Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in June 2017
<<   <   Page 2 / 4   >   >>
False Positives Have Real Consequences
News Analysis-Security Now  |  6/22/2017  | 
False positives are more than just annoying – they can seriously disrupt your cybersecurity efforts.
WannaCry? Youre Not Alone: The 5 Stages of Security Grief
Commentary  |  6/22/2017  | 
As breach after breach hits the news, security professionals cope with the classic experiences of denial, anger, bargaining, depression, and acceptance.
'Stack Clash' Smashed Security Fix in Linux
News  |  6/21/2017  | 
Linux, OpenBSD, Free BSD, Solaris security updates available to thwart newly discovered attack by researchers.
WannaCry Forces Honda to Take Production Plant Offline
News  |  6/21/2017  | 
Work on over 1,000 vehicles affected at automaker's Sayama plant in Japan while systems were restored.
Russian Hackers Focused on Election Systems in 21 States
Quick Hits  |  6/21/2017  | 
A Department of Homeland Security official testified today that hackers tied to the Russian government attempted to infiltrate election systems in nearly two dozen states.
Nothing's Certain, Except Death, Taxes... & Phishing
News Analysis-Security Now  |  6/21/2017  | 
Recent phishing attacks could mean that a tax bill is the least of your government revenue issues.
Consumer Businesses Have False Confidence in their Security: Deloitte
Quick Hits  |  6/21/2017  | 
Consumer business executives are confident in their ability to respond to cyberattacks but fail to document and test response plans.
The Folly of Vulnerability & Patch Management for ICS Networks
Commentary  |  6/21/2017  | 
Yes, such efforts matter. But depending on them can give a false sense of security.
Dark Reading INsecurity Conference Registration Now Open
Commentary  |  6/21/2017  | 
November event will focus on attendee interaction, "blue team" best practices.
Trusted IDs Gain Acceptance in Smart Building Environment
Quick Hits  |  6/20/2017  | 
A majority of survey respondents believe identities can be connected across multiple systems and devices through a single ID card or mobile phone.
Organizations Are Detecting Intrusions More Quickly
News  |  6/20/2017  | 
But almost every other metric in Trustwave's 2017 global cybersecurity report card is headed in the wrong direction.
Data Breach Costs Drop Globally But Increase in US
News  |  6/20/2017  | 
The average total cost of a data breach declined 10% year-over-year around the world, but in the US edged upward by 5%.
Apple iOS Threats Fewer Than Android But More Deadly
News  |  6/20/2017  | 
Data leakage and corruption haunt iOS and Android mobile apps the most, a new study shows.
Feds Call on Contractors to Play Ball in Mitigating Insider Threats
Commentary  |  6/20/2017  | 
It's said that you're only as strong as your weakest player. That's as true in security as it is in sports.
Cost of Cyber Breach Goes Down for Some
Curt Franklin  |  6/20/2017  | 
The cost of dealing with a cyber breach went down last year, but not for everyone. Were you on the lucky side of the equation?
Cloud Security & the Power of Shared Responsibility
Partner Perspectives  |  6/20/2017  | 
When you and your CSP jointly embrace the shared security responsibility model you can achieve greater success than you or your provider can achieve alone.
Cybersecurity Fact vs. Fiction
Commentary  |  6/20/2017  | 
Based on popular media, it's easy to be concerned about the security of smart cars, homes, medical devices, and public utilities. But how truly likely are such attacks?
RNC Voter Data on 198 Million Americans Exposed in the Cloud
News  |  6/19/2017  | 
One of the largest known US voter data leaks compromised personal information via an unsecured public-storage cloud account set up on behalf of the Republican National Committee.
Rise of Nation State Threats: How Can Businesses Respond?
News  |  6/19/2017  | 
Cybersecurity experts discuss nation-state threats of greatest concerns, different types of attacks, and how organization can prepare.
Deciphering the Threat Landscape
News Analysis-Security Now  |  6/19/2017  | 
Why do we continue to see so many cyberbreaches? If we look at why many of the breaches in the past year have occurred, it comes down to three major factors.
Microsoft, Accenture Team up on Blockchain for Digital ID Network
Quick Hits  |  6/19/2017  | 
Microsoft and Accenture use blockchain tech to build a digital ID network, which will help give legal identification to 1.1 billion people without official documents.
What Security Threat Keeps You Up at Night?
Curt Franklin  |  6/19/2017  | 
Which security threat is causing the most new wrinkles to appear on your face? Security Now wants to know.
Accused Yahoo Hacker May Comply with US Extradition
Quick Hits  |  6/19/2017  | 
A Canadian hacker accused of collaborating with Russian cybercriminals in the 2014 Yahoo breach, may waive his right to fight US extradition.
Major Websites Vulnerable to their Own Back-End Servers
News  |  6/19/2017  | 
DoD, other websites found with back-end server flaws and misconfigurations that could give attackers an entryway to internal networks, researcher will demonstrate at Black Hat USA next month.
Invisible Invaders: Why Detecting Bot Attacks Is Becoming More Difficult
Commentary  |  6/19/2017  | 
Traditional methods can't block the latest attackers, but a behavioral approach can tell the difference between bots and humans.
Hacker Bypasses Microsoft ATA for Admin Access
News  |  6/16/2017  | 
Microsoft's Advanced Threat Analytics defense platform can be cheated, a researcher will show at Black Hat USA next month.
Forrester: Rapid Cloud Adoption Drives Demand for Security Tools
News  |  6/16/2017  | 
Cloud services revenue is poised to skyrocket from $114 billion in 2016 to $236 billion by 2020, driving the market for products to secure data in the cloud.
Engineer Sentenced to Prison for Hacking Utility, Disabling Water Meter-Readers
Quick Hits  |  6/16/2017  | 
A Pennsylvania man is sentenced to more than a year in prison after hacking into a remote water meter reading system run by his former employer.
FIN10 Threat Actors Hack and Extort Canadian Mining, Casino Industries
News  |  6/16/2017  | 
Previously unknown threat actor has extracted hundreds of thousands of dollars from Canadian companies in a vicious cyberattack campaign that dates back to 2013, FireEye says.
Lack of Experience Biggest Obstacle for InfoSec Career
Quick Hits  |  6/16/2017  | 
A majority of wanna-be infosec professionals find they need more experience to be a contender to enter this career, according to a recent Tripwire poll.
Why Your AppSec Program Is Doomed to Fail & How to Save It
Commentary  |  6/16/2017  | 
With these measures in place, organizations can avoid common pitfalls.
Android Security Apps for BYOD Users
Slideshows  |  6/16/2017  | 
A look at 8 security apps that experts recommend for Android.
NSA Reportedly Confident North Korea Was Behind WannaCry
News  |  6/15/2017  | 
But some say no evidence exists to unequivocally pin blame for attacks on Pyongyang.
Samsung KNOX Takes Some Knocks
News  |  6/15/2017  | 
Researcher at Black Hat USA will reveal Samsung KNOX 2.6 vulnerabilities and bypass techniques, and notes that new KNOX 2.8 may be at risk as well.
1 Million Endpoints Exposed on Public Internet via Microsoft File-Sharing Services
News  |  6/15/2017  | 
Research on global Internet security posture found endpoints leaving Microsoft SMB file-sharing systems wide open online, a finding that explains the rapid spread of WannaCry, Rapid7 says.
Climbing the Security Maturity Ladder in Cloud
Commentary  |  6/15/2017  | 
These five steps will insure that you achieve the broadest coverage for onboarding your most sensitive workloads.
Most Organizations Not Satisfied with Threat Intelligence
Quick Hits  |  6/15/2017  | 
Information Security Forum survey finds just one quarter of companies surveyed say threat intelligence technology is delivering on its promise.
Cyber Insurance: Read the Fine Print!
Partner Perspectives  |  6/15/2017  | 
Applying for insurance is a grueling process involving detailed questionnaires and lengthy technical interviews that can still leave you without an adequate safety net.
Trumps Executive Order: What It Means for US Cybersecurity
Commentary  |  6/15/2017  | 
The provisions are all well and good, but its hardly the first time theyve been ordered by the White House.
Malware Incidents at US SMBs Spiked 165% in Q1
News  |  6/15/2017  | 
Texas-based SMBs suffered the most malware attack attempts in the first quarter while those in Arizona had the biggest year-over-year increase, according to new Malwarebytes report.
Hospital Email Security in Critical Condition as DMARC Adoption Lags
News  |  6/14/2017  | 
Healthcare providers put patient data at risk by failing to protect their email domains with DMARC adoption.
US Warns of North Korea's Not-So-Secret 'Hidden Cobra' DDoS Botnet
News  |  6/14/2017  | 
Reclusive government behind DDoS infrastructure is targeting organizations around the world US-CERT says.
Microsoft Security Updates Include Windows XP, Server 2003
News  |  6/14/2017  | 
Microsoft extends its monthly security updates to respond to a rise in cyberattacks and fix serious flaws in Windows XP and Windows Server 2003.
By the Numbers: Parsing the Cybersecurity Challenge
Commentary  |  6/14/2017  | 
Why your CEO should rethink company security priorities in the drive for digital business growth.
Ex-CIA Director Brennan Warns of More Collaboration Between Nation-States and Cybercriminals
News  |  6/14/2017  | 
Former CIA head said retaliatory hacking options 'actively being discussed in government circles.'
Survey: 58% of Security and Development Teams Play Nice
Quick Hits  |  6/14/2017  | 
Despite frequent talk of tension between software development and security teams, it turns out more than half of organizations surveyed have these two groups collaborating.
Machine Learning Is the Next Great Security Weapon
News Analysis-Security Now  |  6/14/2017  | 
Enlisting machines will help level the playing field in the battle for enterprise cybersecurity.
How Smart Cities Can Minimize the Threat of Cyberattacks
Commentary  |  6/14/2017  | 
As cities face the digital future, governments must prioritize cybersecurity protocols to mitigate attacks that could cripple entire communities.
Relentless Attackers Try Over 100,000 Times Before They Breach a System
News  |  6/14/2017  | 
New report from startup tCell shows XSS attempts a noisy reminder of the overwhelming scale of automated attack techniques.
Europol Operation Busts Payment Card Identity Theft Ring
News  |  6/13/2017  | 
Members of an international crime ring of payment card skimmers who stole more than $500,000 were arrested by a joint multi-national law enforcement operation.
<<   <   Page 2 / 4   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24028
PUBLISHED: 2021-04-14
An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.
CVE-2021-29370
PUBLISHED: 2021-04-13
A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website.
CVE-2021-3460
PUBLISHED: 2021-04-13
The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.
CVE-2021-3462
PUBLISHED: 2021-04-13
A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.
CVE-2021-3463
PUBLISHED: 2021-04-13
A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error.