Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in July 2019
Page 1 / 4   >   >>
Google Cloud Debuts New Security Capabilities
Quick Hits  |  7/31/2019  | 
Updates include Advanced Protection Program for the enterprise and general availability of password vaulted apps in Cloud Identity and G Suite.
Flaws in SanDisk SSD Dashboard Present Malware & Data Loss Risks
News  |  7/31/2019  | 
Organizations using the utility should immediately install the latest version of the software, security vendor Trustwave says.
Apple Device Management Firm Jamf Acquires Digita Security
Quick Hits  |  7/31/2019  | 
Digita Security's Apple Mac endpoint protection solutions will join Jamf's MDM suite for iOS and MacOS.
Why the Network Is Central to IoT Security
Commentary  |  7/31/2019  | 
Is there something strange about your network activity? Better make sure all of your IoT devices are under control.
Former Twitter CISO Launches Startup to Secure Cloud Collaboration
News  |  7/31/2019  | 
Altitude Networks, led by Michael Coates and Amir Kavousian, aims to prevent accidental and malicious file sharing.
More Companies Don't Rely on Passwords Alone Anymore
News  |  7/31/2019  | 
New research shows how enterprises are adding additional layers of authentication.
The Attribution Trap: A Waste of Precious Time & Money
Commentary  |  7/31/2019  | 
Aiming for attribution doesn't help most organizations become more secure. It can actually have the opposite effect.
8 Free Tools to Be Showcased at Black Hat and DEF CON
Slideshows  |  7/31/2019  | 
Expect a full slate of enterprise-class open source tools to take the spotlight when security researchers share their bounties with the community at large.
Container Security Is Falling Behind Container Deployments
News  |  7/30/2019  | 
Organizations are increasingly turning to containers even though they are not as confident in the security of those containers, according to a new survey.
Apple iOS Flaw Could Give Attacker Access via iMessage
Quick Hits  |  7/30/2019  | 
Google Project Zero researchers found an iOS vulnerability that could let an attacker snoop on a victim's phone remotely.
Insecure Real-Time Video Protocols Allow Hollywood-Style Hacking
News  |  7/30/2019  | 
Lack of security in the default settings of Internet-enabled video cameras make co-opting video feeds not just a movie-hacker technique, but a reality for millions of cameras.
Capital One Breach Affects 100M US Citizens, 6M Canadians
News  |  7/30/2019  | 
The breach exposed credit card application data, Social Security numbers, and linked bank accounts, among other information.
Transforming 'Tangible Security' into a Competitive Advantage
Commentary  |  7/30/2019  | 
Today's consumers want to see and touch security. Meeting this demand will be a win-win for everyone, from users to vendors to security teams.
DHS Warns About Security Flaws in Small Airplanes
Quick Hits  |  7/30/2019  | 
Rapid7 researchers found holes in CAN bus networks that an attacker could exploit to sabotage its operation.
BlueKeep Exploits Appear as Security Firms Continue to Worry About Cyberattack
News  |  7/30/2019  | 
The lack of an attack has puzzled some security experts, but the general advice remains that companies should patch their vulnerable systems more quickly.
Suffering SOC Saga Continues
News  |  7/30/2019  | 
New study exposes low confidence among security professionals in their security operations centers.
CISOs Must Evolve to a Data-First Security Program
Commentary  |  7/30/2019  | 
Such a program will require effort and reprioritization, but it will let your company fight modern-day threats and protect your most important assets.
Black Hat Q&A: Cracking Apple's T2 Security Chip
News  |  7/30/2019  | 
Duo Labs Mikhail Davidow and Jeremy Erickson speak about their research on the Apples T2 security chip, and why theyre sharing it at Black Hat USA.
Sextortion Email Scams Rise Sharply
News  |  7/30/2019  | 
Cybercriminals are increasingly trying to trick people into paying ransoms by threatening to expose compromising activities to friends and family.
Series of Zero-Day Vulnerabilities Could Endanger 200 Million Devices
News  |  7/29/2019  | 
Vulnerabilities in VxWorks' TCP stack could allow an attacker to execute random code, launch a DoS attack, or use the vulnerable system to attack other devices.
Deutsche Bank Email Vulnerability Left Ex-Employees with Access
Quick Hits  |  7/29/2019  | 
Failures in computer and control systems are being blamed.
Sephora Offers Monitoring Services in Wake of Data Breach
Quick Hits  |  7/29/2019  | 
The data breach compromised data belonging to customers in parts of Southeast Asia, Australia, and New Zealand.
4 Network Security Mistakes Bound to Bite You
Commentary  |  7/29/2019  | 
It's Shark Week again! Are you ready to outmaneuver sharks of the cyber variety? These tips can help.
9 Things That Don't Worry You Today (But Should)
Slideshows  |  7/29/2019  | 
There are security concerns that go far beyond the usual suspects. Here are some that should be on your list of scary things.
Malware Researcher Hutchins Sentenced to Supervised Release
Quick Hits  |  7/26/2019  | 
Marcus Hutchins, the researcher known for stopping WannaCry, avoids jail time over charges of creating and distributing Kronos malware.
Complete Personal Fraud Kits Sell for Less Than $40 on Dark Web
Quick Hits  |  7/26/2019  | 
The low cost of records reflects the huge supply of PII after many breaches at hospitals, government agencies, and credit bureaus.
Companies' 'Anonymized' Data May Violate GDPR, Privacy Regs
News  |  7/26/2019  | 
New study found that any database containing 15 pieces of demographic data could be used to identify individuals.
FormGet Storage Bucket Leaks Passport Scans, Bank Details
Quick Hits  |  7/26/2019  | 
Exposed files include mortgage and loan information, passport and driver's license scans, internal corporate files, and shipping labels.
3 Takeaways from the First American Financial Breach
Commentary  |  7/26/2019  | 
Data leaks from business logic flaws are not well understood and difficult to identify before they reach production environments. Here's how to find and prevent them.
Black Hat Q&A: Inside the Black Hat NOC
News  |  7/26/2019  | 
Cybersecurity expert Bart Stump explains what its like to reliably deliver a useful, high-security network for one of the toughest audiences in the world.
Senate Report: US Election Security 'Sorely Lacking' in 2016
Quick Hits  |  7/25/2019  | 
Senate Intelligence Committee report released today cites weaknesses, but finds no evidence of vote-tampering.
Android Spyware Has Ties to Election Interference
News  |  7/25/2019  | 
Recently revealed surveillance-ware comes from a consultant with close ties to Russia's GRU who was sanctioned by the US for election-tampering.
Russian Threat Group May Have Devised a 'Man-on-the-Side' Attack
News  |  7/25/2019  | 
Data from an intrusion last year suggests Iron Liberty group may have a new trick up its sleeve, Secureworks says.
Louisiana Declares Cybersecurity State of Emergency
Quick Hits  |  7/25/2019  | 
A series of attacks on school district systems leads the governor to declare the state's first cybersecurity state of emergency.
Johannesburg Ransomware Attack Leaves Residents in the Dark
News  |  7/25/2019  | 
The virus affected the network, applications, and databases at City Power, which delivers electricity to the South African financial hub.
Security Training That Keeps Up with Modern Development
News  |  7/25/2019  | 
Black Hat USA speakers to discuss what it will take to 'shift knowledge left' to build up a corps of security-savvy software engineers.
Answer These 9 Questions to Determine if Your Data Is Safe
Commentary  |  7/25/2019  | 
Data protection regulations are only going to grow tighter. Make sure you're keeping the customer's best interests in mind.
Android Malware 'Triada' Most Active on Telco Networks
News  |  7/25/2019  | 
Google in May disclosed that several Android devices had been shipped pre-installed with the RAT.
With Data Breach Costs, Time is Money
News  |  7/24/2019  | 
The sooner a company can detect and respond to an incident, the less likely they are to pay for it, a new IBM-Ponemon study finds.
NSA to Form New Cybersecurity Directorate
Quick Hits  |  7/24/2019  | 
Anne Neuberger will lead the directorate, which aims to bring together the NSA's offensive and defensive operations.
Mirai-Like Botnet Wages Massive Application-Layer DDoS Attack
News  |  7/24/2019  | 
IoT botnetmade up mainly of routershit a service provider with nearly 300,000 requests-per-second in a 13-day deluge of data.
DEF CON Invites Kids to Crack Campaign Finance Portals
News  |  7/24/2019  | 
DEF CON's Voting Village and AI Village team up with r00tz Asylum to let kids explore simulated campaign financial disclosure portals and disinformation campaigns.
The Commoditization of Multistage Malware Attacks
Commentary  |  7/24/2019  | 
Malware that used to be advanced is now available to everyone. These three actions could help you stay safer.
7 Stats That Show What It Takes to Run a Modern SOC
Slideshows  |  7/24/2019  | 
An inside look at staffing levels, budget allocation, outsourcing habits, and the metrics used by security operations centers (SOCs).
Malware-based Attacks Dropped 20% Worldwide
News  |  7/24/2019  | 
Meanwhile, criminals waged more encrypted, ransomware, and IoT attacks.
New IPS Architecture Uses Network Flow Data for Analysis
News  |  7/23/2019  | 
Can a stream of data intended for network performance monitoring be the basis of network security? One company says the answer is 'yes.'
Penetration Test Data Shows Risk to Domain Admin Credentials
News  |  7/23/2019  | 
But gaining a foothold on the LAN via vulnerabilities on Internet-facing assets is becoming harder, Rapid7 found in its real-world pen tests.
Business Email Compromise: Thinking Beyond Wire Transfers
News  |  7/23/2019  | 
As BEC continues to drive record-high losses, cybercriminals devise new tactics for swindling corporate targets out of millions.
Bug Bounties Continue to Rise as Google Boosts its Payouts
News  |  7/23/2019  | 
Reward for vulnerability research climbed 83% in the past year.
Russia Attempted to De-Anonymize Tor Browser: Report
Quick Hits  |  7/23/2019  | 
An attempt to crack Tor was one of many projects hackers discovered when they broke into Russian intelligence contractor SyTech.
Page 1 / 4   >   >>


Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19071
PUBLISHED: 2019-11-18
A memory leak in the rsi_send_beacon() function in drivers/net/wireless/rsi/rsi_91x_mgmt.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering rsi_prepare_beacon() failures, aka CID-d563131ef23c.
CVE-2019-19072
PUBLISHED: 2019-11-18
A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-96c5c6e6a5b6.
CVE-2019-19073
PUBLISHED: 2019-11-18
Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, ...
CVE-2019-19074
PUBLISHED: 2019-11-18
A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.
CVE-2019-19075
PUBLISHED: 2019-11-18
A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures, aka CID-6402939ec86e.