Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in May 2017
<<   <   Page 2 / 4   >   >>
In Search of an Rx for Enterprise Security Fatigue
Commentary  |  5/22/2017  | 
Are you exhausted by the vast number of measures your organization needs to keep its systems and data safe? You're not alone.
Researcher Creates Tool to Unlock WannaCry-Infected Windows XP Files
Quick Hits  |  5/19/2017  | 
A security researcher appears to have discovered a flaw in WannaCry that may provide Windows XP victims of the attack with a way to unlock their files.
Ransomware Rocks Endpoint Security Concerns
News  |  5/19/2017  | 
Meanwhile, threat detection technologies are evolving that can help security teams spot incidents more efficiently.
Deconstructing the 2016 Yahoo Security Breach
Commentary  |  5/19/2017  | 
One good thing about disasters is that we can learn from them and avoid repeating the same mistakes. Here are five lessons that the Yahoo breach should have taught us.
5 Security Lessons WannaCry Taught Us the Hard Way
News  |  5/18/2017  | 
There is a lot more our industry should be doing to protect its systems and data from cyber blackmail.
APT3 Threat Group a Contractor for Chinese Intelligence Agency
News  |  5/18/2017  | 
Recorded Future says its research shows clear link between cyber threat group and China's Ministry of State Security.
Don't Forget Basic Security Measures, Experts Say
News  |  5/18/2017  | 
Some security leaders argue there is little point in worrying about emerging threats when businesses can't defend against today's attacks.
Android Users Fail to Run Latest OS Version
Quick Hits  |  5/18/2017  | 
A study finds 98% of Android devices are not running the latest software version, according to a report released today by Zimperium.
All Generations, All Risks, All Contained: A How-To Guide
Commentary  |  5/18/2017  | 
Organizations must have a security plan that considers all of their employees.
NSA Tools Behind WannaCry Being Used In Even Bigger Attack Campaign
News  |  5/18/2017  | 
Attackers have been using NSAs EternalBlue and Double Pulsar to distribute AdylKuzz cryptocurrency malware to hundreds of thousands of systems, Proofpoint says.
WannaCry: Ransomware Catastrophe or Failure?
Commentary  |  5/18/2017  | 
Using Bitcoin payments as a measure, the WannaCry attack is not nearly as profitable as the headlines suggest. But you should still patch your Windows systems and educate users.
FireEye CEO Mandia Talks Rapid Rise of Nation-State Threats
News  |  5/17/2017  | 
FireEye CEO Kevin Mandia at Interop ITX discussed changes in the geopolitical threat landscape and how attackers target their victims.
Why We Need a Data-Driven Cybersecurity Market
Commentary  |  5/17/2017  | 
NIST should bring together industry to create a standard set of metrics and develop better ways to share information.
Survey: Unpatched Windows OS on the Rise
Quick Hits  |  5/17/2017  | 
Despite the rise in vulnerabilities, the percentage of unpatched Windows operating systems grew in the first quarter compared to the previous year.
Inside the Motivations Behind Modern Cyberattackers
News  |  5/17/2017  | 
Attackers seeking money, dominance, and data are banding together and sharing infrastructure to target businesses.
The Fundamental Flaw in TCP/IP: Connecting Everything
Commentary  |  5/17/2017  | 
Almost 30 years after its inception, it's time to fix the engine that both fuels the modern day Internet and is the root cause of its most vexing security challenges.
WannaCry's 'Kill Switch' May Have Been a Sandbox-Evasion Tool
News  |  5/16/2017  | 
Massive ransomware worm attack appears to have come with a poorly planned anti-analysis feature.
ShadowBrokers To Launch Monthly Subscription Service for Exploits
News  |  5/16/2017  | 
Think of it like a wine of the month club for attack tools and new exploits threat group says.
Mocana Lands $11M Funding for IoT Security
Curt Franklin  |  5/16/2017  | 
New round of funding brings IoT security company's total to $93.6 million.
New Threat Research Shows Vietnam a Rising Force in Cyberespionage
News  |  5/16/2017  | 
FireEye report on APT32 puts evidence together of a group attacking private and public targets for the sake of Vietnamese state interests.
DocuSign's Brand Used in Phishing Attacks
Quick Hits  |  5/16/2017  | 
The electronic signature company issued an update alert today that it noticed a rise in phishing attacks last week and this morning.
FTC Launches 'Operation Tech Trap' to Catch Fraudsters
Quick Hits  |  5/16/2017  | 
The Federal Trade Commission has teamed up with law enforcement partners to crack down on tech support scams.
The Wide-Ranging Impact of New York's Cybersecurity Regulations
Commentary  |  5/16/2017  | 
New York's toughest regulations yet are now in effect. Here's what that means for your company.
Study: Rooted Androids, Jailbroken iPhones Found in Enterprises
News  |  5/16/2017  | 
A study released today gives greater insight into some of the worst fears for security pros trying to manage employees' BYOD mobile phones.
WannaCry Continues at a Slowed Pace
Curt Franklin  |  5/16/2017  | 
Hold off on that big sigh of relief. WannaCry isn't dead, yet.
How Many People Does It Take to Defend a Network?
Commentary  |  5/16/2017  | 
The question is hard to answer because there aren't enough cybersecurity pros to go around.
Majority of CEOs Knowingly Raise Risk Level With Their Shadow IT
News  |  5/16/2017  | 
Despite the increased risk shadow IT poses to security, a majority of CEOs surveyed say they are willing to take the risk, according to a survey released today.
Researchers Investigate Possible Connection Between WannaCry & North Korean Hacker Group
News  |  5/15/2017  | 
Google, Kaspersky Lab and Symantec all have found common code in the WannaCry malware and that of the nation-state hackers behind the mega breach of Sony.
Microsoft Calls for IoT Cybersecurity Policy Development
Quick Hits  |  5/15/2017  | 
Microsoft emphasizes the need for new security policies as IoT growth heightens the consequences of cyberattacks.
Breaches Can Crater Companies' Stock by 5%
Quick Hits  |  5/15/2017  | 
New Ponemon study shows how breaches can bring a company's stock price down by an average of 5% on the day of the incident.
Your Grandma Could Be the Next Ransomware Millionaire
Commentary  |  5/15/2017  | 
Today's as-a-service technology has democratized ransomware, offering practically anyone with a computer and an Internet connection an easy way to get in on the game.
WanaCrypt0r Hits Worldwide
Partner Perspectives  |  5/13/2017  | 
Consumers and businesses should be sure their Windows systems and software are updated with all current patches in order to stop the spread of this dangerous ransomware attack.
7 Florida Men Charged in Global Tech Support Scheme
Quick Hits  |  5/12/2017  | 
Federal fraud charges have been filed against seven men for their involvement in an international tech support scam.
Global Ransomware Attack Strikes 70K Systems (& Counting)
Curt Franklin  |  5/12/2017  | 
A wave of ransomware attacks based on a Shadow Brokers vulnerability strikes Telefonica and organizations worldwide.
'WannaCry' Rapidly Moving Ransomware Attack Spreads to 74 Countries
News  |  5/12/2017  | 
A wave of ransomware infections took down a wide swath of UK hospitals and is rapidly moving across the globe.
New Malware Uses GeoCities, North Korea Interest to Trick Victims
News  |  5/12/2017  | 
A new threat called Baijiu leverages the GeoCities web service, and heightened interest in North Korea, to deceive victims.
8 Notorious Russian Hackers Arrested in the Past 8 Years
Slideshows  |  5/12/2017  | 
Lesson learned by Russian cybercriminals: Don't go on vacation, it's bad for your freedom to scam.
Jaff Ransomware Family Emerges In Force
Quick Hits  |  5/12/2017  | 
A new ransomware family is making the rounds in multiple high-volume spam campaigns over the past day, according to Cisco Talos.
5 Steps to Maximize the Value of your Security Investments
Commentary  |  5/12/2017  | 
How a security rationalization process can help CISOs make the most out of their information security infrastructure, and also improve the company bottom line.
Trump Issues Previously Delayed Cybersecurity Executive Order
News  |  5/11/2017  | 
EO calls for immediate review of federal agencies' security postures, adoption of the NIST Framework, and a focus on critical infrastructure security.
Keylogger Discovered in Some HP Laptops
Quick Hits  |  5/11/2017  | 
Researchers discovered the audio driver in some HP laptops contains a tool to record and save users' keystrokes.
What Developers Don't Know About Security Can Hurt You
Commentary  |  5/11/2017  | 
Developers won't start writing secure code just because you tell them it's part of their job. You need to give them the right training, support, and tools to instill a security mindset.
APT28, Turla Nation-State Groups Deployed Multiple 0Days in Recent Attacks
News  |  5/11/2017  | 
Attack campaigns by APT28, Turla, and an unidentified group showcase easy availability of zero-days.
SSA Plans Stronger Website Authentication
Quick Hits  |  5/11/2017  | 
Starting in June 2017, the US Social Security Administration will require a more secure login process for SSA.gov.
Artificial Intelligence: Cybersecurity Friend or Foe?
Commentary  |  5/11/2017  | 
The next generation of situation-aware malware will use AI to behave like a human attacker: performing reconnaissance, identifying targets, choosing methods of attack, and intelligently evading detection.
Businesses Not Properly Securing Microsoft Active Directory
News  |  5/10/2017  | 
Businesses overlook key security aspects of AD, leaving sensitive data open to external and internal attacks, new study shows.
'Systemic' Cyberattack Most Likely to Hit Financial, Energy Sectors
Quick Hits  |  5/10/2017  | 
The financial services industry is among the top five industries that likely face a systemic cyberattack, according to a survey released today.
Your IoT Baby Isn't as Beautiful as You Think It Is
Commentary  |  5/10/2017  | 
Both development and evaluation teams have been ignoring security problems in Internet-connected devices for too long. That must stop.
FTC Launches Cybersecurity Resource Website for SMBs
Quick Hits  |  5/10/2017  | 
Federal Trade Commission website offers free tips and information for small businesses.
Extreme Makeover: AI & Network Cybersecurity
Commentary  |  5/10/2017  | 
In the future, artificial intelligence will constantly adapt to the growing attack surface. Today, we are still connecting the dots.
<<   <   Page 2 / 4   >   >>


Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20027
PUBLISHED: 2021-06-14
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls.
CVE-2021-32684
PUBLISHED: 2021-06-14
magento-scripts contains scripts and configuration used by Create Magento App, a zero-configuration tool-chain which allows one to deploy Magento 2. In versions 1.5.1 and 1.5.2, after changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec, an...
CVE-2021-34693
PUBLISHED: 2021-06-14
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.
CVE-2021-27887
PUBLISHED: 2021-06-14
Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can then be executed in a victim&acirc;&euro;&trade;s browser. This issue affects: Hitachi ABB Power Grids ...
CVE-2021-27196
PUBLISHED: 2021-06-14
Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the...