Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in July 2018
<<   <   Page 2 / 3   >   >>
Singapore Health Services Data Breach Exposes Info on 1.5 Million People
News  |  7/20/2018  | 
Attackers, repeatedly and specifically, targeted Singapore Prime Minister Lee Hsien Loong's medication data.
Microsoft: Three Hacking Attempts Made on Midterm Elections
Quick Hits  |  7/20/2018  | 
Microsoft detected data indicating three congressional candidates were being hit with cyberattacks - the first to target midterm elections.
HR Services Firm ComplyRight Suffers Major Data Breach
News  |  7/20/2018  | 
More than 7,500 customer companies were affected, and the number of individuals whose information was leaked is unknown.
Why Artificial Intelligence Is Not a Silver Bullet for Cybersecurity
Commentary  |  7/20/2018  | 
Like any technology, AI and machine learning have limitations. Three are detection, power, and people.
Why Security Startups Fly And Why They Crash
News  |  7/20/2018  | 
What makes startups stand out in a market flooded with thousands of vendors? Funding experts and former founders share their thoughts.
70 US Election Jurisdictions Adopt Free Website Security Service
News  |  7/19/2018  | 
Hawaii, Idaho, North Carolina, and Rhode Island are among states now using gratis DDoS mitigation, firewall, and user access control service from Cloudflare.
Cyberattacks in Finland Surge During Trump-Putin Summit
News  |  7/19/2018  | 
Attackers targeted IoT devices like they did during Trump's June meeting with North Korea's Kim Jong-un, but this time China was the top-attacking nation.
Robotic Vacuums May Hoover Your Data
Quick Hits  |  7/19/2018  | 
Researchers have discovered a pair of vulnerabilities that allow unauthorized code execution in a robotic vacuum.
Free New Scanner Aims to Protect Home Networks
Quick Hits  |  7/19/2018  | 
Free software pinpoints vulnerabilities and offers suggestions for remediation.
The Fundamental Flaw in Security Awareness Programs
Commentary  |  7/19/2018  | 
It's a ridiculous business decision to rely on the discretion of a minimally trained user to thwart a highly skilled sociopath, financially motivated criminal, or nation-state.
6 Ways to Tell an Insider Has Gone Rogue
Slideshows  |  7/19/2018  | 
Malicious activity by trusted users can be very hard to catch, so look for these red flags.
Beyond Passwords: Why Your Company Should Rethink Authentication
Commentary  |  7/19/2018  | 
Scaling security infrastructure requires scaling trust of users, devices, and methods of authentication. Here's how to get started.
Number of Retailers Impacted by Breaches Doubles
News  |  7/19/2018  | 
The retail race for digital transformation is being run without the safety of security measures.
Microsoft Identity Bounty Program Pays $500 to $100,000 for Bugs
News  |  7/18/2018  | 
Researchers will be rewarded for vulnerabilities found in identity solutions and implementations of certain OpenID standards.
Messenger Apps Top Risk Hit Parade
Quick Hits  |  7/18/2018  | 
Whether running on iOS or Android, Facebook's and WhatsApp's messenger apps present a 'winning' combination.
Make Security Boring Again
Commentary  |  7/18/2018  | 
In the public sector and feeling overwhelmed? Focus on the basics, as mind numbing as that may sound.
New Subscription Service Takes on Ransomware Protection
News  |  7/18/2018  | 
Training and response is the basis of a new offering that addresses ransomware and extortion attacks.
Microsoft Moves Up As Phishers' Favorite Target for Brand Spoofing
Quick Hits  |  7/18/2018  | 
Researchers compiled a list of the most common brands to impersonate by detecting and analyzing new phishing URLs.
From Bullets to Clicks: The Evolution of the Cyber Arms Race
Commentary  |  7/18/2018  | 
Cyber strategies have become as important as physical weapons in the battle for political advantage. Here's a quick look at four broad categories.
White House Cybersecurity Strategy at a Crossroads
News  |  7/17/2018  | 
Trump administration's initial lack of a unified front in the wake of Russian election-hacking indictments worries cybersecurity experts.
One-Third of Businesses Lack a Cybersecurity Expert
News  |  7/17/2018  | 
Alarming, yes, but it's actually an improvement over past years, a new Gartner survey of more than 3,000 CIOs reveals.
Cloud Security: Lessons Learned from Intrusion Prevention Systems
Commentary  |  7/17/2018  | 
The advancement of AI-driven public cloud technology is changing the game of "protection by default" in the enterprise.
Nearly Half of Security Pros Reuse Passwords
Quick Hits  |  7/17/2018  | 
Survey exposes poor security practices by the people who should know better.
SCADA/ICS Dangers & Cybersecurity Strategies
Commentary  |  7/17/2018  | 
Nearly 60% of surveyed organizations using SCADA or ICS reported they experienced a breach in those systems in the last year. Here are four tips for making these systems safer.
7 Nigerians Indicted for Fraud Operation on Dating Sites
Quick Hits  |  7/17/2018  | 
Con artists have been charged with operating a scheme that cost users of American dating websites more than $1.5 million.
Russian National Vulnerability Database Operation Raises Suspicions
News  |  7/16/2018  | 
Recorded Future says Russia's Federal Service for Technical and Export Control has ability to find, weaponize vulnerabilities under cover of doing technology inspections.
Less Than Half of Cyberattacks Detected via Antivirus: SANS
News  |  7/16/2018  | 
Companies are buying next-gen antivirus and fileless attack detection tools but few have the resources to use them, researchers report.
Trump Dismisses Russian Interference Indictments in Presser with Putin
Quick Hits  |  7/16/2018  | 
Russian President Vladamir Putin 'just said it's not Russia,' US President Trump said.
10 Ways to Protect Protocols That Aren't DNS
Slideshows  |  7/16/2018  | 
Here's how to safeguard three other network foundation protocols so they don't become weapons or critical vulnerabilities.
India Telecom Regulator: Users Have Primary Data Rights
Quick Hits  |  7/16/2018  | 
Organizations 'should be restrained from using metadata to identify individual users,' says the Telecom Regulatory Authority of India.
Time to Yank Cybercrime into the Light
Commentary  |  7/16/2018  | 
Too many organizations are still operating blindfolded, research finds.
Mueller Probe Yields Hacking Indictments for 12 Russian Military Officers
News  |  7/13/2018  | 
GRU hackers used bitcoin to fund US computer network infrastructure supporting and hiding the operation.
GandCrab Ransomware Continues to Evolve But Can't Spread Via SMB Shares Yet
News  |  7/13/2018  | 
Recent fears that this year's most prolific ransomware threat has acquired new WannaCry-like propagation capabilities appear unfounded at the moment.
8 Big Processor Vulnerabilities in 2018
Slideshows  |  7/13/2018  | 
Security researchers have been working in overdrive examining processors for issues and they haven't come up empty-handed.
Congressional Report Cites States Most Vulnerable to Election Hacking
Quick Hits  |  7/13/2018  | 
A new report details issues with 18 states along with suggestions on what can be done.
FBI: Email Account Compromise Losses Reach $12B
Quick Hits  |  7/13/2018  | 
There were more than 78K business email account (BEC) and email account compromise (EAC) scam incidents worldwide between October 2013 and May 2018.
How to Structure an Enterprise-Wide Threat Intelligence Strategy
Commentary  |  7/13/2018  | 
To keep an organization safe, you must think about the entire IT ecosystem.
SOCs Use Automation to Compensate for Training, Technology Issues
News  |  7/13/2018  | 
Executives and front-line SOC teams see human and technology issues in much different ways, according to two new reports.
WordPress Sites Targeted in World Cup-Themed Spam Scam
News  |  7/12/2018  | 
Spammers using a 'spray & pray' approach to post comments on WordPress powered blogs, forums, says Imperva.
What's Cooking With Caleb Sima
News  |  7/12/2018  | 
Security Pro File: Web app security pioneer dishes on his teenage security career, his love of electric scooters, Ace Ventura and a new baby food business venture with his wife and famed chef, Kathy Fang.
Lessons from My Strange Journey into InfoSec
Commentary  |  7/12/2018  | 
Establishing an entre into the security world can be a maddeningly slow process. For those of us already here, it can be an opportunity to help others.
ICS Security: 'The Enemy Is in the Wire'
Commentary  |  7/12/2018  | 
Threats to industrial control systems are real and frightening. The government is taking steps to keep us safer in the future, but there are near-term steps you can take right now.
Ukraine Security Service Stops VPNFilter Attack at Chlorine Station
Quick Hits  |  7/12/2018  | 
The facility's process control system and emergency-detection system were infected, Interfax Ukraine reports.
Timehop Releases New Details About July 4 Breach
Quick Hits  |  7/12/2018  | 
Additional information includes PII affected and the authentication issue that led to the breach.
Hacker Exploits 2-Year Old Router Issue To Steal Sensitive US Military Data
News  |  7/11/2018  | 
A moderately skilled hacker managed to steal export-restricted data pertaining to the Reaper drone and Abrams tank from computers belonging to two US Army officials.
Newly Found Spectre Variants Bring New Concerns
News  |  7/11/2018  | 
Two new variants on a theme of Spectre underscore the expanding nature of the critical vulnerabilities.
Critical Vulns Earn $2K Amid Rise of Bug Bounty Programs
News  |  7/11/2018  | 
As of June, a total of $31 million has been awarded to security researchers for this year already a big jump from the $11.7 million awarded for the entire 2017.
Banks Suffer an Average of 3.8 Data Leak Incidents Per Week
Quick Hits  |  7/11/2018  | 
New study examines how financial services information gets sold and shared in the Dark Web.
Getting Safe, Smart & Secure on S3
Commentary  |  7/11/2018  | 
AWS Simple Storage Service has proven to be a security minefield. It doesn't have to be if you pay attention to people, process, and technology.
This Is How Much a 'Mega Breach' Really Costs
News  |  7/11/2018  | 
The average cost of a data breach is $3.86 million, but breaches affecting more than 1 million records are far more expensive.
<<   <   Page 2 / 3   >   >>


5 Ways to Up Your Threat Management Game
Wayne Reynolds, Advisory CISO, Kudelski Security,  2/26/2020
Exploitation, Phishing Top Worries for Mobile Users
Robert Lemos, Contributing Writer,  2/28/2020
Kr00k Wi-Fi Vulnerability Affected a Billion Devices
Robert Lemos, Contributing Writer,  2/26/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4301
PUBLISHED: 2020-02-28
BigFix Self-Service Application (SSA) is vulnerable to arbitrary code execution if Javascript code is included in Running Message or Post Message HTML.
CVE-2019-7007
PUBLISHED: 2020-02-28
A directory traversal vulnerability has been found in the Avaya Equinox Management(iView)versions R9.1.9.0 and earlier. Successful exploitation could potentially allow an unauthenticated attacker to access files that are outside the restricted directory on the remote server.
CVE-2019-10803
PUBLISHED: 2020-02-28
push-dir through 0.4.1 allows execution of arbritary commands. Arguments provided as part of the variable &quot;opt.branch&quot; is not validated before being provided to the &quot;git&quot; command within &quot;index.js#L139&quot;. This could be abused by an attacker to inject arbitrary commands.
CVE-2019-10804
PUBLISHED: 2020-02-28
serial-number through 1.3.0 allows execution of arbritary commands. The &quot;cmdPrefix&quot; argument in serialNumber function is used by the &quot;exec&quot; function without any validation.
CVE-2019-10805
PUBLISHED: 2020-02-28
valib through 2.0.0 allows Internal Property Tampering. A maliciously crafted JavaScript object can bypass several inspection functions provided by valib. Valib uses a built-in function (hasOwnProperty) from the unsafe user-input to examine an object. It is possible for a crafted payload to overwrit...