Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in July 2019
Page 1 / 4   >   >>
Google Cloud Debuts New Security Capabilities
Quick Hits  |  7/31/2019  | 
Updates include Advanced Protection Program for the enterprise and general availability of password vaulted apps in Cloud Identity and G Suite.
Flaws in SanDisk SSD Dashboard Present Malware & Data Loss Risks
News  |  7/31/2019  | 
Organizations using the utility should immediately install the latest version of the software, security vendor Trustwave says.
Apple Device Management Firm Jamf Acquires Digita Security
Quick Hits  |  7/31/2019  | 
Digita Security's Apple Mac endpoint protection solutions will join Jamf's MDM suite for iOS and MacOS.
Why the Network Is Central to IoT Security
Commentary  |  7/31/2019  | 
Is there something strange about your network activity? Better make sure all of your IoT devices are under control.
Former Twitter CISO Launches Startup to Secure Cloud Collaboration
News  |  7/31/2019  | 
Altitude Networks, led by Michael Coates and Amir Kavousian, aims to prevent accidental and malicious file sharing.
More Companies Don't Rely on Passwords Alone Anymore
News  |  7/31/2019  | 
New research shows how enterprises are adding additional layers of authentication.
The Attribution Trap: A Waste of Precious Time & Money
Commentary  |  7/31/2019  | 
Aiming for attribution doesn't help most organizations become more secure. It can actually have the opposite effect.
8 Free Tools to Be Showcased at Black Hat and DEF CON
Slideshows  |  7/31/2019  | 
Expect a full slate of enterprise-class open source tools to take the spotlight when security researchers share their bounties with the community at large.
Container Security Is Falling Behind Container Deployments
News  |  7/30/2019  | 
Organizations are increasingly turning to containers even though they are not as confident in the security of those containers, according to a new survey.
Apple iOS Flaw Could Give Attacker Access via iMessage
Quick Hits  |  7/30/2019  | 
Google Project Zero researchers found an iOS vulnerability that could let an attacker snoop on a victim's phone remotely.
Insecure Real-Time Video Protocols Allow Hollywood-Style Hacking
News  |  7/30/2019  | 
Lack of security in the default settings of Internet-enabled video cameras make co-opting video feeds not just a movie-hacker technique, but a reality for millions of cameras.
Capital One Breach Affects 100M US Citizens, 6M Canadians
News  |  7/30/2019  | 
The breach exposed credit card application data, Social Security numbers, and linked bank accounts, among other information.
Transforming 'Tangible Security' into a Competitive Advantage
Commentary  |  7/30/2019  | 
Today's consumers want to see and touch security. Meeting this demand will be a win-win for everyone, from users to vendors to security teams.
Capital One Had to Be Told by Outsider That Data Breach Occurred
Larry Loeb  |  7/30/2019  | 
Capital One got hacked and didn't even know it.
Kubernetes Won't Get Secure Just Sitting There
Larry Loeb  |  7/30/2019  | 
Let's delve into containers.
DHS Warns About Security Flaws in Small Airplanes
Quick Hits  |  7/30/2019  | 
Rapid7 researchers found holes in CAN bus networks that an attacker could exploit to sabotage its operation.
BlueKeep Exploits Appear as Security Firms Continue to Worry About Cyberattack
News  |  7/30/2019  | 
The lack of an attack has puzzled some security experts, but the general advice remains that companies should patch their vulnerable systems more quickly.
Suffering SOC Saga Continues
News  |  7/30/2019  | 
New study exposes low confidence among security professionals in their security operations centers.
CISOs Must Evolve to a Data-First Security Program
Commentary  |  7/30/2019  | 
Such a program will require effort and reprioritization, but it will let your company fight modern-day threats and protect your most important assets.
Black Hat Q&A: Cracking Apple's T2 Security Chip
News  |  7/30/2019  | 
Duo Labs Mikhail Davidow and Jeremy Erickson speak about their research on the Apples T2 security chip, and why theyre sharing it at Black Hat USA.
Sextortion Email Scams Rise Sharply
News  |  7/30/2019  | 
Cybercriminals are increasingly trying to trick people into paying ransoms by threatening to expose compromising activities to friends and family.
Series of Zero-Day Vulnerabilities Could Endanger 200 Million Devices
News  |  7/29/2019  | 
Vulnerabilities in VxWorks' TCP stack could allow an attacker to execute random code, launch a DoS attack, or use the vulnerable system to attack other devices.
Not Using DMARC Security Protocol Leaves Businesses Vulnerable to Spoofing
Larry Loeb  |  7/29/2019  | 
A global survey found that most business and government domains don't use DMARC, which opens them up to email spoofing.
Deutsche Bank Email Vulnerability Left Ex-Employees with Access
Quick Hits  |  7/29/2019  | 
Failures in computer and control systems are being blamed.
Sephora Offers Monitoring Services in Wake of Data Breach
Quick Hits  |  7/29/2019  | 
The data breach compromised data belonging to customers in parts of Southeast Asia, Australia, and New Zealand.
4 Network Security Mistakes Bound to Bite You
Commentary  |  7/29/2019  | 
It's Shark Week again! Are you ready to outmaneuver sharks of the cyber variety? These tips can help.
9 Things That Don't Worry You Today (But Should)
Slideshows  |  7/29/2019  | 
There are security concerns that go far beyond the usual suspects. Here are some that should be on your list of scary things.
Malware Researcher Hutchins Sentenced to Supervised Release
Quick Hits  |  7/26/2019  | 
Marcus Hutchins, the researcher known for stopping WannaCry, avoids jail time over charges of creating and distributing Kronos malware.
Complete Personal Fraud Kits Sell for Less Than $40 on Dark Web
Quick Hits  |  7/26/2019  | 
The low cost of records reflects the huge supply of PII after many breaches at hospitals, government agencies, and credit bureaus.
IT Modernization: Needed & Not Easy
Larry Loeb  |  7/26/2019  | 
'Challenges with architecture modernization' ranks high on IT survey respondents' list of grievances.
Companies' 'Anonymized' Data May Violate GDPR, Privacy Regs
News  |  7/26/2019  | 
New study found that any database containing 15 pieces of demographic data could be used to identify individuals.
FormGet Storage Bucket Leaks Passport Scans, Bank Details
Quick Hits  |  7/26/2019  | 
Exposed files include mortgage and loan information, passport and driver's license scans, internal corporate files, and shipping labels.
3 Takeaways from the First American Financial Breach
Commentary  |  7/26/2019  | 
Data leaks from business logic flaws are not well understood and difficult to identify before they reach production environments. Here's how to find and prevent them.
Black Hat Q&A: Inside the Black Hat NOC
News  |  7/26/2019  | 
Cybersecurity expert Bart Stump explains what its like to reliably deliver a useful, high-security network for one of the toughest audiences in the world.
Senate Report: US Election Security 'Sorely Lacking' in 2016
Quick Hits  |  7/25/2019  | 
Senate Intelligence Committee report released today cites weaknesses, but finds no evidence of vote-tampering.
Android Spyware Has Ties to Election Interference
News  |  7/25/2019  | 
Recently revealed surveillance-ware comes from a consultant with close ties to Russia's GRU who was sanctioned by the US for election-tampering.
Russian Threat Group May Have Devised a 'Man-on-the-Side' Attack
News  |  7/25/2019  | 
Data from an intrusion last year suggests Iron Liberty group may have a new trick up its sleeve, Secureworks says.
Louisiana Declares Cybersecurity State of Emergency
Quick Hits  |  7/25/2019  | 
A series of attacks on school district systems leads the governor to declare the state's first cybersecurity state of emergency.
Johannesburg Ransomware Attack Leaves Residents in the Dark
News  |  7/25/2019  | 
The virus affected the network, applications, and databases at City Power, which delivers electricity to the South African financial hub.
Security Training That Keeps Up with Modern Development
News  |  7/25/2019  | 
Black Hat USA speakers to discuss what it will take to 'shift knowledge left' to build up a corps of security-savvy software engineers.
Sanctioned Russian Spies Can Own Your Android Device
Larry Loeb  |  7/25/2019  | 
It's professional-grade naughtiness, people.
Answer These 9 Questions to Determine if Your Data Is Safe
Commentary  |  7/25/2019  | 
Data protection regulations are only going to grow tighter. Make sure you're keeping the customer's best interests in mind.
Comodo Leaves AV Vulnerabilities Unpatched
Larry Loeb  |  7/25/2019  | 
Even though Comodo was notified by Tenable in April of the problems, no patches by have been forthcoming from the antivirus firm.
Android Malware 'Triada' Most Active on Telco Networks
News  |  7/25/2019  | 
Google in May disclosed that several Android devices had been shipped pre-installed with the RAT.
With Data Breach Costs, Time is Money
News  |  7/24/2019  | 
The sooner a company can detect and respond to an incident, the less likely they are to pay for it, a new IBM-Ponemon study finds.
NSA to Form New Cybersecurity Directorate
Quick Hits  |  7/24/2019  | 
Anne Neuberger will lead the directorate, which aims to bring together the NSA's offensive and defensive operations.
Mirai-Like Botnet Wages Massive Application-Layer DDoS Attack
News  |  7/24/2019  | 
IoT botnetmade up mainly of routershit a service provider with nearly 300,000 requests-per-second in a 13-day deluge of data.
DEF CON Invites Kids to Crack Campaign Finance Portals
News  |  7/24/2019  | 
DEF CON's Voting Village and AI Village team up with r00tz Asylum to let kids explore simulated campaign financial disclosure portals and disinformation campaigns.
The Commoditization of Multistage Malware Attacks
Commentary  |  7/24/2019  | 
Malware that used to be advanced is now available to everyone. These three actions could help you stay safer.
7 Stats That Show What It Takes to Run a Modern SOC
Slideshows  |  7/24/2019  | 
An inside look at staffing levels, budget allocation, outsourcing habits, and the metrics used by security operations centers (SOCs).
Page 1 / 4   >   >>


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30174
PUBLISHED: 2021-05-11
RiyaLab CloudISO event item is added, special characters in specific field of time management page are not properly filtered, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks.
CVE-2021-32544
PUBLISHED: 2021-05-11
Special characters of IGT search function in igt+ are not filtered in specific fields, which allow remote authenticated attackers can inject malicious JavaScript and carry out DOM-based XSS (Cross-site scripting) attacks.
CVE-2021-32563
PUBLISHED: 2021-05-11
An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) without user confirmation. This could be used to achieve code execution.
CVE-2020-23369
PUBLISHED: 2021-05-10
In YzmCMS 5.6, XSS was discovered in member/member_content/init.html via the SRC attribute of an IFRAME element because of using UEditor 1.4.3.3.
CVE-2020-23370
PUBLISHED: 2021-05-10
In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web script or HTML.