Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in June 2019
Page 1 / 3   >   >>
MageCart Launches Customizable Campaign
News  |  6/28/2019  | 
A tool new to MageCart bolsters the group's ability to evade detection and steal data.
Key Biscayne Hit by Cybersecurity Attack
Quick Hits  |  6/28/2019  | 
Key Biscayne is the third Florida town to be hit by hackers in June.
Cloud Provider PCM Suffers Data Breach
Quick Hits  |  6/28/2019  | 
Attackers were reportedly able to compromise email and file-sharing systems for some of PCM's customers.
How GDPR Teaches Us to Take a Bottom-Up Approach to Privacy
Commentary  |  6/28/2019  | 
Looking at underlying security needs means organizations are more likely to be in compliance with privacy regulations.
New Exploit for Microsoft Excel Power Query
News  |  6/27/2019  | 
Proof-of-concept, which allows remote code execution, is latest to exploit Dynamic Data Exchange (DDE) and is another reminder why organizations must ensure Office settings are secure.
Chronicle Folds into Google
News  |  6/27/2019  | 
Alphabet's enterprise cybersecurity division will become part of the Google security portfolio.
NIST Issues IoT Risk Guidelines
Quick Hits  |  6/27/2019  | 
A new report offers the first step toward understanding and managing IoT cybersecurity risks.
Former Equifax CIO Sentenced to Prison for Insider Trading
Quick Hits  |  6/27/2019  | 
Jun Ying is the second Equifax employee found guilty of insider trading related to the massive 2017 data breach.
7 Ways to Mitigate Supply Chain Attacks
Slideshows  |  6/27/2019  | 
Breaches caused by external vendors and service providers have become a major and escalating problem for organizations.
Inside MLS, the New Protocol for Secure Enterprise Messaging
News  |  6/27/2019  | 
As personal messaging platforms see the rise of end-to-end encryption, businesses struggle to provide strong levels of security.
How Hackers Infiltrate Open Source Projects
News  |  6/27/2019  | 
The dependency trees of modern software-development make smaller open-source projects vulnerable to hackers sabotaging code.
Understanding & Defending Against Polymorphic Attacks
Commentary  |  6/27/2019  | 
Polymorphic malware is far from a new thing. But today, what is good for attackers is also good for defenders. Here's why.
More Supply, More Demand: Cybersecurity Skills Gap Remains
News  |  6/27/2019  | 
Although the number of programs for training workers in cybersecurity skills has increased, as well as the number of graduates, the gap in supply and demand for cybersecurity-skilled workers is essentially unchanged, leaving companies to struggle.
Office 365 Multifactor Authentication Done Right
Commentary  |  6/27/2019  | 
Why the ubiquitous nature of Office 365 poses unique challenges for MFA-based security and how organizations can protect themselves.
Malware Coming to a Mac Near You? Yes, Say Security Firms
News  |  6/26/2019  | 
While the password-cracking Mimikatz took top honors, Mac-targeted malware accounted for two of the 10 most detected malware samples, according to WatchGuard.
New Linux Worm Attacks IoT Devices
Quick Hits  |  6/26/2019  | 
Silex has 'bricked' more than 2,000 Linux-based IoT devices so far.
Developers and Security Teams Under Pressure to Collaborate
News  |  6/26/2019  | 
The challenges and benefits to getting two traditionally adversarial groups on the same page.
McAfee Sues 3 Former Staffers Now at Rival Tanium
Quick Hits  |  6/26/2019  | 
Lawsuit alleges sales representatives stole trade secrets from McAfee before joining Tanium.
Breaking the Endless Cycle of 'Perfect' Cybercrimes
Commentary  |  6/26/2019  | 
A two-step strategy for creating an attack environment that is more complex, less profitable, and more likely to expose the attacker.
FIDO Alliance to Tackle Identity Verification and IoT Authentication
News  |  6/26/2019  | 
Standards group forms two new working groups to develop new open specifications.
Could Foster Kids Help Solve the Security Skills Shortage?
Commentary  |  6/26/2019  | 
Foster Warriors is a new nonprofit initiative focused on helping foster kids find a place in the world, and especially in the world of security. Join us!
Email Threats Continue to Grow as Attackers Evolve, Innovate
News  |  6/25/2019  | 
Threat actors increasingly using malicious URLs, HTTPS domains, file-sharing sites in email attacks, FireEye says.
Global Cyberattack Campaign Hit Mobile Carrier Networks
News  |  6/25/2019  | 
A nation-state group possibly out of China has attacked cell carrier networks in search of data on high-value individuals.
AWS CISO Talks Risk Reduction, Development, Recruitment
News  |  6/25/2019  | 
Steve Schmidt says limiting access to data has dramatically changed the security posture across Amazon Web Services.
Microsoft Adds New Secure Storage Area to OneDrive
Quick Hits  |  6/25/2019  | 
PersonalVault locks down files with MFA and encryption.
AWS Makes Control Tower & Security Hub Generally Available
Quick Hits  |  6/25/2019  | 
Security Hub aims to manage security across an AWS environment; Control Tower handles security and compliance for multi-account environments.
How to Avoid Becoming the Next Riviera Beach
Commentary  |  6/25/2019  | 
Be prepared by following these five steps so you don't have to pay a ransom to get your data back.
Companies on Watch After US, Iran Claim Cyberattacks
News  |  6/25/2019  | 
With the cyber conflict between the United States and Iran ramping up, companies traditionally targeted by the countries such as those in the oil and gas and financial industries need to bolster their security efforts, experts say.
The Rise of Silence and the Fall of Coinhive
Commentary  |  6/25/2019  | 
Cryptomining will exist as long as it remains profitable. One of the most effective ways to disrupt that activity is to make it too expensive to run cryptomining malware in your network.
DDoS-for-Hire Services Doubled in Q1
News  |  6/24/2019  | 
Impact of FBI's takedown of 15 'booter' domains last December appears to have been temporary.
A Socio-Technical Approach to Cybersecurity's Problems
News  |  6/24/2019  | 
Researchers explore how modern security problems can be solved with an examination of society, technology, and security.
Health Insurer Reports Data Breach That Began 9 Years Ago
Quick Hits  |  6/24/2019  | 
Dominion National first spotted something awry in April 2019.
Raspberry Pi Used in JPL Breach
Quick Hits  |  6/24/2019  | 
NASA report shows exfiltration totaling more than 100 GB of information since 2009.
Never Trust, Always Verify: Demystifying Zero Trust to Secure Your Networks
Commentary  |  6/24/2019  | 
The point of Zero Trust is not to make networks, clouds, or endpoints more trusted; it's to eliminate the concept of trust from digital systems altogether.
Cyber-Risks Hiding Inside Mobile App Stores
News  |  6/21/2019  | 
As the number of blacklisted apps on Google Play continues to drop, attackers find new ways to compromise smartphones.
Four CVEs Describe SACKs of Linux and FreeBSD Vulnerabilities
Quick Hits  |  6/21/2019  | 
Four new CVEs present issues that have a potential DoS impact on almost every Linux user.
Pledges to Not Pay Ransomware Hit Reality
News  |  6/21/2019  | 
While risk analysts and security experts continue to urge companies to secure systems against ransomware, they are now also advising that firms be ready to pay.
Startup Raises $13.7M to Stop Breaches with Behavioral Analytics
Quick Hits  |  6/21/2019  | 
TrueFort plans to use the funding to expand sales, marketing, R&D, customer support, and go-to-market initiatives.
Patrolling the New Cybersecurity Perimeter
Commentary  |  6/21/2019  | 
Remote work and other developments demand a shift to managing people rather than devices.
Customers of 3 MSPs Hit in Ransomware Attacks
News  |  6/20/2019  | 
Early information suggests threat actors gained access to remote monitoring and management tools from Webroot and Kaseya to distribute malware.
Florida Town Pays $600K to Ransomware Operators
News  |  6/20/2019  | 
Riviera Beach's decision to pay ransom to criminals might get files back, but it almost guarantees greater attacks against other governments.
'Democratizing' Machine Learning for Fraud Prevention & Payments Intelligence
Commentary  |  6/20/2019  | 
How fraud experts can fight cybercrime by 'downloading' their knowledge and experience into computer models.
Small Businesses May Not Be Security's Weak Link
Quick Hits  |  6/20/2019  | 
Organizations with 250 or fewer employees often employ a higher percentage of security pros than their larger counterparts.
Machine Learning Boosts Defenses, but Security Pros Worry Over Attack Potential
News  |  6/20/2019  | 
As defenders increasingly use machine learning to remove spam, catch fraud, and block malware, concerns persist that attackers will find ways to use AI technology to their advantage.
7 2019 Security Venture Fund Deals You Should Know
Slideshows  |  6/20/2019  | 
2019 has, so far, been a busy year for venture capitalists in the security industry. Here are 7 funding rounds important because of the technologies or market trends they represent.
Cybersecurity Accountability Spread Thin in the C-Suite
News  |  6/20/2019  | 
While cybersecurity discussions have permeated board meetings, the democratization of accountability has a long way to go.
The Hunt for Vulnerabilities
Commentary  |  6/20/2019  | 
A road map for improving the update process will help reduce the risks from vulnerabilities.
Inside the FBI's Fight Against Cybercrime
News  |  6/20/2019  | 
Heavily outnumbered and outpaced by their targets, small FBI cybersquads have been quietly notching up major wins against online criminals operating out of home and abroad.
With GDPR's 'Right of Access,' Who Really Has Access?
News  |  6/19/2019  | 
How a security researcher learned organizations willingly hand over sensitive data with little to no identity verification.
Critical Firefox Vuln Used in Targeted Attacks
Quick Hits  |  6/19/2019  | 
Mozilla has released patches for the bug reported by Coinbase.
Page 1 / 3   >   >>


US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
Preventing PTSD and Burnout for Cybersecurity Professionals
Craig Hinkley, CEO, WhiteHat Security,  9/16/2019
NetCAT Vulnerability Is Out of the Bag
Dark Reading Staff 9/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3738
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.
CVE-2019-3739
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.
CVE-2019-3740
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.
CVE-2019-3756
PUBLISHED: 2019-09-18
RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users' UI under certain error conditions.
CVE-2019-3758
PUBLISHED: 2019-09-18
RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerability allows sysadmins to create user accounts with insufficient credentials. Unauthenticated attackers could gain unauthorized access to the system using those accounts.