Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in April 2019
<<   <   Page 3 / 4   >   >>
Triton/Trisis Attacks Another Victim
News  |  4/11/2019  | 
FireEye Mandiant incident responders reveal a new attack by the hacking group that previously targeted a petrochemical plant in Saudi Arabia in 2017.
Majority of Hotel Websites Leak Guest Booking Info
News  |  4/10/2019  | 
Third parties such as ad, search engine, and analytics firms often have access to guest name, address, phone numbers, credit cards and other data, Symantec says.
Senate Bill Would Ban Social Networks' Social Engineering Tricks
Quick Hits  |  4/10/2019  | 
Bill takes aim at tactics used to convince people to give up their personal data, designing games that addict kids, and more.
25% of Phishing Emails Sneak into Office 365: Report
News  |  4/10/2019  | 
Researchers analyzed 55.5 million emails and found one out of every 99 messages contains a phishing attack.
New Android Malware Adds Persistence, Targets Australian Banking Customers
News  |  4/10/2019  | 
Malware campaign, which finds and exfiltrates a user's contact list and banking credentials, could potentially grow to global proportions.
Merging Companies, Merging Clouds
Commentary  |  4/10/2019  | 
Integrating cloud environments is anything but easy. Evaluating the security risks in doing so must be a starting component of an overall M&A strategy.
Android Phones Now Double as Physical Security Keys
News  |  4/10/2019  | 
Google debuted a series of security updates at Next 2019, giving users the option to use their phone as a second authentication factor.
Safe Harbor Programs: Ensuring the Bounty Isn't on White Hat Hackers' Heads
Commentary  |  4/10/2019  | 
As crowdsourced security-testing surges in popularity, companies need to implement safe harbor provisions to protect good-faith hackers -- and themselves.
'MuddyWater' APT Spotted Attacking Android
News  |  4/10/2019  | 
Cyber espionage attack group adds mobile malware to its toolset.
Verizon Patches Trio of Vulnerabilities in Home Router
News  |  4/9/2019  | 
One of the flaws gives attackers way to gain root access to devices, Tenable says.
Microsoft Patch Tuesday Fixes Windows Bugs Under Attack
News  |  4/9/2019  | 
The April release of security updates patches 74 vulnerabilities, two of which are being exploited in the wild.
Meet Baldr: The Inside Scoop on a New Stealer
News  |  4/9/2019  | 
Baldr first appeared in January and has since evolved to version 2.2 as attackers aim to build a long-lasting threat.
A New Approach to Application Security Testing
Commentary  |  4/9/2019  | 
If the appsec industry were to develop a better AST solution from scratch, what would it look like?
Craigslist Founder Funds Security Toolkit for Journalists, Elections
News  |  4/9/2019  | 
The free tools will be developed by the Global Cyber Alliance to monitor election infrastructure and processes in the runup to the 2020 Presidential election.
Yahoo Reaches $117.5M Breach Accord Following Failed Settlement
Quick Hits  |  4/9/2019  | 
An adjusted settlement between Yahoo and the victims of its massive data breach is still awaiting approval.
Stop Mocking & Start Enabling Emerging Technologies
Commentary  |  4/9/2019  | 
Mocking new technology isn't productive and can lead to career disadvantage.
British Hacker Jailed for Role in Russian Crime Group
Quick Hits  |  4/9/2019  | 
According to authorities, Zain Qaiser would pose as a legitimate ad broker to buy online advertising unit from pornographic websites.
'Digital Doppelganger' Underground Takes Payment Card Theft to the Next Level
News  |  4/9/2019  | 
Massive criminal marketplace discovered packaging and selling stolen credentials along with victims' online behavior footprints.
$20 Million Investment Round Shows Growth of Risk Assessment Market
News  |  4/8/2019  | 
The Series B investment supports a company bringing risk assessment to businesses in business terms.
'Exodus' iOS Surveillance Software Masqueraded as Legit Apps
News  |  4/8/2019  | 
Italian firm appears to have developed spyware for lawful intercept purposes, Lookout says.
Credential-Stuffing Attacks Behind 30 Billion Login Attempts in 2018
News  |  4/8/2019  | 
Using e-mail addresses and passwords from compromised sites, attackers most often targeted retail sites, video-streaming services, and entertainment companies, according to Akamai.
Guilty Plea in Senate Data Theft
Quick Hits  |  4/8/2019  | 
A former senate staff member stole personal information about three senators and published it on Wikipedia.
8 Steps to More Effective Small Business Security
Slideshows  |  4/8/2019  | 
Small business face the same security challenges as large enterprises but with much smaller security teams. Here are 8 things to do to get the most from yours.
Microsoft Products Under EU Investigation About Data Collection
Quick Hits  |  4/8/2019  | 
A new inquiry aims to determine whether contracts between Microsoft and EU organizations violate GDPR.
Ignore the Insider Threat at Your Peril
Commentary  |  4/8/2019  | 
Attacks from insiders often go undiscovered for months or years, so the potential impact can be huge. These 11 countermeasures can mitigate the damage.
Phishing Campaign Targeting Verizon Mobile Users
News  |  4/5/2019  | 
Lookout Phishing AI, which discovered the attack, says it has been going on since late November.
Ongoing DNS Hijack Attack Hits Consumer Modems and Routers
Quick Hits  |  4/5/2019  | 
The attack campaigns have re-routed DNS requests through illicit servers in Canada and Russia.
Advanced Persistent Threat: Dark Reading Caption Contest Winners
Commentary  |  4/5/2019  | 
From sushi and phishing to robots, passwords and ninjas -- and the winners are ...
The Matrix at 20: A Metaphor for Today's Cybersecurity Challenges
Commentary  |  4/5/2019  | 
The Matrix ushered in a new generation of sci-fi movies and futuristic plotlines with a relentless, seemingly invulnerable set of villains. Twenty years later, that theme is all too familiar to security pros.
Python-Based Bot Scanner Gorging on Recon Intel
News  |  4/4/2019  | 
Discovered by AT&T Alien Labs, new malware Xwo seeking default creds and misconfigurations in MySQL and MongoDB, among other services
Threat Group Employs Amazon-Style Fulfillment Model to Distribute Malware
News  |  4/4/2019  | 
The operators of the Necurs botnet are using a collection of US-based servers to send out banking Trojans, ransomware, and other malware on behalf of other cybercriminals.
Third Parties in Spotlight as More Facebook Data Leaks
News  |  4/4/2019  | 
Two third-party services left Facebook user data exposed online -- in one case, 540 million records of user comments -- highlighting the ease with which third-party developers can access data and the risk of lax security.
New, Improved BEC Campaigns Target HR and Finance
News  |  4/4/2019  | 
Spearphishing campaigns from new and established business email compromise (BEC) gangs are stealing from companies using multiple tactics.
Patched Apache Vulnerability Could Still Cause Problems
Quick Hits  |  4/4/2019  | 
More than 2 million Apache HTTP servers remain at risk for a critical privilege escalation vulnerability.
3 Lessons Security Leaders Can Learn from Theranos
Commentary  |  4/4/2019  | 
Theranos flamed out in spectacular fashion, but you can still learn from the company's "worst practices."
True Cybersecurity Means a Proactive Response
Commentary  |  4/4/2019  | 
Successful, secure organizations must take an aggressive, pre-emptive posture if they want true data security.
How iOS App Permissions Open Holes for Hackers
News  |  4/4/2019  | 
The permissions iOS apps request from users can turn the devices into spy tools and provide a toehold into the enterprise network, according to new research.
Focus on Business Priorities Exposing Companies to Avoidable Cyber-Risk
News  |  4/3/2019  | 
Despite the growing sophistication of threats and increase compliance requirements, a high percentage of organizations are continuing to compromise their security.
Privacy & Regulatory Considerations in Enterprise Blockchain
Commentary  |  4/3/2019  | 
People who understand information governance, privacy, and security should be active participants on the distributed ledger technology implementation team to ensure success.
Chinese National Carries Malware Into Mar-a-Lago
Quick Hits  |  4/3/2019  | 
A Chinese woman arrested for entering the grounds of Mar-a-Lago under false pretenses was carrying electronic equipment holding malware.
In Security, Programmers Aren't Perfect
Commentary  |  4/3/2019  | 
Software developers and their managers must change their perception of secure coding from being an optional feature to being a requirement that is factored into design from the beginning.
Georgia Tech Cyberattack Exposes Data of 1.3 Million People
Quick Hits  |  4/3/2019  | 
Names, addresses, Social Security numbers, and birth dates may have been pilfered in the attack.
Financial Firms Scrutinize Third-Party Supplier Risk
News  |  4/3/2019  | 
But executives aren't confident in the accuracy of cybersecurity assessment data received from their vendors, a new study shows.
6 Essential Skills Cybersecurity Pros Need to Develop in 2019
Slideshows  |  4/3/2019  | 
In a time of disruption in the security and tech worlds, cybersecurity professionals can't afford to become complacent even in the face of a skills shortage.
Major Mobile Financial Apps Harbor Built-in Vulnerabilities
News  |  4/2/2019  | 
A wide variety of financial services companies' apps suffer from poor programing practices and unshielded data.
Women Now Hold One-Quarter of Cybersecurity Jobs
News  |  4/2/2019  | 
New data from ISC(2) shows younger women are making more money than in previous generations in the field but overall gender pay disparity persists.
War on Zero-Days: 4 Lessons from Recent Google & Microsoft Vulns
Commentary  |  4/2/2019  | 
When selecting targets, attackers often consider total cost of 'pwnership' -- the expected cost of an operation versus the likelihood of success. Defenders need to follow a similar strategy.
FireEye Creates Free Attack Toolset for Windows
News  |  4/2/2019  | 
The security services company releases a distribution of 140 programs for penetration testers who need to launch attacks and tools from an instance of Windows.
Sentence Handed Down in $4.2 Million BEC Scheme
Quick Hits  |  4/2/2019  | 
Maryland man conspired in a business email compromise scheme that stole from at least 13 separate victims over the course of a year.
Airports & Operational Technology: 4 Attack Scenarios
Commentary  |  4/2/2019  | 
As OT systems increasingly fall into the crosshairs of cyberattackers, aviation-industry CISOs have become hyper-focused on securing them.
<<   <   Page 3 / 4   >   >>


HackerOne Drops Mobile Voting App Vendor Voatz
Dark Reading Staff 3/30/2020
Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
Curtis Franklin Jr., Senior Editor at Dark Reading,  3/31/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-6994
PUBLISHED: 2020-04-03
A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The followi...
CVE-2020-8637
PUBLISHED: 2020-04-03
A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the node_id parameter.
CVE-2020-8638
PUBLISHED: 2020-04-03
A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urgency parameter.
CVE-2020-8639
PUBLISHED: 2020-04-03
An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This allows an authenticated attacker to upload a malicious file (containing PHP code to execute operating system com...
CVE-2020-10601
PUBLISHED: 2020-04-03
VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and insecure permissions which may allow a local attacker to bypass the password-protected mechanism through brute-force attacks, cracking techniques, or overwriting the password hash.