Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in April 2019
<<   <   Page 2 / 4   >   >>
Researchers Find Clues for Dramatically Reducing IDS Traffic Volume
Quick Hits  |  4/19/2019  | 
Research at military labs and Towson University shows that identifying malicious activity may require much less captured data than has been the case.
Russia Hacked Clinton's Computers Five Hours After Trump's Call
News  |  4/19/2019  | 
Mueller report finds that in July 2016, after then-candidate Donald Trump publicly called for Russia to "find the 30,000 emails," Russian agents targeted Hillary Clinton's personal office with cyberattacks.
APT34 Toolset, Victim Data Leaked via Telegram
Quick Hits  |  4/19/2019  | 
For the last month, an unknown individual or group has been sharing data and hacking tools belonging to Iranian hacker group APT34.
Free Princeton Application Provides IoT Traffic Insight
Quick Hits  |  4/19/2019  | 
The application developed by a research group allows users to spot possible IoT security problems.
Why We Need a 'Cleaner Internet'
Commentary  |  4/19/2019  | 
By blocking threats and attacks nearer to their sources, cybersecurity pros could help turn the connected world into a safer place for all.
Third-Party Cyber-Risk by the Numbers
Slideshows  |  4/19/2019  | 
Recent stats show that the state of third-party cyber risk and vendor risk management remains largely immature at most organizations.
Cisco Issues 31 Mid-April Security Alerts
News  |  4/18/2019  | 
Among them, two are critical and six are of high importance.
Creator of Hub for Stolen Credit Cards Sentenced to 90 Months
News  |  4/18/2019  | 
Coming eight years after he launched the site, the steep sentence for the cybercriminal operator is based on a tab of $30 million in damages calculated by Mastercard and other credit card companies.
6 Takeaways from Ransomware Attacks in Q1
News  |  4/18/2019  | 
Customized, targeted ransomware attacks were all the rage.
Cloud Security Spend Set to Reach $12.6B by 2023
News  |  4/18/2019  | 
Growth corresponds with a greater reliance on public cloud services.
The Cybersecurity Automation Paradox
News  |  4/18/2019  | 
Recent studies show that before automation can reduce the burden on understaffed cybersecurity teams, they need to bring in enough automation skills to run the tools.
How to Raise the Level of AppSec Competency in Your Organization
Commentary  |  4/18/2019  | 
Improving processes won't happen overnight, but it's not complicated either.
Former Student Admits to USB Killer Attack
Quick Hits  |  4/18/2019  | 
An Indian national used device to attack computers and peripherals at a New York college.
GoT Guide to Cybersecurity: Preparing for Battle During a Staffing Shortage
Commentary  |  4/18/2019  | 
Faced with an overwhelming adversary, Game of Thrones heroes Daenerys Targaryen and Jon Snow have a lot in common with today's beleaguered CISOs.
Facebook Accidentally Imported 1.5M Users' Email Data Sans Consent
Quick Hits  |  4/18/2019  | 
The social media giant says it did not access the imported data and is notifying affected users.
Nation-State Hacker Group Hijacking DNS to Redirect Email, Web Traffic
News  |  4/17/2019  | 
'Sea Turtle' group has compromised at least 40 national security organizations in 13 countries so far, Cisco Talos says.
VPN Vulnerabilities Point Out Need for Comprehensive Remote Security
News  |  4/17/2019  | 
VPNs are the primary tool for securing remote access, but recently disclosed vulnerabilities point out the weakness of relying on them as the only tool.
Tips for the Aftermath of a Cyberattack
News  |  4/17/2019  | 
Incident response demands technical expertise, but you can't fully recover without non-IT experts.
New Malware Campaign Targets Financials, Retailers
Quick Hits  |  4/17/2019  | 
The attack uses a legitimate remote access system as well as several families of malware.
Legacy Apps: The Security Risk Lurking in Dusty Corners
Commentary  |  4/17/2019  | 
Four best practices to keep old code from compromising your enterprise environment.
Ever-Sophisticated Bad Bots Target Healthcare, Ticketing
News  |  4/17/2019  | 
From criminals to competitors, online bots continue to scrape information from sites and pose as legitimate users.
Inside the Dark Web's How-To Guides for Teaching Fraud
Quick Hits  |  4/17/2019  | 
A new study investigates nearly 30,000 guides to explore what fraudsters sell and teach aspiring cybercriminals.
Selecting the Right Strategy to Reduce Vulnerability Risk
Commentary  |  4/17/2019  | 
There's no one-size-fits-all strategy for eliminating vulnerability risk. Knowing how your organization operates is what makes the difference.
7 Tips for an Effective Employee Security Awareness Program
Slideshows  |  4/17/2019  | 
Breaches and compliance requirements have heightened the need for continuous and effective employee training, security experts say.
Decoding a 'New' Elite Cyber Espionage Team
News  |  4/16/2019  | 
Stealthy and well-heeled hacking group went undetected for five years and wields a massive attack framework of some 80 different modules.
Security Audit Shows Gains, Though Privacy Lags
News  |  4/16/2019  | 
The 2018 Online Trust Audit shows that "encryption everywhere" is improving security, while fuzzy language is slowing privacy gains.
Threat Group Exploits Chrome Bug to Serve Malicious Ads to iOS Users
News  |  4/16/2019  | 
A new exploit developed by eGobbler is allowing it to distribute malvertisementsmore than 500 million to dateat huge scale, Confiant says.
Meet Scranos: New Rootkit-Based Malware Gains Confidence
News  |  4/16/2019  | 
The cross-platform operation, first tested on victims in China, has begun to spread around the world.
Benefiting from Data Privacy Investments
Commentary  |  4/16/2019  | 
GDPR-ready companies experience lower overall costs associated with data breaches, research finds.
IT Outsourcing Firm Wipro Investigates Data Breach
Quick Hits  |  4/16/2019  | 
Employee accounts may have been compromised in a sophisticated phishing campaign.
New Attacks (and Old Attacks Made New)
Commentary  |  4/16/2019  | 
Although new attacks might get the most attention, don't assume old ones have gone away.
Data on Thousands of Law Enforcement Personnel Exposed in Breach
Quick Hits  |  4/15/2019  | 
Unknown hackers broke into databases of nonprofit and have posted online personal info on FBI, Secret Service, Capitol Police, US Park Police, others.
Microsoft Downplays Scope of Email Attack
News  |  4/15/2019  | 
An unknown attacker used a support agent's credentials to access email content belonging to some Outlook, Hotmail users.
New Details Emerge on Windows Zero Day
News  |  4/15/2019  | 
The CVE-2019-0859 vulnerability, patched last week, is the latest in a string of Windows local privilege escalation bugs discovered at Kaspersky Lab.
TRITON Attacks Underscore Need for Better Defenses
News  |  4/15/2019  | 
As attackers focus on cyber-physical systems, companies must improve their visibility into IT system compromises as well as limit actions on operational-technology networks, experts say.
The Single Cybersecurity Question Every CISO Should Ask
Commentary  |  4/15/2019  | 
The answer can lead to a scalable enterprise security solution for years to come.
CERT, CISA Warn of Vuln in at Least 4 Major VPNs
Quick Hits  |  4/12/2019  | 
VPN products by Cisco, Palo Alto Networks, F5 Networks, Pulse Secure, insecurely store session cookies.
This Week in Security Funding: Where the Money Went
News  |  4/12/2019  | 
Predictions for cybersecurity investment in 2019 are holding true with funding announcements from four startups.
Romanians Convicted in Cybertheft Scheme
Quick Hits  |  4/12/2019  | 
Working out of Bucharest since 2007, a pair of criminals infected and controlled more than 400,000 individual computers, mostly in the US.
8 'SOC-as-a-Service' Offerings
Slideshows  |  4/12/2019  | 
These new cloud services seek to help companies figure out what their traditional SIEM alerts mean, plus how they can prioritize responses and improve their security operations.
Home Office Apologizes for EU Citizen Data Exposure
Quick Hits  |  4/12/2019  | 
The Home Office has admitted to compromising private email addresses belonging to EU citizens hoping to settle in the UK.
Cloudy with a Chance of Security Breach
Commentary  |  4/12/2019  | 
Businesses must be aware of the security weaknesses of the public cloud and not assume that every angle is covered.
New 'HOPLIGHT' Malware Appears in Latest North Korean Attacks, Say DHS, FBI
News  |  4/11/2019  | 
The FBI and Department of Homeland Security release malware analysis report, indicators of compromise for nine different executable files.
'Dragonblood' Vulnerabilities Seep Into WPA3 Secure Wifi Handshake
News  |  4/11/2019  | 
A new set of vulnerabilities may put some early adopters of strong Wifi security at greater security risk.
Senate Report on Equifax Raises Questions Ahead of FICO Product Announcement
News  |  4/11/2019  | 
Equifax is slammed in a Senate subcommittee report ahead of the announcement of a joint service with FICO.
Tax Hacks: How Seasonal Scams Cause Yearlong Problems
News  |  4/11/2019  | 
Tax season is marked with malware campaigns, tax fraud, and identity theft, with money and data flowing through an underground economy.
Julian Assange Arrested in London
Quick Hits  |  4/11/2019  | 
The WikiLeaks founder, who was taken from the Ecuadorian Embassy by British police, has been convicted of skipping bail in 2012.
In Security, All Logs Are Not Created Equal
Commentary  |  4/11/2019  | 
Prioritizing key log sources goes a long way toward effective incident response.
Microsoft Patches Are Freezing Older PCs Running Sophos, Avast
Quick Hits  |  4/11/2019  | 
Computers running Sophos or Avast software have been failing to boot following the latest Patch Tuesday update.
When Your Sandbox Fails
Commentary  |  4/11/2019  | 
The sandbox is an important piece of the security stack, but an organization's entire strategy shouldn't rely on its ability to detect every threat. Here's why.
<<   <   Page 2 / 4   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17230
PUBLISHED: 2020-04-03
includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes.
CVE-2019-17231
PUBLISHED: 2020-04-03
includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress has multiple stored XSS issues.
CVE-2020-10689
PUBLISHED: 2020-04-03
A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods. An authenticated user can exploit this flaw to bypass JWT proxy and gain access to the workspace pods of another user. Successful exploitation requires knowledge of the service name ...
CVE-2020-10960
PUBLISHED: 2020-04-03
In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler...
CVE-2020-11500
PUBLISHED: 2020-04-03
Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Within a meeting, all participants use a single 128-bit key.