Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in July 2017
<<   <   Page 3 / 3
Dealing with Due Diligence
Commentary  |  7/12/2017  | 
Companies will find themselves evaluating third-party cybersecurity more than ever -- and being subject to scrutiny themselves. Here's how to handle it.
US Government Limits Purchase of Kaspersky Lab Software
Quick Hits  |  7/12/2017  | 
Kaspersky Lab has been deleted from lists of approved vendors that government agencies use to buy tech products, the result of growing cybersecurity concerns.
New SQL Injection Tool Makes Attacks Possible from a Smartphone
News  |  7/12/2017  | 
Recorded Future finds new hacking tool that's cheap and convenient to carry out that old standby attack, SQL injection.
Web App Vulnerabilities Decline 25% in 12 Months
News  |  7/11/2017  | 
WhiteHat Security's annual Web app report shows the average number of vulns in a Web app is down from four to three.
Microsoft Patches Critical Zero-Day Flaw in Windows Security Protocol
News  |  7/11/2017  | 
Researchers at Preempt uncovered two critical vulnerabilities in the Windows NTLM security protocols, one of which Microsoft patched today.
Cybersecurity: More a People Than a Tech Challenge?
Ray Le Maistre  |  7/11/2017  | 
When it comes to cybersecurity strategies, the human angle needs to be brought to the fore, according to BT and KPMG.
Securing your Cloud Stack from Ransomware
Partner Perspectives  |  7/11/2017  | 
Poor configuration, lack of policies, and permissive behaviors are three factors that can leave your cloud infrastructure vulnerable to ransomware threats.
HyTrust Raises $36M, Buys DataGravity for Policy Enforcement
Quick Hits  |  7/11/2017  | 
Cloud security firm HyTrust closed $36 million in Series E funding and purchased DataGravity to automate policy enforcement for workload data.
The High Costs of GDPR Compliance
Commentary  |  7/11/2017  | 
Looming, increasingly strict EU privacy regulations are pushing privacy spending to the top of IT priorities and budgets.
Symantec Snaps Up Skycure in Mobile Security Move
News  |  7/11/2017  | 
Acquisition fills gap in Symantec's Apple iOS mobile security strategy - and addresses the future of 'mobile first,' Symantec CEO says.
HONEST Results: What Keeps You Up at Night?
Curt Franklin  |  7/11/2017  | 
What security issues are Security Now community members afraid of? Our poll tells the tale of the terror.
IoT Devices Plagued by Lesser-Known Security Hole
News  |  7/10/2017  | 
Internet of Things devices are security-challenged enough, but they're also being massively exposed on the public Internet this time via MQTT communications, a researcher will show at Black Hat USA.
Trump Suggests, Then Pulls Back on Joint Russian Cybersecurity Unit
News  |  7/10/2017  | 
President Donald Trump proposed, and quickly rescinded, the idea of a joint cybersecurity unit with Russian President Vladimir Putin during this week's G20 summit.
Cybercriminal with Ties to Exclusive Russian Hacking Forums Sentenced to Prison
Quick Hits  |  7/10/2017  | 
L.A. resident is sentenced to 110 months in prison for stealing and trafficking sensitive information on exclusive Russian-speaking cybercriminal forums.
How Code Vulnerabilities Can Lead to Bad Accidents
Commentary  |  7/10/2017  | 
The software supply chain is broken. To prevent hackers from exploiting vulnerabilities, organizations need to know where their applications are, and whether they are built using trustworthy components.
Two Members of Massive Call Center Scam Operation Plead Guilty
Quick Hits  |  7/10/2017  | 
Some 54 members facing charges for targeting US victims.
Desperately Seeking Security: 6 Skills Most In Demand
Slideshows  |  7/8/2017  | 
When people say there's a security skills gap, this is what they really mean.
Small Businesses Need Secure ISPs
News Analysis-Security Now  |  7/7/2017  | 
Small businesses can't do it alone: They need secure services from ISPs and MSPs to survive today's hostile environment.
NotPetya: How to Prep and Respond if You're Hit
Slideshows  |  7/7/2017  | 
Security pros share practices to prepare and handle advanced malware attacks like NotPetya.
IoT Physical Attack Exploit to be Revealed at Black Hat
News  |  7/7/2017  | 
Security researcher Billy Rios plans to demonstrate how an exploit can cause an IoT device to launch a physical attack against a human.
IRS to Launch Educational Phishing Series
Quick Hits  |  7/7/2017  | 
The Internal Revenue Service is preparing to launch an educational series on phishing attacks and related warning signs.
The SOC Is DeadLong Live the SOC
Commentary  |  7/7/2017  | 
The traditional security operations center can't deal with present reality. We must rethink the concept in a way that prepares for the future.
Open Door Policy
Curt Franklin  |  7/7/2017  | 
A Friday Haiku on Insecure States
Telecom Hacker Sentenced for Laundering Millions
Quick Hits  |  7/6/2017  | 
Pakistani man sentenced to prison for hacking into PBX systems and generating millions of dollars via bogus premium phone calls and laundering the money.
Hacking the State of the ISIS Cyber Caliphate
News  |  7/6/2017  | 
Researchers say Islamic State's United Cyber Caliphate remains in its infancy when it comes to cyberattack expertise.
New Google Security Controls Tighten Third-Party Data Access
News  |  7/6/2017  | 
Google adds OAuth app whitelisting to G Suite so admins can vet third-party applications before users can grant them authorized data access.
CopyCat Malware Infects 14 Million Android Devices
News  |  7/6/2017  | 
A new malware strain is discovered with a novel approach to infecting Android handheld devices with adware.
Sabre Breach Investigation Concludes with Impact Limited
Quick Hits  |  7/6/2017  | 
The travel company finds that attackers gained limited access to a subset of its bookings in its reservation system.
Are You Ready for GDPR?
News Analysis-Security Now  |  7/6/2017  | 
Multi-cloud and software-defined storage solutions may ease the way to GDPR compliance.
Black Hat Survey: Security Pros Expect Major Breaches in Next Two Years
News  |  7/6/2017  | 
Significant compromises are not just feared, but expected, Black Hat attendees say.
Security Experts & Hackers: We're Not So Different
Partner Perspectives  |  7/6/2017  | 
Using the similarities among hackers and security programmers can be an advantage.
The Growing Danger of IP Theft and Cyber Extortion
Commentary  |  7/6/2017  | 
The recent hacks of Disney and Netflix show the jeopardy that intellectual property and company secrets are in, fueled by cheap hacking tools and cryptocurrencies.
Symantec to Buy 'Browser Isolation' Firm Fireglass
News  |  7/6/2017  | 
Fireglass's emerging Web security technology will become modular component in Symantec's Integrated Cyber Defense Platform.
Bitcoin Funds Stolen from Bithumb Exchange
Quick Hits  |  7/5/2017  | 
Exchange employee's home PC the initial attack vector.
Updates to NotPetya Lead to Server Seizure at Ukrainian Software Firm
News  |  7/5/2017  | 
Police seized servers from Ukraine's Intellect Service as the country scrambles to control a cyberattack allegedly conducted by advanced hackers.
'Crackas With Attitude' Hacker Sentenced for Targeting Government Officials
Quick Hits  |  7/5/2017  | 
A North Carolina man known as 'Incursio' goes to prison for hacking government systems as well as senior government officials.
Researchers Build Firewall to Deflect SS7 Attacks
News  |  7/5/2017  | 
Security researchers will release an open-source SS7 firewall at Black Hat USA that aims to bolster security of mobile operators' core networks.
Avoiding the Dark Side of AI-Driven Security Awareness
Commentary  |  7/5/2017  | 
Can artificial intelligence bring an end to countless hours of boring, largely ineffective user training? Or will it lead to a surveillance state within our information infrastructures?
Voice of Security Radio: Will a Digital Transformation Transform Your Security?
Curt Franklin  |  7/5/2017  | 
'Digital Transformation' can be a big umbrella term: What does it mean – and what does it mean to your security? Those are the questions for this week's Voice of Security Radio.
The Stress of Being CISO
News Analysis-Security Now  |  7/3/2017  | 
The title 'CISO' carries with it some serious stress. A new poll talks about that stress and what to do about it.
The Problem with Data
Commentary  |  7/3/2017  | 
The sheer amount of data that organizations collect makes it both extremely valuable and dangerous. Business leaders must do everything possible to keep it safe.
<<   <   Page 3 / 3


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-22879
PUBLISHED: 2021-04-14
Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation.
CVE-2021-27989
PUBLISHED: 2021-04-14
Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in multiple parameters within /medianet/sgcontentset.aspx.
CVE-2021-25316
PUBLISHED: 2021-04-14
A Insecure Temporary File vulnerability in s390-tools of SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-SP2 allows local attackers to prevent VM live migrations This issue affects: SUSE Linux Enterprise Server 12-SP5 s390-tools versions prior to 2.1.0-18.29.1. SUSE Linux Enterp...
CVE-2021-28797
PUBLISHED: 2021-04-14
A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the following versions: Surveillance Station 5.1.5.4.3 (an...
CVE-2020-36323
PUBLISHED: 2021-04-14
In the standard library in Rust before 1.50.3, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked.