Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in May 2019
Page 1 / 4   >   >>
New SOAP Attack Hits South African Home Routers
Quick Hits  |  5/31/2019  | 
A huge wave of attacks is targeting home routers in South Africa for recruitment into a Hakai-based botnet.
Checkers Breach Underscores Continued POS Dangers
News  |  5/31/2019  | 
Attacks on point-of-sale terminals garners less attention these days, but the most recent breach of the restaurant chain shows hackers have not lost focus.
GDPR's First-Year Impact by the Numbers
Slideshows  |  5/31/2019  | 
The latest statistics on GDPR spending, compliance rates, enforcement and consumer attitudes on privacy protection.
SANS Launches Security Awareness Certification
Quick Hits  |  5/31/2019  | 
The SANS Security Awareness Professional (SSAP) will be available this summer to professionals focused on measuring and mitigating human risk.
Focusing on Endpoints: 5 Steps to Fight Cybercrime
Commentary  |  5/31/2019  | 
Follow these best practices to strengthen endpoint management strategies and protect company data.
Insider Threat: Research Proves Loyalty Can Be a Rare Commodity
Larry Loeb  |  5/31/2019  | 
The UK's Deep Secure has reported this week that the price an employee would accept to break loyalty with an organization may be a lot less than has been previously thought.
Vulnerability Leaves Container Images Without Passwords
News  |  5/30/2019  | 
A old vulnerability in Alpine Linux containers has spread and propagated to as much as 20% of the containers on the Docker Store.
2.3B Files Currently Exposed via Online Storage
News  |  5/30/2019  | 
Digital Shadows researchers scanned various online file-sharing services and concluded the number of exposed files is up 50% from March of 2018.
Insight Partners Acquires Recorded Future
Quick Hits  |  5/30/2019  | 
The threat intelligence company went for $780 million in a cash deal.
Caveat Emptor: Calculating the Impact of Global Attacks on Cyber Insurance
Commentary  |  5/30/2019  | 
The reality for business owners and CISOs looking to protect their business from a cyberattack is that cyber insurance is not a catchall for protecting against risk and loss.
Palo Alto Networks Confirms PureSec Acquisition
Quick Hits  |  5/30/2019  | 
The company also agreed to buy container security company Twistlock as it develops its cloud security suite.
The Ransomware Dilemma: What if Your Local Government Is Next?
Commentary  |  5/30/2019  | 
Baltimore has so far refused to comply with a ransom demand. It's being forced to make a decision all such victims face: to act morally or practically.
'NanshOu' China-Based Attack Uses APT-Like Techniques to Infect Servers Worldwide
Larry Loeb  |  5/30/2019  | 
Breached machines include more than 50,000 servers belonging to companies in the healthcare, telecommunications, media and IT sectors.
Docker Vulnerability Opens Servers to Container Code
News  |  5/29/2019  | 
Under very specific conditions, code running in a Docker container could access files anywhere on a server, according to a new CVE.
Impersonation Attacks Up 67% for Corporate Inboxes
News  |  5/29/2019  | 
Nearly three-quarters of organizations hit with impersonation attacks experienced direct losses of money, customers, and data.
Don't Just Tune Your SIEM, Retune It
Commentary  |  5/29/2019  | 
Your SIEM isn't a set-it-and-forget-it proposition. It's time for a spring cleaning.
Palo Alto Networks Said to Buy Twistlock
Quick Hits  |  5/29/2019  | 
Reports in Israel-based business publications say Palo Alto Networks has reached a deal to purchase the container security startup, as well as another Israeli security startup.
WannaCry Lives On in 145K Infected Devices
News  |  5/29/2019  | 
Data from the last half year shows devices worldwide infected with the self-propagating ransomware, putting organizations with poor patching initiatives at risk.
Flipboard Confirms Two Hacks, Prompts Password Resets
Quick Hits  |  5/29/2019  | 
The company reports two incidents affected a subset of its users and is resetting passwords for involved accounts.
Why Fostering Flexibility Is a Win for Women & Cybersecurity
Commentary  |  5/29/2019  | 
Creating a culture of supporting and advancing women is no small feat, but it's worth the challenge. Start with yourself. Here's how.
HawkEye Malware Finds Renewed Life With Financially Motivated Actors
Larry Loeb  |  5/29/2019  | 
IBM X-Force researchers have reported an increase in the HawkEye v9 keylogger infection campaigns after they looked at data from the IBM X-Force effort during April and May 2019.
Emotet Made Up 61% of Malicious Payloads in Q1
News  |  5/29/2019  | 
The botnet has displaced credential stealers, stand-alone downloaders, and RATs in the overall threat landscape.
FirstAm Leak Highlights Importance of Verifying the Basics
News  |  5/28/2019  | 
The Fortune 500 giant in the real estate industry missed a basic vulnerability in its website, leaving as many as 885 million sensitive records accessible to attackers. The fix: teaching developers the top 10 security issues and frequent testing.
GandCrab Gets a SQL Update
News  |  5/28/2019  | 
A new attack is found that uses MySQL as part of the attack chain in a GandCrab ransomware infection.
FireEye Buys Verodin for $250 Million
Quick Hits  |  5/28/2019  | 
Acquisition of security instrumentation firm will add more than $70 million to 2020 billing, FireEye estimates.
Web App Vulnerabilities Flying Under Your Radar
News  |  5/28/2019  | 
A penetration tester shows how low-severity Web application bugs can have a greater effect than businesses realize.
Cybercrime: Looking Beyond the Dark Web
Commentary  |  5/28/2019  | 
Fighting cybercrime requires visibility into much more than just the Dark Web. Here's where to look and a glimpse of what you'll find.
Keys for Working with Modern MSSPs
News  |  5/28/2019  | 
How to determine what an MSSP can do for your organization, and the questions to ask before signing a contract.
8 Ways to Authenticate Without Passwords
Slideshows  |  5/28/2019  | 
Passwordless authentication has a shot at becoming more ubiquitous in the next few years. We take a look at where things stand at the moment.
'Cattle, Not Pets' & the Rise of Security-as-Code
Commentary  |  5/28/2019  | 
Nearly a decade in, the famous analogy has underpinned a sea change in enterprise IT, but still falls short of the security mark. More recent developments can help.
Mobile Fraud Is on the March, Finds New RSA Report
Larry Loeb  |  5/28/2019  | 
The RSA Quarterly Fraud Report observed several global fraud trends across attack vectors and digital channels, with attacks from rogue mobile applications up 300%.
First American Financial Corp. Left Mortgage Data Exposed on Website
Quick Hits  |  5/24/2019  | 
Real estate title firm reportedly has closed a hole in its website that had left hundreds of millions of real estate tile insurance files accessible without authentication, according to KrebsOnSecurity.
Mist Computing Startup Distributes Security AI to the Network Edge
News  |  5/24/2019  | 
MistNet, founded by former Juniper employees, moves AI processing to the network edge to build distributed detection and analysis models for security.
NSS Labs Admits Its Test of CrowdStrike Falcon Was 'Inaccurate'
News  |  5/24/2019  | 
CrowdStrike, NSS Labs reach confidential settlement over 2017 endpoint product testing dispute.
Zscaler Finds Security Issues Galore in IoT Traffic
Larry Loeb  |  5/24/2019  | 
The use of plain-text HTTP communication, outdated libraries and weak default credentials all rang alarm bells.
How Security Vendors Can Address the Cybersecurity Talent Shortage
Commentary  |  5/24/2019  | 
The talent gap is too large for any one sector, and cybersecurity vendors have a big role to play in helping to close it.
7 Recent Wins Against Cybercrime
Slideshows  |  5/24/2019  | 
The increasing number of successful law enforcement actions and prosecutions suggest that cybercriminals have plenty of reason to be looking over their shoulders.
Researcher Publishes Four Zero-Day Exploits in Three Days
News  |  5/23/2019  | 
The exploits for local privilege escalation vulnerabilities in Windows could be integrated into malware before Microsoft gets a chance to fix the issues.
To Manage Security Risk, Manage Data First
News  |  5/23/2019  | 
At Interop 2019, IT and security experts urged attendees to focus on data asset management as a means of mitigating risk.
Moody's Outlook Downgrade of Equifax: A Wake-up Call to Boards
News  |  5/23/2019  | 
The move provides another spark to light a fire under CISOs to improve how they measure and communicate security risks to the board, security experts say.
FEC Gives Green Light for Free Cybersecurity Help in Federal Elections
News  |  5/23/2019  | 
Official opinion issued by the Federal Election Commission to nonprofit Defending Digital Campaigns is good news for free and reduced-cost security offerings to political candidates and committees.
Mobile Exploit Fingerprints Devices with Sensor Calibration Data
Quick Hits  |  5/23/2019  | 
Data from routines intended to calibrate motion sensors can identify individual iOS and Android devices in a newly released exploit.
Google's Origin & the Danger of Link Sharing
Commentary  |  5/23/2019  | 
How the act of sharing links to files stored in a public cloud puts organizations at risk, and what security teams can do to safeguard data and PII.
Microsoft Opens Defender ATP for Mac to Public Preview
Quick Hits  |  5/23/2019  | 
Users of the security platform who have preview features enabled can access Defender ATP for Mac via the Security Center onboarding section.
Russian Nation-State Hacking Unit's Tools Get More Fancy
News  |  5/23/2019  | 
APT28/Fancy Bear has expanded its repertoire to more than 30 commands for infecting systems, executing code, and reconnaissance, researchers have found.
Incident Response: 3 Easy Traps & How to Avoid Them
Commentary  |  5/23/2019  | 
Sage legal advice about navigating a data breach from a troubleshooting cybersecurity outside counsel.
Strategic Security Equals Faster Digital Transformation
Larry Loeb  |  5/23/2019  | 
Survey finds that respondents who adopted a more traditional or reactive approach to their data protection and security program did not believe they would reach their digital transformation goals.
Alphabet's Chronicle Explores Code-Signing Abuse in the Wild
News  |  5/22/2019  | 
A new analysis highlights the prevalence of malware signed by certificate authorities and the problems with trust-based security.
New Software Skims Credit Card Info From Online Credit Card Transactions
Quick Hits  |  5/22/2019  | 
The new exploit builds a fake frame around legitimate portions of an online commerce website.
Data Asset Management: What Do You Really Need?
News  |  5/22/2019  | 
At Interop, a cybersecurity and privacy leader explains her approach to data management and governance at a massive, decentralized company.
Page 1 / 4   >   >>


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30174
PUBLISHED: 2021-05-11
RiyaLab CloudISO event item is added, special characters in specific field of time management page are not properly filtered, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks.
CVE-2021-32544
PUBLISHED: 2021-05-11
Special characters of IGT search function in igt+ are not filtered in specific fields, which allow remote authenticated attackers can inject malicious JavaScript and carry out DOM-based XSS (Cross-site scripting) attacks.
CVE-2021-32563
PUBLISHED: 2021-05-11
An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) without user confirmation. This could be used to achieve code execution.
CVE-2020-23369
PUBLISHED: 2021-05-10
In YzmCMS 5.6, XSS was discovered in member/member_content/init.html via the SRC attribute of an IFRAME element because of using UEditor 1.4.3.3.
CVE-2020-23370
PUBLISHED: 2021-05-10
In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web script or HTML.