Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in July 2018
<<   <   Page 2 / 4   >   >>
OpenWhisk at Risk: Critical Bug Leaves IBM Cloud Exposed
Quick Hits  |  7/24/2018  | 
IBM and Apache have issued patches for a vulnerability that let attackers overwrite any company's serverless code with malicious content.
New Report Shows Pen Testers Usually Win
News  |  7/24/2018  | 
Pen testers are successful most of the time, and it's not all about stolen credentials, according to a new report based on hundreds of tests.
7 Ways to Better Secure Electronic Health Records
Slideshows  |  7/24/2018  | 
Healthcare data is prime targets for hackers. What can healthcare organizations do to better protect all of that sensitive information?
Threat Hunting: Rethinking 'Needle in a Haystack' Security Defenses
Commentary  |  7/24/2018  | 
In cyber, needles (that is, threats) can disappear quickly, for a variety of reasons, and long often after hackers have completed what they came to do.
Iowa College Learns Education & Policies Are Keys to Endpoint Security
News Analysis-Security Now  |  7/24/2018  | 
Northeast Iowa Community College decided to deal with data breaches by improving endpoint security through a combination of better software, better education and better policies.
Kaspersky: There's No Such Thing as a Free Gift Card Code
Jeffrey Burt  |  7/24/2018  | 
Kaspersky Labs is warning that bad actors are using a scheme offering free gift card codes from Amazon, Google, eBay and others to separate consumers from their personal data and money.
Microsoft, Google, Facebook, Twitter Launch Data Transfer Project
News  |  7/23/2018  | 
The open-source Data Transfer Project, intended to simplify and protect data transfer across apps, comes at a sensitive time for many of the participating organizations.
Software is Achilles Heel of Hardware Cryptocurrency Wallets
News  |  7/23/2018  | 
Upcoming Black Hat talk will detail software vulnerabilities that can put private cryptocurrency wallets and currency exchange services at risk.
24 Sentenced in India-Based Call Center Operation
Quick Hits  |  7/23/2018  | 
The scheme targeted US residents with fraudulent phone calls and conned victims out of hundreds of millions of dollars.
London Calling with New Strategies to Stop Ransomware
Commentary  |  7/23/2018  | 
The new London Protocol from the Certificate Authority Security Council/Browser Forum aims to minimize the possibility of phishing activity on high-value identity websites.
Watch Out: The Dark Web Is Really Watching You
Alan Zeichick  |  7/23/2018  | 
The Dark Web is a lot of things, but it's mostly a hangout for criminals and cyberthieves. However, this dark corner of the Internet may know more about you or your enterprise than you think.
Two-Thirds of Organizations Hit in Supply-Chain Attacks
Quick Hits  |  7/23/2018  | 
New global survey by CrowdStrike shows the average cost of a software supply chain attack is $1.1 million.
DNS Rebinding Attack Could Affect Half a Billion IoT Devices
Larry Loeb  |  7/23/2018  | 
From smart speakers to printers to IP-connected video equipment, DNS rebinding attacks are targeting a number of IoT-based devices.
What the Incident Responders Saw
News  |  7/20/2018  | 
New report on IR professionals' experiences reveals just how advanced attackers, such as nation-state hackers, dig in even after they're detected.
US Intel Officials Share Their National Cybersecurity Concerns
News  |  7/20/2018  | 
Leaders in the security sector discuss the most pressing cyberthreats threatening the United States and what can be done to mitigate them.
Singapore Health Services Data Breach Exposes Info on 1.5 Million People
News  |  7/20/2018  | 
Attackers, repeatedly and specifically, targeted Singapore Prime Minister Lee Hsien Loong's medication data.
Microsoft: Three Hacking Attempts Made on Midterm Elections
Quick Hits  |  7/20/2018  | 
Microsoft detected data indicating three congressional candidates were being hit with cyberattacks - the first to target midterm elections.
HR Services Firm ComplyRight Suffers Major Data Breach
News  |  7/20/2018  | 
More than 7,500 customer companies were affected, and the number of individuals whose information was leaked is unknown.
DOJ Will Now Alert US Public to Foreign Interference, Attacks
News Analysis-Security Now  |  7/20/2018  | 
This week, the Justice Department released a new report on cyber attacks targeting US companies and institutions, and officials now plan to issue alerts to the American public.
Why Artificial Intelligence Is Not a Silver Bullet for Cybersecurity
Commentary  |  7/20/2018  | 
Like any technology, AI and machine learning have limitations. Three are detection, power, and people.
LabCorp Investigating Possible Attack & Data Breach
News Analysis-Security Now  |  7/20/2018  | 
LabCorp, one of the largest medical and diagnostic companies in the world, is investigating a possible attack against its network and a potential data breach, according to paperwork filed with the SEC.
Why Security Startups Fly And Why They Crash
News  |  7/20/2018  | 
What makes startups stand out in a market flooded with thousands of vendors? Funding experts and former founders share their thoughts.
More Data Breaches in Store for US Retail Industry
Larry Loeb  |  7/20/2018  | 
A report from Thales eSecurity and 451 Research finds that the security systems of US retailers are getting breached more often than their global counterparts. As a result, IT is rethinking its security spending.
70 US Election Jurisdictions Adopt Free Website Security Service
News  |  7/19/2018  | 
Hawaii, Idaho, North Carolina, and Rhode Island are among states now using gratis DDoS mitigation, firewall, and user access control service from Cloudflare.
Cyberattacks in Finland Surge During Trump-Putin Summit
News  |  7/19/2018  | 
Attackers targeted IoT devices like they did during Trump's June meeting with North Korea's Kim Jong-un, but this time China was the top-attacking nation.
Robotic Vacuums May Hoover Your Data
Quick Hits  |  7/19/2018  | 
Researchers have discovered a pair of vulnerabilities that allow unauthorized code execution in a robotic vacuum.
Free New Scanner Aims to Protect Home Networks
Quick Hits  |  7/19/2018  | 
Free software pinpoints vulnerabilities and offers suggestions for remediation.
The Fundamental Flaw in Security Awareness Programs
Commentary  |  7/19/2018  | 
It's a ridiculous business decision to rely on the discretion of a minimally trained user to thwart a highly skilled sociopath, financially motivated criminal, or nation-state.
6 Ways to Tell an Insider Has Gone Rogue
Slideshows  |  7/19/2018  | 
Malicious activity by trusted users can be very hard to catch, so look for these red flags.
Beyond Passwords: Why Your Company Should Rethink Authentication
Commentary  |  7/19/2018  | 
Scaling security infrastructure requires scaling trust of users, devices, and methods of authentication. Here's how to get started.
Number of Retailers Impacted by Breaches Doubles
News  |  7/19/2018  | 
The retail race for digital transformation is being run without the safety of security measures.
With 'Snowball,' AWS Brings Security Layer to the Edge
News Analysis-Security Now  |  7/19/2018  | 
With updates to its "Snowball" device this week, AWS looks to address concerns about how security works at the edge, as well as within the cloud itself.
Gartner: CIOs Need to Hire More Cybersecurity Experts
News Analysis-Security Now  |  7/19/2018  | 
New research determined 65% of CIOs have hired a cybersecurity expert to help protect their enterprises, but more of these hires are needed, finds Gartner.
Microsoft Identity Bounty Program Pays $500 to $100,000 for Bugs
News  |  7/18/2018  | 
Researchers will be rewarded for vulnerabilities found in identity solutions and implementations of certain OpenID standards.
Messenger Apps Top Risk Hit Parade
Quick Hits  |  7/18/2018  | 
Whether running on iOS or Android, Facebook's and WhatsApp's messenger apps present a 'winning' combination.
Make Security Boring Again
Commentary  |  7/18/2018  | 
In the public sector and feeling overwhelmed? Focus on the basics, as mind numbing as that may sound.
New Subscription Service Takes on Ransomware Protection
News  |  7/18/2018  | 
Training and response is the basis of a new offering that addresses ransomware and extortion attacks.
Microsoft Moves Up As Phishers' Favorite Target for Brand Spoofing
Quick Hits  |  7/18/2018  | 
Researchers compiled a list of the most common brands to impersonate by detecting and analyzing new phishing URLs.
From Bullets to Clicks: The Evolution of the Cyber Arms Race
Commentary  |  7/18/2018  | 
Cyber strategies have become as important as physical weapons in the battle for political advantage. Here's a quick look at four broad categories.
Education Sector CISOs Get High Marks on Security
News Analysis-Security Now  |  7/18/2018  | 
In a surprise outcome, the education sector rises to the top of a SecurityScorecard assessment for its ability to protect data assets despite connecting thousands of unsecured devices and even some determined student hackers.
AWS' Werner Vogels: 'Security Is Everyone's Job'
News Analysis-Security Now  |  7/18/2018  | 
At the AWS New York Summit, CTO Werner Vogels detailed how security is a much wider responsibility, and how automation and encryption are essential to better (and more secure) application development in the cloud.
White House Cybersecurity Strategy at a Crossroads
News  |  7/17/2018  | 
Trump administration's initial lack of a unified front in the wake of Russian election-hacking indictments worries cybersecurity experts.
One-Third of Businesses Lack a Cybersecurity Expert
News  |  7/17/2018  | 
Alarming, yes, but it's actually an improvement over past years, a new Gartner survey of more than 3,000 CIOs reveals.
Cloud Security: Lessons Learned from Intrusion Prevention Systems
Commentary  |  7/17/2018  | 
The advancement of AI-driven public cloud technology is changing the game of "protection by default" in the enterprise.
Nearly Half of Security Pros Reuse Passwords
Quick Hits  |  7/17/2018  | 
Survey exposes poor security practices by the people who should know better.
SCADA/ICS Dangers & Cybersecurity Strategies
Commentary  |  7/17/2018  | 
Nearly 60% of surveyed organizations using SCADA or ICS reported they experienced a breach in those systems in the last year. Here are four tips for making these systems safer.
7 Nigerians Indicted for Fraud Operation on Dating Sites
Quick Hits  |  7/17/2018  | 
Con artists have been charged with operating a scheme that cost users of American dating websites more than $1.5 million.
iPhone Users Targeted in Mobile Malware Attack
News Analysis-Security Now  |  7/17/2018  | 
Cisco Talos has found a complex mobile malware attack that tricks users into downloading compromised MDM software onto their iPhones.
Researchers Detail Spoofing Attack Against Vehicle GPS
Larry Loeb  |  7/17/2018  | 
A new paper shows that with the right amount of hardware and know-how, an attacker can spoof a vehicle's GPS system and change the route.
ZTE Cleared to Return to Business After US Lifts Ban
News Analysis-Security Now  |  7/17/2018  | 
Despite hefty fines and concerns about national security, ZTE is cleared to return to business after the US lifted its ban on selling components to the company.
<<   <   Page 2 / 4   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Incorporating a Prevention Mindset into Threat Detection and Response
Threat detection and response systems, by definition, are reactive because they have to wait for damage to be done before finding the attack. With a prevention-mindset, security teams can proactively anticipate the attacker's next move, rather than reacting to specific threats or trying to detect the latest techniques in real-time. The report covers areas enterprises should focus on: What positive response looks like. Improving security hygiene. Combining preventive actions with red team efforts.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-25878
PUBLISHED: 2022-05-27
The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption ...
CVE-2021-27780
PUBLISHED: 2022-05-27
The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.
CVE-2021-27781
PUBLISHED: 2022-05-27
The Master operator may be able to embed script tag in HTML with alert pop-up display cookie.
CVE-2022-1897
PUBLISHED: 2022-05-27
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
CVE-2022-20666
PUBLISHED: 2022-05-27
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient va...