Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in July 2018
<<   <   Page 4 / 4
6 M&A Security Tips
Slideshows  |  7/9/2018  | 
Companies are realizing that the security posture of an acquired organization should be considered as part of their due diligence process.
Insurers Sue Trustwave for $30M Over '08 Heartland Data Breach
News  |  7/9/2018  | 
Lawsuit filed by Lexington Insurance and Beazley Insurance is in response to a Trustwave legal filing that called their claims meritless.
Two More Convicted in $30M Massive Hacking, Securities Fraud Operation
News  |  7/9/2018  | 
A former hedge fund manager and securities trader participated in a scheme that made $30 million by trading on information from stolen press releases.
Chinese Wind Turbine Manufacturer Gets Max. Fine for Source Code Theft
Quick Hits  |  7/9/2018  | 
Sinovel Wind Group has been sentenced for stealing trade secrets from the company formerly known as American Superconductor Inc.
Creating a Defensible Security Architecture
Commentary  |  7/9/2018  | 
Take the time to learn about your assets. You'll be able to layer in multiple prevention and detection solutions and have a highly effective security architecture.
Claranet Buys NotSoSecure
Quick Hits  |  7/9/2018  | 
Acquisition continues the MSP's push into security services.
PG&E Allows Substantial Account Access Without a Password, Researcher Finds
News Analysis-Security Now  |  7/9/2018  | 
After checking his own PG&E account, security researcher Justin Troutman found that the utility company allowed users to access accounts without a password. The company claims accounts are safe.
Attackers Combining Smoke Loader & PROPagate in New Campaign
Larry Loeb  |  7/9/2018  | 
Cisco Talos researchers have found that attackers have started to combine Smoke Loader and the PROPagate injection in a new campaign delivered through phony Word documents.
Putin Pushes for Global Cybersecurity Cooperation
Quick Hits  |  7/6/2018  | 
At a Moscow-based security conference, Russian President Vladimir Putin said countries should work together amid the rise of cyberthreats.
New Malware Strain Targets Cryptocurrency Fans Who Use Macs
Quick Hits  |  7/6/2018  | 
OSX.Dummy depends on substantial help from an unwary victim.
Former NSO Group Employee Steals, Sells Spy Tools
Quick Hits  |  7/6/2018  | 
The Israeli hacking firm says its stolen software is worth hundreds of millions of dollars.
Reactive or Proactive? Making the Case for New Kill Chains
Commentary  |  7/6/2018  | 
Classic kill chain models that aim to find and stop external attacks don't account for threats from insiders. Here what a modern kill chain should include.
Trading Platforms Riddled With Severe Flaws
News  |  7/6/2018  | 
In spite of routing trillions of dollars of stock and commodity trades every day, financial cousins to online banking applications are written very insecurely.
APTs: Now's the Time for a New Approach
News Analysis-Security Now  |  7/6/2018  | 
Advanced Persistent Threats, or APTs, are one of the greatest problems that enterprises face today. However, security teams have been taking the wrong approach...
Google, Firefox Pull Stylish After Report Shows How Data Is Collected
Larry Loeb  |  7/6/2018  | 
A security researcher showed how the Stylish browser extension sent personal data and search results back to the parent company, and this forced Mozilla and Google to yank it off their stores.
Weak Admin Password Enabled Gentoo GitHub Breach
News  |  7/5/2018  | 
Had the attacker been quieter, breach may not have been discovered immediately maintainers of popular Linux distribution said.
WEF: 217 More Years Until Women and Men Reach Economic Equality
News  |  7/5/2018  | 
Progress toward economic parity is in reverse for the first time since 2006, but cybersecurity can help change the game.
New Malware Variant Hits With Ransomware or Cryptomining
Quick Hits  |  7/5/2018  | 
A new variant of old malware scans a system before deciding just how to administer pain.
UK Banks Must Produce Backup Plans for Cyberattacks
Quick Hits  |  7/5/2018  | 
Financial services firms in Britain have three months to explain how they would stay up and running in the event of an attack or service disruption.
4 Basic Principles to Help Keep Hackers Out
Commentary  |  7/5/2018  | 
The most effective hackers keep things simple, something organizations must take into account.
How Quantum Physics Will Protect Against Quantum-Busting Encryption
Jeffrey Burt  |  7/5/2018  | 
The CEO of the startup Quantum Xchange envisions a nationwide dark fiber quantum network that protects encrypted data in transit with an on-demand Quantum Key Distribution service.
9 SMB Security Trends
Slideshows  |  7/5/2018  | 
SMBs understand they have to focus more on cybersecurity. Here's a look at the areas they say matter most.
How the Cloud Is Changing the Identity & Access Management Game
Simon Marshall  |  7/5/2018  | 
Fresh off a $17.5M funding round, startup Preempt is one of several companies that is looking to change the identity and access management game as the enterprise shifts to the cloud.
Researchers Show How Attackers Can Crack LTE Data Link Layer
Larry Loeb  |  7/4/2018  | 
In a paper, researchers show how an attacker with the right equipment can crack the data link layer of an LTE network. It's mostly theoretical, but it shows why upcoming 5G security standards need to be tougher.
California's New Privacy Law Gives GDPR-Compliant Orgs Little to Fear
News  |  7/3/2018  | 
Others should boost their security controls to get in sync with AB 375... or get ready to be sued hundreds of dollars for each personal record exposed in a breach.
Bigger, Faster, Stronger: 2 Reports Detail the Evolving State of DDoS
News  |  7/3/2018  | 
DDoS attacks continue to plague the Internet, getting bigger and more dangerous. And now, the kids are involved.
Cryptocurrency Theft Drives 3x Increase in Money Laundering
News  |  7/3/2018  | 
The first half of 2018 saw more cryptocurrency theft than all of 2017 combined, driving a rise in digital money laundering as criminals elude authorities.
Consumers Rank Security High in Payment Decisions
Quick Hits  |  7/3/2018  | 
Security is a top priority when it comes to making decisions on payment methods and technologies.
Ransomware vs. Cryptojacking
Commentary  |  7/3/2018  | 
Cybercriminals are increasingly turning to cryptojacking over ransomware for a bigger payday. Here's what enterprises need to know in order to protect their digital assets and bank accounts.
ThetaRay Raises $30M to Block Money Laundering
Quick Hits  |  7/3/2018  | 
With a total $60 million raised to date, the Israeli startup plans to expand operations in Europe, Asia, and the United States.
Automated Network Security Is Crucial, but No Panacea
News Analysis-Security Now  |  7/3/2018  | 
As attacks get more sophisticated and business gets more mobile and distributed, automation capabilities enable networks to keep up with the rapid pace of change.
Cybercriminals Start Looking Beyond the Dark Web
Simon Marshall  |  7/3/2018  | 
For years, the Dark Web was seen as a safe haven for cybercrime. Now, a new report finds that cybercriminals are turning toward newer technologies, such as Blockchain DNS, to shield their activities.
Second Equifax Employee Facing Insider Trading Charges
News Analysis-Security Now  |  7/3/2018  | 
The SEC, along with the Justice Department, has charged Sudhakar Reddy Bonthu, a former software engineer at Equifax, with insider trading following the 2017 data breach at the credit reporting agency.
Azure IoT Edge Exits Preview with Security Updates
News  |  7/2/2018  | 
Microsoft rolls out its cloud-based IoT service to the general public, while upping data protection with new categories including device management and security.
'Clipboard Hijacker' Malware Builds on Cryptocurrency Threat
Quick Hits  |  7/2/2018  | 
Clipboard Hijackers are not a new threat, but this one shows attackers are getting more advanced.
6 Drivers of Mental and Emotional Stress in Infosec
Slideshows  |  7/2/2018  | 
Pressure comes in many forms but often with the same end result: stress and burnout within the security community.
iOS 12 2FA Feature May Carry Bank Fraud Risk
Quick Hits  |  7/2/2018  | 
Making two-factor authentication faster could also make it less secure.
Preparing for Transport Layer Security 1.3
Commentary  |  7/2/2018  | 
The long-awaited encryption standard update is almost here. Get ready while you can to ensure security, interoperability, and performance.
RIG Exploit Kit Injects Code That Creates Monero Miner
News Analysis-Security Now  |  7/2/2018  | 
Researchers at FireEye have found the first instance of the RIG exploit kits injecting code into machines that creates a malicious Monero miner.
Seamless Cloud Security Depends on Encryption Done Right
Joe Stanganelli  |  7/2/2018  | 
As the enterprise shift to the cloud, there's a debate about what's best for securing data as it moves from one platform to another. A Boston startup is looking to encrypt data in motion and at rest, and this could be the next big trend.
<<   <   Page 4 / 4


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27180
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail (aka WorldClient). It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user.
CVE-2021-27181
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the va...
CVE-2021-27182
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail (aka WorldClient). It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user.
CVE-2021-27183
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to modify existing files. This vulnerability may directly lead...
CVE-2021-29449
PUBLISHED: 2021-04-14
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details.