Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in May 2018
<<   <   Page 4 / 5   >   >>
20 Signs You Are Heading for a Retention Problem
Commentary  |  5/9/2018  | 
If you don't invest in your best security talent, they will look to burnish their resumes elsewhere. Here's why.
Millennials, Women May Bridge Cyber Talent Gap
Quick Hits  |  5/9/2018  | 
Younger generations, particularly women, could be the answer to a cybersecurity skill shortage expected to reach 1.8 million unfilled roles by 2020.
Calculating Cloud Cost: 8 Factors to Watch
Slideshows  |  5/9/2018  | 
If you're not careful and don't regularly assess the impact of your usage, moving to the cloud could have a negative impact on your bottom line.
Equifax Filing Sheds Light on 2017 Data Breach Carnage
News Analysis-Security Now  |  5/9/2018  | 
In a new filing with Securities and Exchange Commission, Equifax executives are offering a greater level of detail of the 2017 data breach that affected more than 146 million customers.
Compliance Complexity: The (Avoidable) Risks of Not Playing by the Rules
Commentary  |  5/9/2018  | 
Achieving compliance is a challenging process, but with the right systems and customized data management policy, your organization can stay ahead of the next data breach -- and the regulators.
FBI: Ransomware Contributed to $1.4B in Losses in 2017
News Analysis-Security Now  |  5/9/2018  | 
The FBI's Internet Crime Complaint Center is out with its annual report based on complaints from consumers in the US, as well as overseas. Overall, losses totaled $1.4 billion in 2017, with ransomware, business email compromise and tech support fraud as the main culprits.
FBI: Reported Internet Crimes Topped $1.4 Billion Last Year
News  |  5/9/2018  | 
Business email compromise (BEC) campaigns outnumbered ransomware cases.
Phishers Are Finding Ways Around Office 365's ATP Feature
Larry Loeb  |  5/9/2018  | 
Security researchers at Avanan have seen phishers using a new method to circumvent Microsoft Office 365's ATP technology, which is allowing them to send malicious emails.
8.7B Identity Records on Surface, Deep, Dark Webs in 2017
Quick Hits  |  5/8/2018  | 
The 4iQ Identity Breach Report shows a 182% increase in raw identity records discovered by its team between 2016 and 2017.
Microsoft's Patch Tuesday Fixes Two CVEs Under Active Attack
News  |  5/8/2018  | 
This month's updates addressed vulnerabilities in Windows, Office, Edge, Internet Explorer, .Net Framework, Exchange Server, and other services.
Properly Framing the Cost of a Data Breach
Commentary  |  5/8/2018  | 
The expenses and actions typically associated with a cyberattack are not all created equal. Here's how to explain what's important to the C-suite and board.
APT Attacks on Mobile Rapidly Emerging
News  |  5/8/2018  | 
Mobile devices are becoming a 'primary' enterprise target for attackers.
Breakout Time: A Critical Key Cyber Metric
Commentary  |  5/8/2018  | 
Why organizations need to detect an intrusion in under a minute, understand it in under 10 minutes, and eject the adversary in under an hour.
Romanian Hackers Extradited to US for $18M Bank Fraud Scheme
News Analysis-Security Now  |  5/8/2018  | 
The DOJ has charged three Romanian citizens with using automated phones calls and software to steal about $18 million from bank customers in the US.
Report: More Breaches Despite Increasing Security Budgets
Partner Perspectives  |  5/8/2018  | 
Lack of security talent, low security awareness among employees, and too much data to analyze tops the list of cyberthreats in the 2018 Cyberthreat Defense Threat Report from CyberEdge group.
Number of Data Breach Reports Fell More Than 50% in Q1 Study
News Analysis-Security Now  |  5/8/2018  | 
The number of reported data breaches fell more than 50% in the first quarter of this year compared to the same time in 2017, as attackers focused more on cryptomining and cryptojacking schemes.
Publicly Disclosed Breaches Down Drastically in Q1 2018
News  |  5/8/2018  | 
Quietest first quarter since 2012, according to new report from Risk Based Security.
10 Lessons From an IoT Demo Lab
Slideshows  |  5/7/2018  | 
The Demo Lab at InteropITX 2018 was all about IoT and the traffic - legitimate and malicious - it adds to an enterprise network.
SynAck Ransomware Gets Dangerous 'Doppleganging' Feature
News  |  5/7/2018  | 
New Process Doppelganging, obfuscation features makes the malware much harder to spot and stop.
Why DDoS Just Won't Die
News  |  5/7/2018  | 
Distributed denial-of-service attacks are getting bigger, badder, and 'blended.' What you can (and can't) do about that.
Trial Begins for Latvian Man Accused of Malware Operation
Quick Hits  |  5/7/2018  | 
Ruslans Bondars has been accused of running a malware service that had been linked to cyberattacks on US businesses.
Google Security Updates Target DevOps, Containers
News  |  5/7/2018  | 
The tech giant explains why it's rolling out a new cloud security management tool and an open-source framework for confidential computing.
US Extradites Romanian Hackers Charged with Vishing, Smishing
Quick Hits  |  5/7/2018  | 
Suspects fraudulently obtained more than $18 million through fraud by voice and SMS.
Defending Against an Automated Attack Chain: Are You Ready?
Commentary  |  5/7/2018  | 
Recent threats like AutoSploit bring malware-as-a-service to a whole new level. Here are four ways to be prepared.
China's Cyberspies Are Changing Tactics, Techniques & Targets
Larry Loeb  |  5/7/2018  | 
A new report from 401TRG about the Winnti Umbrella group finds that cyberspies in China are changing their techniques as they zero in on new targets.
Endpoint Security: A Never-Ending Battle to Keep Up
Simon Marshall  |  5/7/2018  | 
Endpoint security has evolved over the last several years as the BYOD trend has slowed, but enterprises are still uploading more data to the cloud, which is accessible on more devices. Even the notion of what an endpoint is has changed. What can enterprise security do?
5 Ways to Better Use Data in Security
Slideshows  |  5/5/2018  | 
Use these five tips to get your security shop thinking more strategically about data.
Report: China's Intelligence Apparatus Linked to Previously Unconnected Threat Groups
News  |  5/4/2018  | 
Multiple groups operating under the China state-sponsored Winnti umbrella have been targeting organizations in the US, Japan, and elsewhere, says ProtectWise.
Spectre Returns with 8 New Variants
News  |  5/4/2018  | 
Researchers have discovered versions of the processor vulnerability.
We're Doing Security Wrong!
Commentary  |  5/4/2018  | 
When you simply heap technology onto a system, you limit your hiring pool and spread your employees too thin. Focus on your people instead.
'Spectre NG' Flaws Reportedly Found in Intel Chips
News Analysis-Security Now  |  5/4/2018  | 
A German magazine is reporting that Spectre Next Generation vulnerabilities have been found in Intel's x86 processors, although full details are not being released yet.
ICS Network Managers: Time for a Wake-Up Call
Larry Loeb  |  5/4/2018  | 
A report from Positive Technologies shows that despite the best efforts to wall and secure Industrial Control Systems from the wider Internet, attackers are still able to target and exploit this equipment.
RSA CTO: 'Modernization Can Breed Malice'
News  |  5/3/2018  | 
Zulfikar Ramzan predicted the future of cybersecurity, drivers shaping it, and how enterprise IT should react in his InteropITX 2018 keynote.
Twitter Alerts Users to Change Passwords Due to Flaw that Stored Them Unprotected
Quick Hits  |  5/3/2018  | 
Social media giant discovered bug in an internal system that inadvertently stored passwords in plain text.
Hackers Leverage GDPR to Target Airbnb Customers
Quick Hits  |  5/3/2018  | 
Fraudsters are taking advantage of new EU privacy laws to demand personal information from Airbnb users.
Encryption is Necessary, Tools and Tips Make It Easier
News  |  5/3/2018  | 
In the InteropITX conference, a speaker provided tips, tools, and incentives for moving to pervasive encryption in the enterprise.
6 Enterprise Password Managers That Lighten the Load for Security
Slideshows  |  5/3/2018  | 
EPMs offer the familiar password wallet with more substantial administrative management and multiple deployment models.
Pentagon, Citing Security, Will Stop Selling Huawei, ZTE Smartphones
News Analysis-Security Now  |  5/3/2018  | 
The Pentagon is following a ruling by the FCC and concern from other government agencies, and is now discontinuing sales of Huawei and ZTE smartphones to DoD personnel.
GDPR Requirements Prompt New Approach to Protecting Data in Motion
Commentary  |  5/3/2018  | 
The EU's General Data Protection Regulation means that organizations must look at new ways to keep data secure as it moves.
New Vulnerability Puts Industrial Systems at Risk
News Analysis-Security Now  |  5/3/2018  | 
Security research firm Tenable has found a new remote code execution vulnerability in software made by Schneider Electric that is used in power plants and other industrial systems.
No Computing Device Too Small For Cryptojacking
News  |  5/3/2018  | 
Research by Trend Micro shows IoT and almost all connected devices are targets for illegal cryptocurrency mining.
4 Critical Applications and How to Protect Them
Partner Perspectives  |  5/3/2018  | 
Since critical apps are, well, critical, security teams must take preventive measures to keep attackers from exploiting their vulnerabilities.
Microsoft's 4-Step Plan for Eliminating Passwords
Jeffrey Burt  |  5/3/2018  | 
Microsoft is on a campaign to replace passwords with other authentication methods and it points to its Windows Hello and Authenticator app as examples of viable alternatives.
RiskSense Platform Demonstration
RiskSense Platform Demonstration
Sponsored Video-Security Now  |  5/3/2018  | 
Sage Wagner, senior security pre-sales engineer with RiskSense, provides a demo of the company's latest technology 'RiskSense Solution,' a vulnerability management and cyber risk platform, which helps companies manage their cyber risks through their vulnerabilities.
Survey Shows Sensitive Data Goes Astray in Email
Quick Hits  |  5/2/2018  | 
Many employees have trouble controlling the release of sensitive information in email.
Ransomware Attacks Jumped 400% Worldwide in 2017
Quick Hits  |  5/2/2018  | 
WannaCry led the pack all year, new F-Secure report says.
Automation Exacerbates Cybersecurity Skills Gap
News  |  5/2/2018  | 
Three out of four security pros say the more automated AI products they bring in, the harder it is to find trained staff to run the tools.
Spring Clean Your Security Systems: 6 Places to Start
Commentary  |  5/2/2018  | 
The sun is shining and you have an extra kick in your step. Why not use that newfound energy to take care of those bothersome security tasks you've put off all winter?
Breaches Drive Consumer Stress over Cybersecurity
News  |  5/2/2018  | 
As major data breaches make headlines, consumers are increasingly worried about cyberattacks, password management, and data security.
Ransomware Attacks Against Healthcare Increased in 2017
News Analysis-Security Now  |  5/2/2018  | 
A Cylance report looking at the threat landscape of 2017 found that the healthcare industry took the brunt of ransomware attacks.
<<   <   Page 4 / 5   >   >>


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-29040
PUBLISHED: 2021-05-16
The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 may provide overly verbose error messages, which allows remote attackers to use the contents of error messages to help launch another, more focused att...
CVE-2021-29041
PUBLISHED: 2021-05-16
Denial-of-service (DoS) vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by (1) enabling Time-based One-time password (TOTP) on behalf of the other user or (2) modifying the othe...
CVE-2021-29047
PUBLISHED: 2021-05-16
The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA challenge by reusing the same CAPTCHA answer.
CVE-2021-22668
PUBLISHED: 2021-05-16
Delta Industrial Automation CNCSoft ScreenEditor Versions 1.01.28 (with ScreenEditor Version 1.01.2) and prior are vulnerable to an out-of-bounds read while processing project files, which may allow an attacker to execute arbitrary code.
CVE-2021-29039
PUBLISHED: 2021-05-16
Cross-site scripting (XSS) vulnerability in the Asset module's categories administration page in Liferay Portal 7.3.4 allows remote attackers to inject arbitrary web script or HTML via the site name.