Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in July 2018
<<   <   Page 3 / 4   >   >>
Russian National Vulnerability Database Operation Raises Suspicions
News  |  7/16/2018  | 
Recorded Future says Russia's Federal Service for Technical and Export Control has ability to find, weaponize vulnerabilities under cover of doing technology inspections.
Less Than Half of Cyberattacks Detected via Antivirus: SANS
News  |  7/16/2018  | 
Companies are buying next-gen antivirus and fileless attack detection tools but few have the resources to use them, researchers report.
Trump Dismisses Russian Interference Indictments in Presser with Putin
Quick Hits  |  7/16/2018  | 
Russian President Vladamir Putin 'just said it's not Russia,' US President Trump said.
10 Ways to Protect Protocols That Aren't DNS
Slideshows  |  7/16/2018  | 
Here's how to safeguard three other network foundation protocols so they don't become weapons or critical vulnerabilities.
India Telecom Regulator: Users Have Primary Data Rights
Quick Hits  |  7/16/2018  | 
Organizations 'should be restrained from using metadata to identify individual users,' says the Telecom Regulatory Authority of India.
Time to Yank Cybercrime into the Light
Commentary  |  7/16/2018  | 
Too many organizations are still operating blindfolded, research finds.
IDT CIO Faces Down New Crop of Global Threats
Simon Marshall  |  7/16/2018  | 
IDT CIO Golan Ben-Oni has faced down two serious cyberattacks in the last year and he expects more are on the way. From selecting vendors to thinking about the cloud, here's how Ben-Oi is rethinking the security landscape.
Broadcom's Deal for CA Puts Big Iron in the Spotlight
Larry Loeb  |  7/16/2018  | 
With Broadcom buying CA for $18.9 billion, old-time big iron is suddenly cool again. Here's what it means for security and software development.
Mueller Probe Yields Hacking Indictments for 12 Russian Military Officers
News  |  7/13/2018  | 
GRU hackers used bitcoin to fund US computer network infrastructure supporting and hiding the operation.
12 Russian Nationals Indicted in 2016 Hacking of DNC, Clinton Campaign
News Analysis-Security Now  |  7/13/2018  | 
The DOJ and the Special Counsel's Office indicted 12 Russian nationals, charging them with hacking into the networks of the Democratic Congressional Campaign Committee, the Democratic National Committee and the Hillary Clinton presidential campaign.
GandCrab Ransomware Continues to Evolve But Can't Spread Via SMB Shares Yet
News  |  7/13/2018  | 
Recent fears that this year's most prolific ransomware threat has acquired new WannaCry-like propagation capabilities appear unfounded at the moment.
8 Big Processor Vulnerabilities in 2018
Slideshows  |  7/13/2018  | 
Security researchers have been working in overdrive examining processors for issues and they haven't come up empty-handed.
Congressional Report Cites States Most Vulnerable to Election Hacking
Quick Hits  |  7/13/2018  | 
A new report details issues with 18 states along with suggestions on what can be done.
FBI: Email Account Compromise Losses Reach $12B
Quick Hits  |  7/13/2018  | 
There were more than 78K business email account (BEC) and email account compromise (EAC) scam incidents worldwide between October 2013 and May 2018.
How to Structure an Enterprise-Wide Threat Intelligence Strategy
Commentary  |  7/13/2018  | 
To keep an organization safe, you must think about the entire IT ecosystem.
Attackers Increasingly Turning Attention to the Cloud
Jeffrey Burt  |  7/13/2018  | 
In the first half of 2018, Check Point researchers saw threat actors turning more of their attention to the cloud to steal data, as well as to grab compute power for cryptomining efforts.
SOCs Use Automation to Compensate for Training, Technology Issues
News  |  7/13/2018  | 
Executives and front-line SOC teams see human and technology issues in much different ways, according to two new reports.
Bug Bounty Programs Paying Off for Enterprises
Larry Loeb  |  7/13/2018  | 
The number of bug bounty programs continues to grow, and enterprise security is better for it. A new report urges more businesses to embrace and not squash these initiatives.
WordPress Sites Targeted in World Cup-Themed Spam Scam
News  |  7/12/2018  | 
Spammers using a 'spray & pray' approach to post comments on WordPress powered blogs, forums, says Imperva.
What's Cooking With Caleb Sima
News  |  7/12/2018  | 
Security Pro File: Web app security pioneer dishes on his teenage security career, his love of electric scooters, Ace Ventura and a new baby food business venture with his wife and famed chef, Kathy Fang.
Lessons from My Strange Journey into InfoSec
Commentary  |  7/12/2018  | 
Establishing an entre into the security world can be a maddeningly slow process. For those of us already here, it can be an opportunity to help others.
ICS Security: 'The Enemy Is in the Wire'
Commentary  |  7/12/2018  | 
Threats to industrial control systems are real and frightening. The government is taking steps to keep us safer in the future, but there are near-term steps you can take right now.
Ukraine Security Service Stops VPNFilter Attack at Chlorine Station
Quick Hits  |  7/12/2018  | 
The facility's process control system and emergency-detection system were infected, Interfax Ukraine reports.
Timehop Releases New Details About July 4 Breach
Quick Hits  |  7/12/2018  | 
Additional information includes PII affected and the authentication issue that led to the breach.
IBM: Hidden Costs Drive Up Financial Hit of Mega Breaches to $350M
Jeffrey Burt  |  7/12/2018  | 
For companies that have 50 million records compromised, lost business and reputation, as well as the employee time spent in recovery work, can put the overall cost at $350 million.
Kaspersky: Asia the Focus of APT Operations in Q2
Jeffrey Burt  |  7/12/2018  | 
In their second quarter report, Kaspersky researchers also noted the return of various well-known bad actors and the threats facing networking hardware devices.
Hacker Exploits 2-Year Old Router Issue To Steal Sensitive US Military Data
News  |  7/11/2018  | 
A moderately skilled hacker managed to steal export-restricted data pertaining to the Reaper drone and Abrams tank from computers belonging to two US Army officials.
Newly Found Spectre Variants Bring New Concerns
News  |  7/11/2018  | 
Two new variants on a theme of Spectre underscore the expanding nature of the critical vulnerabilities.
Critical Vulns Earn $2K Amid Rise of Bug Bounty Programs
News  |  7/11/2018  | 
As of June, a total of $31 million has been awarded to security researchers for this year already a big jump from the $11.7 million awarded for the entire 2017.
Banks Suffer an Average of 3.8 Data Leak Incidents Per Week
Quick Hits  |  7/11/2018  | 
New study examines how financial services information gets sold and shared in the Dark Web.
Getting Safe, Smart & Secure on S3
Commentary  |  7/11/2018  | 
AWS Simple Storage Service has proven to be a security minefield. It doesn't have to be if you pay attention to people, process, and technology.
This Is How Much a 'Mega Breach' Really Costs
News  |  7/11/2018  | 
The average cost of a data breach is $3.86 million, but breaches affecting more than 1 million records are far more expensive.
New Cyber Center Opens at Augusta University in Georgia
Quick Hits  |  7/11/2018  | 
University partners with state on $100 million Georgia Cyber Center for cybersecurity education and research.
Major International Airport System Access Sold for $10 on Dark Web
News  |  7/11/2018  | 
Researchers from the McAfee Advanced Threat Research team began with an open search on Russian RDP shop UAS to make their discovery.
What We Talk About When We Talk About Risk
Commentary  |  7/11/2018  | 
Measuring security risk is not that hard if you get your terms straight and leverage well-established methods and principles from other disciplines.
'RDP Shops' Proliferate Throughout the Dark Web
News Analysis-Security Now  |  7/11/2018  | 
For as little as $10, McAfee researchers found that they could buy access to the security and building automation systems of a US airport thanks to the proliferation of 'RDP shops' across the dark web.
Magecart Group Seen as Hidden Hand Behind Ticketmaster Attack
Larry Loeb  |  7/11/2018  | 
By targeting third-party vendors that Ticketmaster uses to help process payment, the Magecart group appears to be expanding the scope of its cybercrimes, according to RiskIQ.
Apple Releases Wave of Security Updates
News  |  7/11/2018  | 
Apple updates software for nearly every hardware platform, though one new feature almost steals the security show.
AT&T Absorbs AlienVault's Cybersecurity Insights
News Analysis-Security Now  |  7/11/2018  | 
The new combo of AT&T and AlienVault will power the carrier's new SMB security services but it's not yet certain how reports and research from the Open Threat Exchange will be impacted.
Ticketmaster Breach Part of Massive Payment Card Hacking Campaign
News  |  7/10/2018  | 
Threat actor Magecart has infiltrated over 800 e-commerce sites with card skimming software installed on third-party software components, RiskIQ says.
Microsoft July Security Updates Mostly Browser-Related
News  |  7/10/2018  | 
Patch Tuesday includes 53 security updates, including mitigation for the latest side-channel attack.
Asian APT Groups Most Active in Q2
News  |  7/10/2018  | 
Researchers at Kaspersky Lab published data on the most prolific threat groups and campaigns, compiled from private intelligence reports developed this quarter.
Bomgar Acquires Avecto
Quick Hits  |  7/10/2018  | 
Purchase adds layers to privileged access management system.
Businesses Struggle to Build 'Security-First' Culture
News  |  7/10/2018  | 
New Accenture study finds half of businesses provide cybersecurity training for new hires and only 40% of CISOs prioritize building or expanding insider threat programs.
AT&T to Buy AlienVault
Quick Hits  |  7/10/2018  | 
Terms of the deal which closes in Q3 were not disclosed.
For Data Thieves, the World Cup Runneth Over
Commentary  |  7/10/2018  | 
Large sporting events are always going to be targets, but the fact that the competition is in Russia adds another layer of concern. Here are three tips to stay safer.
7 Ways to Keep DNS Safe
Slideshows  |  7/10/2018  | 
A DNS attack can have an outsize impact on the targeted organization or organizations. Here's how to make hackers' lives much more difficult.
HNS IoT Botnet Evolves, Goes Cross-Platform
Jeffrey Burt  |  7/10/2018  | 
The Hide 'N Seek malware had previously targeted devices such as home routers and DVRs, but now the botnet is including Apache CouchDB and OrientDB in its expanding list of targets.
Cisco: GDPR Is About More Than Compliance
Jeffrey Burt  |  7/10/2018  | 
Cisco's top privacy official says that the EU's new privacy regulations – GDPR – gives forward-thinking companies an opportunity to excel by building new data management and privacy models.
Data Breaches at Timehop, Macy's Highlight Need for Multi-Factor Authentication
News  |  7/9/2018  | 
Names, email addresses, and some phone numbers belonging to 21 million people exposed in Timehop intrusion; Macy's incident impacts 'small number' of customers.
<<   <   Page 3 / 4   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7121
PUBLISHED: 2020-09-23
Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the LLDP (Link Layer Discovery Protocol) process in the switch. This applies to f...
CVE-2020-7122
PUBLISHED: 2020-09-23
Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the CDP (Cisco Discovery Protocol) process in the switch. This applies to firmwar...
CVE-2020-10687
PUBLISHED: 2020-09-23
A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS att...
CVE-2020-10714
PUBLISHED: 2020-09-23
A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...
CVE-2020-14365
PUBLISHED: 2020-09-23
A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw le...