Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in April 2019
<<   <   Page 4 / 4
Third Parties in Spotlight as More Facebook Data Leaks
News  |  4/4/2019  | 
Two third-party services left Facebook user data exposed online -- in one case, 540 million records of user comments -- highlighting the ease with which third-party developers can access data and the risk of lax security.
New, Improved BEC Campaigns Target HR and Finance
News  |  4/4/2019  | 
Spearphishing campaigns from new and established business email compromise (BEC) gangs are stealing from companies using multiple tactics.
Patched Apache Vulnerability Could Still Cause Problems
Quick Hits  |  4/4/2019  | 
More than 2 million Apache HTTP servers remain at risk for a critical privilege escalation vulnerability.
3 Lessons Security Leaders Can Learn from Theranos
Commentary  |  4/4/2019  | 
Theranos flamed out in spectacular fashion, but you can still learn from the company's "worst practices."
True Cybersecurity Means a Proactive Response
Commentary  |  4/4/2019  | 
Successful, secure organizations must take an aggressive, pre-emptive posture if they want true data security.
How iOS App Permissions Open Holes for Hackers
News  |  4/4/2019  | 
The permissions iOS apps request from users can turn the devices into spy tools and provide a toehold into the enterprise network, according to new research.
Increased Permissions in Mobile Apps Increases Potential Risk
Larry Loeb  |  4/4/2019  | 
App user permissions should be justified, but many of them aren't.
Focus on Business Priorities Exposing Companies to Avoidable Cyber-Risk
News  |  4/3/2019  | 
Despite the growing sophistication of threats and increase compliance requirements, a high percentage of organizations are continuing to compromise their security.
Privacy & Regulatory Considerations in Enterprise Blockchain
Commentary  |  4/3/2019  | 
People who understand information governance, privacy, and security should be active participants on the distributed ledger technology implementation team to ensure success.
Chinese National Carries Malware Into Mar-a-Lago
Quick Hits  |  4/3/2019  | 
A Chinese woman arrested for entering the grounds of Mar-a-Lago under false pretenses was carrying electronic equipment holding malware.
In Security, Programmers Aren't Perfect
Commentary  |  4/3/2019  | 
Software developers and their managers must change their perception of secure coding from being an optional feature to being a requirement that is factored into design from the beginning.
Vulnerabilities Found in Kubernetes Container System
Larry Loeb  |  4/3/2019  | 
Trouble with tarballs and more.
Georgia Tech Cyberattack Exposes Data of 1.3 Million People
Quick Hits  |  4/3/2019  | 
Names, addresses, Social Security numbers, and birth dates may have been pilfered in the attack.
Financial Firms Scrutinize Third-Party Supplier Risk
News  |  4/3/2019  | 
But executives aren't confident in the accuracy of cybersecurity assessment data received from their vendors, a new study shows.
6 Essential Skills Cybersecurity Pros Need to Develop in 2019
Slideshows  |  4/3/2019  | 
In a time of disruption in the security and tech worlds, cybersecurity professionals can't afford to become complacent even in the face of a skills shortage.
Major Mobile Financial Apps Harbor Built-in Vulnerabilities
News  |  4/2/2019  | 
A wide variety of financial services companies' apps suffer from poor programing practices and unshielded data.
Emerging Cyber Threats Leverage Society's Reliance on Connectivity & Intelligent Systems
Steve Durbin  |  4/2/2019  | 
By 2021, the world will be significantly digitized and connected. The race to develop the next generation of super-intelligent machines will be in full swing and technology will be intertwined with everyday life.
Women Now Hold One-Quarter of Cybersecurity Jobs
News  |  4/2/2019  | 
New data from ISC(2) shows younger women are making more money than in previous generations in the field but overall gender pay disparity persists.
War on Zero-Days: 4 Lessons from Recent Google & Microsoft Vulns
Commentary  |  4/2/2019  | 
When selecting targets, attackers often consider total cost of 'pwnership' -- the expected cost of an operation versus the likelihood of success. Defenders need to follow a similar strategy.
FireEye Creates Free Attack Toolset for Windows
News  |  4/2/2019  | 
The security services company releases a distribution of 140 programs for penetration testers who need to launch attacks and tools from an instance of Windows.
Airports & Operational Technology: 4 Attack Scenarios
Commentary  |  4/2/2019  | 
As OT systems increasingly fall into the crosshairs of cyberattackers, aviation-industry CISOs have become hyper-focused on securing them.
Sentence Handed Down in $4.2 Million BEC Scheme
Quick Hits  |  4/2/2019  | 
Maryland man conspired in a business email compromise scheme that stole from at least 13 separate victims over the course of a year.
Rapid7 Buys Network Monitoring Firm NetFort
Quick Hits  |  4/2/2019  | 
New technology will be integrated into Rapid7's cloud-based security analytics platform.
Cisco Router Still Vulnerable to Remote Attack After Attempted Fix
Larry Loeb  |  4/2/2019  | 
The vendor finally admitted that the security patches it had released in January for the Small Business RV320 and RV325 routers don't work.
Nuanced Approach Needed to Deal With Huawei 5G Security Concerns
News  |  4/1/2019  | 
Governments need to adopt strategic approach for dealing with concerns over telecom vendor's suspected ties to China's intelligence apparatus, NATO-affiliated body says.
Restaurant Chains Hit in PoS Attack
Quick Hits  |  4/1/2019  | 
Buca di Beppo, Earl of Sandwich, and Planet Hollywood were among the chains hit in a nearly year-long breach of their point-of-sale systems.
ShadowHammer Dangers Include Update Avoidance
News  |  4/1/2019  | 
More fallout from the compromise of Asus's automated software update.
City of Albany Hit in Ransomware Attack
Quick Hits  |  4/1/2019  | 
Few details yet on the March 30 ransomware attack.
In the Race Toward Mobile Banking, Don't Forget Risk Management
Commentary  |  4/1/2019  | 
The rise of mobile banking and payment services has sparked widespread adoption, making a focus on risk essential.
Almost 1 Billion Emails With Personal Information Left Unsecured
Larry Loeb  |  4/1/2019  | 
As leaks go, it's a whopper, and a so-called email validation service provider is to blame.
<<   <   Page 4 / 4


News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7856
PUBLISHED: 2021-04-20
A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient authentication validation.
CVE-2021-28793
PUBLISHED: 2021-04-20
vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration.
CVE-2021-25679
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed....
CVE-2021-25680
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only...
CVE-2021-25681
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over DNS. NOTE: The aff...