Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in April 2018
<<   <   Page 4 / 5   >   >>
'SirenJack' Vulnerability Lets Hackers Hijack Emergency Warning System
News  |  4/10/2018  | 
Unencrypted radio protocol that controls sirens left alert system at risk.
On-Premise Security Tools Struggle to Survive in the Cloud
News  |  4/10/2018  | 
Businesses say their current security tools aren't effective in the cloud but hesitate to adopt cloud-based security systems.
Microsoft Issues Rare Patch for Wireless Keyboard Flaw
News  |  4/10/2018  | 
Patch Tuesday includes 67 fixes the most critical of which are browser-related.
Pairing Policy & Technology: BYOD That Works for Your Enterprise
Commentary  |  4/10/2018  | 
An intelligent security policy coupled with the right technology can set you up for success with BYOD.
HTTP Injector Steals Mobile Internet Access
News  |  4/10/2018  | 
Users aren't shy about sharing the technique and payload in a new attack.
20 Ways to Increase the Efficiency of the Incident Response Workflow
Commentary  |  4/10/2018  | 
Despite all the good intentions of some great security teams, we are still living in a "cut-and-paste" incident management world.
89% of Android Users Didn't Consent to Facebook Data Collection
Quick Hits  |  4/10/2018  | 
A new survey shows most Android users did not give Facebook permission to collect their call and text data.
Quant Loader Trojan Hiding in Email File Extensions
News Analysis-Security Now  |  4/10/2018  | 
Barracuda Networks has released a new report that finds email file extensions are hiding a variation of the Quant Loader Trojan, which is being used to spread ransomware and password stealers.
Verizon: Change the Attacker's Value Proposition
News Analysis-Security Now  |  4/10/2018  | 
By creating more difficult paths to reach valued assets, enterprises can flip the odds against attacker success, according to the latest security report from Verizon.
Carbon Black Looks to Raise $100M From IPO
News Analysis-Security Now  |  4/10/2018  | 
Endpoint security specialist Carbon Black has filed paperwork with the SEC for an initial public offer. The company is looking to raise about $100 million as part of the public offering.
Verizon DBIR: Ransomware Attacks Double for Second Year in a Row
News  |  4/10/2018  | 
Outside attackers still the biggest problem - except in healthcare.
Attackers Exploit Cisco Switch Issue as Vendor Warns of Yet Another Critical Flaw
News  |  4/9/2018  | 
Cisco says companies fixing previously known protocol issue should also patch against critical remote-code execution issue.
Ransomware Up for Businesses, Down for Consumers in Q1
News  |  4/9/2018  | 
Ransomware, spyware, and cryptomining were the biggest enterprise threats during an otherwise quiet quarter for malware, researchers report.
Deep Instinct Adds MacOS Support
Quick Hits  |  4/9/2018  | 
Deep Instinct adds support for MacOS, Citrix, and multi-tenancy in its version 2.2 release.
6 Myths About IoT Security
Slideshows  |  4/9/2018  | 
Here are common misconceptions about securing these devices - and tips for locking them down.
RTF Design, Office Flaw Exploited in Multi-Stage Document Attack
News  |  4/9/2018  | 
Threat actors chained CVE-2017-8570 with known design behaviors in .docx and RTF to launch a multi-stage document attack.
CA Acquires SourceClear
Quick Hits  |  4/9/2018  | 
CA adds software composition analysis capabilities to Veracode lineup through acquisition.
Serverless Architectures: A Paradigm Shift in Application Security
Commentary  |  4/9/2018  | 
"Serverless" forces software architects and developers to approach security by building it in rather than bolting it on. But there is a downside.
Malwarebytes: Cryptomining Surges as Ransomware Declines
News Analysis-Security Now  |  4/9/2018  | 
During the first quarter of 2018, cybercriminals and attackers continued to drift toward cryptomining schemes and away from other malware, such as ransomware, according to a new analysis from Malwarebytes.
Best Buy the Latest Victim of Third-Party Security Breach
Quick Hits  |  4/9/2018  | 
Retailer says customer payment and other information may have been exposed via the breach of [24]7.ai online chat provider.
Cisco Warns of Possible Smart Install Client Hacking
Larry Loeb  |  4/9/2018  | 
Following an alert by US-CERT about possible hacking by foreign governments, Cisco is warning customers about a port vulnerability in the company's legacy Smart Install Client.
Businesses Fear 'Catastrophic Consequences' of Unsecured IoT
News  |  4/6/2018  | 
Only 29% of respondents in a new IoT security survey say they actively monitor the risk of connected devices used by third parties.
Protect Yourself from Online Fraud This Tax Season
Commentary  |  4/6/2018  | 
Use these tips to stay safe online during everyone's least-favorite time of the year.
Stripping the Attacker Naked
Commentary  |  4/6/2018  | 
How cyber threat intelligence can help you gain a better understanding of the enemy and why that gives security teams the upper hand.
Study Finds Petabytes of Sensitive Data Open to the Internet
Quick Hits  |  4/6/2018  | 
New research by Digital Shadows finds more than 1.5 billion sensitive files are open to discovery on the internet.
Don't Call AWS' CloudFront Hijacking Problem a Vulnerability
Larry Loeb  |  4/6/2018  | 
Amazon Web Service might be the biggest of the big cloud providers, but it still has some security concerns. A researcher has noticed the company is open to having its CloudFront service hijacked, but Amazon officials won't call it a vulnerability.
Startup PreVeil Challenging Cloud-Based Encryption Standards
Simon Marshall  |  4/6/2018  | 
Boston-based PreVeil is looking to change the way data is encrypted in the cloud, and it is butting heads with the bigger cloud storage providers to prove its point.
Mirai Variant Botnet Takes Aim at Financials
News  |  4/5/2018  | 
In January, a botnet based on Mirai was used to attack at least three European financial institutions.
Sears & Delta Airlines Are Latest Victims of Third-Party Security Breach
News  |  4/5/2018  | 
An insecure ecosystem of third parties connected to an enterprise network poses a growing risk, security analysts say.
Supply Chain Attacks Could Pose Biggest Threat to Healthcare
News  |  4/5/2018  | 
Healthcare organizations often overlook the supply chain, which researchers say is their most vulnerable facet.
How to Build a Cybersecurity Incident Response Plan
Commentary  |  4/5/2018  | 
Being hit by a cyberattack is going to be painful. But it can be less painful if you're prepared, and these best practices can help.
Unpatched Vulnerabilities the Source of Most Data Breaches
News  |  4/5/2018  | 
New studies show how patching continues to dog most organizations - with real consequences.
Facebook: Most Profiles Likely Scraped by Third Parties
Quick Hits  |  4/5/2018  | 
Facebook announces plans to restrict data access after 87 million users' data was improperly shared with Cambridge Analytica.
RSA to Acquire Fortscale
Quick Hits  |  4/5/2018  | 
RSA plans to add Fortscale's embedded behavioral analytics to the RSA NetWitness Platform.
Massive Data Breaches & Data Leak Hit Retail Industry in 1-2-3 Punch
Dawn Kawamoto  |  4/5/2018  | 
Panera Bread, Hudson Bay and Under Armour all took it on the chin within the last two weeks, falling prey to a round of cyber attacks that have hit the retail industry hard.
How Security Can Bridge the Chasm with Development
Commentary  |  4/5/2018  | 
Enhancing the relationships between security and engineering is crucial for improving software security. These six steps will bring your teams together.
AWS Expands Cloud Security Automation
News Analysis-Security Now  |  4/5/2018  | 
Amazon wants to make it easier to lock down AWS applications.
Cryptomining: Fast-Becoming the Web's Most Profitable Attack Method
Partner Perspectives  |  4/5/2018  | 
The ROI of 'cryptojacking' has never been higher, making bitcoin and other cryptocurrencies a more attractive target for cybercriminals. Here's why.
Intel Will Leave Some Chips Without Spectre Patch
News Analysis-Security Now  |  4/5/2018  | 
Over the last several weeks, Intel has been pushing out microcode updates to patch the Spectre and Meltdown flaws in its chips. However, some CPUs will remain unpatched.
Four Gas Pipeline Firms Hit in Attack on Their EDI Service Provider
News  |  4/5/2018  | 
Attack a warning on vulnerabilities in energy networks, security analysts say.
Misconfigured Clouds Compromise 424% More Records in 2017
News  |  4/4/2018  | 
Cybercriminals are increasingly aware of misconfigured systems and they're taking advantage, report IBM X-Force researchers.
How Gamers Could Save the Cybersecurity Skills Gap
News  |  4/4/2018  | 
McAfee shares its firsthand experience on training in-house cybersecurity pros and publishes new data on how other organizations deal with filling security jobs.
Report: White House Email Domains Poorly Protected from Fraud
Quick Hits  |  4/4/2018  | 
Only one Executive Office of the President email domain has fully implemented DMARC, according to a new report.
Microsoft Patches Critical Flaw in Malware Protection Engine
News  |  4/4/2018  | 
The emergency update addressed CVE-2018-0986, which would let an attacker execute malicious code on a Windows machine.
New DARPA Contract Looks to Avoid Another 'Meltdown'
Quick Hits  |  4/4/2018  | 
A new DARPA contract with Tortuga Logic intends to field chip emulation systems to test security before processors hit manufacturing.
Automation Is a Key to Future Enterprise Security Report
News Analysis-Security Now  |  4/4/2018  | 
A report from McAfee and Vanson Bourne finds that automation, including machine learning and AI, can help improve enterprise security by freeing up human resources. If that doesn't work, there's always gaming.
Iran 'the New China' as a Pervasive Nation-State Hacking Threat
News  |  4/4/2018  | 
Security investigations by incident responders at FireEye's Mandiant in 2017 found more prolific and sophisticated attacks out of Iran.
Active Cyber Defense Is an Opportunity, Not a Threat
Commentary  |  4/4/2018  | 
If honest citizens can be tracked online with cookies and beacons that share where we are and what we are doing, then why should security professionals restrict their ability to hack attackers?
Facebook Removes Russia-based Internet Research Agency-Controlled Pages
Quick Hits  |  4/4/2018  | 
CSO Alex Stamos explains why the company deleted 70 Facebook and 65 Instagram accounts, and 138 Facebook pages.
YouTube Shooting Ignites Debate Over Merging Physical & IT Security
Dawn Kawamoto  |  4/4/2018  | 
A woman shot and wounded three people at YouTube's headquarters on Tuesday, a tragic event that shines a light on the industry's long-running debate over whether physical and IT security departments should be merged under one roof.
<<   <   Page 4 / 5   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises Are Assessing Cybersecurity Risk in Today's Environment
The adoption of cloud services spurred by the COVID-19 pandemic has resulted in pressure on cyber-risk professionals to focus on vulnerabilities and new exposures that stem from pandemic-driven changes. Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-46346
PUBLISHED: 2022-01-20
There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustment (date_value)' failed at /jerry-core/ecma/builtin-objects/ecma-builtin-date-prototype.c(ecma_builtin_date_prototype_dispatch_set):421 in JerryScript 3.0.0.
CVE-2021-46347
PUBLISHED: 2022-01-20
There is an Assertion 'ecma_object_check_class_name_is_object (obj_p)' failed at /jerry-core/ecma/operations/ecma-objects.c in JerryScript 3.0.0.
CVE-2021-46348
PUBLISHED: 2022-01-20
There is an Assertion 'ECMA_STRING_IS_REF_EQUALS_TO_ONE (string_p)' failed at /jerry-core/ecma/base/ecma-literal-storage.c in JerryScript 3.0.0.
CVE-2021-46349
PUBLISHED: 2022-01-20
There is an Assertion 'type == ECMA_OBJECT_TYPE_GENERAL || type == ECMA_OBJECT_TYPE_PROXY' failed at /jerry-core/ecma/operations/ecma-objects.c in JerryScript 3.0.0.
CVE-2021-46350
PUBLISHED: 2022-01-20
There is an Assertion 'ecma_is_value_object (value)' failed at jerryscript/jerry-core/ecma/base/ecma-helpers-value.c in JerryScript 3.0.0.