Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in April 2019
<<   <   Page 2 / 4   >   >>
Networks in Danger as Global BGP Routing Table Reaches Capacity
Larry Loeb  |  4/23/2019  | 
The Internet is going to run out of address space sometime this month.
FBI: $2.7 Billion in Losses to Cyber-Enabled Crimes in 2018
Quick Hits  |  4/22/2019  | 
Internet Crime Complaint Center (IC3) last year received an average of 900+ reports daily of Internet-enabled theft, fraud, and exploitation.
Trojanized TeamViewer Used in Targeted Attacks Against Multiple Embassies
News  |  4/22/2019  | 
Motive remains unclear though financial theft appears to be one possibility, Check Point Research says.
WannaCry Hero Hutchins Pleads Guilty to Malware Charges
News  |  4/22/2019  | 
Marcus Hutchins, the security researcher who helped halt the spread of the WannaCry attack, pleads guilty to two charges related to writing malware.
Who Gets Targeted Most in Cyberattack Campaigns
Quick Hits  |  4/22/2019  | 
Attackers are changing both their tactics and targets in an attempt to remain criminally successful, Proofpoint's study found.
Over 500 Million Chrome iOS Sessions Hijacked in Massive Malvertising Campaign
Larry Loeb  |  4/22/2019  | 
Confiant has spotted the known threat actor eGobbler back in action.
4 Tips to Protect Your Business Against Social Media Mistakes
Commentary  |  4/22/2019  | 
Don't let social media become the go-to platform for cybercriminals looking to steal sensitive corporate information or cause huge reputational damage.
Researchers Find Clues for Dramatically Reducing IDS Traffic Volume
Quick Hits  |  4/19/2019  | 
Research at military labs and Towson University shows that identifying malicious activity may require much less captured data than has been the case.
Russia Hacked Clinton's Computers Five Hours After Trump's Call
News  |  4/19/2019  | 
Mueller report finds that in July 2016, after then-candidate Donald Trump publicly called for Russia to "find the 30,000 emails," Russian agents targeted Hillary Clinton's personal office with cyberattacks.
APT34 Toolset, Victim Data Leaked via Telegram
Quick Hits  |  4/19/2019  | 
For the last month, an unknown individual or group has been sharing data and hacking tools belonging to Iranian hacker group APT34.
Russian Hacker Group TA505 Found to Be Attacker of US Financial Firms
Larry Loeb  |  4/19/2019  | 
Israeli-based Cyberint has found evidence of remote access Trojans being used in attacks on financial entities in the United States as well as worldwide.
Free Princeton Application Provides IoT Traffic Insight
Quick Hits  |  4/19/2019  | 
The application developed by a research group allows users to spot possible IoT security problems.
Why We Need a 'Cleaner Internet'
Commentary  |  4/19/2019  | 
By blocking threats and attacks nearer to their sources, cybersecurity pros could help turn the connected world into a safer place for all.
Third-Party Cyber-Risk by the Numbers
Slideshows  |  4/19/2019  | 
Recent stats show that the state of third-party cyber risk and vendor risk management remains largely immature at most organizations.
Cisco Issues 31 Mid-April Security Alerts
News  |  4/18/2019  | 
Among them, two are critical and six are of high importance.
Creator of Hub for Stolen Credit Cards Sentenced to 90 Months
News  |  4/18/2019  | 
Coming eight years after he launched the site, the steep sentence for the cybercriminal operator is based on a tab of $30 million in damages calculated by Mastercard and other credit card companies.
6 Takeaways from Ransomware Attacks in Q1
News  |  4/18/2019  | 
Customized, targeted ransomware attacks were all the rage.
Cloud Security Spend Set to Reach $12.6B by 2023
News  |  4/18/2019  | 
Growth corresponds with a greater reliance on public cloud services.
The Cybersecurity Automation Paradox
News  |  4/18/2019  | 
Recent studies show that before automation can reduce the burden on understaffed cybersecurity teams, they need to bring in enough automation skills to run the tools.
How to Raise the Level of AppSec Competency in Your Organization
Commentary  |  4/18/2019  | 
Improving processes won't happen overnight, but it's not complicated either.
Former Student Admits to USB Killer Attack
Quick Hits  |  4/18/2019  | 
An Indian national used device to attack computers and peripherals at a New York college.
GoT Guide to Cybersecurity: Preparing for Battle During a Staffing Shortage
Commentary  |  4/18/2019  | 
Faced with an overwhelming adversary, Game of Thrones heroes Daenerys Targaryen and Jon Snow have a lot in common with today's beleaguered CISOs.
Facebook Accidentally Imported 1.5M Users' Email Data Sans Consent
Quick Hits  |  4/18/2019  | 
The social media giant says it did not access the imported data and is notifying affected users.
Wipro Gets Phished to Gain Access to Clients
Larry Loeb  |  4/18/2019  | 
Sources say that the company was being used as the start of 'digital fishing expeditions targeting at least a dozen Wipro customer systems.'
Nation-State Hacker Group Hijacking DNS to Redirect Email, Web Traffic
News  |  4/17/2019  | 
'Sea Turtle' group has compromised at least 40 national security organizations in 13 countries so far, Cisco Talos says.
VPN Vulnerabilities Point Out Need for Comprehensive Remote Security
News  |  4/17/2019  | 
VPNs are the primary tool for securing remote access, but recently disclosed vulnerabilities point out the weakness of relying on them as the only tool.
Tips for the Aftermath of a Cyberattack
News  |  4/17/2019  | 
Incident response demands technical expertise, but you can't fully recover without non-IT experts.
New Malware Campaign Targets Financials, Retailers
Quick Hits  |  4/17/2019  | 
The attack uses a legitimate remote access system as well as several families of malware.
Legacy Apps: The Security Risk Lurking in Dusty Corners
Commentary  |  4/17/2019  | 
Four best practices to keep old code from compromising your enterprise environment.
Ever-Sophisticated Bad Bots Target Healthcare, Ticketing
News  |  4/17/2019  | 
From criminals to competitors, online bots continue to scrape information from sites and pose as legitimate users.
Inside the Dark Web's How-To Guides for Teaching Fraud
Quick Hits  |  4/17/2019  | 
A new study investigates nearly 30,000 guides to explore what fraudsters sell and teach aspiring cybercriminals.
Servers Discovered With Multiple Malware Families, Staged & Ready to Launch
Larry Loeb  |  4/17/2019  | 
Bromium has uncovered US-based web servers that are being used to host and distribute these kinds of malware including banking trojans, information stealers and ransomware.
Selecting the Right Strategy to Reduce Vulnerability Risk
Commentary  |  4/17/2019  | 
There's no one-size-fits-all strategy for eliminating vulnerability risk. Knowing how your organization operates is what makes the difference.
7 Tips for an Effective Employee Security Awareness Program
Slideshows  |  4/17/2019  | 
Breaches and compliance requirements have heightened the need for continuous and effective employee training, security experts say.
Decoding a 'New' Elite Cyber Espionage Team
News  |  4/16/2019  | 
Stealthy and well-heeled hacking group went undetected for five years and wields a massive attack framework of some 80 different modules.
Security Audit Shows Gains, Though Privacy Lags
News  |  4/16/2019  | 
The 2018 Online Trust Audit shows that "encryption everywhere" is improving security, while fuzzy language is slowing privacy gains.
Threat Group Exploits Chrome Bug to Serve Malicious Ads to iOS Users
News  |  4/16/2019  | 
A new exploit developed by eGobbler is allowing it to distribute malvertisementsmore than 500 million to dateat huge scale, Confiant says.
Meet Scranos: New Rootkit-Based Malware Gains Confidence
News  |  4/16/2019  | 
The cross-platform operation, first tested on victims in China, has begun to spread around the world.
Benefiting from Data Privacy Investments
Commentary  |  4/16/2019  | 
GDPR-ready companies experience lower overall costs associated with data breaches, research finds.
IT Outsourcing Firm Wipro Investigates Data Breach
Quick Hits  |  4/16/2019  | 
Employee accounts may have been compromised in a sophisticated phishing campaign.
New Attacks (and Old Attacks Made New)
Commentary  |  4/16/2019  | 
Although new attacks might get the most attention, don't assume old ones have gone away.
Warning: VPN Application Vulnerabilities Found
Larry Loeb  |  4/16/2019  | 
That enterprise-grade virtual private network might not be as private as you think.
Data on Thousands of Law Enforcement Personnel Exposed in Breach
Quick Hits  |  4/15/2019  | 
Unknown hackers broke into databases of nonprofit and have posted online personal info on FBI, Secret Service, Capitol Police, US Park Police, others.
Microsoft Downplays Scope of Email Attack
News  |  4/15/2019  | 
An unknown attacker used a support agent's credentials to access email content belonging to some Outlook, Hotmail users.
New Details Emerge on Windows Zero Day
News  |  4/15/2019  | 
The CVE-2019-0859 vulnerability, patched last week, is the latest in a string of Windows local privilege escalation bugs discovered at Kaspersky Lab.
TRITON Attacks Underscore Need for Better Defenses
News  |  4/15/2019  | 
As attackers focus on cyber-physical systems, companies must improve their visibility into IT system compromises as well as limit actions on operational-technology networks, experts say.
The Single Cybersecurity Question Every CISO Should Ask
Commentary  |  4/15/2019  | 
The answer can lead to a scalable enterprise security solution for years to come.
Who Built the 'Taj Mahal'?
Larry Loeb  |  4/15/2019  | 
While the sophistication of the malware suggests that it is the product of a nation-state, it bears none of the code fingerprints of any known nation-state hacker group.
CERT, CISA Warn of Vuln in at Least 4 Major VPNs
Quick Hits  |  4/12/2019  | 
VPN products by Cisco, Palo Alto Networks, F5 Networks, Pulse Secure, insecurely store session cookies.
This Week in Security Funding: Where the Money Went
News  |  4/12/2019  | 
Predictions for cybersecurity investment in 2019 are holding true with funding announcements from four startups.
<<   <   Page 2 / 4   >   >>


News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21070
PUBLISHED: 2021-04-19
Adobe Robohelp version 2020.0.3 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation. An attacker with permissions to write to the file system could leverage this vulnerability to escalate privileges.
CVE-2020-7851
PUBLISHED: 2021-04-19
Innorix Web-Based File Transfer Solution versuibs prior to and including 9.2.18.385 contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the internal method. A remote attacker could induce a user to access a crafted web page, causing damage...
CVE-2021-29399
PUBLISHED: 2021-04-19
XMB is vulnerable to cross-site scripting (XSS) due to inadequate filtering of BBCode input. This bug affects all versions of XMB. All XMB installations must be updated to versions 1.9.12.03 or 1.9.11.16.
CVE-2021-23381
PUBLISHED: 2021-04-18
This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23374
PUBLISHED: 2021-04-18
This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.