Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in June 2017
Page 1 / 4   >   >>
8 Things Every Security Pro Should Know About GDPR
Slideshows  |  6/30/2017  | 
Organizations that handle personal data on EU citizens will soon need to comply with new privacy rules. Are you ready?
8tracks Hit With Breach of 18 Million Accounts
Quick Hits  |  6/30/2017  | 
Hackers attack Internet radio user database, gaining access to email addresses and encrypted passwords.
The Wreckage of Petya
Curt Franklin  |  6/30/2017  | 
Petya (or NotPetya) arrived, but to what end? A Friday Security Haiku prompts thinking about the answers.
Vulnerabilities Found in German e-Government Communication Library
Quick Hits  |  6/30/2017  | 
Researchers find critical flaws in secure communications protocol used in areas including population registration, justice and public health systems.
US Tech Companies Argued to Maintain Russia Spy Agency Ties
Quick Hits  |  6/30/2017  | 
US technology companies lobbied the US government to create exceptions for a ban on business relationships with Russia's Federal Security Service.
The Case for Crowdsourcing Security Buying Decisions
Commentary  |  6/30/2017  | 
Why our industry needs a sharing platform with open and transparent access to peer knowledge, meaningful metrics, and transparency around security products and services
Decrypting the Motivations Behind NotPetya/ExPetr/GoldenEye
News  |  6/29/2017  | 
Experts discuss the methods and targets involved in this week's massive malware outbreak to figure out what motivated attackers.
Kaspersky Lab Faces More U.S. Scrutiny Over Potential Russian Govt. Influence
News  |  6/29/2017  | 
Lawmaker proposes ban on DoD use of Moscow-based security vendor's products.
Hacking Factory Robot Arms for Sabotage, Fun & Profit
News  |  6/29/2017  | 
Black Hat talk will discuss how hackers could take over robotic arms, create micro-defects in products, and open up a new world of subtle blackmail.
WannaCry Was Just the Beginning
News Analysis-Security Now  |  6/29/2017  | 
Petya proves that WannaCry is just the beginning of a new, far more serious type of cyberattack.
Doxing, DoS & Defacement: Todays Mainstream Hacktivism Tools
Partner Perspectives  |  6/29/2017  | 
Anyone can get angry at you and become a hacktivist. Heres how to protect your organization from these increasingly common cyber attacks.
Why Enterprise Security Needs a New Focus
Commentary  |  6/29/2017  | 
The WannaCry ransomware attack shows patching and perimeter defenses aren't enough. Enterprises should combine preventative measures with threat detection tactics.
IoT Vulns Draw Biggest Bug Bounty Payouts
News  |  6/29/2017  | 
As bug bounty programs become more popular outside of the technology sector, IoT vulnerabilities are yielding the highest payouts for bug hunters, according to two reports released Wednesday.
How To (And Not To) Make the Online Trust Honor Roll
Slideshows  |  6/29/2017  | 
Five websites generated the highest score in their sector for the 2017 Online Trust Audit & Honor Roll. Here is what it takes to get there and be listed among the Online Trust Alliance's Top 50
$71 Million Restitution Owed for Hacking, Fraud Scheme
Quick Hits  |  6/28/2017  | 
Convicted money launderer Muhammad Sohail Qasmani is sentenced to 4 years in prison, and will share the hefty payout with other co-conspirators convicted in the conspiracy.
Half of Ransomware Victims Suffer Repeat Attacks
News  |  6/28/2017  | 
Half of ransomware victims are likely to get hit again as threat actors change their strategies to target servers and accelerate the spread of ransomware.
Telegram Agrees to Register Messaging App With Russia
Quick Hits  |  6/28/2017  | 
The messaging app company will comply with Russia's registration mandate but not share confidential user data, founder says.
After Cyber Attack, FedEx Temporarily Halts Trading of Its Shares
Quick Hits  |  6/28/2017  | 
An attack at subsidiary TNT Express may disrupt FedEx's push to hit a record-high share price.
Researchers Find 'Vaccine' for Global Ransomware Attack
Quick Hits  |  6/28/2017  | 
A vaccine, not a killswitch, has been discovered to prevent the Petya/NotPetya ransomware from infecting machines.
Defining Security: The Difference Between Safety & Privacy
Commentary  |  6/28/2017  | 
Words matter, especially if you are making a case for new security measures, state-of-the-art technology or personnel.
Voice of Security Radio: Let's Talk About CASB
Curt Franklin  |  6/28/2017  | 
Join us at 3:00 p.m. EDT on Thursday, June 29 as we talk Cloud Access Security Brokers with Kamal Shah of Skyhigh Networks.
Massive Skype Zero-Day Enables Remote Crashes
News  |  6/27/2017  | 
A security researcher uncovered a Skype vulnerability that could allow hackers to remotely execute code and crash software if exploited.
Petya Or Not? Global Ransomware Outbreak Hits Europe's Industrial Sector, Thousands More
News  |  6/27/2017  | 
With echoes of WannaCry, infections spread fast. Some security researchers describe malware as variant of Petya; others say it's a brand new sample.
No-Name Security Incidents Caused as Many Tears as WannaCry, Pros Say
Quick Hits  |  6/27/2017  | 
Half of security pros say they've worked just as frantically this year to fix other incidents that the public never heard about.
Petya Ransomware Takes the World by Storm
Curt Franklin  |  6/27/2017  | 
The next massive ransomware shoe has dropped, and its name is Petya.
WannaCry Blame Game: Why Delayed Patching is Not the Problem
Commentary  |  6/27/2017  | 
While post mortems about patching, updating, and backups have some value, the best preventative security controls are increased understanding and knowledge.
Microsoft Integrates EMET into Fall Windows 10 Update
News  |  6/27/2017  | 
The Windows 10 Creators Update, slated to launch this fall, will include components from the Enhanced Mitigation Experience Toolkit (EMET).
Compliance in the Cloud Needs To Be Continuous & Automated
Partner Perspectives  |  6/27/2017  | 
Complex IT environments require timely visibility into risk and compliance.
9 Ways to Protect Your Cloud Environment from Ransomware
Slideshows  |  6/27/2017  | 
The same technology driving faster collaboration and data transfer also enables cybercriminals to quickly spread ransomware.
The New Nation-State Normal
Curt Franklin  |  6/26/2017  | 
Cyber attacks sponsored by nation-states are here to stay. If you want your organization to be here to stay, you'd best prepare for the worst.
Anthem Agrees to $115 Million Settlement for 2015 Breach
Quick Hits  |  6/26/2017  | 
If approved, it will dwarf settlements paid by Target, Home Depot, and Ashley Madison.
FBI Highlights BEC, Tech Support Scams, Ransomware Concerns
News  |  6/26/2017  | 
The 2016 Internet Crime Report found tech support fraud, business email compromise, and ransomware were major fraud categories last year.
Five Questions for Healthcare Security
News Analysis-Security Now  |  6/26/2017  | 
Healthcare security regulations come with teeth. Five questions can help healthcare CISOs from being bitten.
Look, But Don't Touch: One Key to Better ICS Security
News  |  6/26/2017  | 
Better visibility is essential to improving the cybersecurity of industrial control systems and critical infrastructure, but the OT-IT cultural divide must be united.
Recovering from Bad Decisions in the Cloud
Commentary  |  6/26/2017  | 
The cloud makes it much easier to make changes to security controls than in traditional networks.
Virginia Consultant Charged with Espionage
Quick Hits  |  6/23/2017  | 
Federal authorities charged a consultant with espionage for transmitting top secret and secret documents to China.
Android Marcher Variant Makes Rounds as Adobe Flash Player Update
Quick Hits  |  6/23/2017  | 
Zscaler researchers discover a new variant of the Android Marcher malware, which aims to steal online banking credentials and credit card information.
$12B in Fraud Loss Came from Data Breach Victims in 2016
Quick Hits  |  6/23/2017  | 
Three-quarters of the total fraud losses for 2016 arose from victims who had been victims of a data breach within the previous six years.
RAT Vulnerabilities Turn Hackers into Victims
News  |  6/23/2017  | 
A small number of Remote Administration Tools have vulnerabilities which can enable attack targets to turn the tables on threat actors.
Threat Intelligence Sharing: The New Normal?
Commentary  |  6/23/2017  | 
The spirit of cooperation seems to be taking hold as demonstrated by the growing number of thriving services and organizations whose sole purpose is to analyze specific threats against specific communities.
Talking Cyber-Risk with Executives
Partner Perspectives  |  6/23/2017  | 
Explaining risk can be difficult since CISOs and execs dont speak the same language. The key is to tailor your message for the audience.
8 Hot Hacking Tools to Come out of Black Hat USA
Slideshows  |  6/23/2017  | 
High-impact tools for white hats that will be revealed and released next month at Black Hat USA in Las Vegas.
Get Used to It: AI Will Extract Every Penny It Can
News Analysis-Security Now  |  6/23/2017  | 
It may not be fair, but it's the future.
'GhostHook' Foils Windows 10 64-bit's Kernel Protection
News  |  6/22/2017  | 
Microsoft says an attacker needs kernel-level access before they can use the 'GhostHook' technique to install a rootkit.
Nuclear Plants, Hospitals at Risk of Hacked Radiation Monitoring Devices
News  |  6/22/2017  | 
Security researcher discovers major security flaws that can't be patched or fixed.
Two Arrested for Microsoft Network Intrusion
Quick Hits  |  6/22/2017  | 
UK authorities arrest two men for allegedly breaking into Microsoft's network with the intent to steal customer data from the software giant.
Most General Counsels Fret over Data Security
Quick Hits  |  6/22/2017  | 
An overwhelming percentage of in-house attorneys say cyberattacks and the impact on their business keeps them up at night, a recent survey shows.
Cloud Security Lessons from the Voter Data Leak
News  |  6/22/2017  | 
A poorly configured Amazon S3 bucket that led to a massive data leak could easily happen to any organization not adopting proper cloud security measures.
WannaCry Hits Honda
Curt Franklin  |  6/22/2017  | 
Honda found WannaCry on systems and had to shut down an assembly facility in Japan to respond.
KPMG: Cybersecurity Has Reached a Tipping Point from Tech to CEO Business Issue
Commentary  |  6/22/2017  | 
Still, a majority of US-based chief execs say they will be maintaining and not investing in security technology over the next three years, a recent study shows.
Page 1 / 4   >   >>


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30174
PUBLISHED: 2021-05-11
RiyaLab CloudISO event item is added, special characters in specific field of time management page are not properly filtered, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks.
CVE-2021-32544
PUBLISHED: 2021-05-11
Special characters of IGT search function in igt+ are not filtered in specific fields, which allow remote authenticated attackers can inject malicious JavaScript and carry out DOM-based XSS (Cross-site scripting) attacks.
CVE-2021-32563
PUBLISHED: 2021-05-11
An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) without user confirmation. This could be used to achieve code execution.
CVE-2020-23369
PUBLISHED: 2021-05-10
In YzmCMS 5.6, XSS was discovered in member/member_content/init.html via the SRC attribute of an IFRAME element because of using UEditor 1.4.3.3.
CVE-2020-23370
PUBLISHED: 2021-05-10
In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web script or HTML.