Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in June 2019
<<   <   Page 2 / 4   >   >>
Small Businesses May Not Be Security's Weak Link
Quick Hits  |  6/20/2019  | 
Organizations with 250 or fewer employees often employ a higher percentage of security pros than their larger counterparts.
Machine Learning Boosts Defenses, but Security Pros Worry Over Attack Potential
News  |  6/20/2019  | 
As defenders increasingly use machine learning to remove spam, catch fraud, and block malware, concerns persist that attackers will find ways to use AI technology to their advantage.
7 2019 Security Venture Fund Deals You Should Know
Slideshows  |  6/20/2019  | 
2019 has, so far, been a busy year for venture capitalists in the security industry. Here are 7 funding rounds important because of the technologies or market trends they represent.
Cybersecurity Accountability Spread Thin in the C-Suite
News  |  6/20/2019  | 
While cybersecurity discussions have permeated board meetings, the democratization of accountability has a long way to go.
The Hunt for Vulnerabilities
Commentary  |  6/20/2019  | 
A road map for improving the update process will help reduce the risks from vulnerabilities.
Inside the FBI's Fight Against Cybercrime
News  |  6/20/2019  | 
Heavily outnumbered and outpaced by their targets, small FBI cybersquads have been quietly notching up major wins against online criminals operating out of home and abroad.
With GDPR's 'Right of Access,' Who Really Has Access?
News  |  6/19/2019  | 
How a security researcher learned organizations willingly hand over sensitive data with little to no identity verification.
Critical Firefox Vuln Used in Targeted Attacks
Quick Hits  |  6/19/2019  | 
Mozilla has released patches for the bug reported by Coinbase.
Verizon Media, Uber, PayPal Top List of Companies Paying Bug Bounties
Quick Hits  |  6/19/2019  | 
A new report from HackerOne lists the top five companies running bug-hunting programs on the ethical hacking platform.
Serverless Computing from the Inside Out
Commentary  |  6/19/2019  | 
The biggest 'serverless' risks don't stem from the technology itself. They occur when organizations respond to the adoption from the outside in.
New 'IPStorm' Malware Uses Peer-to-Peer Network for Communication
Larry Loeb  |  6/19/2019  | 
It's a whole new headache for the security team.
Cost per Cyberattack Jumps to $4.6M in 2019
Quick Hits  |  6/19/2019  | 
From 2018 to 2019, the percentage of cyberattacks costing $10 million or more nearly doubled, hitting 13%.
6 Security Tips That'll Keep the Summer Fun
Slideshows  |  6/19/2019  | 
Taking some time off this summer? Before you head out on vacation, make sure your devices and apps are also ready.
How Hackers Emptied Church Coffers with a Simple Phishing Scam
Commentary  |  6/19/2019  | 
Cyber thieves aren't bound by a code of ethics. They look for weak targets and high rewards, which is exactly what Saint Ambrose Catholic offered.
Insecure Home IoT Devices a Clear and Present Danger to Corporate Security
News  |  6/19/2019  | 
Avast-sponsored study shows wide prevalence of IoT devices, many with weak credentials and other security vulnerabilities.
As Cloud Adoption Grows, DLP Remains Key Challenge
News  |  6/18/2019  | 
As businesses use the cloud to fuel growth, many fail to enforce data loss prevention or control how people share data.
Advertising Alliance Plans Protocols to Reduce Dangerous Content
Quick Hits  |  6/18/2019  | 
The Global Alliance for Responsible Media will seek ways to clamp down on dangerous and fake content.
The Evolution of Identity
Commentary  |  6/18/2019  | 
How data and technology can help businesses make the right fraud decisions, protect people's identities, and create an improved customer experience.
Google Targets Deceptive Sites with New Chrome Tools
Quick Hits  |  6/18/2019  | 
A new extension and browser alert aim to help users report deceptive sites and prevent them from encountering fraud.
Can Your Patching Strategy Keep Up with the Demands of Open Source?
Commentary  |  6/18/2019  | 
It's time to reassess your open source management policies and processes.
How Fraudulent Domains 'Hide in Plain Sight'
News  |  6/18/2019  | 
Cybercriminals use new types of top-level domains, topical keywords, and targeted emails to trick victims into clicking malicious links.
DHS Tests Remote Exploit for BlueKeep RDP Vulnerability
News  |  6/17/2019  | 
Agency urges organizations with vulnerable systems to apply mitigations immediately.
Power Outage Hits Millions in South America
Quick Hits  |  6/17/2019  | 
The outage, which is not (so far) seen as the result of a cyberattack, still had a significant impact on network and server availability.
New Decryptor Unlocks Latest Versions of Gandcrab
Quick Hits  |  6/17/2019  | 
The decryptor neutralizes GandCrab versions 5.0 through 5.2 and lets victims unlock their files for free.
XENOTIME Threat Actor Laying the Groundwork to Disrupt Utilities
Larry Loeb  |  6/17/2019  | 
Malware targets Schneider Electric's Triconex safety instrumented system.
Utilities, Nations Need Better Plan Against Critical Infrastructure Attackers
News  |  6/17/2019  | 
The attackers behind the Triton, or Xenotime, intrusions into critical infrastructure (CI) safety systems are testing their skills against electric power companies. Options for defense are still limited, however.
The Life-Changing Magic of Tidying Up the Cloud
Commentary  |  6/17/2019  | 
Most companies' cloud security operations would benefit significantly from clean-up, alignment, and organization.
10 Notable Security Acquisitions of 2019 (So Far)
Slideshows  |  6/15/2019  | 
In a year when security companies have been snapped up left and right, these deals stand out from the chaos.
Common Hacker Tool Hit with Hackable Vulnerability
Quick Hits  |  6/14/2019  | 
A researcher has found a significant exploit in one of the most frequently used text editors.
Better Cybersecurity Research Requires More Data Sharing
News  |  6/14/2019  | 
Researchers at the Workshop on the Economics of Information Security highlight the cost savings of sharing cybersecurity data and push for greater access to information on breaches, attacks, and incidents.
Sensory Overload: Filtering Out Cybersecurity's Noise
Commentary  |  6/14/2019  | 
No organization can prioritize and mitigate hundreds of risks effectively. The secret lies in carefully filtering out the risks, policies, and processes that waste precious time and resources.
Are US & UK Firms Keeping Up With 'Best Practice' Password Management?
Larry Loeb  |  6/14/2019  | 
Companies think that they are much safer than their actual password practices would suggest.
Triton Attackers Seen Scanning US Power Grid Networks
News  |  6/14/2019  | 
The development follows speculation and concern among security experts that the attack group would expand its scope to the power grid.
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
News  |  6/13/2019  | 
New analysis shows widespread DNS protection could save organizations as much as $200 billion in losses every year.
Cyberattack Hits Aircraft Parts Manufacturer
Quick Hits  |  6/13/2019  | 
Belgium's Asco has shut down manufacturing around the world, including the US, in response to a major cybersecurity event, but what happened isn't clear.
Preempt Shows How to Sidestep EPA Authentication
Larry Loeb  |  6/13/2019  | 
Security firm Preempt issued an advisory that showed how to conceptually bypass the Enhanced Protection for Authentication that prevents attackers from performing a relay of NT Lan Manager messages to top-level security sessions.
Congress Gives 'Hack Back' Legislation Another Try
Quick Hits  |  6/13/2019  | 
Officials reintroduce a bill that would let businesses monitor attacker behavior and target intruders on corporate networks.
The CISO's Drive to Consolidation
Commentary  |  6/13/2019  | 
Cutting back on the number of security tools you're using can save money and leave you safer. Here's how to get started.
7 Truths About BEC Scams
Slideshows  |  6/13/2019  | 
Business email compromise attacks are growing in prevalence and creativity. Here's a look at how they work, the latest stats, and some recent horror stories.
Google Adds Two-Factor Authentication for Its Apps on iOS
News  |  6/13/2019  | 
Android-based two-factor authentication now works for Google applications on iPad and iPhone.
The Rise of 'Purple Teaming'
Commentary  |  6/13/2019  | 
The next generation of penetration testing represents a more collaborative approach to old fashioned Red Team vs. Blue Team.
Black Hat Q&A: Defending Against Cheaper, Accessible Deepfake Tech
News  |  6/13/2019  | 
ZeroFoxs Matt Price and Mike Price discuss their work researching cybersecurity responses to the rising tide of deepfake videos.
BlueKeep RDP Vulnerability a Ticking Time Bomb
News  |  6/13/2019  | 
One month after Microsoft disclosed the flaw, nearly 1 million systems remain unpatched, and Internet scans looking for vulnerable systems have begun increasing.
SQL Injection Attacks Represent Two-Third of All Web App Attacks
News  |  6/13/2019  | 
When Local File Inclusion attacks are counted, nearly nine in 10 attacks are related to input validation failures, Akamai report shows.
Apple Pledges Privacy, Beefs Up Security
News  |  6/12/2019  | 
The company hits back at the data economy and fellow tech giants Facebook and Google by announcing its own single sign-on service. A host of other iterative security improvements are on their way as well.
DNS Observatory Offers Researchers New Insight into Global DNS Activity
News  |  6/12/2019  | 
Among its early findings, 60% of the DNS transactions captured were handled by just 1,000 name servers.
CrowdStrike Prices IPO Above Range at $34
News  |  6/12/2019  | 
The endpoint security firm raised $612 million ahead of today's public debut.
New Funding Values KnowBe4 at $1 Billion
Quick Hits  |  6/12/2019  | 
The $300 million investment is being led by KKR.
Tomorrow's Cybersecurity Analyst Is Not Who You Think
Commentary  |  6/12/2019  | 
Organizations can't just rely on diverse and cutting-edge technologies to fight adversaries. They will also need people with diverse expertise and backgrounds.
Predicting Vulnerability Weaponization
Commentary  |  6/12/2019  | 
Advances in data science are making it possible to shift vulnerability management from a reactive to a proactive discipline.
<<   <   Page 2 / 4   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-16060
PUBLISHED: 2021-10-15
Mitsubishi Electric SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI.
CVE-2018-16061
PUBLISHED: 2021-10-15
Mitsubishi Electric SmartRTU devices allow XSS via the username parameter or PATH_INFO to login.php.
CVE-2021-27561
PUBLISHED: 2021-10-15
Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.
CVE-2020-4951
PUBLISHED: 2021-10-15
IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information.
CVE-2021-28021
PUBLISHED: 2021-10-15
Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file.