Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in June 2017
Page 1 / 3   >   >>
8 Things Every Security Pro Should Know About GDPR
Slideshows  |  6/30/2017  | 
Organizations that handle personal data on EU citizens will soon need to comply with new privacy rules. Are you ready?
8tracks Hit With Breach of 18 Million Accounts
Quick Hits  |  6/30/2017  | 
Hackers attack Internet radio user database, gaining access to email addresses and encrypted passwords.
Vulnerabilities Found in German e-Government Communication Library
Quick Hits  |  6/30/2017  | 
Researchers find critical flaws in secure communications protocol used in areas including population registration, justice and public health systems.
US Tech Companies Argued to Maintain Russia Spy Agency Ties
Quick Hits  |  6/30/2017  | 
US technology companies lobbied the US government to create exceptions for a ban on business relationships with Russia's Federal Security Service.
The Case for Crowdsourcing Security Buying Decisions
Commentary  |  6/30/2017  | 
Why our industry needs a sharing platform with open and transparent access to peer knowledge, meaningful metrics, and transparency around security products and services
Decrypting the Motivations Behind NotPetya/ExPetr/GoldenEye
News  |  6/29/2017  | 
Experts discuss the methods and targets involved in this week's massive malware outbreak to figure out what motivated attackers.
Kaspersky Lab Faces More U.S. Scrutiny Over Potential Russian Govt. Influence
News  |  6/29/2017  | 
Lawmaker proposes ban on DoD use of Moscow-based security vendor's products.
Hacking Factory Robot Arms for Sabotage, Fun & Profit
News  |  6/29/2017  | 
Black Hat talk will discuss how hackers could take over robotic arms, create micro-defects in products, and open up a new world of subtle blackmail.
Doxing, DoS & Defacement: Todays Mainstream Hacktivism Tools
Partner Perspectives  |  6/29/2017  | 
Anyone can get angry at you and become a hacktivist. Heres how to protect your organization from these increasingly common cyber attacks.
Why Enterprise Security Needs a New Focus
Commentary  |  6/29/2017  | 
The WannaCry ransomware attack shows patching and perimeter defenses aren't enough. Enterprises should combine preventative measures with threat detection tactics.
IoT Vulns Draw Biggest Bug Bounty Payouts
News  |  6/29/2017  | 
As bug bounty programs become more popular outside of the technology sector, IoT vulnerabilities are yielding the highest payouts for bug hunters, according to two reports released Wednesday.
How To (And Not To) Make the Online Trust Honor Roll
Slideshows  |  6/29/2017  | 
Five websites generated the highest score in their sector for the 2017 Online Trust Audit & Honor Roll. Here is what it takes to get there and be listed among the Online Trust Alliance's Top 50
$71 Million Restitution Owed for Hacking, Fraud Scheme
Quick Hits  |  6/28/2017  | 
Convicted money launderer Muhammad Sohail Qasmani is sentenced to 4 years in prison, and will share the hefty payout with other co-conspirators convicted in the conspiracy.
Half of Ransomware Victims Suffer Repeat Attacks
News  |  6/28/2017  | 
Half of ransomware victims are likely to get hit again as threat actors change their strategies to target servers and accelerate the spread of ransomware.
Telegram Agrees to Register Messaging App With Russia
Quick Hits  |  6/28/2017  | 
The messaging app company will comply with Russia's registration mandate but not share confidential user data, founder says.
After Cyber Attack, FedEx Temporarily Halts Trading of Its Shares
Quick Hits  |  6/28/2017  | 
An attack at subsidiary TNT Express may disrupt FedEx's push to hit a record-high share price.
Researchers Find 'Vaccine' for Global Ransomware Attack
Quick Hits  |  6/28/2017  | 
A vaccine, not a killswitch, has been discovered to prevent the Petya/NotPetya ransomware from infecting machines.
Defining Security: The Difference Between Safety & Privacy
Commentary  |  6/28/2017  | 
Words matter, especially if you are making a case for new security measures, state-of-the-art technology or personnel.
Massive Skype Zero-Day Enables Remote Crashes
News  |  6/27/2017  | 
A security researcher uncovered a Skype vulnerability that could allow hackers to remotely execute code and crash software if exploited.
Petya Or Not? Global Ransomware Outbreak Hits Europe's Industrial Sector, Thousands More
News  |  6/27/2017  | 
With echoes of WannaCry, infections spread fast. Some security researchers describe malware as variant of Petya; others say it's a brand new sample.
No-Name Security Incidents Caused as Many Tears as WannaCry, Pros Say
Quick Hits  |  6/27/2017  | 
Half of security pros say they've worked just as frantically this year to fix other incidents that the public never heard about.
WannaCry Blame Game: Why Delayed Patching is Not the Problem
Commentary  |  6/27/2017  | 
While post mortems about patching, updating, and backups have some value, the best preventative security controls are increased understanding and knowledge.
Microsoft Integrates EMET into Fall Windows 10 Update
News  |  6/27/2017  | 
The Windows 10 Creators Update, slated to launch this fall, will include components from the Enhanced Mitigation Experience Toolkit (EMET).
Compliance in the Cloud Needs To Be Continuous & Automated
Partner Perspectives  |  6/27/2017  | 
Complex IT environments require timely visibility into risk and compliance.
9 Ways to Protect Your Cloud Environment from Ransomware
Slideshows  |  6/27/2017  | 
The same technology driving faster collaboration and data transfer also enables cybercriminals to quickly spread ransomware.
Anthem Agrees to $115 Million Settlement for 2015 Breach
Quick Hits  |  6/26/2017  | 
If approved, it will dwarf settlements paid by Target, Home Depot, and Ashley Madison.
FBI Highlights BEC, Tech Support Scams, Ransomware Concerns
News  |  6/26/2017  | 
The 2016 Internet Crime Report found tech support fraud, business email compromise, and ransomware were major fraud categories last year.
Look, But Don't Touch: One Key to Better ICS Security
News  |  6/26/2017  | 
Better visibility is essential to improving the cybersecurity of industrial control systems and critical infrastructure, but the OT-IT cultural divide must be united.
Recovering from Bad Decisions in the Cloud
Commentary  |  6/26/2017  | 
The cloud makes it much easier to make changes to security controls than in traditional networks.
Virginia Consultant Charged with Espionage
Quick Hits  |  6/23/2017  | 
Federal authorities charged a consultant with espionage for transmitting top secret and secret documents to China.
Android Marcher Variant Makes Rounds as Adobe Flash Player Update
Quick Hits  |  6/23/2017  | 
Zscaler researchers discover a new variant of the Android Marcher malware, which aims to steal online banking credentials and credit card information.
$12B in Fraud Loss Came from Data Breach Victims in 2016
Quick Hits  |  6/23/2017  | 
Three-quarters of the total fraud losses for 2016 arose from victims who had been victims of a data breach within the previous six years.
RAT Vulnerabilities Turn Hackers into Victims
News  |  6/23/2017  | 
A small number of Remote Administration Tools have vulnerabilities which can enable attack targets to turn the tables on threat actors.
Threat Intelligence Sharing: The New Normal?
Commentary  |  6/23/2017  | 
The spirit of cooperation seems to be taking hold as demonstrated by the growing number of thriving services and organizations whose sole purpose is to analyze specific threats against specific communities.
Talking Cyber-Risk with Executives
Partner Perspectives  |  6/23/2017  | 
Explaining risk can be difficult since CISOs and execs dont speak the same language. The key is to tailor your message for the audience.
8 Hot Hacking Tools to Come out of Black Hat USA
Slideshows  |  6/23/2017  | 
High-impact tools for white hats that will be revealed and released next month at Black Hat USA in Las Vegas.
'GhostHook' Foils Windows 10 64-bit's Kernel Protection
News  |  6/22/2017  | 
Microsoft says an attacker needs kernel-level access before they can use the 'GhostHook' technique to install a rootkit.
Nuclear Plants, Hospitals at Risk of Hacked Radiation Monitoring Devices
News  |  6/22/2017  | 
Security researcher discovers major security flaws that can't be patched or fixed.
Two Arrested for Microsoft Network Intrusion
Quick Hits  |  6/22/2017  | 
UK authorities arrest two men for allegedly breaking into Microsoft's network with the intent to steal customer data from the software giant.
Most General Counsels Fret over Data Security
Quick Hits  |  6/22/2017  | 
An overwhelming percentage of in-house attorneys say cyberattacks and the impact on their business keeps them up at night, a recent survey shows.
Cloud Security Lessons from the Voter Data Leak
News  |  6/22/2017  | 
A poorly configured Amazon S3 bucket that led to a massive data leak could easily happen to any organization not adopting proper cloud security measures.
KPMG: Cybersecurity Has Reached a Tipping Point from Tech to CEO Business Issue
Commentary  |  6/22/2017  | 
Still, a majority of US-based chief execs say they will be maintaining and not investing in security technology over the next three years, a recent study shows.
WannaCry? Youre Not Alone: The 5 Stages of Security Grief
Commentary  |  6/22/2017  | 
As breach after breach hits the news, security professionals cope with the classic experiences of denial, anger, bargaining, depression, and acceptance.
'Stack Clash' Smashed Security Fix in Linux
News  |  6/21/2017  | 
Linux, OpenBSD, Free BSD, Solaris security updates available to thwart newly discovered attack by researchers.
WannaCry Forces Honda to Take Production Plant Offline
News  |  6/21/2017  | 
Work on over 1,000 vehicles affected at automaker's Sayama plant in Japan while systems were restored.
Russian Hackers Focused on Election Systems in 21 States
Quick Hits  |  6/21/2017  | 
A Department of Homeland Security official testified today that hackers tied to the Russian government attempted to infiltrate election systems in nearly two dozen states.
Consumer Businesses Have False Confidence in their Security: Deloitte
Quick Hits  |  6/21/2017  | 
Consumer business executives are confident in their ability to respond to cyberattacks but fail to document and test response plans.
The Folly of Vulnerability & Patch Management for ICS Networks
Commentary  |  6/21/2017  | 
Yes, such efforts matter. But depending on them can give a false sense of security.
Dark Reading INsecurity Conference Registration Now Open
Commentary  |  6/21/2017  | 
November event will focus on attendee interaction, "blue team" best practices.
Trusted IDs Gain Acceptance in Smart Building Environment
Quick Hits  |  6/20/2017  | 
A majority of survey respondents believe identities can be connected across multiple systems and devices through a single ID card or mobile phone.
Page 1 / 3   >   >>


Small Business Security: 5 Tips on How and Where to Start
Mike Puglia, Chief Strategy Officer at Kaseya,  2/13/2020
Architectural Analysis IDs 78 Specific Risks in Machine-Learning Systems
Jai Vijayan, Contributing Writer,  2/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9308
PUBLISHED: 2020-02-20
archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact.
CVE-2019-20479
PUBLISHED: 2020-02-20
A flaw was found in mod_auth_openidc before version 2.4.1. An open redirect issue exists in URLs with a slash and backslash at the beginning.
CVE-2011-2498
PUBLISHED: 2020-02-20
The Linux kernel from v2.3.36 before v2.6.39 allows local unprivileged users to cause a denial of service (memory consumption) by triggering creation of PTE pages.
CVE-2012-2629
PUBLISHED: 2020-02-20
Multiple cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities in Axous 1.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator account via an addnew action to admin/administrators_add.php; or (2) c...
CVE-2014-3484
PUBLISHED: 2020-02-20
Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact via an invalid name length in a DNS response or (2) cause a denial of service (crash) via an invalid ...