Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in April 2018
<<   <   Page 5 / 5
Securing Retail Networks for an Omnichannel Future
Partner Perspectives  |  4/4/2018  | 
Retailers who haphazardly move to digital from a brick-and-mortar environment can leave their businesses open to significant cybersecurity vulnerabilities. Here's how to avoid the pitfalls.
One-Third of Internal User Accounts Are 'Ghost Users'
News  |  4/4/2018  | 
Attackers and malware can easily move laterally through an organization, thanks to inadequate access controls on file systems and a proliferation of inactive but enabled users.
Cloudflare vs. Google: Making DNS Protocol Better, More Secure
Larry Loeb  |  4/4/2018  | 
With the release of 1.1.1, Cloudflare is looking to make the DNS protocol better and more secure, while speeding up the Internet. Is this helping Google or leaving the company behind?
Criminals Targeting Magento Sites with Brute-Force Password Attacks
News  |  4/3/2018  | 
Flashpoint says it is aware of at least 1,000 sites using Magento's e-commerce platform that have been recently compromised.
7 Deadly Security Sins of Web Applications
Slideshows  |  4/3/2018  | 
The top ways organizations open themselves up to damaging Web app attacks.
New Attack Vector Shows Dangers of S3 Sleep Mode
News  |  4/3/2018  | 
Researchers at Black Hat Asia demonstrated how they can compromise the security of a machine as it powers down and wakes up.
Medical Device Security Startup Launches
Quick Hits  |  4/3/2018  | 
Cynerio lands multi-million dollar funding round.
Francisco Partners Buys Bomgar
Quick Hits  |  4/3/2018  | 
Private equity firm Francisco Partners plans to acquire Bomgar, a privileged access and identity management company.
Panera Bread Leaves Millions of Customer Records Exposed Online
News  |  4/3/2018  | 
Personal information exposed in plain text for months on Panerabread.com and the company's response failed to rise to the challenge.
3 Security Measures That Can Actually Be Measured
Commentary  |  4/3/2018  | 
The massive budgets devoted to cybersecurity need to come with better metrics.
Google Web Store Bans Cryptomining Extensions
News Analysis-Security Now  |  4/3/2018  | 
After finding that 9 out of 10 cryptomining extensions do not follow guidelines, the Google Web Store is planning to ban all cryptomining extensions for its Chrome browser by the middle of this year.
Android Crypto Mining Attacks Go for Monero
Dawn Kawamoto  |  4/3/2018  | 
Attackers hijacking Android devices to mine for cryptocurrencies are likely looking to score Monero, rather than other virtual currencies such as Bitcoin.
Hudson's Bay Brands Hacked, 5 Million Credit Card Accounts Stolen
News  |  4/2/2018  | 
The infamous Carbanak/FIN7 cybercrime syndicate breached Saks and Lord & Taylor and is now selling some of the stolen credit card accounts on the Dark Web.
'Hack the Defense Travel System': DoD Extends its Bug Bounty Program
News  |  4/2/2018  | 
The fifth US Department of Defense bug bounty program, launched with HackerOne, will target a DoD enterprise system used by millions.
Qualys Buys 1Mobility Software Assets
Quick Hits  |  4/2/2018  | 
Qualys has purchased the software assets of 1Mobility for an undisclosed sum.
Saks Fifth Avenue, Lord & Taylor Hit With Massive Data Breach
News Analysis-Security Now  |  4/2/2018  | 
The company behind stores such as Saks Fifth Avenue and Lord & Taylor has sustained a massive data breach that reportedly involves about 5 million credit card numbers.
Is Security Accelerating Your Business?
Commentary  |  4/2/2018  | 
With an ever-growing list of security and compliance requirements, security can hinder or slow business initiatives. Is your security department stuck in slow gear or can it go faster?
Red Bull Powers Security Strategy With AI, Automation
Simon Marshall  |  4/2/2018  | 
When it comes to security, Red Bull is looking to close the gap by turning toward newer technologies, including automation, AI and machine learning.
Drupal RCE Vulnerability Requires Immediate Patching
Larry Loeb  |  4/2/2018  | 
A remote code execution vulnerability in several versions of Drupal's content management platform requires immediate patching by users. For its part, Drupal is getting out in front of this problem.
<<   <   Page 5 / 5


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24028
PUBLISHED: 2021-04-14
An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.
CVE-2021-29370
PUBLISHED: 2021-04-13
A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website.
CVE-2021-3460
PUBLISHED: 2021-04-13
The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.
CVE-2021-3462
PUBLISHED: 2021-04-13
A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.
CVE-2021-3463
PUBLISHED: 2021-04-13
A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error.