Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in May 2018
Page 1 / 5   >   >>
Banking Botnet Operators Strike Profit-Sharing Partnership
News  |  5/31/2018  | 
Instead of ripping each other's malware out of victim systems, the groups behind Trickbot and IcedID are playing nice with each other, says Flashpoint.
New Federal Report Gives Guidance on Beating Botnets
News  |  5/31/2018  | 
A report from the Departments of Commerce and Homeland Security provides five goals for protecting infrastructure from botnets and other automated threats.
Building Blocks for a Threat Hunting Program
News  |  5/31/2018  | 
Guidance for businesses building threat intelligence strategies while overwhelmed by threats, lack of talent, and a healthy dose of skepticism about the market.
Thoma Bravo Acquires Majority Stake in LogRhythm
Quick Hits  |  5/31/2018  | 
The SIEM vendor sells stake to private equity firm.
The Good News about Cross-Domain Identity Management
Commentary  |  5/31/2018  | 
Adoption of the SCIM open source, standards-based approach for syncing user information between applications is ratcheting up among SaaS vendors as well as enterprises.
Git Fixes Serious Code Repository Vulnerability
News  |  5/31/2018  | 
GitHub, Visual Studio Team Services, and other code repositories patching to prevent attackers from targeting developer systems.
Judge Tosses Kaspersky Lab Suits Against US Government Ban
Quick Hits  |  5/31/2018  | 
A US judge dismisses two lawsuits filed by Kaspersky Lab, which argued the US government ban on its products was unconstitutional and caused undue harm.
Facebook Must Patch 2 Billion Human Vulnerabilities; How You Can Patch Yours
Commentary  |  5/31/2018  | 
The situation Facebook is in should be prompting all security teams to evaluate just how defenseless or protected the people in their organizations are.
Hands-Off Security: Automating & Virtualizing the Enterprise Network
Joe Stanganelli  |  5/31/2018  | 
A series of recent tech events demonstrate that enterprises are increasingly using virtualized automation to improve their network-security posture but perhaps no tool is perfect.
6 Security Investments You May Be Wasting
Slideshows  |  5/31/2018  | 
Not all tools and services provide the same value. Some relatively low-cost practices have a major payoff while some of the most expensive tools make little difference.
FBI & DHS Warn About 2 North Korea Malware Threats
Jeffrey Burt  |  5/31/2018  | 
The FBI and Department of Homeland Security are warning about North Korea's Hidden Cobra group, which is suspected of being behind the Joanap and Brambul threats that have targeted multiple countries for almost a decade.
Dozens of Vulnerabilities Discovered in DoD's Enterprise Travel System
News  |  5/30/2018  | 
In less than one month, security researchers participating in the Pentagon's Hack the Defense Travel System program found 65 vulnerabilities.
Hacker Sentenced to 5 Years in Yahoo Credential Theft Case
News  |  5/30/2018  | 
Karim Baratov given prison time and seven-figure fine after guilty plea in the massive Yahoo data breach
Windows 'Double Kill' Attack Code Found in RIG Exploit Kit
News  |  5/30/2018  | 
Microsoft issued a fix for the remote code execution zero-day vulnerability in May, but research shows businesses have slowed their patching processes post-Meltdown.
FireEye Offers Free Tool to Detect Malicious Remote Logins
News  |  5/30/2018  | 
Open source GeoLogonalyzer helps to weed out hackers exploiting stolen credentials to log into their targets.
Machine Learning, Artificial Intelligence & the Future of Cybersecurity
Commentary  |  5/30/2018  | 
The ability to learn gives security-focused AI and ML apps unrivaled speed and accuracy over their more basic, automated predecessors. But they are not a silver bullet. Yet.
Getting Revolutionary (Not Evolutionary) about Cybersecurity
Commentary  |  5/30/2018  | 
Being a security revolutionary isn't purely about new, ground-breaking ideas. It's about anticipating, outpacing, and influencing your world, both internally and externally. Here are five keys to success.
Mobile Malware Moves to Mine Monero (and Other Currencies)
Quick Hits  |  5/30/2018  | 
A new report shows that cryptocurrencies tend to be the focus of a growing number of malicious apps.
Public Cloud, Part of the Network or Not, Remains a Security Concern
Alan Zeichick  |  5/30/2018  | 
Security in the public cloud is like asking who is responsible for securing your rented apartment you or the building owner?
Researchers Bypass AMD's SEV Hypervisor & Cause More Chip Concerns
Larry Loeb  |  5/30/2018  | 
Intel is not the only chip maker being tested these days. A group of German researchers have found a way around AMD's SEV hypervisor, leaving these processors open to attack.
FBI Urges Businesses & Consumers to Reboot Routers
News Analysis-Security Now  |  5/30/2018  | 
After the discovery of botnet malware called VPNFilter last week, the FBI is urging small businesses and consumers to reboot their routers to stop these devices from being used in an attack.
Over 5K Gas Station Tank Gauges Sit Exposed on the Public Net
News  |  5/29/2018  | 
One gas station failed its PCI compliance test due to security holes in its automated gas tank gauge configuration, researcher says.
Alexa Mishap Hints at Potential Enterprise Security Risk
News  |  5/29/2018  | 
When Alexa mailed a copy of a couple's conversation to a contact, it raised warning flags for security professionals in organizations.
FireMon to Buy Lumeta
News  |  5/29/2018  | 
Network security policy vendor looks to expand its offerings to real-time situational awareness on-premise and in the cloud.
How to Empower Today's 'cISOs'
Commentary  |  5/29/2018  | 
Although many security leaders have a C in their title, not all are true capital-C "Chiefs." Here are three ways to live up to the job description.
FBI Warns Users to Reboot All SOHO Routers
Quick Hits  |  5/29/2018  | 
Everyone with a home router should reboot their systems as a precaution in the wake of the recently discovered VPNFilter attack infrastructure.
Canadian Banks Hacked
Quick Hits  |  5/29/2018  | 
At least 90,000 customers affected in breach at two financial institutions in Canada.
6 Ways Third Parties Can Trip Up Your Security
Slideshows  |  5/29/2018  | 
Poor access control, inadequate patch management, and non-existent DR practices are just some of the ways a third party can cause problems
New Threats, Old Threats: Everywhere a Threat
Commentary  |  5/29/2018  | 
First-quarter data shows cryptojacking on the rise -- but don't count out some "classic" threats just yet.
Cybersecurity & C-Suite: Why Executives Should Take the Lead
News Analysis-Security Now  |  5/29/2018  | 
Enterprises of all sizes need to be cyber resilient, but who should take the lead? Here's why the whole C-Suite needs to get more involved in the fight against cyberattacks both inside and out.
An Industry In Transition: Key Tech Trends In 2018
Partner Perspectives  |  5/29/2018  | 
Office 365 & G-Suite: How Email Security Is Failing Your Business
News Analysis-Security Now  |  5/29/2018  | 
Microsoft's Office 365 and Google's G-Suite boast of many advanced features to secure email, however, as phishers and other attackers get better at attacking email platforms, these two companies need to do more to keep up.
Z-Shave Attack Shows Why IoT Security Need More Attention
Larry Loeb  |  5/29/2018  | 
Pen Test Partners have discovered a new IoT vulnerability that researchers call Z-Shave. This shows why manufactures need to think much harder about building security into connected devices.
World Password Day 2018: Let's Make It the Last One
News Analysis-Security Now  |  5/28/2018  | 
Every year, the IT and security world marks World Password Day, but why do we? Here's why this year's should be the last one ever.
Security Lags in Enterprise Cloud Migration
Quick Hits  |  5/25/2018  | 
Cloud security is falling farther behind as companies migrate more and more of their workloads to public cloud infrastructures.
Android Malware Comes Baked into Some New Tablets, Phones
Quick Hits  |  5/25/2018  | 
Ad-loading malware is being built into the firmware and operating system of some new tablets and phones from three major manufacturers.
GDPR Oddsmakers: Who, Where, When Will Enforcement Hit First?
News  |  5/25/2018  | 
The GDPR grace period ends today. Experts take their best guesses on when data protection authorities will strike - and what kind of organizations will be first to feel the sting of the EU privacy law.
Privacy Survey Says: Americans Don't Want to Sell Their Data
Quick Hits  |  5/25/2018  | 
A new survey shows the extent to which Americans are reluctant to sell their personal information for any price.
Privacy Group: Facebook, Google Policies Break GDPR Laws
News  |  5/25/2018  | 
Nonprofit 'None of Your Business' files complaints against Facebook, Google, WhatsApp, and Instagram.
Wicked Mirai Brings New Exploits to IoT Botnets
News  |  5/25/2018  | 
The latest variant of the venerable Mirai botnet malware combines approaches and brings new exploits to the world of IoT security challenges.
10 Free DevOps-Friendly Security Tools Developers Will Love
Slideshows  |  5/25/2018  | 
Start building an affordable DevSecOps automation toolchain with these free application security tools.
Bridging the Cybersecurity Talent Gap
Commentary  |  5/25/2018  | 
There's no one surefire way of fixing the problem, which endangers everyone's security. There are, however, several options we should try.
Kaspersky: Data Breaches Cost Enterprises $1.23M
News Analysis-Security Now  |  5/25/2018  | 
Between 2017 and 2018, the average cost to clean up a data breach in an enterprise increased 24% to $1.23 million, according to new research from Kaspersky Labs. The recovery for small firms increased even more to 36%.
GDPR: SecurityNow's Need-to-Know Guide
News Analysis-Security Now  |  5/25/2018  | 
Today marks the official beginning of the EU's General Data Protection Regulation or GDPR. Here's everything you need to know about the new privacy and security framework.
Most Expensive Data Breaches Start with Third Parties: Report
News  |  5/24/2018  | 
Data breach costs increased 24% for enterprise victims and 36% for SMBs from 2017 to 2018, researchers found.
DOJ Sinkholes VPNFilter Control Servers Found in US
News  |  5/24/2018  | 
The US Department of Justice said the move aims to thwart the spread of the botnet as part of its investigation into Russian nation-state hacking group APT28 aka Fancy Bear.
GDPR, WHOIS & the Impact on Merchant Risk Security Monitoring
Commentary  |  5/24/2018  | 
The EU's General Data Protection Regulation will make it harder for law enforcement, forensic investigators, and others to track down everything from credit card fraud to child porn rings.
IoT Security Concerns Include Pet Trackers, Kaspersky Finds
Jeffrey Burt  |  5/24/2018  | 
Kaspersky Lab researchers found BLE and weaknesses in the Android apps running on pet trackers can enable attackers to access user data from the IoT devices.
A Data Protection Officer's Guide to the Post-GDPR Deadline Reality
Commentary  |  5/24/2018  | 
The EU's General Data Protection Regulation deadline is here -- now what? These four tips can help guide your next steps.
Malwarebytes Buys Binisoft for Firewall Management
Quick Hits  |  5/24/2018  | 
Vendor plans to integrate Binisoft's Windows Firewall Control into the Malwarebytes endpoint protection platform.
Page 1 / 5   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-33331
PUBLISHED: 2021-08-03
Open redirect vulnerability in the Notifications module in Liferay Portal 7.0.0 through 7.3.1, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19 and 7.2 before fix pack 8, allows remote attackers to redirect users to arbitrary external URLs via the 'redirect' parameter.
CVE-2021-33332
PUBLISHED: 2021-08-03
Cross-site scripting (XSS) vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_portlet_configuration_css_web_por...
CVE-2021-33333
PUBLISHED: 2021-08-03
The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack 6, does not properly check user permission, which allows remote authenticated users to view and delete workflow submissions via crafted URLs.
CVE-2021-33334
PUBLISHED: 2021-08-03
The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user permissions, which allows remote attackers with the forms "Access in Site Administration" permissio...
CVE-2021-30578
PUBLISHED: 2021-08-03
Uninitialized use in Media in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.