News & Commentary

Content posted in June 2017
Page 1 / 3   >   >>
8 Things Every Security Pro Should Know About GDPR
Slideshows  |  6/30/2017  | 
Organizations that handle personal data on EU citizens will soon need to comply with new privacy rules. Are you ready?
8tracks Hit With Breach of 18 Million Accounts
Quick Hits  |  6/30/2017  | 
Hackers attack Internet radio user database, gaining access to email addresses and encrypted passwords.
Vulnerabilities Found in German e-Government Communication Library
Quick Hits  |  6/30/2017  | 
Researchers find critical flaws in secure communications protocol used in areas including population registration, justice and public health systems.
US Tech Companies Argued to Maintain Russia Spy Agency Ties
Quick Hits  |  6/30/2017  | 
US technology companies lobbied the US government to create exceptions for a ban on business relationships with Russia's Federal Security Service.
The Case for Crowdsourcing Security Buying Decisions
Commentary  |  6/30/2017  | 
Why our industry needs a sharing platform with open and transparent access to peer knowledge, meaningful metrics, and transparency around security products and services
Decrypting the Motivations Behind NotPetya/ExPetr/GoldenEye
News  |  6/29/2017  | 
Experts discuss the methods and targets involved in this week's massive malware outbreak to figure out what motivated attackers.
Kaspersky Lab Faces More U.S. Scrutiny Over Potential Russian Govt. Influence
News  |  6/29/2017  | 
Lawmaker proposes ban on DoD use of Moscow-based security vendor's products.
Hacking Factory Robot Arms for Sabotage, Fun & Profit
News  |  6/29/2017  | 
Black Hat talk will discuss how hackers could take over robotic arms, create micro-defects in products, and open up a new world of subtle blackmail.
Doxing, DoS & Defacement: Todays Mainstream Hacktivism Tools
Partner Perspectives  |  6/29/2017  | 
Anyone can get angry at you and become a hacktivist. Heres how to protect your organization from these increasingly common cyber attacks.
Why Enterprise Security Needs a New Focus
Commentary  |  6/29/2017  | 
The WannaCry ransomware attack shows patching and perimeter defenses aren't enough. Enterprises should combine preventative measures with threat detection tactics.
IoT Vulns Draw Biggest Bug Bounty Payouts
News  |  6/29/2017  | 
As bug bounty programs become more popular outside of the technology sector, IoT vulnerabilities are yielding the highest payouts for bug hunters, according to two reports released Wednesday.
How To (And Not To) Make the Online Trust Honor Roll
Slideshows  |  6/29/2017  | 
Five websites generated the highest score in their sector for the 2017 Online Trust Audit & Honor Roll. Here is what it takes to get there and be listed among the Online Trust Alliance's Top 50
$71 Million Restitution Owed for Hacking, Fraud Scheme
Quick Hits  |  6/28/2017  | 
Convicted money launderer Muhammad Sohail Qasmani is sentenced to 4 years in prison, and will share the hefty payout with other co-conspirators convicted in the conspiracy.
Half of Ransomware Victims Suffer Repeat Attacks
News  |  6/28/2017  | 
Half of ransomware victims are likely to get hit again as threat actors change their strategies to target servers and accelerate the spread of ransomware.
Telegram Agrees to Register Messaging App With Russia
Quick Hits  |  6/28/2017  | 
The messaging app company will comply with Russia's registration mandate but not share confidential user data, founder says.
After Cyber Attack, FedEx Temporarily Halts Trading of Its Shares
Quick Hits  |  6/28/2017  | 
An attack at subsidiary TNT Express may disrupt FedEx's push to hit a record-high share price.
Researchers Find 'Vaccine' for Global Ransomware Attack
Quick Hits  |  6/28/2017  | 
A vaccine, not a killswitch, has been discovered to prevent the Petya/NotPetya ransomware from infecting machines.
Defining Security: The Difference Between Safety & Privacy
Commentary  |  6/28/2017  | 
Words matter, especially if you are making a case for new security measures, state-of-the-art technology or personnel.
Massive Skype Zero-Day Enables Remote Crashes
News  |  6/27/2017  | 
A security researcher uncovered a Skype vulnerability that could allow hackers to remotely execute code and crash software if exploited.
Petya Or Not? Global Ransomware Outbreak Hits Europe's Industrial Sector, Thousands More
News  |  6/27/2017  | 
With echoes of WannaCry, infections spread fast. Some security researchers describe malware as variant of Petya; others say it's a brand new sample.
No-Name Security Incidents Caused as Many Tears as WannaCry, Pros Say
Quick Hits  |  6/27/2017  | 
Half of security pros say they've worked just as frantically this year to fix other incidents that the public never heard about.
WannaCry Blame Game: Why Delayed Patching is Not the Problem
Commentary  |  6/27/2017  | 
While post mortems about patching, updating, and backups have some value, the best preventative security controls are increased understanding and knowledge.
Microsoft Integrates EMET into Fall Windows 10 Update
News  |  6/27/2017  | 
The Windows 10 Creators Update, slated to launch this fall, will include components from the Enhanced Mitigation Experience Toolkit (EMET).
Compliance in the Cloud Needs To Be Continuous & Automated
Partner Perspectives  |  6/27/2017  | 
Complex IT environments require timely visibility into risk and compliance.
9 Ways to Protect Your Cloud Environment from Ransomware
Slideshows  |  6/27/2017  | 
The same technology driving faster collaboration and data transfer also enables cybercriminals to quickly spread ransomware.
Anthem Agrees to $115 Million Settlement for 2015 Breach
Quick Hits  |  6/26/2017  | 
If approved, it will dwarf settlements paid by Target, Home Depot, and Ashley Madison.
FBI Highlights BEC, Tech Support Scams, Ransomware Concerns
News  |  6/26/2017  | 
The 2016 Internet Crime Report found tech support fraud, business email compromise, and ransomware were major fraud categories last year.
Look, But Don't Touch: One Key to Better ICS Security
News  |  6/26/2017  | 
Better visibility is essential to improving the cybersecurity of industrial control systems and critical infrastructure, but the OT-IT cultural divide must be united.
Recovering from Bad Decisions in the Cloud
Commentary  |  6/26/2017  | 
The cloud makes it much easier to make changes to security controls than in traditional networks.
Virginia Consultant Charged with Espionage
Quick Hits  |  6/23/2017  | 
Federal authorities charged a consultant with espionage for transmitting top secret and secret documents to China.
Android Marcher Variant Makes Rounds as Adobe Flash Player Update
Quick Hits  |  6/23/2017  | 
Zscaler researchers discover a new variant of the Android Marcher malware, which aims to steal online banking credentials and credit card information.
$12B in Fraud Loss Came from Data Breach Victims in 2016
Quick Hits  |  6/23/2017  | 
Three-quarters of the total fraud losses for 2016 arose from victims who had been victims of a data breach within the previous six years.
RAT Vulnerabilities Turn Hackers into Victims
News  |  6/23/2017  | 
A small number of Remote Administration Tools have vulnerabilities which can enable attack targets to turn the tables on threat actors.
Talking Cyber-Risk with Executives
Partner Perspectives  |  6/23/2017  | 
Explaining risk can be difficult since CISOs and execs dont speak the same language. The key is to tailor your message for the audience.
Threat Intelligence Sharing: The New Normal?
Commentary  |  6/23/2017  | 
The spirit of cooperation seems to be taking hold as demonstrated by the growing number of thriving services and organizations whose sole purpose is to analyze specific threats against specific communities.
8 Hot Hacking Tools to Come out of Black Hat USA
Slideshows  |  6/23/2017  | 
High-impact tools for white hats that will be revealed and released next month at Black Hat USA in Las Vegas.
'GhostHook' Foils Windows 10 64-bit's Kernel Protection
News  |  6/22/2017  | 
Microsoft says an attacker needs kernel-level access before they can use the 'GhostHook' technique to install a rootkit.
Nuclear Plants, Hospitals at Risk of Hacked Radiation Monitoring Devices
News  |  6/22/2017  | 
Security researcher discovers major security flaws that can't be patched or fixed.
Two Arrested for Microsoft Network Intrusion
Quick Hits  |  6/22/2017  | 
UK authorities arrest two men for allegedly breaking into Microsoft's network with the intent to steal customer data from the software giant.
Most General Counsels Fret over Data Security
Quick Hits  |  6/22/2017  | 
An overwhelming percentage of in-house attorneys say cyberattacks and the impact on their business keeps them up at night, a recent survey shows.
Cloud Security Lessons from the Voter Data Leak
News  |  6/22/2017  | 
A poorly configured Amazon S3 bucket that led to a massive data leak could easily happen to any organization not adopting proper cloud security measures.
KPMG: Cybersecurity Has Reached a Tipping Point from Tech to CEO Business Issue
Commentary  |  6/22/2017  | 
Still, a majority of US-based chief execs say they will be maintaining and not investing in security technology over the next three years, a recent study shows.
WannaCry? Youre Not Alone: The 5 Stages of Security Grief
Commentary  |  6/22/2017  | 
As breach after breach hits the news, security professionals cope with the classic experiences of denial, anger, bargaining, depression, and acceptance.
'Stack Clash' Smashed Security Fix in Linux
News  |  6/21/2017  | 
Linux, OpenBSD, Free BSD, Solaris security updates available to thwart newly discovered attack by researchers.
WannaCry Forces Honda to Take Production Plant Offline
News  |  6/21/2017  | 
Work on over 1,000 vehicles affected at automaker's Sayama plant in Japan while systems were restored.
Russian Hackers Focused on Election Systems in 21 States
Quick Hits  |  6/21/2017  | 
A Department of Homeland Security official testified today that hackers tied to the Russian government attempted to infiltrate election systems in nearly two dozen states.
Consumer Businesses Have False Confidence in their Security: Deloitte
Quick Hits  |  6/21/2017  | 
Consumer business executives are confident in their ability to respond to cyberattacks but fail to document and test response plans.
The Folly of Vulnerability & Patch Management for ICS Networks
Commentary  |  6/21/2017  | 
Yes, such efforts matter. But depending on them can give a false sense of security.
Dark Reading INsecurity Conference Registration Now Open
Commentary  |  6/21/2017  | 
November event will focus on attendee interaction, "blue team" best practices.
Trusted IDs Gain Acceptance in Smart Building Environment
Quick Hits  |  6/20/2017  | 
A majority of survey respondents believe identities can be connected across multiple systems and devices through a single ID card or mobile phone.
Page 1 / 3   >   >>


Microsoft President: Governments Must Cooperate on Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/8/2018
To Click or Not to Click: The Answer Is Easy
Kowsik Guruswamy, Chief Technology Officer at Menlo Security,  11/14/2018
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19279
PUBLISHED: 2018-11-14
PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD devices may be greater.
CVE-2018-19280
PUBLISHED: 2018-11-14
Centreon 3.4.x has XSS via the resource name or macro expression of a poller macro.
CVE-2018-19281
PUBLISHED: 2018-11-14
Centreon 3.4.x allows SNMP trap SQL Injection.
CVE-2018-17960
PUBLISHED: 2018-11-14
CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste.
CVE-2018-19278
PUBLISHED: 2018-11-14
Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed lengt...