Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in May 2019
<<   <   Page 4 / 4
Quabot Trojan Evolves to Become Harder to Detect & Remove
Larry Loeb  |  5/6/2019  | 
Researchers at Cisco Talos were the first to find that Quabot Trojan has been updated and changed.
Trust the Stack, Not the People
Commentary  |  5/6/2019  | 
A completely trusted stack lets the enterprise be confident that apps and data are treated and protected wherever they are.
Massive Dark Web 'Wall Street Market' Shuttered
Quick Hits  |  5/3/2019  | 
Europol-led international law enforcement operation led to takedown of world's second-largest digital underground marketplace.
Open Security Tests Gain Momentum With More Lab Partners
News  |  5/3/2019  | 
NetSecOPEN, a group of next-generation firewall vendors, has added the first university-based testing facility in its effort to move toward more open security testing.
New Executive Order Aims to Grow Federal Cybersecurity Staff
Quick Hits  |  5/3/2019  | 
The EO outlines a 'rotational assignment program' intended to help security practitioners develop their skills.
The 2019 State of Cloud Security
Slideshows  |  5/3/2019  | 
Enterprise cloud security is making real progress, but emerging technologies call for security teams to keep up the pace.
Sophos Buys Rook Security to Build DarkBytes Platform
Quick Hits  |  5/3/2019  | 
The acquisition fits into Sophos' plan to offer resellable managed detection and response services.
How Storytelling Can Help Keep Your Company Safe
Commentary  |  5/3/2019  | 
Well-crafted narratives can help you win over users in the battle to develop a sustainable cybersecurity culture.
Cybercrime Study Finds Increasing Costs as Well as Changing Targets & Methods
Larry Loeb  |  5/3/2019  | 
Accenture and Ponemon Institute say that they are analyzing the latest cost numbers of cybercrime to try and help leaders to better target security investments and resources.
New Exploits For Old Configuration Issues Heighten Risk for SAP Customers
News  |  5/2/2019  | 
Exploits give attackers a way to create havoc in business-critical SAP ERP, CRM, SCM, and other environments, Onapsis says.
Misconfigured Ladders Database Exposed 13M User Records
Quick Hits  |  5/2/2019  | 
Job-hunting site Ladders leaves job seeker data exposed on the Internet.
Security Doesn't Trust IT and IT Doesn't Trust Security
News  |  5/2/2019  | 
How a rocky relationship between IT operations and cybersecurity teams can compound security risks.
Security Depends on Careful Design
Commentary  |  5/2/2019  | 
Deploying focused edge protection on-site extends security beyond the network level to shield millions of previously exposed devices, apps, and control systems.
Real-World Use, Risk of Open Source Code
News  |  5/2/2019  | 
Organizations are using more open source software than ever before, but managing that code remains a challenge.
Facebook, Instagram Are Phishers' Favorite Social Platforms
Quick Hits  |  5/2/2019  | 
Cloud companies continue to represent the most phishing URLs, but social media saw the most growth in Q1 2019.
Why Are We Still Celebrating World Password Day?
News  |  5/2/2019  | 
Calls to eliminate the password abound on this World Password Day and the technology to change is ready. So why can't we get off our password habit?
World Password Day or Groundhog Day?
Commentary  |  5/2/2019  | 
Despite decades trying to fortify our passwords with bolt-on solutions, attackers have always found ways to defeat them. Here are four reasons why.
MuddyWater: The Dissection of an APT
Larry Loeb  |  5/2/2019  | 
Kaspersky Security has taken a deep dive into MuddyWater.
Bootstrapping Security Programs: How to Gradually Implement an Enterprise-Level Security Program at a Fast-Growing Startup
Marzena Fuller  |  5/2/2019  | 
You can't expect to build an adequate security program without investment in both people and security tools.
Attackers Used Red-Team, Pen-Testing Tools to Hack Wipro
News  |  5/1/2019  | 
Breach of India-based outsourcing giant involved a remote access tool and a post-exploitation tool, according to an analysis by Flashpoint.
Digital Ad-Fraud Losses Decline
News  |  5/1/2019  | 
Even so, more work remains to be done to address online ad fraud operations that cause billions of dollars in losses annually for advertisers.
Study Exposes Breadth of Cyber Risk
News  |  5/1/2019  | 
New study shows SMBs face greater security exposure, but large companies still support vulnerable systems as well.
8 Personality Traits for Cybersecurity
Quick Hits  |  5/1/2019  | 
Personality assessment firm Hogan Assessments lists top characteristics for a 'successful' cybersecurity hire.
Huge DDoS Attacks Shift Tactics in 2019
Quick Hits  |  5/1/2019  | 
Analysis of two high-volume DDoS attacks show they're becoming more difficult to remediate with changes to port and address strategies.
Staffing the Software Security Team: Who You Gonna Call?
Commentary  |  5/1/2019  | 
Recruiting developers and testers from the product group is a great way to build a top-notch application security team. Here's why.
Digital Transformation Exposes Operational Technology & Critical Infrastructure
Commentary  |  5/1/2019  | 
The convergence of OT and IP-based IT networks makes society more vulnerable, requiring CISOs to rethink defense.
190,000 Accounts in Docker Hub Database May Have Been Exposed
Larry Loeb  |  5/1/2019  | 
Potentially poisoned images could be distributed without the distributors realizing that this is occurring.
<<   <   Page 4 / 4


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27706
PUBLISHED: 2021-04-14
Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/&quot;IPMacBindIndex &quot;request. This occurs because the &quot;formIPMacBindDel&quot; function directly passes the parameter &quot;IPMacBind...
CVE-2021-27707
PUBLISHED: 2021-04-14
Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/&quot;portMappingIndex &quot;request. This occurs because the &quot;formDelPortMapping&quot; function directly passes the parameter &quot;portMappingIn...
CVE-2021-28098
PUBLISHED: 2021-04-14
An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and writes logs entries to a file in %PROGRAMDATA%\ForeScout SecureConnector\ that has full permissions for...
CVE-2021-30493
PUBLISHED: 2021-04-14
Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the ChromaBroadcast subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other wor...
CVE-2021-30494
PUBLISHED: 2021-04-14
Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the Razer Chroma SDK subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other wo...