Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in June 2018
<<   <   Page 4 / 4
7 Variants (So Far) of Mirai
Slideshows  |  6/7/2018  | 
Mirai is an example of the newest trend in rapidly evolving, constantly improving malware. These seven variants show how threat actors are making bad malware worse.
VPNFilter Malware Targets More Routers Than Originally Thought
News Analysis-Security Now  |  6/7/2018  | 
In an update to its research into the VPNFilter botnet malware, Cisco Talos researchers increased the number of routers that were targeted.
Survey Shows Florida at the Bottom for Consumer Cybersecurity
News  |  6/6/2018  | 
A new survey shows that residents of the Sunshine State engage in more risky behavior than their counterparts in the other 49 states.
VPNFilter Poses Broader Threat Than First Thought; Endpoints At Risk Too
News  |  6/6/2018  | 
New research shows the router and NAS system malware affects more vendor devices as well, Cisco Talos says.
Operation Prowli Hits 40K with Traffic Monetization, Cryptomining
News  |  6/6/2018  | 
The campaign targets services including Drupal CMS sites, DSL modems, vulnerable IoT devices, and servers with an open SSH port.
DOD Looks to the Cloud for Browser Security
Commentary  |  6/6/2018  | 
The US Department of Defense just published its cloud browser strategy. What's yours?
Five Indicted for Conning Target, Shoppers Out of Nearly $800K
Quick Hits  |  6/6/2018  | 
Members of a fraud ring were charged with compromising Target's internal gift-card system and defrauding customers out of almost $800,000.
Tax-Season Malware Campaign Delivers Trojan Via Email
Quick Hits  |  6/6/2018  | 
A new example of a long-term phenomenon delivers a banking trojan via a downloader activated by a URL in a phishing email.
'Strutting' Past the Equifax Breach: Lessons Learned
Commentary  |  6/6/2018  | 
In hindsight, there were two likely causes for last year's massive breach: the decision to use Apache Struts, and a failure to patch in a timely fashion. Both are still a recipe for disaster.
MyHeritage Data Breach of 92M Accounts Raises Many Questions
News Analysis-Security Now  |  6/6/2018  | 
After being contacted by a security researcher, MyHeritage announced that as many as 92 million of its accounts may have been compromised. However, there are more questions that need to be asked about this data breach.
Microsoft's GitHub Deal: Following Developers & Security Into the Cloud
Larry Loeb  |  6/6/2018  | 
Microsoft's $7.5 billion deal for GitHub this week means different things to different people, but for Redmond, it's all about developers, cloud and securing all that data. And that's not a bad thing.
Financial Services Organizations Face More Sophisticated Threats Than Others
News  |  6/5/2018  | 
With companies in the financial sector getting better at blocking ordinary threats, attackers have begun going after them with more sophisticated malware, Lastline says.
CrowdStrike Launches $1 Million Security Breach Warranty
News  |  6/5/2018  | 
Covers all costs of a data breach that occurs within the systems protected by its EPP Complete endpoint security service.
Dark Web Marketplaces Dissolve Post-AlphaBay, Hansa Takedown
News  |  6/5/2018  | 
Cybercrime marketplaces reshape into smaller forums and individual chats as threat actors find new ways to evade law enforcement.
Panorays Debuts With $5 Million Investment
Quick Hits  |  6/5/2018  | 
Panorays, a company focusing on third-party security issues for the enterprise, has exited stealth mode.
'EFAIL' Is Why We Cant Have Golden Keys
Commentary  |  6/5/2018  | 
A deep dive into the issues surrounding an HTML email attack.
The Breach Disclosure Double Standard
News  |  6/5/2018  | 
Cybersecurity pros expect to be notified immediately when they're breached, but most don't do the same and some even cover up breaches.
I, for One, Welcome Our Robotic Security Overlords
Commentary  |  6/5/2018  | 
Automation will come in more subtle ways than C-3PO and it's transforming cybersecurity.
North Korean-Linked Group Stops Targeting US Ahead of Summit
News Analysis-Security Now  |  6/5/2018  | 
Covellite, which has been linked to North Korea, has stopped targeting facilities in the US and other parts of North America ahead of a planned summit later this month.
MyHeritage Alerts Users to Data Breach
Quick Hits  |  6/5/2018  | 
A researcher found email addresses and hashed passwords of nearly 92.3 million users stored on a server outside MyHeritage.
Dark Reading Launches Second INsecurity Conference
News  |  6/5/2018  | 
To be held in Chicago Oct. 23-25, defense-focused conference will feature closed-door discussions, co-resident Black Hat Training sessions
10 Open Source Security Tools You Should Know
Slideshows  |  6/5/2018  | 
Open source tools can be the basis for solid security and intense learning. Here are 10 you should know about for your IT security toolkit.
Researcher Successfully Hacked In-Flight Airplanes - From the Ground
News  |  6/5/2018  | 
IOActive researcher will demonstrate at Black Hat USA how satellite equipment can be 'weaponized.'
Security Pros Have Double Standards When It Comes to Breaches
News Analysis-Security Now  |  6/5/2018  | 
Security professionals are eager to know more about data breaches, except in their own organizations, where mum's the word, according to a new report.
Trojan Campaign Uses US & North Korea Summit to Lure Victims
Jeffrey Burt  |  6/5/2018  | 
The hackers behind the NavRAT malware are targeting South Koreans with a spear-phishing effort that refers to the upcoming meeting between the US and North Korean leaders, Talso says.
US-North Korea Summit News Used as Lure In New Malware Campaign
News  |  6/4/2018  | 
Previously known threat actor Group 123 likely behind NavRAT malware, security vendor says.
Phishing Scams Target FIFA World Cup Attendees
Quick Hits  |  6/4/2018  | 
Soccer-themed emails and Web pages target fans with fake giveaways and the chance to snag overpriced, illegitimate 'guest tickets.'
Web Application Firewalls Adjust to Secure the Cloud
News  |  6/4/2018  | 
Cloud-based WAFs protect applications without the costs and complexity of on-prem hardware. Here's what to keep in mind as you browse the growing market.
Fortinet Completes Bradford Networks Purchase
Quick Hits  |  6/4/2018  | 
NAC and security firm added to Fortinet's portfolio.
Building a Safe, Efficient, Cost-Effective Security Infrastructure
Commentary  |  6/4/2018  | 
The Industrial Internet of Things allows organizations to address both physical and digital security concerns.
Invisible Network Attacks: Good Encryption vs. Bad Encryption
Joe Stanganelli  |  6/4/2018  | 
Enterprise IT networks represent an encrypted two-way street; just as encryption is a critical defensive measure, network attackers are increasingly relying upon encrypting the malicious network traffic that they send out so as to mask their do-baddery.
RIG Exploit Finds New Home in Cryptomining
Larry Loeb  |  6/4/2018  | 
The RIG exploit kit has found a new, more lucrative home in cryptomining.
5 Tips for Protecting SOHO Routers Against the VPNFilter Malware
Slideshows  |  6/2/2018  | 
Most home office users need to simply power cycle their routers and disable remote access; enterprises with work-at-home employees should move NAS behind the firewall.
Google Groups Misconfiguration Exposes Corporate Data
News  |  6/1/2018  | 
Researchers say as many as 10,000 businesses are affected by a widespread misconfiguration in Google Groups settings.
Telegram: Apple Has Blocked Updates since April
Quick Hits  |  6/1/2018  | 
Telegram founder and chief executive Pavel Durov claims the messaging service has not been able to make technical updates anywhere in the world.
Cybercrime Is Skyrocketing as the World Goes Digital
Commentary  |  6/1/2018  | 
If cybercrime were a country, it would have the 13th highest GDP in the world.
BackSwap Banking Trojan Shows How Malware Evolves
Larry Loeb  |  6/1/2018  | 
The newly discovered BackSwap baking Trojan is designed to avoid the security protections that vendors and businesses have created to stop these types of malware attacks.
Open Bug Bounty Offers Free Program For Websites
News  |  6/1/2018  | 
Non-profit says it will triage and verify certain kinds of Web vulnerability submissions at no cost for those who sign up.
Vulnerability Remediation: Best Practice or Best Guess?
Simon Marshall  |  6/1/2018  | 
A new study from Kenna Security and the Cyentia Institute finds that even the most well-thought-out vulnerability remediation strategy is no better than a good guess. However, machine learning could lead to better results.
Report: Cross-Site Scripting Still Number One Web Attack
Quick Hits  |  6/1/2018  | 
SQL injection is the second most common technique, with IT and finance companies the major targets.
<<   <   Page 4 / 4


Commentary
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
Edge-DRsplash-10-edge-articles
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23394
PUBLISHED: 2021-06-13
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
CVE-2021-34682
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
CVE-2021-31811
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-32552
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.