Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in May 2016
<<   <   Page 3 / 3
The 10 Worst Vulnerabilities of The Last 10 Years
Slideshows  |  5/6/2016  | 
From the thousands of vulns that software vendors disclosed over the past 10 years, a few stand out for being a lot scarier than the rest.
Mandia Replaces DeWalt As CEO Of FireEye
Quick Hits  |  5/6/2016  | 
In major shake-up of companys top brass, DeWalt moved to executive chairman.
Connected Cars: Strategies For Reducing The Ever-Expanding Risk
Commentary  |  5/6/2016  | 
The best way automakers can keep customers safe and mitigate threats to their own enterprise is to first hack themselves.
Stupid Locky Network Breached
News  |  5/5/2016  | 
For the second time in recent months, a white hat hacker appears to have broken into a C&C server for a major malware threat.
What's Next For Network Security
News  |  5/5/2016  | 
A vanishing physical network perimeter in the age of mobile, cloud services, and the Internet of Things, is changing network security as well.
5 Questions SMBs Should Ask About Cloud Security
News  |  5/5/2016  | 
Most small companies need help. Start by asking the right questions.
Online Transaction Fraud To Hit $25.6 Billion By 2020
Quick Hits  |  5/5/2016  | 
Juniper Research says cybercriminals will move to card not present space with focus on ecommerce.
BEC Hack Scams Company Of $495,000
Quick Hits  |  5/5/2016  | 
Fake mail sent to investment firm employee asking for transfer of funds.
Proof-of-Concept Exploit Sharing Is On The Rise
News  |  5/5/2016  | 
Research offers cyber defenders view of which POC exploits are being shared and distributed by threat actors.
Silicon & Artificial Intelligence: The Foundation of Next Gen Data Security
Commentary  |  5/5/2016  | 
Why new challenges like real-time, always-on authentication and access control can only be met by a combination of smart hardware and software.
Microsoft: Windows Malware Up, Stuxnet Shell Attack Most Popular
News  |  5/5/2016  | 
New Security Intelligence Report (SIR) shows increase in vulnerability disclosures, and re-emergence of old Stuxnet attack bug.
Millions Of Web Servers Vulnerable To ImageMagick Attack
News  |  5/4/2016  | 
US-CERT issues advisory on 0-day flaws found in popular image processing tool.
Gozi Creator Released From Prison
Quick Hits  |  5/4/2016  | 
Russian serves 37 months for malware charges; ordered to pay fine of $6.9 million.
ADP Data Used In US Bank Employee W-2 Breach
Quick Hits  |  5/4/2016  | 
Online hitch allows thieves to register fraudulently on payroll vendor portal.
The Balancing Act: Government Security In The Cloud
Commentary  |  5/4/2016  | 
The cloud offers great opportunities and challenges to public sector security teams defending critical systems against advanced threats. These 7 strategies will help you avoid a worst-case scenario.
Enterprises Lack Top-Down Management Of Third-Party Risk
News  |  5/3/2016  | 
New report finds there's not enough leadership in managing risks from business partners and vendors.
Wendy's Hit With Lawsuit Over Data Breach
Quick Hits  |  5/3/2016  | 
Fast-food chain accused of failing to protect customer credit card details.
Its A Dogs Life: Caption Contest Winners Announced
Commentary  |  5/3/2016  | 
Packet sniffing, drones and cat memes. And the winning caption is.
10 Biggest Mega Breaches Of The Past 10 Years
Slideshows  |  5/3/2016  | 
These data breaches from Dark Reading's 10-year history boggle the mind in terms of scale and fallout.
The Hidden Flaws Of Commercial Applications
News  |  5/2/2016  | 
Open source components in commercial applications are more plentiful than organizations think -- and they're full of long-standing vulnerabilities.
Ransomware Spikes, Tries New Tricks
News  |  5/2/2016  | 
Ransomware authors constantly upping their game, techniques, to stay ahead of security researchers.
Utility's Server Hacked, Infected With Ransomware
Quick Hits  |  5/2/2016  | 
Electricity, water supply uninterrupted while authorities work on solution to locked files.
Dental Association Unknowingly Sends Virus To Members
Quick Hits  |  5/2/2016  | 
American Dental Association (ADA) admits that some USB devices it mailed contain malware, advises caution.
Women In Security: What Are You Missing?
Partner Perspectives  |  5/2/2016  | 
For security jobs, men outnumber women by a long shot. It's time to start thinking and recruiting differently.
8 Microsoft Office 365 Security Tips To Reduce Data Loss
Slideshows  |  5/2/2016  | 
Even with a slew of new security tools and compliance guidance, there are still things you can do to protect this critical business system.
How To Succeed At Third-Party Cyber Risk Management: 10 Steps
Commentary  |  5/2/2016  | 
Organizations are failing -- and badly -- assessing the risk of attacks and data breaches from vendors and supply chains, according to a recent Ponemon Institute study. The solution starts at the top.
<<   <   Page 3 / 3


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30485
PUBLISHED: 2021-04-11
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.