Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in April 2019
Page 1 / 4   >   >>
Financial Data for Multiple Companies Dumped Online in Failed Extortion Bid
News  |  4/30/2019  | 
Potential victims reportedly include Oracle, Volkswagen, Airbus and Porsche.
Database Leaks, Network Traffic Top Data Exfiltration Methods
News  |  4/30/2019  | 
Intellectual property and personally identifiable information tie for the type of data IT practitioners are worried about losing.
Confluence Vulnerability Opens Door to GandCrab
Quick Hits  |  4/30/2019  | 
An exploit of the vulnerability offers attackers a ransomware surface that doesn't need email.
California Consumer Privacy Act: 4 Compliance Best Practices
Commentary  |  4/30/2019  | 
Companies that get ahead of the January 2020 data privacy deadline can minimize the risk of sanctions and also gain a competitive advantage in the marketplace.
Microsoft 365 Updated with New Compliance, Encryption, Privacy Controls
News  |  4/30/2019  | 
New tools, such as Compliance Manager and Advanced Message Encryption, aim to give businesses more options for data privacy.
How to Help Your Board Navigate Cybersecurity's Legal Risks
Commentary  |  4/30/2019  | 
What's worse than a massive data breach? A massive data breach followed by a shareholder derivative lawsuit. Learn whats at stake and what CISOs can do to mitigate the damage.
Threat Intelligence Firms Look to AI, but Still Require Humans
News  |  4/30/2019  | 
Machine learning and artificial intelligence are helping threat-intelligence firms cover a greater area of the darknet, but human analysts will always be necessary, experts say.
Researchers Explore Remote Code Injection in macOS
News  |  4/30/2019  | 
Deep Instinct analysts test three code injection methods and a custom-built Mach-O loader to load malicious files from memory.
Docker Forces Password Reset for 190,000 Accounts After Breach
News  |  4/29/2019  | 
Organizations impacted by breach, which gave attackers illegal access to a database containing sensitive account information, need to check their container images.
Peer-to-Peer Vulnerability Exposes Millions of IoT Devices
News  |  4/29/2019  | 
A flaw in the software used to remotely access cameras and monitoring devices could allow hackers to easily take control of millions of pieces of the IoT.
Credit Card Compromise Up 212% as Hackers Eye Financial Sector
News  |  4/29/2019  | 
Financial services firms saw upticks in credential leaks and credit card compromise as cybercriminals go where the money is.
7 Types of Experiences Every Security Pro Should Have
Slideshows  |  4/29/2019  | 
As the saying goes, experience is the best teacher. It'll also make you a better and more well-rounded security pro.
Unknown, Unprotected Database Exposes Info on 80 Million US Households
Quick Hits  |  4/29/2019  | 
A database with no login required has been found to contain names, addresses, age, and more for over 80 million U.S. households.
A Rear-View Look at GDPR: Compliance Has No Brakes
Commentary  |  4/29/2019  | 
With a year of Europe's General Data Protection Regulation under our belt, what have we learned?
How to Build a Cloud Security Model
Slideshows  |  4/26/2019  | 
Security experts point to seven crucial steps companies should be taking as they move data and processes to cloud environments.
Slack Warns of Big, Bad Dangers in SEC Filing
Quick Hits  |  4/26/2019  | 
A filing prior to an IPO lists nation-state dangers to Slack's services and customers as a risk for investors.
Malware Makes Itself at Home in Set-Top Boxes
News  |  4/26/2019  | 
Low-cost boxes that promise free TV streaming services often come complete with malware, according to a new study.
Go Medieval to Keep OT Safe
Commentary  |  4/26/2019  | 
When it comes to operational technology and industrial control systems, make sure you're the lord of all you survey.
Security Vulns in Microsoft Products Continue to Increase
News  |  4/25/2019  | 
The good news: Removing admin privileges can mitigate most of them, a new study by BeyondTrust shows.
New EternalBlue Family Member Takes Aim at Asian Web Servers
News  |  4/25/2019  | 
Beapy is a new malware variant that's storming across China, leaving cryptominers in its wake.
Cyberattackers Focus on More Subtle Techniques
News  |  4/25/2019  | 
Spam has given way to spear phishing, cryptojacking remains popular, and credential spraying is on the rise.
UVA Wins Second Consecutive National Collegiate Cyber Defense Championship
Quick Hits  |  4/25/2019  | 
The Wahoos came out on top among 235 colleges and universities that took part in the 15-year-old competition.
55% of SMBs Would Pay Up Post-Ransomware Attack
Quick Hits  |  4/25/2019  | 
The number gets even higher among larger SMBs.
How a Nigerian ISP Accidentally Hijacked the Internet
Commentary  |  4/25/2019  | 
For 74 minutes, traffic destined for Google and Cloudflare services was routed through Russia and into the largest system of censorship in the world, China's Great Firewall.
Enterprise Trojan Detections Spike 200% in Q1 2019
News  |  4/25/2019  | 
Cybercriminals see greater ROI targeting businesses, which have been slammed with ransomware attacks and Trojans.
Sensitive Data Lingers on Used Storage Drives Sold Online
News  |  4/25/2019  | 
Four in 10 used hard drives sold on eBay found to contain sensitive information.
Regulations, Insider Threat Handicap Healthcare IT Security
News  |  4/25/2019  | 
Healthcare IoT is expanding opportunities for hackers as the sector struggles to keep up security-wise.
Ramblings of a Recovering Academic on the So-Called Lack of Security Talent
Commentary  |  4/25/2019  | 
Hiring for security is difficult, as many surveys show. But what the research doesn't explain is the "why" and a lack of talent may not be the sole reason.
Indeed.com: Slight Dip in Clicks on US Cybersecurity Job Listings
News  |  4/25/2019  | 
Meanwhile, most of the highest-paying positions pay more than $100K, according to new analysis from the job posting site.
TA505 Abusing Legit Remote Admin Tool in String of Attacks
News  |  4/24/2019  | 
Russian-speaking threat group has been targeting retailers and financial institutions in the US and abroad via a spear-phishing campaign.
5 Security Challenges to API Protection
Commentary  |  4/24/2019  | 
Today's application programming interfaces are no longer simple or front-facing, creating new risks for both security and DevOps.
Survey Shows a Security Conundrum
Quick Hits  |  4/24/2019  | 
A new report examines and quantifies the conflicts and challenges faced by business security leaders.
Two Charged with Economic Espionage, GE Trade Secret Theft
Quick Hits  |  4/24/2019  | 
A US national and Chinese national have been charged with conspiring to steal General Electric's trade secrets surrounding turbine technologies.
Attackers Aren't Invincible & We Must Use That to Our Advantage
Commentary  |  4/24/2019  | 
The bad guys only seem infallible. Use their weaknesses to beat them.
New Twist in the Stuxnet Story
News  |  4/23/2019  | 
What a newly discovered missing link to Stuxnet and the now-revived Flame cyber espionage malware add to the narrative of the epic cyber-physical attack.
Google File Cabinet Plays Host to Malware Payloads
News  |  4/23/2019  | 
Researchers detect a new drive-by download attack in which Google Sites' file cabinet template is a delivery vehicle for malware.
Demonstration Showcase Brings DevOps to Interop19
News  |  4/23/2019  | 
Attendees will learn how orchestration and automation can be a part of network operations and security, even at smaller companies.
Microsoft Windows, Antivirus Software at Odds After Latest Update
News  |  4/23/2019  | 
This month's Windows update has caused incompatibilities with software from at least five antivirus companies, resulting in slow boot times and frozen systems.
City of Stuart Still Recovering from Ryuk Ransomware Attack
Quick Hits  |  4/23/2019  | 
Officials are investigating an April 13 ransomware attack that targeted Stuart's city servers and forced it offline.
App Exposes Wi-Fi Credentials for Thousands of Private Networks
Quick Hits  |  4/23/2019  | 
A database used by WiFi Finder was left open and unprotected on the Internet.
Exploits for Adobe Vulnerabilities Spiked in 2018
News  |  4/23/2019  | 
With Flash Player on way out, attackers are renewing their focus on Acrobat Reader, RiskSense found.
When Every Attack Is a Zero Day
Commentary  |  4/23/2019  | 
Stopping malware the first time is an ideal that has remained tantalizingly out of reach. But automation, artificial intelligence, and deep learning are poised to change that.
Will the US Adopt a National Privacy Law?
Commentary  |  4/23/2019  | 
Probably not before the 2020 election. But keep an eye on this Congress as legislators debate how to define personal data and what limits to place on how companies use it.
7 Ways to Get the Most from Your IDS/IPS
Slideshows  |  4/23/2019  | 
Intrusion detection and prevention is at the foundation of successful security in-depth. Securing the perimeter requires a solid understanding of these two critical components.
1 in 4 Workers Are Aware Of Security Guidelines but Ignore Them
News  |  4/23/2019  | 
Even more are knowingly connecting to unsecure networks and sharing confidential information through collaboration platforms, according to Symphony Communication Services.
FBI: $2.7 Billion in Losses to Cyber-Enabled Crimes in 2018
Quick Hits  |  4/22/2019  | 
Internet Crime Complaint Center (IC3) last year received an average of 900+ reports daily of Internet-enabled theft, fraud, and exploitation.
Trojanized TeamViewer Used in Targeted Attacks Against Multiple Embassies
News  |  4/22/2019  | 
Motive remains unclear though financial theft appears to be one possibility, Check Point Research says.
WannaCry Hero Hutchins Pleads Guilty to Malware Charges
News  |  4/22/2019  | 
Marcus Hutchins, the security researcher who helped halt the spread of the WannaCry attack, pleads guilty to two charges related to writing malware.
Who Gets Targeted Most in Cyberattack Campaigns
Quick Hits  |  4/22/2019  | 
Attackers are changing both their tactics and targets in an attempt to remain criminally successful, Proofpoint's study found.
4 Tips to Protect Your Business Against Social Media Mistakes
Commentary  |  4/22/2019  | 
Don't let social media become the go-to platform for cybercriminals looking to steal sensitive corporate information or cause huge reputational damage.
Page 1 / 4   >   >>


97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I told you we should worry abit more about vendor lock-in.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7068
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7069
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7070
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7071
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2019-7072
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .