Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in July 2017
Page 1 / 3   >   >>
Ransomware Attack on Merck Caused Widespread Disruption to Operations
News  |  7/31/2017  | 
Pharmaceutical giant's global manufacturing, research and sales operations have still not be full restored since the June attacks.
Iranian Hackers Ensnared Targets via Phony Female Photographer
News  |  7/31/2017  | 
US, Indian, Saudi Arabian, Israeli, Iraqi IT, security, executives in oil/gas and aerospace swept up in elaborate social media ruse used for cyber espionage operations.
Anthem Hit with Data Breach of 18,580 Medicare Members
Quick Hits  |  7/31/2017  | 
Third-party service provider for the insurer discovered one of its employees allegedly engaged in identity theft of thousands of Anthem Medicare members.
Five Words for Black Hat
Curt Franklin  |  7/31/2017  | 
The Black Hat 2017 conference could be summed up in five words: Should there be more?
Healthcare Execs Report Rise in Data Breaches and HIPAA Violations
Quick Hits  |  7/31/2017  | 
IT executives, however, increasingly believe they are "completely ready" to withstand a cybersecurity attack on their healthcare system.
DevOps Security & the Culture of 'Yes'
Commentary  |  7/31/2017  | 
Communication, collaboration, and the use of production data to drive decisions are essential for security work in a DevOps world.
DEF CON Rocks the Vote with Live Machine Hacking
News  |  7/28/2017  | 
Jeff Moss, founder of the hacker conference, is planning to host a full-blown election and voting system for hacking in 2018 at DEF CON, complete with a simulated presidential race.
Wannacry Inspires Worm-like Module in Trickbot
News  |  7/28/2017  | 
The malware is being primarily distributed via email spam in the form of spoofed invoices from an international financial services com, says Flashpoint.
Lethal Dosage of Cybercrime: Hacking the IV Pump
News  |  7/28/2017  | 
At DEF CON, a researcher demonstrated how to attack a popular model of infusion pump used in major hospitals around the world.
Mobile Worries for a Security Pro
Curt Franklin  |  7/28/2017  | 
The most worrying security problem for one security pro is something that sits in the palm of your hand.
Hope Breaks Through Desert Clouds: The Friday Haiku
Curt Franklin  |  7/28/2017  | 
Our Security Now Friday haiku reflects on the week that was Black Hat.
Throw Out the Playbooks to Win at Incident Response
Commentary  |  7/28/2017  | 
Four reasons why enterprises that rely on playbooks give hackers an advantage.
Russian Operator of Bitcoin Exchange Charged with Money Laundering
Quick Hits  |  7/28/2017  | 
Alexander Vinnik and Bitcoin exchange BTC-e have been charged in a 21-count indictment for money laundering and related crimes.
The Lazy Habits of Phishing Attackers
News  |  7/27/2017  | 
Most hackers who phish accounts do little to hide their tracks or even mine all of the data they can from phished accounts, mostly because they can afford to be lazy.
Researchers Release Free Tool to Analyze ICS Malware
News  |  7/27/2017  | 
CrashOverride/Industroyer malware used against Ukraine's power grid the inspiration for the reverse-engineering tool.
Broadcom Chipset Bug in Android, iOS Smartphones Allows Remote Attack
News  |  7/27/2017  | 
Security researcher found a common flaw in Android and iOS smartphone chipsets that could allow a remote exploit to be unleashed on millions of devices.
Inside the Investigation and Trial of Roman Seleznev
News  |  7/27/2017  | 
The officials who convicted the credit card thief discussed the investigation, evidence, trial, and challenges involved in his case.
Get Ready for the 2038 'Epocholypse' (and Worse)
News  |  7/27/2017  | 
A leading security researcher predicts a sea of technology changes that will rock our world, including the Internet of Things, cryptocurrency, SSL encryption and national security.
Dark Reading News Desk Live at Black Hat USA 2017
Commentary  |  7/27/2017  | 
Over 40 interviews streaming live right from Black Hat USA, July 26-27, from 2 p.m. - 7 p.m. Eastern Time (11 - 4 P.T.).
How to Build a Path Toward Diversity in Information Security
News  |  7/27/2017  | 
Hiring women and minorities only addresses half the issue for the IT security industry -- the next step is retaining these workers.
The Right to Be Forgotten & the New Era of Personal Data Rights
Commentary  |  7/27/2017  | 
Because of the European Union's GDPR and other pending legislation, companies must become more transparent in how they protect their customers' data.
Can Your Risk Assessment Stand Up Under Scrutiny?
Partner Perspectives  |  7/27/2017  | 
Weak risk assessments have gotten a pass up until now, but that may be changing.
Black Hat Keynote: A Call to Change
Curt Franklin  |  7/27/2017  | 
Facebook's Alex Stamos stood before Black Hat 2017 and congratulated the community on all they've done. Then he told them that they must change.
Downtime from Ransomware More Lethal to Small Businesses Than the Ransom
News  |  7/27/2017  | 
New survey of small-to midsized businesses (SMBs) shows half of SMBs infected with malware suffer 25 hours or more of business disruption.
How Attackers Use Machine Learning to Predict BEC Success
News  |  7/26/2017  | 
Researchers show how scammers defeat other machines, increase their success rate, and get more money from their targets.
Adobe's Move to Kill Flash Is Good for Security
News  |  7/26/2017  | 
In recent years, Flash became one of the buggiest widely used apps out there.
FBI Talks Avalanche Botnet Takedown
News  |  7/26/2017  | 
FBI unit chief Tom Grasso explains the takedown of Avalanche and how the agency approaches botnet infrastructures.
Researchers Bring AI to Endpoint Security
Curt Franklin  |  7/26/2017  | 
FFRI has an AI approach to malware defense and it will protect systems with no Internet connection at all.
Hacking the Wind
News  |  7/26/2017  | 
A security researcher at Black Hat USA shows how wind turbine systems are susceptible to potentially damaging cyberattacks.
The Wild West of Security Post-Secondary Education
News  |  7/26/2017  | 
Black Hat researchers will show how inconsistent security schooling is at the university level.
Facebook Offers $1 Million for New Security Defenses
News  |  7/26/2017  | 
The social media giant has increased the size of its Internet Defense Prize program in order to spur more research into ways to defend users against the more prevalent and common methods of attack.
10 Critical Steps to Create a Culture of Cybersecurity
Commentary  |  7/26/2017  | 
Businesses are more vulnerable than they need to be. Here's what you should do about it.
Majority of Consumers Believe IoT Needs Security Built In
Quick Hits  |  7/26/2017  | 
Respondents to a global survey say Internet of Things security is a shared responsibility between consumers and manufacturers.
Iranian Cyber Espionage Group CopyKittens Successful, But Not Skilled
News  |  7/25/2017  | 
Despite being only moderately skilled, CopyKittens has exfiltrated large volumes of data since at least 2013.
How 'Postcript' Exploits Networked Printers
News  |  7/25/2017  | 
At Black Hat 2017, a university researcher will demo how attackers can drill into networked printers by way of the ubiquitous PostScript programming language.
How Women Can Raise Their Profile within the Cybersecurity Industry
Commentary  |  7/25/2017  | 
Closing the cybersecurity gender gap won't happen overnight, but women can take can take steps to begin leveling the playing field.
Using AI to Break Detection Models
News  |  7/25/2017  | 
Pitting machine learning bots against one another is the new spy vs. spy battle in cybersecurity today.
Lessons from Verizon: Managing Cloud Security for Partners
Partner Perspectives  |  7/25/2017  | 
The recent Verizon breach data exposed by an insecure Amazon S3 bucket highlights the need for enterprises to have visibility into how partners and other stakeholders keep their data secure.
Regulators Question Wells Fargo Regarding Data Breach
Quick Hits  |  7/25/2017  | 
Scrutiny a result of a lawyer's unauthorized release of sensitive information on tens of thousands of wealthy Well Fargo customers.
Custom Source Code Accounts for 93% of App Vulnerabilities
Quick Hits  |  7/25/2017  | 
A new study finds that third-party libraries account for 79% of the code found in apps, but only 7% of the vulnerabilities found in the software.
New Vulnerability Hits IoT Cameras
Curt Franklin  |  7/25/2017  | 
A vulnerability first seen in IoT cameras has the potential to go much, much further.
Voter Registration Data from 9 States Available for Sale on Dark Web
News  |  7/24/2017  | 
Nearly 10 million voter records sold for just $4 over last few days, according to LookingGlass Cyber Solutions.
Weather.com, Fusion Expose Data Via Google Groups Config Error
News  |  7/24/2017  | 
Companies that leaked data accidentally chose the sharing setting "public on the Internet," which enabled anyone on the Web to access all information contained in the messages
SecurityNow.com Is Going to Black Hat
Curt Franklin  |  7/24/2017  | 
We'll be at Black Hat what do you want to know while we're there?
7 Hardware & Firmware Hacks Highlighted at Black Hat 2017
Slideshows  |  7/24/2017  | 
Researchers will hammer home potentially devastating attacks, and demo a range of vulnerabilities, techniques and tools.
Majority of Security Pros Let Productivity Trump Security
News  |  7/24/2017  | 
A survey found that 64% of IT security professionals will tweak security to give workers more flexibility to be productive when asked to make that move by top executives.
Bots Make Lousy Dates, But Not Cheap Ones
Commentary  |  7/24/2017  | 
The danger of dating sites: If a beautiful woman asks men to click on malware, they'll probably click.
Microsoft Rolls Out AI-based Security Risk Detection Tool
News  |  7/21/2017  | 
Microsoft Security Risk Detection leverages artificial intelligence to root out bugs in software before it's released.
A Sense of Peace: The Friday Haiku
Curt Franklin  |  7/21/2017  | 
Is a moment of calm to be trusted? Our Friday Haiku questions the peace.
Speed of Windows 10 Adoption Not Affected by WannaCry
News  |  7/21/2017  | 
WannaCry has motivated security teams to stay current on patching but Windows 10 adoption remains the same.
Page 1 / 3   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32813
PUBLISHED: 2021-08-03
Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation, however...
CVE-2020-19303
PUBLISHED: 2021-08-03
An arbitrary file upload vulnerability in /fileupload.php of hdcms 5.7 allows attackers to execute arbitrary code via a crafted file.
CVE-2020-19304
PUBLISHED: 2021-08-03
An issue in /admin/index.php?n=system&c=filept&a=doGetFileList of Metinfo v7.0.0 allows attackers to perform a directory traversal and access sensitive information.
CVE-2020-19305
PUBLISHED: 2021-08-03
An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 causes the indeximg parameter to be deleted when the column is deleted, allowing attackers to escalate privileges.
CVE-2021-33335
PUBLISHED: 2021-08-03
Privilege escalation vulnerability in Liferay Portal 7.0.3 through 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 9 allows remote authenticated users with permission to update/edit users to take over a company administrator user account by editing the company administrator us...