Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in April 2019
Page 1 / 4   >   >>
Financial Data for Multiple Companies Dumped Online in Failed Extortion Bid
News  |  4/30/2019  | 
Potential victims reportedly include Oracle, Volkswagen, Airbus and Porsche.
Database Leaks, Network Traffic Top Data Exfiltration Methods
News  |  4/30/2019  | 
Intellectual property and personally identifiable information tie for the type of data IT practitioners are worried about losing.
Confluence Vulnerability Opens Door to GandCrab
Quick Hits  |  4/30/2019  | 
An exploit of the vulnerability offers attackers a ransomware surface that doesn't need email.
California Consumer Privacy Act: 4 Compliance Best Practices
Commentary  |  4/30/2019  | 
Companies that get ahead of the January 2020 data privacy deadline can minimize the risk of sanctions and also gain a competitive advantage in the marketplace.
Microsoft 365 Updated with New Compliance, Encryption, Privacy Controls
News  |  4/30/2019  | 
New tools, such as Compliance Manager and Advanced Message Encryption, aim to give businesses more options for data privacy.
How to Help Your Board Navigate Cybersecurity's Legal Risks
Commentary  |  4/30/2019  | 
What's worse than a massive data breach? A massive data breach followed by a shareholder derivative lawsuit. Learn what's at stake and what CISOs can do to mitigate the damage.
Shadow IT & Unsecured Data Still Rampant Within the Digital Workplace
Larry Loeb  |  4/30/2019  | 
The digital workplace is full of opportunities for improvement.
Threat Intelligence Firms Look to AI, but Still Require Humans
News  |  4/30/2019  | 
Machine learning and artificial intelligence are helping threat-intelligence firms cover a greater area of the darknet, but human analysts will always be necessary, experts say.
Researchers Explore Remote Code Injection in macOS
News  |  4/30/2019  | 
Deep Instinct analysts test three code injection methods and a custom-built Mach-O loader to load malicious files from memory.
Docker Forces Password Reset for 190,000 Accounts After Breach
News  |  4/29/2019  | 
Organizations impacted by breach, which gave attackers illegal access to a database containing sensitive account information, need to check their container images.
Peer-to-Peer Vulnerability Exposes Millions of IoT Devices
News  |  4/29/2019  | 
A flaw in the software used to remotely access cameras and monitoring devices could allow hackers to easily take control of millions of pieces of the IoT.
Credit Card Compromise Up 212% as Hackers Eye Financial Sector
News  |  4/29/2019  | 
Financial services firms saw upticks in credential leaks and credit card compromise as cybercriminals go where the money is.
7 Types of Experiences Every Security Pro Should Have
Slideshows  |  4/29/2019  | 
As the saying goes, experience is the best teacher. It'll also make you a better and more well-rounded security pro.
Unknown, Unprotected Database Exposes Info on 80 Million US Households
Quick Hits  |  4/29/2019  | 
A database with no login required has been found to contain names, addresses, age, and more for over 80 million U.S. households.
A Rear-View Look at GDPR: Compliance Has No Brakes
Commentary  |  4/29/2019  | 
With a year of Europe's General Data Protection Regulation under our belt, what have we learned?
NIST Offers Improved Software Testing
Larry Loeb  |  4/29/2019  | 
Combinatorial testing is a software testing method that the National Institute of Science and Technology (NIST) likes a lot.
How to Build a Cloud Security Model
Slideshows  |  4/26/2019  | 
Security experts point to seven crucial steps companies should be taking as they move data and processes to cloud environments.
Slack Warns of Big, Bad Dangers in SEC Filing
Quick Hits  |  4/26/2019  | 
A filing prior to an IPO lists nation-state dangers to Slack's services and customers as a risk for investors.
Malware Makes Itself at Home in Set-Top Boxes
News  |  4/26/2019  | 
Low-cost boxes that promise free TV streaming services often come complete with malware, according to a new study.
Enterprise Attacks Increase 235%: Trojans & Ransomware Most Common
Larry Loeb  |  4/26/2019  | 
The Malwarebytes Labs Cybercrime Tactics and Techniques Q1 2019 report found in just one year, threats aimed at corporate targets have increased by 235%. Trojans, such as Emotet, and ransomware were the most likely attacks.
Go Medieval to Keep OT Safe
Commentary  |  4/26/2019  | 
When it comes to operational technology and industrial control systems, make sure you're the lord of all you survey.
Security Vulns in Microsoft Products Continue to Increase
News  |  4/25/2019  | 
The good news: Removing admin privileges can mitigate most of them, a new study by BeyondTrust shows.
New EternalBlue Family Member Takes Aim at Asian Web Servers
News  |  4/25/2019  | 
Beapy is a new malware variant that's storming across China, leaving cryptominers in its wake.
Cyberattackers Focus on More Subtle Techniques
News  |  4/25/2019  | 
Spam has given way to spear phishing, cryptojacking remains popular, and credential spraying is on the rise.
UVA Wins Second Consecutive National Collegiate Cyber Defense Championship
Quick Hits  |  4/25/2019  | 
The Wahoos came out on top among 235 colleges and universities that took part in the 15-year-old competition.
55% of SMBs Would Pay Up Post-Ransomware Attack
Quick Hits  |  4/25/2019  | 
The number gets even higher among larger SMBs.
How a Nigerian ISP Accidentally Hijacked the Internet
Commentary  |  4/25/2019  | 
For 74 minutes, traffic destined for Google and Cloudflare services was routed through Russia and into the largest system of censorship in the world, China's Great Firewall.
Enterprise Trojan Detections Spike 200% in Q1 2019
News  |  4/25/2019  | 
Cybercriminals see greater ROI targeting businesses, which have been slammed with ransomware attacks and Trojans.
Sensitive Data Lingers on Used Storage Drives Sold Online
News  |  4/25/2019  | 
Four in 10 used hard drives sold on eBay found to contain sensitive information.
Regulations, Insider Threat Handicap Healthcare IT Security
News  |  4/25/2019  | 
Healthcare IoT is expanding opportunities for hackers as the sector struggles to keep up security-wise.
Ramblings of a Recovering Academic on the So-Called Lack of Security Talent
Commentary  |  4/25/2019  | 
Hiring for security is difficult, as many surveys show. But what the research doesn't explain is the "why" and a lack of talent may not be the sole reason.
EU Approves Addition of Biometrics to Tracking Database
Larry Loeb  |  4/25/2019  | 
The Common Identity Repository (CIR) will unify a disparate set of records that exist for more than 350 million people.
Indeed.com: Slight Dip in Clicks on US Cybersecurity Job Listings
News  |  4/25/2019  | 
Meanwhile, most of the highest-paying positions pay more than $100K, according to new analysis from the job posting site.
TA505 Abusing Legit Remote Admin Tool in String of Attacks
News  |  4/24/2019  | 
Russian-speaking threat group has been targeting retailers and financial institutions in the US and abroad via a spear-phishing campaign.
5 Security Challenges to API Protection
Commentary  |  4/24/2019  | 
Today's application programming interfaces are no longer simple or front-facing, creating new risks for both security and DevOps.
Survey Shows a Security Conundrum
Quick Hits  |  4/24/2019  | 
A new report examines and quantifies the conflicts and challenges faced by business security leaders.
Two Charged with Economic Espionage, GE Trade Secret Theft
Quick Hits  |  4/24/2019  | 
A US national and Chinese national have been charged with conspiring to steal General Electric's trade secrets surrounding turbine technologies.
Attackers Aren't Invincible & We Must Use That to Our Advantage
Commentary  |  4/24/2019  | 
The bad guys only seem infallible. Use their weaknesses to beat them.
New Fix for jQuery Vulnerabilities
Larry Loeb  |  4/24/2019  | 
A security patch has been made for jQuery to mitigate 'prototype pollution.'
New Twist in the Stuxnet Story
News  |  4/23/2019  | 
What a newly discovered missing link to Stuxnet and the now-revived Flame cyber espionage malware add to the narrative of the epic cyber-physical attack.
Google File Cabinet Plays Host to Malware Payloads
News  |  4/23/2019  | 
Researchers detect a new drive-by download attack in which Google Sites' file cabinet template is a delivery vehicle for malware.
Demonstration Showcase Brings DevOps to Interop19
News  |  4/23/2019  | 
Attendees will learn how orchestration and automation can be a part of network operations and security, even at smaller companies.
Microsoft Windows, Antivirus Software at Odds After Latest Update
News  |  4/23/2019  | 
This month's Windows update has caused incompatibilities with software from at least five antivirus companies, resulting in slow boot times and frozen systems.
City of Stuart Still Recovering from Ryuk Ransomware Attack
Quick Hits  |  4/23/2019  | 
Officials are investigating an April 13 ransomware attack that targeted Stuart's city servers and forced it offline.
App Exposes Wi-Fi Credentials for Thousands of Private Networks
Quick Hits  |  4/23/2019  | 
A database used by WiFi Finder was left open and unprotected on the Internet.
Exploits for Adobe Vulnerabilities Spiked in 2018
News  |  4/23/2019  | 
With Flash Player on way out, attackers are renewing their focus on Acrobat Reader, RiskSense found.
When Every Attack Is a Zero Day
Commentary  |  4/23/2019  | 
Stopping malware the first time is an ideal that has remained tantalizingly out of reach. But automation, artificial intelligence, and deep learning are poised to change that.
Will the US Adopt a National Privacy Law?
Commentary  |  4/23/2019  | 
Probably not before the 2020 election. But keep an eye on this Congress as legislators debate how to define personal data and what limits to place on how companies use it.
7 Ways to Get the Most from Your IDS/IPS
Slideshows  |  4/23/2019  | 
Intrusion detection and prevention is at the foundation of successful security in-depth. Securing the perimeter requires a solid understanding of these two critical components.
1 in 4 Workers Are Aware Of Security Guidelines but Ignore Them
News  |  4/23/2019  | 
Even more are knowingly connecting to unsecure networks and sharing confidential information through collaboration platforms, according to Symphony Communication Services.
Page 1 / 4   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Why Cybersecurity's Silence Matters to Black Lives
Tiffany Ricks, CEO, HacWare,  7/8/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-3931
PUBLISHED: 2020-07-08
Buffer overflow exists in Geovision Door Access Control device family, an unauthenticated remote attacker can execute arbitrary command.
CVE-2020-15600
PUBLISHED: 2020-07-07
An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to change the admin password.
CVE-2020-15599
PUBLISHED: 2020-07-07
Victor CMS through 2019-02-28 allows XSS via the register.php user_firstname or user_lastname field.
CVE-2020-8916
PUBLISHED: 2020-07-07
A memory leak in Openthread's wpantund versions up to commit 0e5d1601febb869f583e944785e5685c6c747be7, when used in an environment where wpanctl is directly interfacing with the control driver (eg: debug environments) can allow an attacker to crash the service (DoS). We recommend updating, or to res...
CVE-2020-12821
PUBLISHED: 2020-07-07
Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.