Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in April 2018
<<   <   Page 5 / 5
Securing Retail Networks for an Omnichannel Future
Partner Perspectives  |  4/4/2018  | 
Retailers who haphazardly move to digital from a brick-and-mortar environment can leave their businesses open to significant cybersecurity vulnerabilities. Here's how to avoid the pitfalls.
One-Third of Internal User Accounts Are 'Ghost Users'
News  |  4/4/2018  | 
Attackers and malware can easily move laterally through an organization, thanks to inadequate access controls on file systems and a proliferation of inactive but enabled users.
Cloudflare vs. Google: Making DNS Protocol Better, More Secure
Larry Loeb  |  4/4/2018  | 
With the release of 1.1.1, Cloudflare is looking to make the DNS protocol better and more secure, while speeding up the Internet. Is this helping Google or leaving the company behind?
Criminals Targeting Magento Sites with Brute-Force Password Attacks
News  |  4/3/2018  | 
Flashpoint says it is aware of at least 1,000 sites using Magento's e-commerce platform that have been recently compromised.
7 Deadly Security Sins of Web Applications
Slideshows  |  4/3/2018  | 
The top ways organizations open themselves up to damaging Web app attacks.
New Attack Vector Shows Dangers of S3 Sleep Mode
News  |  4/3/2018  | 
Researchers at Black Hat Asia demonstrated how they can compromise the security of a machine as it powers down and wakes up.
Medical Device Security Startup Launches
Quick Hits  |  4/3/2018  | 
Cynerio lands multi-million dollar funding round.
Francisco Partners Buys Bomgar
Quick Hits  |  4/3/2018  | 
Private equity firm Francisco Partners plans to acquire Bomgar, a privileged access and identity management company.
Panera Bread Leaves Millions of Customer Records Exposed Online
News  |  4/3/2018  | 
Personal information exposed in plain text for months on Panerabread.com and the company's response failed to rise to the challenge.
3 Security Measures That Can Actually Be Measured
Commentary  |  4/3/2018  | 
The massive budgets devoted to cybersecurity need to come with better metrics.
Google Web Store Bans Cryptomining Extensions
News Analysis-Security Now  |  4/3/2018  | 
After finding that 9 out of 10 cryptomining extensions do not follow guidelines, the Google Web Store is planning to ban all cryptomining extensions for its Chrome browser by the middle of this year.
Android Crypto Mining Attacks Go for Monero
Dawn Kawamoto  |  4/3/2018  | 
Attackers hijacking Android devices to mine for cryptocurrencies are likely looking to score Monero, rather than other virtual currencies such as Bitcoin.
Hudson's Bay Brands Hacked, 5 Million Credit Card Accounts Stolen
News  |  4/2/2018  | 
The infamous Carbanak/FIN7 cybercrime syndicate breached Saks and Lord & Taylor and is now selling some of the stolen credit card accounts on the Dark Web.
'Hack the Defense Travel System': DoD Extends its Bug Bounty Program
News  |  4/2/2018  | 
The fifth US Department of Defense bug bounty program, launched with HackerOne, will target a DoD enterprise system used by millions.
Qualys Buys 1Mobility Software Assets
Quick Hits  |  4/2/2018  | 
Qualys has purchased the software assets of 1Mobility for an undisclosed sum.
Saks Fifth Avenue, Lord & Taylor Hit With Massive Data Breach
News Analysis-Security Now  |  4/2/2018  | 
The company behind stores such as Saks Fifth Avenue and Lord & Taylor has sustained a massive data breach that reportedly involves about 5 million credit card numbers.
Is Security Accelerating Your Business?
Commentary  |  4/2/2018  | 
With an ever-growing list of security and compliance requirements, security can hinder or slow business initiatives. Is your security department stuck in slow gear or can it go faster?
Red Bull Powers Security Strategy With AI, Automation
Simon Marshall  |  4/2/2018  | 
When it comes to security, Red Bull is looking to close the gap by turning toward newer technologies, including automation, AI and machine learning.
Drupal RCE Vulnerability Requires Immediate Patching
Larry Loeb  |  4/2/2018  | 
A remote code execution vulnerability in several versions of Drupal's content management platform requires immediate patching by users. For its part, Drupal is getting out in front of this problem.
<<   <   Page 5 / 5


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Data Breaches Affect the Enterprise
Data breaches continue to cause negative outcomes for companies worldwide. However, many organizations report that major impacts have declined significantly compared with a year ago, suggesting that many have gotten better at containing breach fallout. Download Dark Reading's Report "How Data Breaches Affect the Enterprise" to delve more into this timely topic.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31787
PUBLISHED: 2021-11-30
The Bluetooth Classic implementation on Actions ATS2815 chipsets does not properly handle the reception of continuous unsolicited LMP responses, allowing attackers in radio range to trigger a denial of service and shutdown of a device by flooding the target device with LMP_features_res packets.
CVE-2021-40101
PUBLISHED: 2021-11-30
An issue was discovered in Concrete CMS before 8.5.7. The Dashboard allows a user's password to be changed without a prompt for the current password.
CVE-2021-4026
PUBLISHED: 2021-11-30
bookstack is vulnerable to Improper Access Control
CVE-2021-42564
PUBLISHED: 2021-11-30
An open redirect through HTML injection in confidential messages in Cryptshare before 5.1.0 allows remote attackers (with permission to provide confidential messages via Cryptshare) to redirect targeted victims to any URL via the '&lt;meta http-equiv=&quot;refresh&quot;' substring in the editor para...
CVE-2021-43320
PUBLISHED: 2021-11-30
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-41244. Reason: This candidate is a reservation duplicate of CVE-2021-41244. Notes: All CVE users should reference CVE-2021-41244 instead of this candidate. All references and descriptions in this candidate have been removed to preve...