Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in August 2016
<<   <   Page 2 / 3   >   >>
Cisco Addresses Zero-Day Firewall Flaw Exposed In Equation Group Hack
Quick Hits  |  8/18/2016  | 
ShadowBrokers dump of Equation Group exploits uncovers previously unknown security hole as well as a known one.
SWIFT Ignored Lax Security In Smaller Member Banks, Say Officials
Quick Hits  |  8/18/2016  | 
Former and current SWIFT managers admit security of customer terminals was not addressed, says Reuters report.
Operation Ghoul Targets Industrial, Engineering Companies In 30 Countries
News  |  8/17/2016  | 
Attack campaign appears to be more about financial gain than industrial theft or sabotage, however.
8 Surprising Statistics About Insider Threats
Slideshows  |  8/17/2016  | 
Insider theft and negligence is real--and so are the practices that amplify the risks.
What Mr. Robot Can Teach Businesses About Security
News  |  8/17/2016  | 
By getting the underlying technology right, Mr. Robot producers understand they boost the show's credibility and give businesses and their customers a more realistic view of security, risk and the challenges of data protection.
User Ed: Patching People Vs Vulns
Commentary  |  8/17/2016  | 
How infosec can combine and adapt security education and security defenses to the way users actually do their jobs.
US Election: Feds Offer Security Help To States To Prevent Hacking
Quick Hits  |  8/17/2016  | 
Move comes as Donald Trump questions integrity of the election systems.
Millions Of Keyless Volkswagen Cars Can Be Hacked: Research
Quick Hits  |  8/17/2016  | 
Paper says many keyless VW cars sold since 1995 can be broken into using cheap tools to catch radio signals.
Security Must Become Driving Force For Auto Industry
Commentary  |  8/17/2016  | 
Digital security hasnt kept pace in this always-connected era. Is infosec up to the challenge?
Cerber Ransomware Could Net $2 Million Its First Year
News  |  8/16/2016  | 
A study of the Cerber operation's ransomware-as-a-service model highlights just how lucrative this cybercrime can be.
Poorly Configured DNSSEC = Potential DDoS Weapon
News  |  8/16/2016  | 
New research from Neustar shows how attackers could abuse DNSSEC-secured domains for distributed denial-of-service (DDoS) attacks.
'Strong Connection' Between Files Leaked By ShadowBrokers & The Equation Group
Quick Hits  |  8/16/2016  | 
Researchers from Kaspersky Lab, which exposed the so-called Equation Group two years ago, say several hundred of the hacking tools leaked online have ties to the nation-state gang.
15 US Cities Where Cybersecurity Professionals Earn Big Bucks
Slideshows  |  8/16/2016  | 
Demand continues to rise for cybersecurity professionals throughout the US, and the salaries seem to follow suit. New data shows best cities for salary and cost of living.
Some Starwood, Marriott, Hyatt, Intercontinental Hotels Hit By PoS Attacks
Quick Hits  |  8/16/2016  | 
Payment card details of customers may have been stolen via PoS malware.
Software Firm Sage Probes Data Breach
Quick Hits  |  8/16/2016  | 
Around 280 UK businesses may have been impacted in hack using internal computer login.
The Real Reason Phishing Works So Well
News  |  8/16/2016  | 
New Duo Security study shows many companies dont update browsers and operating systems a first line of defense.
Dark Reading Radio: What Keeps IT Security Pros Awake at Night
Commentary  |  8/16/2016  | 
Join us for a wide-ranging discussion with (ISC) Chief Exec David Shearer on the most worrisome infosec trends and challenges.
Android DroidJack Malware Spreading Via 'Over-The Top' Services
News  |  8/15/2016  | 
RAT finding new ways to spread that work around carrier and phone defenses.
Iran Probes Cyber Role In Fires Across Gas Facilities
Quick Hits  |  8/15/2016  | 
Country rocked by a string of explosions in petroleum facilities causing millions of dollars in damage.
DDoS Attack On Aussie Swimming Site Linked To Horton-Sun Yang Feud
Quick Hits  |  8/15/2016  | 
Cyberattack soon after Australian swimmer accuses Chinese rival of being a drug cheat.'
New Banking Malware Touts Zeus-Like Capabilities
News  |  8/15/2016  | 
Scylex malware built from scratch for financial theft, according to an ad in infamous underground forum.
6 Things To Know For Securing Amazon Web Services
Slideshows  |  8/13/2016  | 
AWS is coming out with more new cloud security features.
Trouble In the Cloud: More Than Half Of Organizations Facing Security Woes
News  |  8/12/2016  | 
Survey shows security professionals are grappling with unauthorized data sharing and other security incidents in SaaS cloud environments.
Russians Clearly Behind 'Electronic Watergate,' Pelosi Says
Quick Hits  |  8/12/2016  | 
Rep. Nancy Pelosi calls out Russia in recent cyberattack on Democratic campaign, which may have hit more than 100 targets.
Global Businesses Ask China To Revise Draft Cyber Rules
Quick Hits  |  8/12/2016  | 
Security may weaken, economic growth hampered, if draft made into law, say 46 businesses in letter to Li Keqiang.
Substantially Above Par: DR Cartoon Caption Contest Winners
Commentary  |  8/12/2016  | 
Critical vulnerabilities, links & virtual reality. And the winner is...
Trump Winning Spam Race By Huge Margin
News  |  8/11/2016  | 
Republican Presidential contenders name appears nearly 170 times more often in spam email subject lines than Clintons over last two months.
Security Portfolios: A Different Approach To Leadership
Commentary  |  8/11/2016  | 
How grounding a conversation around a well-organized list of controls and their goals can help everyone be, literally, on the same page.
What The TSA Teaches Us About IP Protection
Commentary  |  8/11/2016  | 
Data loss prevention solutions are no longer effective. Todays security teams have to keep context and human data in mind, as the TSA does.
Rio Games Escalating Cyber Risk To Mobile Users
Quick Hits  |  8/11/2016  | 
Intensified social media activities during sporting events increase threats from cybercriminals to 55%, new report from Allot finds.
Google To Roll Out New Security Alerts On Gmail
Quick Hits  |  8/11/2016  | 
Gmail users to get alerts for suspicious email senders as well as sketchy links in messages.
The Future Of ATM Hacking
News  |  8/11/2016  | 
Research released at Black Hat USA last week shows that one of our best defenses for the future of payment card and ATM security isn't infallible. Here's why.
Here's The Business Side Of Thwarting A Cyberattack
Slideshows  |  8/11/2016  | 
Ponemon Group study data illustrates the balancing act of running a business while trying to stay secure.
Government, Hackers Learn To Make Nice
News  |  8/10/2016  | 
It's still an uneasy alliance, but the hacking community and government are finding their way toward more constructive dialog and cooperation
PLC Worms Pose Stealthy Threat To Industrial Systems
News  |  8/10/2016  | 
Researchers at Black Hat USA demonstrated 'PLC Blaster' worm capable of infecting programmable logic controllers and spreading to other systems.
Theory Vs Practice: Getting The Most Out Of Infosec
Commentary  |  8/10/2016  | 
Why being practical and operationally minded is the only way to build a successful security program.
Advanced Threat Hunting: Are You The Hunter Or The Hunted?
Partner Perspectives  |  8/10/2016  | 
Make proactive threat hunting a standard part of your security best practices and not just an element of incident-response measures.
US Cyber Command Could Be Elevated To Major Cyber Weapon Unit
Quick Hits  |  8/10/2016  | 
Obama administration debates separating Cyber Command from NSA in battle against cyber threats and Islamic State, say sources.
Four Years In Jail For Man Charged In Romney Tax Return And Hack Scheme
Quick Hits  |  8/10/2016  | 
Michael Mancil Brown was convicted in May for wire fraud and demanding ransom of $1 million in bitcoins.
30 More Victims Pinned On Highly Selective Cyberespionage Group
News  |  8/9/2016  | 
Kaspersky Lab says newly discovered threat actor ProjectSauron -- called Strider by Symantec -- has hit organizations in Russia, Rwanda, Iran, and Italian-speaking nations.
Spearphishing: Its Curiosity That Makes Them Click
News  |  8/9/2016  | 
Researchers prove that people can be fooled just because they want to know whats on the other end of that email. Here are three steps you can take without spending too much money.
Why Hackers Are Getting 'All Political' This Election Year
News  |  8/9/2016  | 
Jeff Moss, aka 'The Dark Tangent,' explains why the 2016 Presidential election is a turning point for security and politics -- and why he headlined a Clinton fundraiser last week in Vegas.
Organizations Still Give Employees More Access Than They Need
News  |  8/9/2016  | 
Ponemon study shows that access to proprietary information remains on the rise.
Building A Detection Strategy With The Right Metrics
Commentary  |  8/9/2016  | 
The tools used in detecting intrusions can lead to an overwhelming number of alerts, but theyre a vital part of security.
People Who Work Together Will Win
Partner Perspectives  |  8/9/2016  | 
Its time for an updated security strategy, built on efficiency and automation.
Oracle Probes MICROS PoS System Breach
Quick Hits  |  8/9/2016  | 
More than 700 systems may have been compromised by suspected Russian cybercriminals Carbanak Gang.
Bitcoins Forfeited In Silk Road Cases To Be Auctioned
Quick Hits  |  8/9/2016  | 
US Marshals Service to sell 2,719 bitcoins worth around $1.6 million on August 22 -- bidders must register by August 18.
Symantec Discovers Strider, A New CyberEspionage Group
News  |  8/8/2016  | 
In action five years, highly selective threat actor has only been known to compromise seven organizations.
Newly Announced Chipset Vuln Affects 900 Million Android Devices
News  |  8/8/2016  | 
Check Point Research Team details four vulnerabilities that can easily lead to full privilege escalation.
Guarding The Grid
Partner Perspectives  |  8/8/2016  | 
Quietly and without much public recognition, the National Guard has been developing a sophisticated capability for cyberdefense.
<<   <   Page 2 / 3   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-41393
PUBLISHED: 2021-09-18
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations.
CVE-2021-41394
PUBLISHED: 2021-09-18
Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations.
CVE-2021-41395
PUBLISHED: 2021-09-18
Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username.
CVE-2021-3806
PUBLISHED: 2021-09-18
A path traversal vulnerability on Pardus Software Center's &quot;extractArchive&quot; function could allow anyone on the same network to do a man-in-the-middle and write files on the system.
CVE-2021-41392
PUBLISHED: 2021-09-17
static/main-preload.js in Boost Note through 0.22.0 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal Electron API.