, risk tolerance, and business change.
More Than 1M Children Victims of Identity Fraud in 2017
News  |  4/27/2018  | 
Total fraud against kids amounted to $2.6 billion and more than $540 million in out-of-pocket costs to families, a new report finds.
'Don't Extort Us': Uber Clarifies its Bug Bounty Policy
Quick Hits  |  4/27/2018  | 
Updated parameters should help avoid future extortion incidents.
Reno Man Created 8,000 Fake Online Accounts via Stolen Identities
Quick Hits  |  4/27/2018  | 
Kenneth Gilbert Gibson pleaded guilty to creating more than 8,000 fraudulent online accounts to launch a $3.5M fraud operation.
'Zero Login:' The Rise of Invisible Identity
Commentary  |  4/27/2018  | 
Will new authentication technologies that recognize users on the basis of their behaviors finally mean the death of the despised password?
North Korea Ramps Up 'Operation GhostSecret' Cyber Espionage Campaign
News  |  4/26/2018  | 
Critical infrastructure, entertainment, finance, healthcare, telecoms, among recent targets of the Lazarus Group, aka Hidden Cobra.
Routing Security Gets Boost with New Set of MANRS for IXPs
Quick Hits  |  4/26/2018  | 
The Internet Society debuts a new mutually agreed norms initiative for IXPs.
How Microsoft, Amazon, Alphabet Are Reshaping Security
News  |  4/26/2018  | 
Tech's biggest giants are shifting the cybersecurity landscape as they incorporate security into their products and services.
12 Trends Shaping Identity Management
Slideshows  |  4/26/2018  | 
As IAM companies try to stretch 'identity context' into all points of the cybersecurity market, identity is becoming 'its own solar system.'
MyEtherWallet DNS Attack Offers Opt-In Lessons
News  |  4/26/2018  | 
Attackers poisoned BGP route tables to redirect Amazon's Route 53 name servers to their malicious servers.
New Phishing Attack Targets 550M Email Users Worldwide
Quick Hits  |  4/26/2018  | 
In an attempt to steal financial data, the attack bribes users with coupons in exchange for taking an online quiz.
Why Hackers Love Healthcare
Commentary  |  4/26/2018  | 
The migration of valuable data to the cloud is piquing the interest of cybercrimimals. But there are ways to fight back.
US Healthcare Firms Among Dozens Hit in 'Orangeworm' Cyberattack Campaign
News  |  4/26/2018  | 
Attackers target healthcare organizations in apparent data theft mission, but could do far more damage, according to Symantec researchers.
Europe and Asia Take on More DDoS Attacks
Partner Perspectives  |  4/26/2018  | 
While North American targets have historically been on the receiving end of the majority of DDoS attacks since their inception, that trend changed in 2017.
The Default SAP Configuration That Every Enterprise Needs to Fix
News  |  4/26/2018  | 
Nine out of ten organizations are vulnerable to a 13-year-old flaw that puts their most critical business systems at risk of complete criminal takeover.
Free New Tool for Building Blockchain Skills
Quick Hits  |  4/25/2018  | 
Blockchain CTF helps pros build skills with simulations.
Google Adds Security Features to Gmail Face-lift
News  |  4/25/2018  | 
A redesigned Gmail brings new security measures to improve data protection and applications for artificial intelligence.
Yahoo to Pay SEC Fine of $35 Million
Quick Hits  |  4/25/2018  | 
While Yahoo senior management and legal team knew of the breach, the company failed to conduct due diligence for disclosing it to investors, the agency rules.
Despite Risks, Nearly Half of IT Execs Don't Rethink Cybersecurity after an Attack
Commentary  |  4/25/2018  | 
A recent survey reveals a troubling degree of security inertia lurking among scores of organizations. But there are a few bright spots.
'Webstresser' DDoS Attack Site Shut Down in International Operation
News  |  4/25/2018  | 
Investigators arrested the admins of Webstresser, the world's largest DDoS marketplace reportedly responsible for more than four million attacks.
Why Information Integrity Attacks Pose New Security Challenges
Commentary  |  4/25/2018  | 
To fight information integrity attacks like the ones recently perpetrated by bots on the FCC's website, we need to change our stance and look for the adversaries hiding in plain sight.
Low-Cost Crimeware Kit Gaining Popularity in Underground Markets
News  |  4/25/2018  | 
At $150 for a three-month subscription, Rubella Malware Builder presents a threat to enterprises, Flashpoint says.
Diversity: It's About Inclusion
News  |  4/25/2018  | 
Unrealistic entry-level job requirements, black-hoodie hacker image problems are among the 'uncomfortable conversations' needed to remedy cybersecurity's diversity gap.
Cloud Misconceptions Are Pervasive Across Enterprises
Partner Perspectives  |  4/25/2018  | 
Shadow IT is rampant at many organizations that rely upon cloud-delivered tools and services to enable remote work, according to a new study. Here's what security teams need to do about it.
Latest News from RSAC 2018
News  |  4/25/2018  | 
Check out Dark Reading's updated, exclusive coverage of the news and security themes that dominated RSA Conference 2018 in San Francisco.
Coviello: Modern Security Threats are 'Less About the Techniques'
News  |  4/24/2018  | 
Today's attack surface is broader, more open, and demands a proactive approach to security, according to former RSA chairman Art Coviello.
Deconstructing the Possibilities and Realities of Enterprise IoT Security
Commentary  |  4/24/2018  | 
Organizations are rushing to leverage Internet of Things solutions but struggle to design the information technology architectures that will lock down the data these devices create.
MEDantex Healthcare Transcription Firm Accidentally Exposes Medical Records
Quick Hits  |  4/24/2018  | 
Exposed data likely the result of a flawed system rebuild after a recent ransomware attack on the company.
Ukrainian Energy Ministry Website Suffers Ransomware Attack
Quick Hits  |  4/24/2018  | 
Attackers sent a message in English demanding ransom in Bitcoin.
Cybersecurity Buzz Phrase Bingo
Slideshows  |  4/24/2018  | 
The RSA Conference expo was chock full of vendors showing off their wares with language as colorful as the blinky lights on a SOC dashboard.
'Stresspaint' Targets Facebook Credentials
News  |  4/24/2018  | 
New malware variant goes after login credentials for popular Facebook pages.
It's Time to Take GitHub Threats Seriously
Commentary  |  4/24/2018  | 
There's a good chance your company has projects on the source code management system, but the casual way many developers use GitHub creates security issues.
Golden Galleon Raids Maritime Shipping Firms
News  |  4/24/2018  | 
A new Nigerian criminal gang is launching attacks on the maritime industry.
Threat Intel: Finding Balance in an Overcrowded Market
News  |  4/23/2018  | 
Industry insiders discuss how threat intelligence has changed and what may happen as the market becomes increasingly saturated.
Threat Actors Turn to Blockchain Infrastructure to Host & Hide Malicious Activity
News  |  4/23/2018  | 
.bit domains are increasingly being used to hide payloads, stolen data, and command and control servers, FireEye says.
New Survey Shows Hybrid Cloud Confidence
Quick Hits  |  4/23/2018  | 
Executives are mostly confident in their hybrid cloud security, according to the results of a new survey.
Digital Identity Makes Headway Around the World
Commentary  |  4/23/2018  | 
The US is lagging behind the digital ID leaders.
IDS & IPS: Two Essential Security Measures
Partner Perspectives  |  4/23/2018  | 
To protect business networks, one line of security isn't enough.
Cybercrime Economy Generates $1.5 Trillion a Year
News  |  4/20/2018  | 
Threat actors generate, launder, spend, and reinvest more than $1.5 trillion in illicit funds, according to a new study on cybercrime's 'web of profit.'
Trust: The Secret Ingredient to DevSecOps Success
News  |  4/20/2018  | 
Security practitioners must build trusted relationships with developers and within cross-functional DevOps teams to get themselves embedded into continuous software delivery processes.
SunTrust Ex-Employee May Have Stolen Data on 1.5 Million Bank Clients
Quick Hits  |  4/20/2018  | 
Names, addresses, phone numbers, account balances, may have been exposed.
DNC Sues Guccifer 2.0, Russian Federation & Trump Campaign for Election Conspiracy
Quick Hits  |  4/20/2018  | 
DNC first hacked by Russians in 2015, according to the filing.
Biometrics Are Coming & So Are Security Concerns
Commentary  |  4/20/2018  | 
Could these advanced technologies be putting user data at risk?
At RSAC, SOC 'Sees' User Behaviors
News  |  4/20/2018  | 
Instruments at the RSA Security Operations Center give analysts insight into attendee behavior on an open network.
Page 1 / 4   >   >>


97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I told you we should worry abit more about vendor lock-in.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7068
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7069
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7070
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7071
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2019-7072
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .