Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in July 2018
<<   <   Page 3 / 3
New Cyber Center Opens at Augusta University in Georgia
Quick Hits  |  7/11/2018  | 
University partners with state on $100 million Georgia Cyber Center for cybersecurity education and research.
Major International Airport System Access Sold for $10 on Dark Web
News  |  7/11/2018  | 
Researchers from the McAfee Advanced Threat Research team began with an open search on Russian RDP shop UAS to make their discovery.
What We Talk About When We Talk About Risk
Commentary  |  7/11/2018  | 
Measuring security risk is not that hard if you get your terms straight and leverage well-established methods and principles from other disciplines.
Apple Releases Wave of Security Updates
News  |  7/11/2018  | 
Apple updates software for nearly every hardware platform, though one new feature almost steals the security show.
Ticketmaster Breach Part of Massive Payment Card Hacking Campaign
News  |  7/10/2018  | 
Threat actor Magecart has infiltrated over 800 e-commerce sites with card skimming software installed on third-party software components, RiskIQ says.
Microsoft July Security Updates Mostly Browser-Related
News  |  7/10/2018  | 
Patch Tuesday includes 53 security updates, including mitigation for the latest side-channel attack.
Asian APT Groups Most Active in Q2
News  |  7/10/2018  | 
Researchers at Kaspersky Lab published data on the most prolific threat groups and campaigns, compiled from private intelligence reports developed this quarter.
Bomgar Acquires Avecto
Quick Hits  |  7/10/2018  | 
Purchase adds layers to privileged access management system.
Businesses Struggle to Build 'Security-First' Culture
News  |  7/10/2018  | 
New Accenture study finds half of businesses provide cybersecurity training for new hires and only 40% of CISOs prioritize building or expanding insider threat programs.
AT&T to Buy AlienVault
Quick Hits  |  7/10/2018  | 
Terms of the deal which closes in Q3 were not disclosed.
For Data Thieves, the World Cup Runneth Over
Commentary  |  7/10/2018  | 
Large sporting events are always going to be targets, but the fact that the competition is in Russia adds another layer of concern. Here are three tips to stay safer.
7 Ways to Keep DNS Safe
Slideshows  |  7/10/2018  | 
A DNS attack can have an outsize impact on the targeted organization or organizations. Here's how to make hackers' lives much more difficult.
Data Breaches at Timehop, Macy's Highlight Need for Multi-Factor Authentication
News  |  7/9/2018  | 
Names, email addresses, and some phone numbers belonging to 21 million people exposed in Timehop intrusion; Macy's incident impacts 'small number' of customers.
6 M&A Security Tips
Slideshows  |  7/9/2018  | 
Companies are realizing that the security posture of an acquired organization should be considered as part of their due diligence process.
Insurers Sue Trustwave for $30M Over '08 Heartland Data Breach
News  |  7/9/2018  | 
Lawsuit filed by Lexington Insurance and Beazley Insurance is in response to a Trustwave legal filing that called their claims meritless.
Two More Convicted in $30M Massive Hacking, Securities Fraud Operation
News  |  7/9/2018  | 
A former hedge fund manager and securities trader participated in a scheme that made $30 million by trading on information from stolen press releases.
Chinese Wind Turbine Manufacturer Gets Max. Fine for Source Code Theft
Quick Hits  |  7/9/2018  | 
Sinovel Wind Group has been sentenced for stealing trade secrets from the company formerly known as American Superconductor Inc.
Creating a Defensible Security Architecture
Commentary  |  7/9/2018  | 
Take the time to learn about your assets. You'll be able to layer in multiple prevention and detection solutions and have a highly effective security architecture.
Claranet Buys NotSoSecure
Quick Hits  |  7/9/2018  | 
Acquisition continues the MSP's push into security services.
Putin Pushes for Global Cybersecurity Cooperation
Quick Hits  |  7/6/2018  | 
At a Moscow-based security conference, Russian President Vladimir Putin said countries should work together amid the rise of cyberthreats.
New Malware Strain Targets Cryptocurrency Fans Who Use Macs
Quick Hits  |  7/6/2018  | 
OSX.Dummy depends on substantial help from an unwary victim.
Former NSO Group Employee Steals, Sells Spy Tools
Quick Hits  |  7/6/2018  | 
The Israeli hacking firm says its stolen software is worth hundreds of millions of dollars.
Reactive or Proactive? Making the Case for New Kill Chains
Commentary  |  7/6/2018  | 
Classic kill chain models that aim to find and stop external attacks don't account for threats from insiders. Here what a modern kill chain should include.
Trading Platforms Riddled With Severe Flaws
News  |  7/6/2018  | 
In spite of routing trillions of dollars of stock and commodity trades every day, financial cousins to online banking applications are written very insecurely.
Weak Admin Password Enabled Gentoo GitHub Breach
News  |  7/5/2018  | 
Had the attacker been quieter, breach may not have been discovered immediately maintainers of popular Linux distribution said.
WEF: 217 More Years Until Women and Men Reach Economic Equality
News  |  7/5/2018  | 
Progress toward economic parity is in reverse for the first time since 2006, but cybersecurity can help change the game.
New Malware Variant Hits With Ransomware or Cryptomining
Quick Hits  |  7/5/2018  | 
A new variant of old malware scans a system before deciding just how to administer pain.
UK Banks Must Produce Backup Plans for Cyberattacks
Quick Hits  |  7/5/2018  | 
Financial services firms in Britain have three months to explain how they would stay up and running in the event of an attack or service disruption.
4 Basic Principles to Help Keep Hackers Out
Commentary  |  7/5/2018  | 
The most effective hackers keep things simple, something organizations must take into account.
9 SMB Security Trends
Slideshows  |  7/5/2018  | 
SMBs understand they have to focus more on cybersecurity. Here's a look at the areas they say matter most.
California's New Privacy Law Gives GDPR-Compliant Orgs Little to Fear
News  |  7/3/2018  | 
Others should boost their security controls to get in sync with AB 375... or get ready to be sued hundreds of dollars for each personal record exposed in a breach.
Bigger, Faster, Stronger: 2 Reports Detail the Evolving State of DDoS
News  |  7/3/2018  | 
DDoS attacks continue to plague the Internet, getting bigger and more dangerous. And now, the kids are involved.
Cryptocurrency Theft Drives 3x Increase in Money Laundering
News  |  7/3/2018  | 
The first half of 2018 saw more cryptocurrency theft than all of 2017 combined, driving a rise in digital money laundering as criminals elude authorities.
Consumers Rank Security High in Payment Decisions
Quick Hits  |  7/3/2018  | 
Security is a top priority when it comes to making decisions on payment methods and technologies.
Ransomware vs. Cryptojacking
Commentary  |  7/3/2018  | 
Cybercriminals are increasingly turning to cryptojacking over ransomware for a bigger payday. Here's what enterprises need to know in order to protect their digital assets and bank accounts.
ThetaRay Raises $30M to Block Money Laundering
Quick Hits  |  7/3/2018  | 
With a total $60 million raised to date, the Israeli startup plans to expand operations in Europe, Asia, and the United States.
Azure IoT Edge Exits Preview with Security Updates
News  |  7/2/2018  | 
Microsoft rolls out its cloud-based IoT service to the general public, while upping data protection with new categories including device management and security.
'Clipboard Hijacker' Malware Builds on Cryptocurrency Threat
Quick Hits  |  7/2/2018  | 
Clipboard Hijackers are not a new threat, but this one shows attackers are getting more advanced.
6 Drivers of Mental and Emotional Stress in Infosec
Slideshows  |  7/2/2018  | 
Pressure comes in many forms but often with the same end result: stress and burnout within the security community.
iOS 12 2FA Feature May Carry Bank Fraud Risk
Quick Hits  |  7/2/2018  | 
Making two-factor authentication faster could also make it less secure.
Preparing for Transport Layer Security 1.3
Commentary  |  7/2/2018  | 
The long-awaited encryption standard update is almost here. Get ready while you can to ensure security, interoperability, and performance.
<<   <   Page 3 / 3


Stop Defending Everything
Kevin Kurzawa, Senior Information Security Auditor,  2/12/2020
Small Business Security: 5 Tips on How and Where to Start
Mike Puglia, Chief Strategy Officer at Kaseya,  2/13/2020
5 Common Errors That Allow Attackers to Go Undetected
Matt Middleton-Leal, General Manager and Chief Security Strategist, Netwrix,  2/12/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5613
PUBLISHED: 2020-02-18
In FreeBSD 12.0-RELEASE before 12.0-RELEASE-p13, a missing check in the ipsec packet processor allows reinjection of an old packet to be accepted by the ipsec endpoint. Depending on the higher-level protocol in use over ipsec, this could allow an action to be repeated.
CVE-2020-7450
PUBLISHED: 2020-02-18
In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r357214, and 11.3-RELEASE before 11.3-RELEASE-p6, URL handling in libfetch with URLs containing username and/or password components is vulnerable to a heap buffer over...
CVE-2019-10792
PUBLISHED: 2020-02-18
bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.
CVE-2019-10793
PUBLISHED: 2020-02-18
dot-object before 2.1.3 is vulnerable to Prototype Pollution. The set function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.
CVE-2019-10794
PUBLISHED: 2020-02-18
All versions of component-flatten are vulnerable to Prototype Pollution. The a function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.