Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in June 2018
Page 1 / 4   >   >>
Natural Language Processing Fights Social Engineers
News  |  6/29/2018  | 
Instead of trying to detect social engineering attacks based on a subject line or URL, a new tool conducts semantic analysis of text to determine malicious intent.
Equifax Software Manager Charged with Insider Trading
Quick Hits  |  6/29/2018  | 
Sudhakar Reddy Bonthu used insider information about the company's 2017 data breach to profit in stock transaction.
Why Sharing Intelligence Makes Everyone Safer
Commentary  |  6/29/2018  | 
Security teams must expand strategies to go beyond simply identifying details tied to a specific threat to include context and information about attack methodologies.
Adidas US Website Hit by Data Breach
Quick Hits  |  6/29/2018  | 
The athletic apparel firm was hacked and data on potentially 'millions' of customers now at risk.
The 6 Worst Insider Attacks of 2018 So Far
Slideshows  |  6/29/2018  | 
Stalkers, fraudsters, saboteurs, and all nature of malicious insiders have put the hurt on some very high-profile employers.
Mobile Malware Group Hits Google Play a Third Time
Jeffrey Burt  |  6/29/2018  | 
McAfee researchers found that AsiaHitGroup earlier this year again targeted Android device users in Asia with a bulked-up Sonvpay campaign complete with silent push notifications.
'Bad Bots' Invading Cellular Networks
Larry Loeb  |  6/29/2018  | 
A new research paper from Distil Networks finds that 'bad bots' are roaming cellular networks and are using these gateways as part of numerous attacks.
Botnets Evolving to Mobile Devices
News  |  6/28/2018  | 
Millions of mobile devices are now making requests in what's described as "an attack on the economy."
There's No Automating Your Way Out of Security Hiring Woes
News  |  6/28/2018  | 
Call it the paradox of cybersecurity automation: It makes your staff more productive but takes more quality experts to make it work.
65% of Resold Memory Cards Still Pack Personal Data
News  |  6/28/2018  | 
Analyzed cards, mainly from smartphones and tablets, contained private personal information, business documentation, audio, video, and photos.
Equifax Agrees to Implement New Security Measures
News Analysis-Security Now  |  6/28/2018  | 
Equifax and eight states have signed an agreement that will have the company implement new security rules, following one of the largest data breaches in history. The news comes as a Florida firm may have exposed the records of millions to the open Internet.
Newly Revealed Exactis Data Leak Bigger Than Equifax's
Quick Hits  |  6/28/2018  | 
Marketing data firm left its massive database open to the Internet.
Ticketmaster UK Warns Thousands of Data Breach
Quick Hits  |  6/28/2018  | 
Customers who bought tickets through the site are advised to check for fraudulent transactions with Uber, Netflix, and Xendpay.
Redefining Security with Blockchain
Commentary  |  6/28/2018  | 
Blockchain offers a proactive approach to secure a new generation of digital platforms and services for both enterprises and individuals.
McAfee: Cybercriminals Improving Techniques as Cryptomining Explodes
Jeffrey Burt  |  6/28/2018  | 
Cybercrime campaigns during the quarter showed that bad actors are improving upon the threats from last year, according to McAfee. Meanwhile, cryptomining schemes continue to skyrocket.
CenturyLink Enhances Log Management for Hybrid Networks
News Analysis-Security Now  |  6/28/2018  | 
CenturyLink's new Security Log Management 2.0 ingests data from multiple types of logs to give greater visibility and protection over cloud and mobile networks.
10 Tips for More Secure Mobile Devices
Slideshows  |  6/27/2018  | 
Mobile devices can be more secure than traditional desktop machines - but only if the proper policies and practices are in place and in use.
Russia, Facebook & Cybersecurity: Combating Weaponized FUD in the Social Media Age
Commentary  |  6/27/2018  | 
It's up to everyone -- users, security pros, government -- to be critical about the online information we encounter.
Coin Miner Malware Spikes 629% in 'Telling' Q1
News  |  6/27/2018  | 
Drastic growth suggests adversaries are learning how they can maximize rewards with minimal effort.
The 3 R's for Surviving the Security Skills Shortage
News  |  6/27/2018  | 
How to recruit, retrain, and retain with creativity and discipline.
Cynicism in Cybersecurity: Confessions of a Recovering Cynic
Commentary  |  6/27/2018  | 
Anyone constantly dealing with complex computer systems teetering on the brink of disaster will likely succumb to the cult of cynicism. These four strategies will help you focus on the positive.
Massive Bot Armies Target the Hospitality Industry
News Analysis-Security Now  |  6/27/2018  | 
Research from Akamai finds that the entire hospitality industry is under assault from armies of bots that are conducting DDOS attacks and attempting to steal data from websites.
Hundreds of Hotels Hit in FastBooking Breach
Quick Hits  |  6/27/2018  | 
The hotel-booking software provider reports an actor stole personal and payment card data of guests from hundreds of properties.
IEEE Calls for Strong Encryption
Quick Hits  |  6/27/2018  | 
Newly issued position statement by the organization declares backdoor and key-escrow schemes could have 'negative consequences.'
Wi-Fi Alliance: WPA3 Standard Will Improve WiFi Security, Encryption
Larry Loeb  |  6/27/2018  | 
After 20 years, the Wi-Fi Alliance has released a new WiFi standard WPA3 which looks to offer greater security and encryption to consumers in the home as well as enterprise networks.
Today! 'Why Cybercriminals Attack,' A Dark Reading Virtual Event
Commentary  |  6/27/2018  | 
Wednesday, June 27, this all-day event starting at 11 a.m. ET, will help you decide who and what you really need to defend against, and how to do it more effectively.
Insider Dangers Are Hiding in Collaboration Tools
News  |  6/26/2018  | 
The casual sharing of sensitive data, such as passwords, is opening the door to malicious insiders.
'Have I Been Pwned' Now Built into Firefox, 1Password
News  |  6/26/2018  | 
Users can search breach data in a new tool called Firefox Monitor and check if passwords have been exposed in 1Password on the Web.
Securing Serverless Apps: 3 Critical Tasks in 3 Days
Commentary  |  6/26/2018  | 
Serverless workloads in the cloud can be as secure as traditional applications with the right processes and tools. The key: start small, scale as your application scales, and involve everyone.
US Announces Arrests in Ghanian Fraud Schemes
Quick Hits  |  6/26/2018  | 
Eight individuals in the US and Ghana are charged with stealing more than $15 million through computer-based fraud.
Fairhair Alliance Building IoT Security Architecture
Quick Hits  |  6/26/2018  | 
A group of companies in the building automation and IoT space is working for a coherent security architecture that incorporates multiple standards.
Secure by Default Is Not What You Think
Commentary  |  6/26/2018  | 
The traditional view of secure by default which has largely been secure out of the box is too narrow. To broaden your view, consider these three parameters.
First Women-Led Cybersecurity Venture Capital Firm Launches
News  |  6/26/2018  | 
Chenxi Wang, former Forrester VP of research and Twistlock executive, heads up Rain Capital, with the intent to also help build new startups.
IBM Spinout Senzing Fights Fraud, Insider Threats With AI
Jeffrey Burt  |  6/26/2018  | 
Senzing, a rare IBM spinout, enables organizations to quickly and easily run through thousands of corporate records to find bad actors that represent a threat to their businesses.
Black Hat Survey: Enterprise Tech, US Government Unprepared for Cyberattacks
News  |  6/26/2018  | 
The 2018 Black Hat Attendee survey reveals worries over the effectiveness of enterprise security technology, and threat to US infrastructure.
Cloud-Based Identity Management Systems: What to Look For
Alan Zeichick  |  6/26/2018  | 
Most of the big cloud players, including Google, Microsoft and AWS, all offer some form of identity and access management. There are plenty of other cloud-based, on-premises IAM systems as well. Here's what you need to look for.
WPA3 Brings New Authentication and Encryption to Wi-Fi
News  |  6/26/2018  | 
The Wi-Fi Alliance officially launches its latest protocol, which offers new capabilities for personal, enterprise, and IoT wireless networks.
Malware in South Korean Cyberattacks Linked to Bithumb Heist
News  |  6/25/2018  | 
Lazarus Group is likely behind a spearphishing campaign containing malicious code to download Manuscrypt malware.
Intel Names Window Snyder as Chief Software Security Officer
News  |  6/25/2018  | 
The microprocessor giant hires security veteran credited with leading both Microsoft's and Apple's security advancements.
Midsized Organizations More Secure Than Large Ones
News  |  6/25/2018  | 
New report offers data and analysis as to why midsized organizations hit a cybersecurity sweet spot in terms of security efficacy.
iOS Hack Lets Attackers Brute Force iPhone, iPad Passcodes
Quick Hits  |  6/25/2018  | 
A vulnerability in Apple's iOS lets anyone with a Lightning cable bypass the passcode entry restriction designed to protect the company's devices.
1.7 Million Phishing Emails Blocked in June: Barracuda Networks
Quick Hits  |  6/25/2018  | 
Brand-name spoofing still a popular tactic to lure victims into giving up their login credentials and payment card information, new data shows.
Phishing Attacks Are Increasing & Gaining in Sophistication
News Analysis-Security Now  |  6/25/2018  | 
Reports from Palo Alto Networks and Barracuda Networks show that different types of phishing attacks are increasing, and becoming more sophisticated and deceptive.
Secure Code: You Are the Solution to Open Sources Biggest Problem
Commentary  |  6/25/2018  | 
Seventy-eight percent of open source codebases examined in a recent study contain at least one unpatched vulnerability, with an average of 64 known vulnerabilities per codebase.
Adware & Cryptomining Remain Top Enterprise Security Threats
Larry Loeb  |  6/25/2018  | 
New research from Morphisec Labs finds that adware remains a consistent if under-reported security problem for many enterprises. At the same time, cryptomining remains the go-to attack for many cybercriminals.
How to Find a Next-Generation Firewall for the Cloud
Alan Zeichick  |  6/25/2018  | 
If you use cloud-based servers for running business applications, you need to protect those servers with a software-based cloud firewall. There are many options, and here's how to choose.
8 Security Tips for a Hassle-Free Summer Vacation
Slideshows  |  6/23/2018  | 
It's easy to let your guard down when you're away. Hackers know that, too.
New Drupal Exploit Mines Monero for Attackers
Quick Hits  |  6/22/2018  | 
A new exploit of a known vulnerability gives an attacker control of the Drupal-hosting server.
Cracking Cortana: The Dangers of Flawed Voice Assistants
News  |  6/22/2018  | 
Researchers at Black Hat USA will show how vulnerabilities in Microsoft's Cortana highlight the need to balance security with convenience.
'Pay Up or Get WannaCry Hit' Extortion Email Spreading
Quick Hits  |  6/22/2018  | 
Sophos warns of a 'protection racket' scam email that threatens to infect victims with the ransomware variant if they don't pay the attackers.
Page 1 / 4   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-42258
PUBLISHED: 2021-10-22
BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include ...
CVE-2020-28968
PUBLISHED: 2021-10-22
Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Configuration module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username input field.
CVE-2020-28969
PUBLISHED: 2021-10-22
Aplioxio PDF ShapingUp 5.0.0.139 contains a buffer overflow which allows attackers to cause a denial of service (DoS) via a crafted PDF file.
CVE-2020-36485
PUBLISHED: 2021-10-22
Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file.
CVE-2020-36486
PUBLISHED: 2021-10-22
Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling.