Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in May 2018
<<   <   Page 2 / 5   >   >>
GDPR Should Change Your Thinking About Network Firewalls
Alan Zeichick  |  5/24/2018  | 
Old-fashioned firewalls are an effective weapon for protecting the network incursions and data breaches, and that goes for the new era of GDPR that begins Friday as well.
More Than Half of Users Reuse Passwords
News  |  5/24/2018  | 
Users are terrible at passwords and the problem is only getting worse, according to an expansive study of more than 100 million passwords and their owners.
FBI Knocks Out VPNFilter Malware That Infected 500K Routers
Larry Loeb  |  5/24/2018  | 
The VPNFilter botnet malware spread to 500,000 globally before the FBI knocked it out late in the day on May 23. However, it's another skirmish in the cyberfight between Russia and Ukraine.
Fraud Drops 76% for Merchants Using EMV, Says Visa
Quick Hits  |  5/23/2018  | 
A new report from Visa says that the shift to chip cards has resulted in dramatically reduced credit card fraud levels.
Growing Job Pressures Increase Risk of Burnout for Cybersecurity Professionals
News  |  5/23/2018  | 
A new Trustwave survey shows information security executives and practitioners are under increasing pressure from trying to keep up with threats and compliance mandates.
The Good & Bad News about Blockchain Security
Commentary  |  5/23/2018  | 
Blockchain technology promises many things. But to succeed, it must offer users a better plan against hackers.
Destructive 'VPNFilter' Attack Network Uncovered
News  |  5/23/2018  | 
More than 500K home/SOHO routers and storage devices worldwide commandeered in potential nation-state attack weapon - with Ukraine in initial bullseye.
What Should Post-Quantum Cryptography Look Like?
News  |  5/23/2018  | 
Researchers are tackling the difficult problem of transitioning toward a new mode of cryptographic protections that won't break under the pressure of quantum computing power.
Is Threat Intelligence Garbage?
Commentary  |  5/23/2018  | 
Most security professionals in a recent survey said that threat intelligence doesn't work. So why all the hype?
Windows 10 Adoption Grew 75%, Adobe Flash Plummeted 188% in 2017: Report
News  |  5/23/2018  | 
Authentication data reveals an increase in Apple devices, poor mobile security, and the rapid disappearance of Flash from browsers.
6 Steps for Applying Data Science to Security
Slideshows  |  5/23/2018  | 
Two experts share their data science know-how in a tutorial focusing on internal DNS query analysis.
Microsoft Offering GDPR-Like Protection for All Customers
News Analysis-Security Now  |  5/23/2018  | 
Microsoft plans to expand GDPR privacy protections to all its customers, both inside and outside the European Union.
LA County Nonprofit Exposes 3.2M PII Files via Unsecured S3 Bucket
Quick Hits  |  5/23/2018  | 
A misconfiguration accidentally compromised credentials, email addresses, and 200,000 rows of notes describing abuse and suicidal distress.
Spectre Number 4 Disclosure Raises Fresh Hardware Alarms
Larry Loeb  |  5/23/2018  | 
The latest side-channel vulnerability, dubbed Spectre Number 4, is raising new alarms about widespread issues in chips, beyond x86. However, this time, Intel is trying a different approach.
New Spectre Variants Add to Vulnerability Worries
News  |  5/22/2018  | 
Variants 3a and 4 build on the Spectre foundation, but how worried should enterprise security professionals really be?
US Senator to DOD CIO: 'Take Immediate Action' on HTTPS
News  |  5/22/2018  | 
US Senator Ron Wyden pens a letter to the Department of Defense CIO, urging stronger security on public-facing government sites.
Las Vegas Most Insecure Cyber City in US; St. Louis Least Vulnerable
News  |  5/22/2018  | 
Forty-three percent chance of users connecting to high or medium-risk networks in Las Vegas - compared to less than 1% risk in least vulnerable areas, Coronet says.
Cybercriminals Battle Against Banks' Incident Response
News  |  5/22/2018  | 
'Filess' attacks account for more than half of successful breaches of bank networks, new data shows.
GDPR 101: Keeping Data Safe Throughout the 'Supply Chain'
Commentary  |  5/22/2018  | 
There are a lot of moving pieces involved with data collection, retention, and processing in the EU's new General Data Protection Regulation. Here's how to break down responsibilities between your security team and service providers.
ZipperDown Vulnerability Could Hit 10% of iOS Apps
Quick Hits  |  5/22/2018  | 
A newly discovered vulnerability could affect thousands of iOS apps -- and Android users may not be spared.
Pet Tracker Flaws Expose Pets and Their Owners to Cybercrime
Quick Hits  |  5/22/2018  | 
Hackers can exploit vulnerabilities in popular pet trackers to intercept location coordinates and access owners' personal data.
The State of Information Sharing 20 Years after the First White House Mandate
Commentary  |  5/22/2018  | 
Finally! Actionable guidance for ISACs and enterprises on what threat intel to share, how to share it, and which key technologies will automate redaction and protect privacy.
Roaming Mantis Android Malware Expands Its Reach to iOS, Cryptomining
Jeffrey Burt  |  5/22/2018  | 
The rapidly evolving campaign that is Roaming Mantis now includes iOS devices, expansion into new regions around the world, additional cryptomining capabilities and it is becoming even more evasive.
TeenSafe Data Leak Shows Cloud Security Weaknesses
News Analysis-Security Now  |  5/22/2018  | 
The news that TeenSafe, which allows parents to monitor the activity of their children's phone use, leaked personal info that shows some of the issues with moving so much sensitive data into the cloud.
North Korean Defectors Targeted with Malicious Apps on Google Play
News  |  5/21/2018  | 
Sun Team hacking group is behind RedDawn, which steals victims' photos and data and passes them to threat actors.
New BIND Vulnerabilities Threaten DNS Availability
Quick Hits  |  5/21/2018  | 
A pair of vulnerabilities in BIND could leave some organizations without DNS.
Dark Reading Conference Call for Speakers Closes Friday
Quick Hits  |  5/21/2018  | 
Don't be shy, security practitioners. Share your best practices at our 2nd annual INsecurity Conference, to be held Oct. 23-25 in Chicago.
Google to Delete 'Secure' Label from HTTPS Sites
Quick Hits  |  5/21/2018  | 
Google acknowledges HTTPS as the Internet standard with plans to remove secure from all HTTPS sites.
'Roaming Mantis' Android Malware Evolves, Expands Targets
Quick Hits  |  5/21/2018  | 
Roaming Mantis has evolved rapidly, adding geographies, platforms, and capabilities to its original scope.
Satori Botnet Plays Hidden Role in Cryptomining Scheme, Researchers Find
Larry Loeb  |  5/21/2018  | 
Several different researchers have found that recent attempts on TCP port 3333 is the work of a cryptomining scheme where the Satori botnet is playing a hidden part.
Get Smart About Network Segmentation & Traffic Routing
Partner Perspectives  |  5/21/2018  | 
Through a combination of intelligent segmentation and traffic routing to tools, you can gain much better visibility into your network. Here's how.
Check Point: Cryptomining Malware Targeting Vulnerable Servers
Jeffrey Burt  |  5/21/2018  | 
As the incidence of ransomware wanes, attackers are shifting to cryptocurrency mining malware as a less noisy, more lucrative alternative, according to a new Check Point study.
What Israel's Elite Defense Force Unit 8200 Can Teach Security about Diversity
Commentary  |  5/21/2018  | 
Unit 8200 doesn't follow a conventional recruiting model. Technical knowledge isn't a requirement. The unit values traits that emphasize problem-solving and interpersonal skills, and it uses hiring processes that build female leaders.
Actor Advertises Japanese PII on Chinese Underground
News  |  5/18/2018  | 
The dataset contains 200 million rows of information stolen from websites across industries, likely via opportunistic access.
New Mexico Man Sentenced on DDoS, Gun Charges
Quick Hits  |  5/18/2018  | 
Using DDoS for hire services and possessing firearms as a felon combine to land a New Mexico man 15 years in federal prison.
Syrian Electronic Army Members Indicted for Conspiracy
Quick Hits  |  5/18/2018  | 
Two men have been charged for their involvement in a plot to commit computer hacking as members of the Syrian Electronic Army.
How to Hang Up on Fraud
Commentary  |  5/18/2018  | 
Three reasons why the phone channel is uniquely vulnerable to spoofing and what call centers are doing about it.
McAfee Finds More Malware on Google Play Targeting North Korea Dissidents
News Analysis-Security Now  |  5/18/2018  | 
McAfee researchers have found more malware hiding in the Google Play store that is targeting North Korean dissidents. It's the second instance of the so-called Sun Team.
New Research Seeks to Shorten Attack Dwell Time
News  |  5/18/2018  | 
It can take months for an organization to know they've been hacked. A new DARPA-funded project seeks to reduce that time to hours.
Throwhammer & Nethhammer Show How Chips Are Vulnerable to Bit Flips
Larry Loeb  |  5/18/2018  | 
In a pair of papers released over the last week, researchers have shown how two different types of attacks, Throwhammer and Nethhammer, can cause a bit flip in chips by sending packets across a standard network.
FBI Suspects Former CIA Worker of Vault 7 Leak Report
News Analysis-Security Now  |  5/18/2018  | 
Federal prosecutors and the FBI believe that a former CIA developer gave the so-called Vault 7 tools to Wikileaks but have been unable to prove it or bring charges, according to a published report.
Get Ready for 'WannaCry 2.0'
News  |  5/17/2018  | 
Another widespread worm attack is "inevitable," but spreading a different more lucrative or destructive payload, experts say.
Cracking 2FA: How It's Done and How to Stay Safe
Slideshows  |  5/17/2018  | 
Two-factor authentication is a common best security practice but not ironclad. Here's how it can be bypassed, and how you can improve security.
Federal Jury Convicts Operator of Massive Counter-Antivirus Service
News  |  5/17/2018  | 
Scan4You helped thousands of criminals check if AV products could detect and block their malware tools.
The Risks of Remote Desktop Access Are Far from Remote
Commentary  |  5/17/2018  | 
RDP is used by fraudsters to steal and monetize data more often than you might think. But there are ways to stay safe.
Tanium's Valuation Reaches $5 Billion With New Investment
Quick Hits  |  5/17/2018  | 
Tanium has received a $175 million investment from TPG Growth.
California Teen Arrested for Phishing Teachers to Change Grades
Quick Hits  |  5/17/2018  | 
The student faces 14 felony counts for using a phishing campaign to steal teachers' credentials and alter students' grades.
Why Isn't Integrity Getting the Attention It Deserves?
Commentary  |  5/17/2018  | 
A focus on integrity requires a shift in the way many approach security management, but it's one of the most promising approaches to effective enterprise security.
WannaCry: How the Notorious Worm Changed Ransomware
Jeffrey Burt  |  5/17/2018  | 
This week marked the one-year anniversary of the WannaCry ransomware attacks and its impact can still be seen in the form of such encrypting malware as NotPetya, BadRabbit and Olympic Destroyer.
Boosting Security Effectiveness with 'Adjuvants'
Partner Perspectives  |  5/17/2018  | 
How integrating corporate resources like the IT help desk, system administration, quality assurance and HR can breathe new life into your security program.
<<   <   Page 2 / 5   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24028
PUBLISHED: 2021-04-14
An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.
CVE-2021-29370
PUBLISHED: 2021-04-13
A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website.
CVE-2021-3460
PUBLISHED: 2021-04-13
The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.
CVE-2021-3462
PUBLISHED: 2021-04-13
A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.
CVE-2021-3463
PUBLISHED: 2021-04-13
A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error.