Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in July 2019
Page 1 / 4   >   >>
Google Cloud Debuts New Security Capabilities
Quick Hits  |  7/31/2019  | 
Updates include Advanced Protection Program for the enterprise and general availability of password vaulted apps in Cloud Identity and G Suite.
Flaws in SanDisk SSD Dashboard Present Malware & Data Loss Risks
News  |  7/31/2019  | 
Organizations using the utility should immediately install the latest version of the software, security vendor Trustwave says.
Apple Device Management Firm Jamf Acquires Digita Security
Quick Hits  |  7/31/2019  | 
Digita Security's Apple Mac endpoint protection solutions will join Jamf's MDM suite for iOS and MacOS.
Why the Network Is Central to IoT Security
Commentary  |  7/31/2019  | 
Is there something strange about your network activity? Better make sure all of your IoT devices are under control.
Former Twitter CISO Launches Startup to Secure Cloud Collaboration
News  |  7/31/2019  | 
Altitude Networks, led by Michael Coates and Amir Kavousian, aims to prevent accidental and malicious file sharing.
More Companies Don't Rely on Passwords Alone Anymore
News  |  7/31/2019  | 
New research shows how enterprises are adding additional layers of authentication.
The Attribution Trap: A Waste of Precious Time & Money
Commentary  |  7/31/2019  | 
Aiming for attribution doesn't help most organizations become more secure. It can actually have the opposite effect.
8 Free Tools to Be Showcased at Black Hat and DEF CON
Slideshows  |  7/31/2019  | 
Expect a full slate of enterprise-class open source tools to take the spotlight when security researchers share their bounties with the community at large.
Container Security Is Falling Behind Container Deployments
News  |  7/30/2019  | 
Organizations are increasingly turning to containers even though they are not as confident in the security of those containers, according to a new survey.
Apple iOS Flaw Could Give Attacker Access via iMessage
Quick Hits  |  7/30/2019  | 
Google Project Zero researchers found an iOS vulnerability that could let an attacker snoop on a victim's phone remotely.
Insecure Real-Time Video Protocols Allow Hollywood-Style Hacking
News  |  7/30/2019  | 
Lack of security in the default settings of Internet-enabled video cameras make co-opting video feeds not just a movie-hacker technique, but a reality for millions of cameras.
Capital One Breach Affects 100M US Citizens, 6M Canadians
News  |  7/30/2019  | 
The breach exposed credit card application data, Social Security numbers, and linked bank accounts, among other information.
Transforming 'Tangible Security' into a Competitive Advantage
Commentary  |  7/30/2019  | 
Today's consumers want to see and touch security. Meeting this demand will be a win-win for everyone, from users to vendors to security teams.
DHS Warns About Security Flaws in Small Airplanes
Quick Hits  |  7/30/2019  | 
Rapid7 researchers found holes in CAN bus networks that an attacker could exploit to sabotage its operation.
BlueKeep Exploits Appear as Security Firms Continue to Worry About Cyberattack
News  |  7/30/2019  | 
The lack of an attack has puzzled some security experts, but the general advice remains that companies should patch their vulnerable systems more quickly.
Suffering SOC Saga Continues
News  |  7/30/2019  | 
New study exposes low confidence among security professionals in their security operations centers.
CISOs Must Evolve to a Data-First Security Program
Commentary  |  7/30/2019  | 
Such a program will require effort and reprioritization, but it will let your company fight modern-day threats and protect your most important assets.
Black Hat Q&A: Cracking Apple's T2 Security Chip
News  |  7/30/2019  | 
Duo Labs Mikhail Davidow and Jeremy Erickson speak about their research on the Apples T2 security chip, and why theyre sharing it at Black Hat USA.
Sextortion Email Scams Rise Sharply
News  |  7/30/2019  | 
Cybercriminals are increasingly trying to trick people into paying ransoms by threatening to expose compromising activities to friends and family.
Series of Zero-Day Vulnerabilities Could Endanger 200 Million Devices
News  |  7/29/2019  | 
Vulnerabilities in VxWorks' TCP stack could allow an attacker to execute random code, launch a DoS attack, or use the vulnerable system to attack other devices.
Deutsche Bank Email Vulnerability Left Ex-Employees with Access
Quick Hits  |  7/29/2019  | 
Failures in computer and control systems are being blamed.
Sephora Offers Monitoring Services in Wake of Data Breach
Quick Hits  |  7/29/2019  | 
The data breach compromised data belonging to customers in parts of Southeast Asia, Australia, and New Zealand.
4 Network Security Mistakes Bound to Bite You
Commentary  |  7/29/2019  | 
It's Shark Week again! Are you ready to outmaneuver sharks of the cyber variety? These tips can help.
9 Things That Don't Worry You Today (But Should)
Slideshows  |  7/29/2019  | 
There are security concerns that go far beyond the usual suspects. Here are some that should be on your list of scary things.
Malware Researcher Hutchins Sentenced to Supervised Release
Quick Hits  |  7/26/2019  | 
Marcus Hutchins, the researcher known for stopping WannaCry, avoids jail time over charges of creating and distributing Kronos malware.
Complete Personal Fraud Kits Sell for Less Than $40 on Dark Web
Quick Hits  |  7/26/2019  | 
The low cost of records reflects the huge supply of PII after many breaches at hospitals, government agencies, and credit bureaus.
Companies' 'Anonymized' Data May Violate GDPR, Privacy Regs
News  |  7/26/2019  | 
New study found that any database containing 15 pieces of demographic data could be used to identify individuals.
FormGet Storage Bucket Leaks Passport Scans, Bank Details
Quick Hits  |  7/26/2019  | 
Exposed files include mortgage and loan information, passport and driver's license scans, internal corporate files, and shipping labels.
3 Takeaways from the First American Financial Breach
Commentary  |  7/26/2019  | 
Data leaks from business logic flaws are not well understood and difficult to identify before they reach production environments. Here's how to find and prevent them.
Black Hat Q&A: Inside the Black Hat NOC
News  |  7/26/2019  | 
Cybersecurity expert Bart Stump explains what its like to reliably deliver a useful, high-security network for one of the toughest audiences in the world.
Senate Report: US Election Security 'Sorely Lacking' in 2016
Quick Hits  |  7/25/2019  | 
Senate Intelligence Committee report released today cites weaknesses, but finds no evidence of vote-tampering.
Android Spyware Has Ties to Election Interference
News  |  7/25/2019  | 
Recently revealed surveillance-ware comes from a consultant with close ties to Russia's GRU who was sanctioned by the US for election-tampering.
Russian Threat Group May Have Devised a 'Man-on-the-Side' Attack
News  |  7/25/2019  | 
Data from an intrusion last year suggests Iron Liberty group may have a new trick up its sleeve, Secureworks says.
Louisiana Declares Cybersecurity State of Emergency
Quick Hits  |  7/25/2019  | 
A series of attacks on school district systems leads the governor to declare the state's first cybersecurity state of emergency.
Johannesburg Ransomware Attack Leaves Residents in the Dark
News  |  7/25/2019  | 
The virus affected the network, applications, and databases at City Power, which delivers electricity to the South African financial hub.
Security Training That Keeps Up with Modern Development
News  |  7/25/2019  | 
Black Hat USA speakers to discuss what it will take to 'shift knowledge left' to build up a corps of security-savvy software engineers.
Answer These 9 Questions to Determine if Your Data Is Safe
Commentary  |  7/25/2019  | 
Data protection regulations are only going to grow tighter. Make sure you're keeping the customer's best interests in mind.
Android Malware 'Triada' Most Active on Telco Networks
News  |  7/25/2019  | 
Google in May disclosed that several Android devices had been shipped pre-installed with the RAT.
With Data Breach Costs, Time is Money
News  |  7/24/2019  | 
The sooner a company can detect and respond to an incident, the less likely they are to pay for it, a new IBM-Ponemon study finds.
NSA to Form New Cybersecurity Directorate
Quick Hits  |  7/24/2019  | 
Anne Neuberger will lead the directorate, which aims to bring together the NSA's offensive and defensive operations.
Mirai-Like Botnet Wages Massive Application-Layer DDoS Attack
News  |  7/24/2019  | 
IoT botnetmade up mainly of routershit a service provider with nearly 300,000 requests-per-second in a 13-day deluge of data.
DEF CON Invites Kids to Crack Campaign Finance Portals
News  |  7/24/2019  | 
DEF CON's Voting Village and AI Village team up with r00tz Asylum to let kids explore simulated campaign financial disclosure portals and disinformation campaigns.
The Commoditization of Multistage Malware Attacks
Commentary  |  7/24/2019  | 
Malware that used to be advanced is now available to everyone. These three actions could help you stay safer.
7 Stats That Show What It Takes to Run a Modern SOC
Slideshows  |  7/24/2019  | 
An inside look at staffing levels, budget allocation, outsourcing habits, and the metrics used by security operations centers (SOCs).
Malware-based Attacks Dropped 20% Worldwide
News  |  7/24/2019  | 
Meanwhile, criminals waged more encrypted, ransomware, and IoT attacks.
New IPS Architecture Uses Network Flow Data for Analysis
News  |  7/23/2019  | 
Can a stream of data intended for network performance monitoring be the basis of network security? One company says the answer is 'yes.'
Penetration Test Data Shows Risk to Domain Admin Credentials
News  |  7/23/2019  | 
But gaining a foothold on the LAN via vulnerabilities on Internet-facing assets is becoming harder, Rapid7 found in its real-world pen tests.
Business Email Compromise: Thinking Beyond Wire Transfers
News  |  7/23/2019  | 
As BEC continues to drive record-high losses, cybercriminals devise new tactics for swindling corporate targets out of millions.
Bug Bounties Continue to Rise as Google Boosts its Payouts
News  |  7/23/2019  | 
Reward for vulnerability research climbed 83% in the past year.
Russia Attempted to De-Anonymize Tor Browser: Report
Quick Hits  |  7/23/2019  | 
An attempt to crack Tor was one of many projects hackers discovered when they broke into Russian intelligence contractor SyTech.
Page 1 / 4   >   >>


US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Preventing PTSD and Burnout for Cybersecurity Professionals
Craig Hinkley, CEO, WhiteHat Security,  9/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-14821
PUBLISHED: 2019-09-19
An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->l...
CVE-2019-15032
PUBLISHED: 2019-09-19
Pydio 6.0.8 mishandles error reporting when a directory allows unauthenticated uploads, and the remote-upload option is used with the http://localhost:22 URL. The attacker can obtain sensitive information such as the name of the user who created that directory and other internal server information.
CVE-2019-15033
PUBLISHED: 2019-09-19
Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature download. An attacker can specify an intranet address in the file parameter to index.php, when sending a file to a remote server, as demonstrated by the file=http%3A%2F%2F192.168.1.2 substring.
CVE-2019-16412
PUBLISHED: 2019-09-19
In goform/setSysTools on Tenda N301 wireless routers, attackers can trigger a device crash via a zero wanMTU value. (Prohibition of this zero value is only enforced within the GUI.)
CVE-2019-16510
PUBLISHED: 2019-09-19
libIEC61850 through 1.3.3 has a use-after-free in MmsServer_waitReady in mms/iso_mms/server/mms_server.c, as demonstrated by server_example_goose.