Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in April 2018
<<   <   Page 3 / 5   >   >>
Trump Administration Cyber Czar Rob Joyce to Return to the NSA
News  |  4/17/2018  | 
First year of Trump White House's cybersecurity policy mostly followed in the footsteps of the Obama administration.
NIST Seeking Comments on New AppSec Practices Standards
News  |  4/17/2018  | 
Working in conjunction with SAFECode, NIST is opening the floor to suggestions at RSA about secure software development life cycle guidelines.
8 Ways Hackers Monetize Stolen Data
Slideshows  |  4/17/2018  | 
Hackers are craftier than ever, pilfering PII piecemeal so bad actors can combine data to set up schemes to defraud medical practices, steal military secrets and hijack R&D product information.
Why We Need Privacy Solutions That Scale Across Borders
Commentary  |  4/17/2018  | 
New privacy solutions are becoming scalable, smarter, and easier to address compliance across industries and geographies.
Endpoint Security: 3 Big Obstacles to Overcome
Joe Stanganelli  |  4/17/2018  | 
Two recent reports highlight three major challenges in enterprise endpoint security.
New Malware Adds RAT to a Persistent Loader
News  |  4/17/2018  | 
A newly discovered variant of a long-known malware loader adds the ability to control the victim from afar.
Ransomware: Still a Security Threat & Still Evolving
Jeffrey Burt  |  4/17/2018  | 
While ransomware may have faded from the headlines a bit during the first four months of 2018, a bevy of reports from Verizon, Symantec and Webroot find that not only does it remain a top security threat, but it continues to evolve as well.
Microsoft to Roll Out Azure Sphere for IoT Security
News  |  4/16/2018  | 
Azure Sphere, now in preview, is a three-part program designed to secure the future of connected devices and powered by its own custom version of Linux.
DevOps May Be Cause of and Solution to Open Source Component Chaos
News  |  4/16/2018  | 
DevOps is accelerating the trend of componentized development approaches, but its automation can also help enforce better governance and security.
Companies Still Suffering From Poor Credential Hygiene: New Report
Quick Hits  |  4/16/2018  | 
Credentials are being mis-handled and it's hurting most companies, according to a new report out today.
INsecurity Conference Seeks Security Pros to Speak on Best Practices
News  |  4/16/2018  | 
Dark Reading's second annual data defense conference will be held Oct. 23-25 in Chicago; call for speakers is issued.
'PowerHammer' Exploit Can Steal Computer Data Across Electrical Lines
Larry Loeb  |  4/16/2018  | 
Researchers at Ben-Gurion University have created a new exploit called 'PowerHammer' that can steal data from PCs and other systems through electrical lines.
How GDPR Forces Marketers to Rethink Data & Security
Commentary  |  4/16/2018  | 
The European regulation is making marketing technology companies re-examine their security, and that's a good thing.
Symantec Now Offers Threat Detection Tools Used by its Researchers
Quick Hits  |  4/16/2018  | 
TAA now is part of Symantec's Integrated Cyber Defense Platform.
Large Majority of Businesses Store Sensitive Data in Cloud Despite Lack of Trust
News  |  4/16/2018  | 
Researchers report 97% of survey respondents use some type of cloud service but continue to navigate issues around visibility and control.
As Public Cloud Use Increases, So Does Data Theft
News Analysis-Security Now  |  4/16/2018  | 
Ahead of the RSA conference, McAfee has released its annual cloud security report that finds one in four public cloud users have experienced a data theft over the past year.

Data Breach Increase Shows Endpoints Are Under Attack
Joe Stanganelli  |  4/16/2018  | 
The stats and factoids from the latest edition of Verizon's annual Data Breach Investigation Report make clear enterprise endpoints have been far too vulnerable and that explains why data breaches are on the rise.
7 Non-Financial Data Types to Secure
Slideshows  |  4/14/2018  | 
Credit card and social security numbers aren't the only sensitive information that requires protection.
Power Line Vulnerability Closes Air Gap
Quick Hits  |  4/13/2018  | 
A new demonstration of malware shows that air-gapped computers may still be at risk.
Cisco, ISARA to Test Hybrid Classic, Quantum-Safe Digital Certificates
News  |  4/13/2018  | 
Goal is to make it easier for organizations to handle the migration to quantum computing when it becomes available.
Former Airline Database Administrator Sentenced for Hacking Reservation System
Quick Hits  |  4/13/2018  | 
Former PenAir IT staffer gets five-year probation sentence via plea deal.
Cloudflare Extends Its Lava Lamp-Powered Protection Internet-Wide
News Analysis-Security Now  |  4/13/2018  | 
Cloudflare is going beyond protecting web applications to support protecting anything that runs on the Internet, using a service powered, in part, by lava lamps. And no it is not April Fool's Day.
Federal Agency Data Under Siege
Commentary  |  4/13/2018  | 
Seventy-one percent of IT security professionals in US federal agencies have reported breaches in their organizations.
Misconfigured Routers Could Be Used for Botnets, Espionage
Larry Loeb  |  4/13/2018  | 
A recent white paper released by Akamai finds that thousands of misconfigured routers using older UPnP protocols could be turned into malicious botnets or used for espionage.
7 Steps to a Smooth, Secure Cloud Transition
Slideshows  |  4/13/2018  | 
Security leaders share their top steps to keep in mind as your organization moves data and applications to the cloud.
Beyond Bitcoin: How Blockchain Can Benefit IoT Security
Jeffrey Burt  |  4/13/2018  | 
As the market for the Internet of Things grows, security concerns are increasing. However, a new study shows that blockchain technology can go beyond protecting cryptocurrency to help lock down IoT devices and sensors better than other methods.
APTs Are Rising in the East, Kaspersky Finds
News Analysis-Security Now  |  4/13/2018  | 
A growing number of Advanced Persistent Threats, or APTs, increased in Asia, as well as the Middle East, over the past three months. This includes a cyber attack that targeted the 2018 Winter Olympics in South Korea, a new Kaspersky report found.
Android Patches Can Skip a Beat
News  |  4/12/2018  | 
Researchers have found that some Android devices are skipping patches and lying about it.
Businesses Calculate Cost of GDPR as Deadline Looms
News  |  4/12/2018  | 
Surveys highlight the financial burden of GDPR as companies scramble to meet the May 25 deadline.
The Good, the Bad & the Disruptive: Bots on the Wild, Wild Web
Commentary  |  4/12/2018  | 
Not all bots are bad -- some are downright helpful -- so you can't block them entirely.
Uber Agrees to New FTC Settlement Over 2016 Breach Disclosure
Quick Hits  |  4/12/2018  | 
Uber has agreed to an updated settlement with the FTC after news of its massive 2016 data breach.
ABRY Partners Buys SiteLock
Quick Hits  |  4/12/2018  | 
Web site security firm SiteLock has been acquired by venture fund managers ABRY Partners.
Microsegmentation: Strong Security in Small Packages
Commentary  |  4/12/2018  | 
A deep dive into how organizations can effectively devise and implement microsegmentation in a software-defined networking data center.
More Security Hiring Doesn't Guarantee Better Patching Study
News Analysis-Security Now  |  4/12/2018  | 
A joint study from the Ponemon Institute and ServiceNow finds that hiring more security professionals doesn't guarantee better patching practices as cyberattacks are increasing. However, automation may hold the key.
How Attackers Can Exploit rTorrent with Monero Cryptocurrency Miner
Partner Perspectives  |  4/12/2018  | 
As cryptomining campaigns become more profitable, cybercriminals are becoming more creative about finding new ways to extend their operations.
New Email Campaign Employs Malicious URLs
News  |  4/12/2018  | 
A new attack dropping the Quant Loader Trojan bypasses scanners and sandboxes.
Billions of Business Files & Data Are Exposed Online to Anyone
Simon Marshall  |  4/12/2018  | 
A report from Digital Shadows finds that more than a billion files, including sensitive data and intellectual property, are exposed to the greater Internet. Much of this is due to antiquated technology.
Facebook Rolls Out 'Data Abuse Bounty' Program
News  |  4/11/2018  | 
The social media giant also got hit with a lawsuit the day before unveiling its new reward program.
Attacker Dwell Time Still Too Long, Research Shows
News  |  4/11/2018  | 
New DBIR and M-Trends reports show the window between compromise and discovery are still way too long.
Avoiding the Ransomware Mistakes that Crippled Atlanta
Partner Perspectives  |  4/11/2018  | 
What made Atlanta an easy target was its outdated use of technology: old computers running on non-supported platforms, which are also a characteristic of many municipalities and most major cities.
2.6 Billion-Plus Data Records Breached Last Year
News  |  4/11/2018  | 
Most exposed data records caused by human error.
Stopping Cyber Madness: Why the Private Sector Must Lead the Fight
Commentary  |  4/11/2018  | 
The government's ability to help secure the Internet will be limited given the light speed of the Internet versus the slower pace of government. That's why stopping the madness begins with the private sector.
Cisco & Juniper Take Rivalry to Cloud Security
News Analysis-Security Now  |  4/11/2018  | 
Cisco and Juniper are debuting competing cloud security software and services as they transition to new business models.
Palo Alto Networks Buys Secdo for Endpoint Detection
Quick Hits  |  4/11/2018  | 
The acquisition is intended to ramp up Palo Alto's endpoint detection capabilities with new tech and talent.
Stats on the Cybersecurity Skills Shortage: How Bad Is It, Really?
Slideshows  |  4/11/2018  | 
Is it just a problem of too few security professionals, or are there other reasons enterprises struggle to build infosec teams?
Carbon Black Files IPO, Plans to Raise $100M
Quick Hits  |  4/11/2018  | 
The endpoint security firm filed a registration statement with the Securities and Exchange Commission on April 9.
Hack Back: An Eye for an Eye Could Make You Blind
Commentary  |  4/11/2018  | 
Attackers have had almost zero consequences or cost for stealing data from innocent victims. But what if we could hack their wallets, not their systems?
Bastille's ATI System Warning Raises Its Own Alarm
Larry Loeb  |  4/11/2018  | 
Bastille Networks made a splash by notifying ATI Systems that its warning systems have a significant vulnerability. However, the timing of the notice leaves a question about motives when public safety is at risk.
IoT Malware-on-the-Fly Expected to Rise
Dawn Kawamoto  |  4/11/2018  | 
Researchers discover a new Mirai-variant IoT botnet that appears linked to IoTroop or Reaper botnet, allowing attackers to easily update malicious code on the fly.
<<   <   Page 3 / 5   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises Are Assessing Cybersecurity Risk in Today's Environment
The adoption of cloud services spurred by the COVID-19 pandemic has resulted in pressure on cyber-risk professionals to focus on vulnerabilities and new exposures that stem from pandemic-driven changes. Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-44837
PUBLISHED: 2022-01-19
An issue was discovered in Delta RM 1.2. It is possible for an unprivileged user to access the same information as an admin user regarding the risk creation information in the /risque/administration/referentiel/json/create/categorie endpoint, using the id_cat1 query parameter to indicate the risk.
CVE-2021-38787
PUBLISHED: 2022-01-19
There is an integer overflow in the ION driver &quot;/dev/ion&quot; of Allwinner R818 SoC Android Q SDK V1.0 that could use the ioctl cmd &quot;COMPAT_ION_IOC_SUNXI_FLUSH_RANGE&quot; to cause a system crash (denial of service).
CVE-2021-45808
PUBLISHED: 2022-01-19
jpress v4.2.0 allows users to register an account by default. With the account, user can upload arbitrary files to the server.
CVE-2021-46104
PUBLISHED: 2022-01-19
An issue was discovered in webp_server_go 0.4.0. There is a directory traversal vulnerability that can read arbitrary file information on the server.
CVE-2022-21394
PUBLISHED: 2022-01-19
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.32. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise ...