Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in April 2018
Page 1 / 5   >   >>
WhatsApp Founder to Depart Facebook Amid Privacy, Encryption Dispute
Quick Hits  |  4/30/2018  | 
Jan Koum also plans to step down from Facebook's board of directors.
Old Worm, New Tricks: FacexWorm Targets Crypto Platforms
News  |  4/30/2018  | 
Malicious Chrome extension FacexWorm has reappeared with new capabilities, targeting cryptocurrency platforms and lifting user data.
Speed at Which New Drupal Flaw Was Exploited Highlights Patching Challenges
News  |  4/30/2018  | 
In the rush to patch, organizations can create fresh problems for themselves.
Slack Releases Open Source SDL Tool
News  |  4/30/2018  | 
After building an SDL tool for their own use, Slack has released it on Github under an open source license.
10 Security Innovators to Watch
Slideshows  |  4/30/2018  | 
Startups in the RSA Conference Innovation Sandbox competed for the title of "Most Innovative."
What Meltdown and Spectre Mean for Mobile Device Security
Commentary  |  4/30/2018  | 
Here are four tips to keep your mobile users safe from similar attacks.
Insider Threats Cost Enterprises More Than $8M Every Year Report
News Analysis-Security Now  |  4/30/2018  | 
Insider threats, whether it's an employee with malicious intent or a worker is simply careless, can cost enterprises more than $8 million over the course of 12 months to clean up, according to a new report.
3 Ways to Maximize Security and Minimize Business Challenges
Partner Perspectives  |  4/30/2018  | 
The best strategy for choosing security tools and architecting networks is to focus on staffing and resources, risk tolerance, and business change.
Rubella Macro Builder Crimeware Kit Price Drops to $40
Larry Loeb  |  4/30/2018  | 
Crime might not pay, but it also doesn't have to be expensive to try. Flashpoint researchers have found that the monthly fee for the Rubella Macro Builder crimeware kit dropped to $40 on the underground market.
More Than 1M Children Victims of Identity Fraud in 2017
News  |  4/27/2018  | 
Total fraud against kids amounted to $2.6 billion and more than $540 million in out-of-pocket costs to families, a new report finds.
'Don't Extort Us': Uber Clarifies its Bug Bounty Policy
Quick Hits  |  4/27/2018  | 
Updated parameters should help avoid future extortion incidents.
Reno Man Created 8,000 Fake Online Accounts via Stolen Identities
Quick Hits  |  4/27/2018  | 
Kenneth Gilbert Gibson pleaded guilty to creating more than 8,000 fraudulent online accounts to launch a $3.5M fraud operation.
'Zero Login:' The Rise of Invisible Identity
Commentary  |  4/27/2018  | 
Will new authentication technologies that recognize users on the basis of their behaviors finally mean the death of the despised password?
North Korea-Linked 'Operation GhostSecret' Found in 17 Countries
News Analysis-Security Now  |  4/27/2018  | 
A new report out this week from McAfee has identified a new North Korea-linked cyber operation called 'GhostSecret,' which appears to be active in 17 different countries and targeting a number of different industries.
Researchers Detail Self-Learning System That Secures IoT Devices
Larry Loeb  |  4/27/2018  | 
Researchers from several universities have published a new paper describing what they believe is a better way to protect and secure IoT devices and sensors.
North Korea Ramps Up 'Operation GhostSecret' Cyber Espionage Campaign
News  |  4/26/2018  | 
Critical infrastructure, entertainment, finance, healthcare, telecoms, among recent targets of the Lazarus Group, aka Hidden Cobra.
Routing Security Gets Boost with New Set of MANRS for IXPs
Quick Hits  |  4/26/2018  | 
The Internet Society debuts a new mutually agreed norms initiative for IXPs.
How Microsoft, Amazon, Alphabet Are Reshaping Security
News  |  4/26/2018  | 
Tech's biggest giants are shifting the cybersecurity landscape as they incorporate security into their products and services.
12 Trends Shaping Identity Management
Slideshows  |  4/26/2018  | 
As IAM companies try to stretch 'identity context' into all points of the cybersecurity market, identity is becoming 'its own solar system.'
MyEtherWallet DNS Attack Offers Opt-In Lessons
News  |  4/26/2018  | 
Attackers poisoned BGP route tables to redirect Amazon's Route 53 name servers to their malicious servers.
New Phishing Attack Targets 550M Email Users Worldwide
Quick Hits  |  4/26/2018  | 
In an attempt to steal financial data, the attack bribes users with coupons in exchange for taking an online quiz.
Why Hackers Love Healthcare
Commentary  |  4/26/2018  | 
The migration of valuable data to the cloud is piquing the interest of cybercrimimals. But there are ways to fight back.
Orangeworm Malware Burrows Into Healthcare Industry
Jeffrey Burt  |  4/26/2018  | 
A group of cybercriminals, known collectively as Orangeworm, are using their own malware and a custom backdoor called Kwampirs in highly targeted attacks against healthcare organizations, according to Symantec.
Europe and Asia Take on More DDoS Attacks
Partner Perspectives  |  4/26/2018  | 
While North American targets have historically been on the receiving end of the majority of DDoS attacks since their inception, that trend changed in 2017.
US Healthcare Firms Among Dozens Hit in 'Orangeworm' Cyberattack Campaign
News  |  4/26/2018  | 
Attackers target healthcare organizations in apparent data theft mission, but could do far more damage, according to Symantec researchers.
Cryptocurrency Theft Uses Old Exploit to Highjack AWS Traffic
News Analysis-Security Now  |  4/26/2018  | 
Earlier this week, attackers stole about $150,000 worth of cryptocurrency by exploiting a flaw in Domain Name System servers that allowed the group to hijack AWS traffic for about two hours.
The Default SAP Configuration That Every Enterprise Needs to Fix
News  |  4/26/2018  | 
Nine out of ten organizations are vulnerable to a 13-year-old flaw that puts their most critical business systems at risk of complete criminal takeover.
Free New Tool for Building Blockchain Skills
Quick Hits  |  4/25/2018  | 
Blockchain CTF helps pros build skills with simulations.
Yahoo to Pay SEC Fine of $35 Million
Quick Hits  |  4/25/2018  | 
While Yahoo senior management and legal team knew of the breach, the company failed to conduct due diligence for disclosing it to investors, the agency rules.
Google Adds Security Features to Gmail Face-lift
News  |  4/25/2018  | 
A redesigned Gmail brings new security measures to improve data protection and applications for artificial intelligence.
Despite Risks, Nearly Half of IT Execs Don't Rethink Cybersecurity after an Attack
Commentary  |  4/25/2018  | 
A recent survey reveals a troubling degree of security inertia lurking among scores of organizations. But there are a few bright spots.
'Webstresser' DDoS Attack Site Shut Down in International Operation
News  |  4/25/2018  | 
Investigators arrested the admins of Webstresser, the world's largest DDoS marketplace reportedly responsible for more than four million attacks.
Why Information Integrity Attacks Pose New Security Challenges
Commentary  |  4/25/2018  | 
To fight information integrity attacks like the ones recently perpetrated by bots on the FCC's website, we need to change our stance and look for the adversaries hiding in plain sight.
Low-Cost Crimeware Kit Gaining Popularity in Underground Markets
News  |  4/25/2018  | 
At $150 for a three-month subscription, Rubella Malware Builder presents a threat to enterprises, Flashpoint says.
Microsoft: Tech Support Scams on the Rise
Larry Loeb  |  4/25/2018  | 
A recent report from Microsoft shows that the number of scams using tech support as a cover is on the increase. However, many times it's up to consumers and companies to protect themselves.
Diversity: It's About Inclusion
News  |  4/25/2018  | 
Unrealistic entry-level job requirements, black-hoodie hacker image problems are among the 'uncomfortable conversations' needed to remedy cybersecurity's diversity gap.
Cloud Misconceptions Are Pervasive Across Enterprises
Partner Perspectives  |  4/25/2018  | 
Shadow IT is rampant at many organizations that rely upon cloud-delivered tools and services to enable remote work, according to a new study. Here's what security teams need to do about it.
5 New Network Attack Techniques That Will Keep You Awake at Night
Alan Zeichick  |  4/25/2018  | 
You can't trust anything -- not the cloud, not hardware, not industrial control systems. Take nothing for granted, advise the experts, and trust nothing.
Latest News from RSAC 2018
News  |  4/25/2018  | 
Check out Dark Reading's updated, exclusive coverage of the news and security themes that dominated RSA Conference 2018 in San Francisco.
SEC Slaps Yahoo Successor With $35M Fine for 2014 Data Breach
News Analysis-Security Now  |  4/25/2018  | 
The SEC has hit Yahoo's successor, Altaba, with a $35 million fine related to the company's 2014 data breach.
Coviello: Modern Security Threats are 'Less About the Techniques'
News  |  4/24/2018  | 
Today's attack surface is broader, more open, and demands a proactive approach to security, according to former RSA chairman Art Coviello.
Deconstructing the Possibilities and Realities of Enterprise IoT Security
Commentary  |  4/24/2018  | 
Organizations are rushing to leverage Internet of Things solutions but struggle to design the information technology architectures that will lock down the data these devices create.
MEDantex Healthcare Transcription Firm Accidentally Exposes Medical Records
Quick Hits  |  4/24/2018  | 
Exposed data likely the result of a flawed system rebuild after a recent ransomware attack on the company.
Ukrainian Energy Ministry Website Suffers Ransomware Attack
Quick Hits  |  4/24/2018  | 
Attackers sent a message in English demanding ransom in Bitcoin.
Smartphones Remain the Most Vulnerable of Endpoints
Simon Marshall  |  4/24/2018  | 
The nature of mobile devices, especially smartphones, continues to make them the most vulnerable of endpoint devices. Here's why enterprise security teams need to stay vigilante.
Cybersecurity Buzz Phrase Bingo
Slideshows  |  4/24/2018  | 
The RSA Conference expo was chock full of vendors showing off their wares with language as colorful as the blinky lights on a SOC dashboard.
'Stresspaint' Targets Facebook Credentials
News  |  4/24/2018  | 
New malware variant goes after login credentials for popular Facebook pages.
It's Time to Take GitHub Threats Seriously
Commentary  |  4/24/2018  | 
There's a good chance your company has projects on the source code management system, but the casual way many developers use GitHub creates security issues.
Atlanta's Ransomware Attack Cost Around $2.6M Report
News Analysis-Security Now  |  4/24/2018  | 
A report indicates that Atlanta spent a little over $2.6 million to defend itself against the SamSam ransomware attack that crippled city services earlier this year.
SunTrust Investigation Shows Continuing Threats Posed by Insiders
News Analysis-Security Now  |  4/24/2018  | 
SunTrust Banks investigate a possible data theft by an employee that could have exposed the personal information of 1.5 million customers. The incident shows insider threats remain a significant security issue.
Page 1 / 5   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-41127
PUBLISHED: 2021-10-21
Rasa is an open source machine learning framework to automate text-and voice-based conversations. In affected versions a vulnerability exists in the functionality that loads a trained model `tar.gz` file which allows a malicious actor to craft a `model.tar.gz` file which can overwrite or replace bot...
CVE-2021-41169
PUBLISHED: 2021-10-21
Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade.
CVE-2021-27746
PUBLISHED: 2021-10-21
"HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability"
CVE-2021-36869
PUBLISHED: 2021-10-21
Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory Search plugin (versions <= 4.6.6). Vulnerable parameter: &post.
CVE-2021-39352
PUBLISHED: 2021-10-21
The Catch Themes Demo Import WordPress plugin is vulnerable to arbitrary file uploads via the import functionality found in the ~/inc/CatchThemesDemoImport.php file, in versions up to and including 1.7, due to insufficient file type validation. This makes it possible for an attacker with administrat...