Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in July 2017
<<   <   Page 2 / 3   >   >>
20 Questions for Improving SMB Security
Commentary  |  7/21/2017  | 
Security leaders in small and medium-sized business who want to up their game need to first identify where they are now, then, where they want to go.
Using DevOps to Move Faster than Attackers
News  |  7/20/2017  | 
Black Hat USA talk will discuss the practicalities of adjusting appsec tooling and practices in the age of DevOps.
Russian National Receives 5 Years In Jail For Role In 'Citadel' Attacks
News  |  7/20/2017  | 
Mark Vartanyan is the second individual to be sent to prison in connection with Citadel.
#HackTor: Tor Opens up its Bug Bounty Program
News  |  7/20/2017  | 
The popular identity-cloaking service has expanded its private, invite-only vulnerability discovery program to an open one via HackerOne.
Healthcare Industry Lacks Awareness of IoT Threat, Survey Says
News  |  7/20/2017  | 
Three-quarters of IT decision makers report they are "confident" or "very confident" that portable and connected medical devices are secure on their networks.
US Banks Targeted with Trickbot Trojan
News  |  7/20/2017  | 
Necurs botnet spreads Trickbot malware to US financial institutions, while new Emotet banking Trojan attacks discovered - signalling increasingly complex attacks on the industry.
Personal Security Begets Enterprise Security
News Analysis-Security Now  |  7/20/2017  | 
Employees' personal approach to information security is fundamentally crucial to their organizations' security posture. Accordingly, enterprises would do well to learn from recent hacks and rethink the way they train their employees in cybersecurity matters.
Major Online Criminal Marketplaces AlphaBay and Hansa Shut Down
News  |  7/20/2017  | 
International law enforcement operations result in AlphaBay, the largest online marketplace for selling illegal goods from malware to herion, and Hansa, going dark.
BEC Attacks Far More Lucrative than Ransomware over Past 3 Years
News  |  7/20/2017  | 
BEC fraud netted cyberthieves five times more profit than ransomware over a three-year period, according to Cisco's midyear report released today.
Microsoft Office 365 Users Targeted in Brute Force Attacks
Quick Hits  |  7/20/2017  | 
Attackers leveraged popular cloud service platforms to conduct persistent - and stealthy - login attempts on corporate Office 365 accounts.
DevOps & Security: Butting Heads for Years but Integration is Happening
Commentary  |  7/20/2017  | 
A combination of culture change, automation, tools and processes can bring security into the modern world where it can be as agile as other parts of IT.
Profile of a Hacker: The Real Sabu
Partner Perspectives  |  7/20/2017  | 
There are multiple stories about how the capture of the infamous Anonymous leader Sabu went down. Heres one, and another about what he is doing today.
'AVPass' Sneaks Malware Past Android Antivirus Apps
News  |  7/19/2017  | 
Researchers at Black Hat USA will release a toolset that studies and then cheats specific Android AV apps.
Security in Knowing: An Interview With Nathaniel Gleicher, Part 2
Curt Franklin  |  7/19/2017  | 
Ignorance is indeed bliss for those who would attack our organizations' IT systems. This is part 2 of a conversation with Nathaniel Gleicher, head of cybersecurity strategy for Illumio.
Online Courses Projected to Drive Credit Card Fraud to $24B by 2018
News  |  7/19/2017  | 
An underground ecosystem provides cybercriminals with online tutorials, tools, and credit card data they need to commit fraud.
98% of Companies Favor Integrating Security with DevOps
News  |  7/19/2017  | 
A majority of companies are either planning or have launched an integrated DevOps and security team, a new report shows.
New Cyber Readiness Institute Aims to Improve Risk Management
Quick Hits  |  7/19/2017  | 
The nonprofit will bring together senior leaders of global companies to discuss best practices for managing security employees, processes, and tech.
Best of Black Hat: 20 Epic Talks in 20 Years
Slideshows  |  7/19/2017  | 
In celebration of Black Hat's 20th birthday, we take a look back at the most memorable presentations and demos since the show's inception in 1997.
Most Office 365 Admins Rely on Recycle Bin for Data Backup
News  |  7/19/2017  | 
Nearly 66% of Office 365 administrators use Recycle Bin to back up their data, a practice that could leave data lost and unrecoverable.
Catastrophic Cloud Attack Costs Would Rival that of Hurricane Damages
News  |  7/19/2017  | 
Lloyd's of London estimates multi-billion-dollar loss figures in worst-case scenarios of a major zero-day exploit or massive cloud outage.
4 Steps to Securing Citizen-Developed Apps
Commentary  |  7/19/2017  | 
Low- and no-code applications can be enormously helpful to businesses, but they pose some security problems.
Security in Knowing: An Interview With Nathaniel Gleicher, Part 1
Curt Franklin  |  7/18/2017  | 
Nathaniel Gleicher, former Director of Cybersecurity Policy for the Obama White House and ex-senior counsel for the US Dept. of Justices computer crimes division, knows something about security.
Rapid7 Buys Security Orchestration and Automation Firm Komand
Quick Hits  |  7/18/2017  | 
Rapid7 has acquired Komand with plans to integrate its orchestration and automation technology into the Insights platform.
Voice of Security Radio: Can You Buy Trust?
Curt Franklin  |  7/18/2017  | 
Join editor Curt Franklin when he talks with Alan Cohen, chief commercial officer of Illumio, about the relationship between spending and trust. It's not what you think!
Dow Jones Data Leak Results from an AWS Configuration Error
News  |  7/18/2017  | 
Security pros expect to see more incidents like the Dow Jones leak, which exposed customers' personal information following a public cloud configuration error.
Zero-Day Exploit Surfaces that May Affect Millions of IoT Users
Quick Hits  |  7/18/2017  | 
A zero-day vulnerability dubbed Devil's Ivy is discovered in a widely used third-party toolkit called gSOAP.
Apple iOS Malware Growth Outpaces that of Android
News  |  7/18/2017  | 
Number of iOS devices running malicious apps more than tripled in three consecutive quarters, while infected Android devices remained largely flat, report shows.
SIEM Training Needs a Better Focus on the Human Factor
Commentary  |  7/18/2017  | 
The problem with security information and event management systems isn't the solutions themselves but the training that people receive.
IoT Security Incidents Rampant and Costly
Slideshows  |  7/18/2017  | 
New research offers details about the hidden and not so hidden costs of defending the Internet of Things.
New IBM Mainframe Encrypts All the Things
News  |  7/17/2017  | 
Next-generation Z series features the elusive goal of full data encryption - from an application, cloud service, or database in transit or at rest.
FBI Issues Warning on IoT Toy Security
Quick Hits  |  7/17/2017  | 
IoT toys are more than fun and games and can potentially lead to a violation of children's privacy and safety, the Federal Bureau of Investigation warned Monday.
Researchers Create Framework to Evaluate Endpoint Security Products
News  |  7/17/2017  | 
Black Hat USA researchers tested more than 30,000 types of malware to learn the effectiveness of endpoint security tools - and they'll demonstrate how they did it.
Poll: When Will You Pay Up for Ransomware?
Curt Franklin  |  7/17/2017  | 
When is it okay to pay the ransom demanded by malware? Take our poll to add your voice to the community wisdom.
50% of Ex-Employees Still Have Access to Corporate Applications
Quick Hits  |  7/17/2017  | 
Former employees increase the security risk for organizations failing to de-provision their corporate application accounts.
AWS S3 Breaches: What to Do & Why
Commentary  |  7/17/2017  | 
Although basic operations in Amazon's Simple Storage Services are (as the name implies) - simple - things can get complicated with access control and permissions.
Cloud AV Can Serve as an Avenue for Exfiltration
News  |  7/14/2017  | 
Black Hat USA researchers show how bad guys can use cloud AV connections to bypass air-gaps and extremely segmented networks to keep stolen data flowing.
50,000 Machines Remain Vulnerable to EternalBlue Attacks
News  |  7/14/2017  | 
Researcher's free scanner tool finds many systems remain at risk of EternalBlue-based attacks like WannaCry and NotPetya.
Six Million Voices Crying at Once
Curt Franklin  |  7/14/2017  | 
A Friday haiku on the latest huge hack this time, at Verizon.
AsTech Offers a $5 Million Security Breach Warranty
Quick Hits  |  7/14/2017  | 
AsTech expands its warranty program with a guarantee it will find Internet application vulnerabilities or it will pay up to $5 million if there is a breach.
7 Deadly Sins to Avoid When Mitigating Cyberthreats
Commentary  |  7/14/2017  | 
How digitally savvy organizations can take cyber resilience to a whole new dimension.
Black Hat to Host Discussion on Diversity
Commentary  |  7/13/2017  | 
Panel of diversity pioneers will share their views and firsthand experience on how to make inclusion a priority in security.
Study: Backdoors Found on 73% of Compromised Websites
Quick Hits  |  7/13/2017  | 
No such thing as 'too small to hack,' according to research from SMB security provider SiteLock.
The Hunt for Networks Building Death Star-Sized Botnets
Partner Perspectives  |  7/13/2017  | 
Internet of Things devices are more critically vulnerable to compromise in DDos attacks than ever before. Heres how to defend against them.
US Voters Consider Russia the Largest Security Risk to Elections
Quick Hits  |  7/13/2017  | 
Nearly half of US voters believe Russia is the largest security risk for elections in the nation, according to a survey.
How Security Pros Can Help Protect Patients from Medical Data Theft
Commentary  |  7/13/2017  | 
The healthcare industry has been slow to address the dangers of hacking, and breaches are on the rise. Security pros must be more proactive in keeping people safe.
Cisco Plans to Buy Observable Networks for Cloud Security
Quick Hits  |  7/13/2017  | 
Cisco announces plans to acquire Observable Networks as part of a plan to bring its Stealthwatch solution into the cloud.
Verizon Suffers Cloud Data Leak Exposing Data on Millions of Customers
News  |  7/12/2017  | 
Six million of Verizon's US customers had their personal and account information exposed, including PIN numbers.
How Active Intrusion Detection Can Seek and Block Attacks
News  |  7/12/2017  | 
Researchers at Black Hat USA will demonstrate how active intrusion detection strategies can help administrators detect hackers who are overly reliant on popular attack tools and techniques.
Voice of Security Radio: Hidden Threats on the Web
Curt Franklin  |  7/12/2017  | 
Join Curtis Franklin when he talks with Chris Oldon, CEO of The Media Trust, about the threats that lurk in the hidden -- and not-so-hidden -- corners of the web.
Majority of IT Security Professionals Work Weekends
Quick Hits  |  7/12/2017  | 
A survey finds that 57% of IT security professionals work weekends, and most say they still find their jobs rewarding.
<<   <   Page 2 / 3   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24028
PUBLISHED: 2021-04-14
An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.
CVE-2021-29370
PUBLISHED: 2021-04-13
A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website.
CVE-2021-3460
PUBLISHED: 2021-04-13
The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.
CVE-2021-3462
PUBLISHED: 2021-04-13
A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.
CVE-2021-3463
PUBLISHED: 2021-04-13
A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error.