Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in June 2018
<<   <   Page 2 / 4   >   >>
White House Email Security Faux Pas?
Commentary  |  6/22/2018  | 
The Executive Office of the President isn't complying with the DMARC protocol, but that has fewer implications than some headlines would suggest.
Tesla Lawsuit Claims Insider Breached Company Security
News Analysis-Security Now  |  6/22/2018  | 
Tesla has filed a lawsuit against a former employee, claiming he violated company policies, damaged equipment and stole data. The truth is more complicated but the incident shows the threats insiders can pose.
Google, Roku, Sonus Rush Out Patches for DNS Vulnerability
Larry Loeb  |  6/22/2018  | 
DNS rebinding might be ancient in security terms, but it's scary enough that Google, Roku and Sonos rushed through patches to address recent concerns.
Destructive Nation-State Cyberattacks Will Rise
News  |  6/21/2018  | 
More than 90 percent of respondents in a Tripwire survey in Europe expect attacks by state-sponsored threat actors to increase in the next 12 months.
Four New Vulnerabilities in Phoenix Contact Industrial Switches
Quick Hits  |  6/21/2018  | 
A series of newly disclosed vulnerabilities could allow an attacker to gain control of industrial switches.
Artificial Intelligence & the Security Market
News  |  6/21/2018  | 
A glimpse into how two new products for intrusion detection and entity resolution are using AI to help humans do their jobs.
Click2Gov Breaches Attributed to WebLogic Application Flaw
Quick Hits  |  6/21/2018  | 
At least 10 US cities running Click2Gov software have alerted citizens to a data breach, but it turns out the problem was in the application server.
7 Places Where Privacy and Security Collide
Slideshows  |  6/21/2018  | 
Privacy and security can experience tension at a number of points in the enterprise. Here are seven plus some possibilities for easing the strain.
Templates: The Most Powerful (And Underrated) Infrastructure Security Tool
Commentary  |  6/21/2018  | 
If your team is manually building cloud instances and networks for every application, you're setting yourself up for a data breach.
Microsoft Office: The Go-To Platform for Zero-Day Exploits
News  |  6/21/2018  | 
Malicious Office documents are the weapon of choice among cybercriminals, who use files to access remotely hosted malicious components.
AppSec in the World of 'Serverless'
Commentary  |  6/21/2018  | 
The term 'application security' still applies to 'serverless' technology, but the line where application settings start and infrastructure ends is blurring.
Satori Botnet Targeting D-Link Routers in Latest Attack
News Analysis-Security Now  |  6/21/2018  | 
The Mirai-based Satori botnet is targeting a widely used router and modem device from D-Link in an attack discovered this week, according to an analysis from Radware.
Containers in the Cloud Are Great, but Are They Secure?
Alan Zeichick  |  6/21/2018  | 
Containers are an efficient means to package, deploy and run software in the cloud. There are legitimate security concerns, however.
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
News  |  6/20/2018  | 
Hackers are using the infrastructure, meant to transmit data between applications, for command and control.
China-Based Cyber Espionage Campaign Targets Satellite, Telecom, Defense Firms
News  |  6/20/2018  | 
Threat group Thrip is using three computers based in China to steal data from targeted companies in Southeast Asia and the US, Symantec says.
Inside a SamSam Ransomware Attack
Commentary  |  6/20/2018  | 
Here's how hackers use network tools and stolen identities to turn a device-level compromise into an enterprise-level takedown.
Intel VP Talks Data Security Focus Amid Rise of Blockchain, AI
News  |  6/20/2018  | 
Intel vice president Rick Echevarria discusses the challenges of balancing data security with new technologies like blockchain and artificial intelligence.
Alphabet Launches VirusTotal Monitor to Stop False Positives
Quick Hits  |  6/20/2018  | 
Alphabet's Chronicle security division releases VirusTotal Monitor, a tool for developers to check if their product will be flagged as malware.
Olympic Destroyer Returns With Attacks in Europe
Jeffrey Burt  |  6/20/2018  | 
Kaspersky Labs researchers believe the hackers behind the Olympic Destroyer worm that wreaked havoc at the Winter Olympics are now focusing on organizations that research chemical and biological threats in Europe.
Improving the Adoption of Security Automation
Commentary  |  6/20/2018  | 
Four barriers to automation and how to overcome them.
The Best and Worst Tasks for Security Automation
Slideshows  |  6/20/2018  | 
As with all new tech, there are good times and and bad times to use it. Security experts share which tasks to prioritize for automation.
Cyber Criminals Using Hidden Tunnels to Attack Banks, Financial Institutions
News Analysis-Security Now  |  6/20/2018  | 
A new study from Vecta finds that cyber criminals are using so-called hidden tunnels to carry out sophisticated command and control attacks designed to steal personal data from banks and other financial institutions.
Betabot Trojan Reborn in New Sophisticated Form
Larry Loeb  |  6/20/2018  | 
As far as malware goes, the Betabot Trojan has gone through several different incarnations. However, its latest form might be the most sophisticated and laying the groundwork for an even larger attack.
Mylobot Malware Brings New Sophistication to Botnets
News  |  6/20/2018  | 
The malware pulls together a variety of techniques to gain a foothold and remain undiscovered.
Most Websites and Web Apps No Match for Attack Barrage
News  |  6/19/2018  | 
The average website is attacked 50 times per day, with small businesses especially vulnerable.
Tesla Employee Steals, Sabotages Company Data
News  |  6/19/2018  | 
The electric carmaker is the victim of an "extensive and damaging" insider attack, says CEO Elon Musk.
'Olympic Destroyer' Reappears in Attacks on Europe, Russia
News  |  6/19/2018  | 
The attack group known for targeting the 2018 Winter Olympics has resurfaced in campaigns against European financial and biochem companies.
How to Prepare for 'WannaCry 2.0'
Commentary  |  6/19/2018  | 
It seems inevitable that a more-powerful follow-up to last year's malware attack will hit sooner or later. You'd better get prepared.
Former CIA Engineer Charged with Theft and Transmission of Classified Info
News  |  6/19/2018  | 
Suspect had reportedly been named in Vault 7 leak to WikiLeaks.
CrowdStrike Secures $200M Funding Round
Quick Hits  |  6/19/2018  | 
The new funding round brings the company's valuation to more than $3 billion.
Cisco CPO: Privacy Is Not About Secrecy or Compliance
News  |  6/19/2018  | 
Michelle Dennedy sat down with Dark Reading at the recent Cisco Live event to set the record straight about privacy, regulation, encryption, and more.
5 Tips for Integrating Security Best Practices into Your Cloud Strategy
Commentary  |  6/19/2018  | 
Do 'cloud-first' strategies create a security-second mindset?
Security Analytics Startup Uptycs Raises $10M in Series A
Quick Hits  |  6/19/2018  | 
This round of funding for Uptycs, which runs an osquery-powered analytics platform, was led by ForgePoint Capital and Comcast Ventures.
Blockchain & Cryptocurrency Becoming Greater Security Concerns
News Analysis-Security Now  |  6/19/2018  | 
The rise of schemes targeting cryptocurrencies is starting to raise concerns about blockchain security, according to a new study conducted by McAfee.\r\n
World Cup Penalty: Phishing Campaign Targets Soccer Fans
News Analysis-Security Now  |  6/19/2018  | 
Check Point has uncovered a phishing campaign targeting fans of the FIFA World Cup, with cybercriminals attempting to get people to download a schedule of fixtures and a result tracker that hide malicious software.
Exposed Container Orchestration Systems Putting Many Orgs at Risk
News  |  6/18/2018  | 
More than 22,600 open container orchestration and API management systems discovered on the Internet.
'Wallchart' Phishing Campaign Exploits World Cup Watchers
News  |  6/18/2018  | 
The details on a phishing attack designed to lure soccer fans with a subject line about the World Cup schedule and scoresheet.
Mass. Man Pleads Guilty in ATM Jackpotting Operation
Quick Hits  |  6/18/2018  | 
Citizens Bank ATM and others targeted in the scheme.
F-Secure Buys MWR InfoSecurity
Quick Hits  |  6/18/2018  | 
Finnish endpoint security company buys British security service provider in cash deal.
7 Ways Cybercriminals Are Scamming a Fortune from Cryptocurrencies
Slideshows  |  6/18/2018  | 
Cryptocurrencies, how do hackers love thee? Let us count the ways.
3 Tips for Driving User Buy-in to Security Policies
Commentary  |  6/18/2018  | 
Teaching users why it's important to commit to security controls is a far more effective strategy than simply demanding that they follow them. Here's how.
Is Florida Really Such a Cybersecurity Risk?
Joe Stanganelli  |  6/18/2018  | 
In the wake of a personal-security research report declaring Florida to have the highest level of cybersecurity-risk in the US, a closer look suggests this finding may be neither the most reliable nor the most compelling.
Decades-Old Vulnerability Allows Spoofing of Encryption Tools
Larry Loeb  |  6/18/2018  | 
While GnuPG, Enigmail, GPGTools and python-gnupg have all patched the SigSpoof vulnerability, this old flaw shows how encryption tools can be spoofed.
Trump-Kim Meeting Was a Magnet For Russian Cyberattacks
News  |  6/15/2018  | 
Attacks directed at targets in Singapore went through the roof earlier this week.
Email, Social Media Still Security Nightmares
Quick Hits  |  6/15/2018  | 
Phishing and banking trojans continue to be major threats brought into the enterprise.
Hackers Crack iPhone Defense Built to Block Forensic Tools
Quick Hits  |  6/15/2018  | 
Grayshift, the company behind a system to help police break into iPhones, says it found a workaround for USB Restricted Mode.
Modern Cybersecurity Demands a Different Corporate Mindset
Commentary  |  6/15/2018  | 
Very few organizations have fully incorporated all relevant risks and threats into their current digital strategy, research finds.
Over 300K Cybersecurity Jobs Remain Open in the US, Study Finds
News Analysis-Security Now  |  6/15/2018  | 
A report from CyberSeek finds that there are currently over 300,000 open positions for cybersecurity professionals in the US, which includes more than 13,000 positions in the public sector.
Intel Chips' 'Lazy FP' Vulnerability Could Leak Secure Data
Larry Loeb  |  6/15/2018  | 
A group of security researchers have found a new vulnerability with Intel's chips that can theoretically allow an attack to utilize the 'Lazy FP' state of the process and gain access to sensitive data.
Intel Discloses Yet Another Side Channel Vulnerability
News  |  6/14/2018  | 
Moderate severity Lazy FP restore flaw affects Intel Core-based microprocessors.
<<   <   Page 2 / 4   >   >>


Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20027
PUBLISHED: 2021-06-14
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls.
CVE-2021-32684
PUBLISHED: 2021-06-14
magento-scripts contains scripts and configuration used by Create Magento App, a zero-configuration tool-chain which allows one to deploy Magento 2. In versions 1.5.1 and 1.5.2, after changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec, an...
CVE-2021-34693
PUBLISHED: 2021-06-14
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.
CVE-2021-27887
PUBLISHED: 2021-06-14
Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can then be executed in a victim&acirc;&euro;&trade;s browser. This issue affects: Hitachi ABB Power Grids ...
CVE-2021-27196
PUBLISHED: 2021-06-14
Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the...