News & Commentary

Content posted in May 2016
Page 1 / 3   >   >>
Pre-Loaded Laptop Software Comes With Security Risks
News  |  5/31/2016  | 
Laptops from Dell, HP, Asus, Acer and Lenovo all had at least one vulnerability that could result in complete compromise of system, Duo Security report says.
Dark Reading At 10 Years: Learning From The Best
Commentary  |  5/31/2016  | 
Kudos to the Dark Reading community for strengthening the security industry with all its passion and opinions.
Wekby 'Pisloader' Abuses DNS
News  |  5/31/2016  | 
New malware family 'pisloader' uses DNS requests for command and control.
10 Sea-Changing IT Security Trends Of The Last 10 Years
News  |  5/31/2016  | 
A look at ten of the megatrends that have shaped IT security -- and in some cases, enterprise business -- over the last decade.
Adobe Flash: 6 Tips For Blocking Exploit Kits
Slideshows  |  5/31/2016  | 
While Adobe does a good job patching exploits, there are additional steps security staffs can take to hedge their bets.
Insiders Involved In Bangladesh Bank Cyber Theft?
Quick Hits  |  5/31/2016  | 
Government-ordered probe points to bank officials' possible involvement -- report to be released soon.
No Cybersecurity Exec In Nearly Half Of Companies, UAE Survey Finds
Quick Hits  |  5/31/2016  | 
New DarkMatter survey exposes security concerns and issues.
How Security And IT Teams Can Get Along: 4 Ways
News  |  5/31/2016  | 
Security managers need to change the conversation with IT teams, showing how to secure critical assets without stifling innovation and business processes.
Ultimate Guide To DDoS Protection: Strategies And Best Practices
Commentary  |  5/30/2016  | 
To be in the best position to defend against DDoS, companies need to protect against a range of exploitable vulnerabilities -- and have the tools to detect and react to attacks.
SWIFT Proposes New Measures For Bolstering Its Security
News  |  5/27/2016  | 
Measures come amid news that up to 12 banks may have fallen victim to attacks attempting to steal millions via the SWIFT network.
Ultimate Guide To DDoS Protection: DDoS Is A Business Problem
Commentary  |  5/27/2016  | 
In the first of a two-part series, we examine the impact DDoS attacks have on business continuity and why it is so much more than a network security problem.
FBI Report: Deconstructing The Wide Scope Of Internet Crime
Slideshows  |  5/27/2016  | 
Hottest crimes reported to IC3 last year include ransomware and email scams via business email compromise and all account compromise attacks.
USB-Charging 'Handshake' Exposes Smartphones To Infection
Quick Hits  |  5/27/2016  | 
Research by security firm says phone details can be accessed and malware transferred when device is plugged into computer.
More Banks May Have Been Hacked Via SWIFT
Quick Hits  |  5/27/2016  | 
FireEye said to investigate breaches similar to that of Bangladesh Bank, of around 12 financial institutions, mostly out of in Southeast Asia.
DNS Management Provider Hit With Sophisticated, 'Precise' DDoS Attacks
News  |  5/27/2016  | 
NS1 CEO says other DNS providers also have been attacked over the past few months.
What's At Risk When CISOs Say 'No'
News  |  5/26/2016  | 
Employee satisfaction and hundreds of billions in revenue when CISOs don't look for creative ways to secure innovative change.
A Wish List For The Security Conference Stage
Commentary  |  5/26/2016  | 
All the world may be a stage, but in the theater of cybersecurity, we need a more relevant dialogue of fresh ideas, novel approaches, and new ways of thinking.
Bangladesh Reopens 2013 Cold Case Of Bank Theft Via SWIFT
Quick Hits  |  5/26/2016  | 
Authorities cite similarities in Sonali Bank hack with February's $81 million central bank theft.
Millennials Could Learn From Baby Boomers When It Comes To Security
News  |  5/26/2016  | 
New reports show baby boomers have their millennial children beat when it comes to information security.
Guccifer Pleads Guilty To Hacking US Politicians
Quick Hits  |  5/26/2016  | 
Romanian hacker, extradited to the US, breached emails of 100 high-profile Americans and publicized their personal information.
Unsung (And Under-Sung) Heroes Of Security
News  |  5/25/2016  | 
You've heard of the cybersecurity rock stars, but there are plenty of other major contributors to the industry who deserve kudos. In celebration of Dark Reading's 10th anniversary, meet a few of these folks.
New Internet Of Things Security-Certification Program Launched
News  |  5/25/2016  | 
ICSA Labs now offers a security testing program for IoT products, following the recently announced 'CyberUL' security certification program.
1 Security Incident x 4 Tools x 8 Roles = 8 Days
Partner Perspectives  |  5/25/2016  | 
Collaboration can significantly improve this equation.
A Newer Variant Of RawPOS: An In-Depth Look
Commentary  |  5/25/2016  | 
There's no silver bullet for RawPOS prevention, but you can impede RawPOS's ability to execute successfully by understanding how it works.
Apple Rehires Security Expert Jon Callas
Quick Hits  |  5/25/2016  | 
Move seen as attempt to strengthen encryption features of Apple devices following face-off with FBI.
4 Signs Security Craves More Collaboration
News  |  5/25/2016  | 
New Intel Security report finds that companies look to work together across departmental lines to remediate security incidents.
APWG: Phishing Attacks Jump 250% From Oct Through March
Quick Hits  |  5/25/2016  | 
Quarterly and monthly totals are the highest since the Anti-Phishing Working Group began tracking phishing in 2004.
GSA May Offer Bug Bounty Program For Federal Agencies
News  |  5/24/2016  | 
Researchers will be eligible for bounties of up to $3,500 for discovering bugs in federal agency systems.
Attackers Clobbering Victims With One-Two Punch Of Ransomware And DDoS
News  |  5/24/2016  | 
Encrypted systems now being added to botnets in the latest incarnations of ransomware attacks, with experts expecting this to become standard practice.
Employee Negligence The Cause Of Many Data Breaches
News  |  5/24/2016  | 
Enterprise privacy and training programs lack the depth to change dangerous user behavior, Experian study finds.
Poor Airport Security Practices Just Dont Fly
Commentary  |  5/24/2016  | 
Five lessons learned the hard way by the Tampa International Airport about bringing third parties into a security environment.
How To Manage And Control End User Access
Slideshows  |  5/24/2016  | 
A look at the perils of manual user-access provisioning and ways to streamline and better manage the process via automation.
NBA Players' Financial Data Exposed In BEC Email Scam
Quick Hits  |  5/24/2016  | 
NBA franchise employee mistakenly emails 2015 tax data of NBA team fraudster, say sources.
Google To Eliminate Passwords For Android Apps
Quick Hits  |  5/24/2016  | 
Project Abacus, in last stage of trial, will employ secure biometrics to unlock devices.
Why Microsoft's New Office 2016 Macro Control Feature Matters
News  |  5/23/2016  | 
Resurgence in macro attacks result in Microsoft adding new protections from macro abuse.
G7 Global Finance Leaders Push Cybersecurity Framework
Quick Hits  |  5/23/2016  | 
At G7 meeting, US Treasury official says cybercrime issues 'not going away.'
$13 Million Stolen From Japan ATMs Via Stolen S. African Bank Data
Quick Hits  |  5/23/2016  | 
Coordinated fraudsters hit ATMs at 1,400 Japanese 7-Eleven stores -- before lunch.
What Europe Tells Us About The Future Of Data Privacy
Commentary  |  5/23/2016  | 
Recent initiatives offer new strategies for balancing technology, security, and organizational policy goals. Here are three approaches worth considering.
TeslaCrypt Ransomware Group Pulls Plug, Releases Decrypt Key
News  |  5/20/2016  | 
But dont be surprised if group revives campaign or launches another one, security researchers say.
5 Tips for Protecting Firmware From Attacks
Slideshows  |  5/20/2016  | 
Dont let hackers take advantage of holes in firmware. Heres how to stop them.
Closing the Gender Gap in Cybersecurity: 3 Critical Steps
Commentary  |  5/20/2016  | 
Women in security need to step up as industry role models and set the example for future generations. Heres how.
Cyber Security A Major Risk To US Financial System: SEC Chief
Quick Hits  |  5/20/2016  | 
Mary Jo White believes that despite preparedness, procedures in place to fight cyberattacks are inadequate.
Bangladesh Officials Computer Hacked To Carry Out $81 Million Theft
Quick Hits  |  5/20/2016  | 
Bangladeshi diplomat shares FBI report with Philippine inquiry panel on Bangladesh Bank theft.
Epic Security #FAILS Of The Past 10 Years
News  |  5/19/2016  | 
In honor of Dark Reading's 10-year anniversary, a look at ten of the biggest failed security trends, technologies, and tactics.
OPM Breach: Cyber Sprint Response More Like A Marathon
News  |  5/19/2016  | 
Sixty-five percent of federal security execs surveyed in new (ISC)2 report say that government still cant detect ongoing cyber attacks.
IoT Security By The Numbers
Slideshows  |  5/19/2016  | 
Some recent stats on adoption rates and perceptions about risks surrounding the Internet of Things.
5 Reasons Enterprises Still Worry About Cloud Security
News  |  5/19/2016  | 
Cloud spending and adoption has been on the rise for years, but the gap in cloud security confidence still causes pause with enterprises.
Why Security Investigators Should Care About Forensic Research
Commentary  |  5/19/2016  | 
Despite the promise of expanded visibility into the user trail behind a data breach, the security industry has largely ignored the meticulous advances of forensic researchers. Privacy is just one reason for the snub.
Looking Forward: A Skilled Security Talent Shortage Looms
Partner Perspectives  |  5/19/2016  | 
The skilled security workforce crisis will continue for the foreseeable future, even as expert systems are deployed.
LinkedIn: More Than 100 Million Member Accounts Exposed In 2012 Breach
Quick Hits  |  5/19/2016  | 
LinkedIn data theft is likely to be much worse than expected with additional data being released now.
Page 1 / 3   >   >>


Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2016-8656
PUBLISHED: 2018-05-22
Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation.
CVE-2017-2609
PUBLISHED: 2018-05-22
jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to.
CVE-2017-2617
PUBLISHED: 2018-05-22
hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker could use this vulnerability to upload a crafted file which could be executed on a target machine where hawtio is deployed.
CVE-2018-11372
PUBLISHED: 2018-05-22
iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter.
CVE-2018-11373
PUBLISHED: 2018-05-22
iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter.