News & Commentary

Content posted in August 2017
Page 1 / 4   >   >>
Using Market Pressures to Improve Cybersecurity
Using Market Pressures to Improve Cybersecurity
Dark Reading Videos  |  8/31/2017  | 
Post-MedSec, Chris Wysopal discusses what impact the investor community -- if not consumers -- can have on squashing vulnerabilities and improving cybersecurity.
New Facebook, Instagram Bugs Demonstrate Social Media Risk
News  |  8/31/2017  | 
Security flaws in Facebook Messenger and Instagram let hackers propagate attacks and steal personal data.
Verizon Report: Businesses Hit with Payment Card Breaches Not Fully PCI-Compliant
News  |  8/31/2017  | 
Companies struggle to maintain PCI compliance within a year of meeting it, according to a new payment security report by Verizon.
International Firms Struggle to Adapt as China's Cybersecurity Law Takes Shape
Commentary  |  8/31/2017  | 
After the release of new guidelines on critical information infrastructure, international companies are still searching for clarity on how to comply with the country's new cyber regime.
US Debit Card Compromises Up 39%: FICO
Quick Hits  |  8/31/2017  | 
FICO reports an increase in the number of compromised debit cards, ATMs, and point-of-sale devices in the first six months of 2017.
Phishing for Your Information: How Phishers Bait Their Hooks
Partner Perspectives  |  8/31/2017  | 
A treasure trove of PII from social networks and the public Internet is there for the taking.
Ransomware is Going More Corporate, Less Consumer
News  |  8/30/2017  | 
Cybercriminals on average charge $544 for ransom per device, signaling a new sweet spot for payouts.
St. Jude Pacemaker Gets Firmware Update 'Intended as a Recall'
News  |  8/30/2017  | 
The devices that were the subject of a vulnerability disclosure debate last summer now have an FDA-approved fix.
Execs Underestimate Risks to Oracle EBS
News  |  8/30/2017  | 
It's another sign that ERP keeps getting short shrift on the security front.
Russian-Speaking Turla Group Uses New Tools to Target Embassies, Consulates
News  |  8/30/2017  | 
Turla cyber espionage gang has been around for a long time and appears to be back in action after a temporary lull.
'Onliner' Spambot Amassed Hundreds of Millions of Stolen Email Addresses
Quick Hits  |  8/30/2017  | 
Massive spambot relying on stolen email addresses, credentials, and SMTP and port information to expand.
Office 365: A Vehicle for Internal Phishing Attacks
News  |  8/30/2017  | 
A new threat uses internal accounts to spread phishing attacks, making fraudulent emails even harder to detect.
7 Things to Know About Today's DDoS Attacks
Slideshows  |  8/30/2017  | 
DDoS attacks are no longer something that just big companies in a few industries need to worry about. They have become a threat to every business.
Hacking the Security Job Application Process
Commentary  |  8/30/2017  | 
Simple advice to help job seekers dig out of the black hole of recruiter and employer hiring portals.
Do Autonomous Cars Dream of Driverless Roads?
Partner Perspectives  |  8/30/2017  | 
The connected car is coming and with it a need for consistent innovation of network technologies throughput, latency, coverage, and cost to keep us safe.
Cloud Security Alliance Offers Metrics for Cyber Resiliency
Quick Hits  |  8/30/2017  | 
As cyberattacks grow in scale and complexity, businesses need metrics and processes to measure threats and restore functionality.
How Hackers Hide Their Malware: Advanced Obfuscation
Commentary  |  8/30/2017  | 
Hackers continue to develop new ways to break into systems. Here are three of them, along with ways to fight back.
The Active Directory Botnet
The Active Directory Botnet
Dark Reading Videos  |  8/30/2017  | 
It's a nightmare of an implementation error with no easy fix. Ty Miller and Paul Kalinin explain how and why an attacker could build an entire botnet inside your organization.
Shellshock Still in the Crosshairs
News  |  8/29/2017  | 
Spike in scans for the flaw spotted en masse in Q2.
Training Courses for Aspiring Cybercriminals Put Security Education To Shame
Training Courses for Aspiring Cybercriminals Put Security Education To Shame
Dark Reading Videos  |  8/29/2017  | 
Reasonably priced, module-based training courses and helpful forums will train a beginner in all the tools and techniques of the successful cybercriminal, Rick Holland of Digital Shadows explains.
IoTCandyJar: A HoneyPot for any IoT Device
IoTCandyJar: A HoneyPot for any IoT Device
Dark Reading Videos  |  8/29/2017  | 
Palo Alto Networks researchers explain how they designed an affordable, behavior-based honeypot to detect attacks on an IoT device -- any kind of IoT device.
Security Analytics: Making the Leap from Data Lake to Meaningful Insight
Commentary  |  8/29/2017  | 
Once you've got a lake full of data, it's essential that your analysis isn't left stranded on the shore.
Dark Reading Now HTTPS
Commentary  |  8/29/2017  | 
Moving a site that's more than a decade old to HTTPS has been a journey, and we're almost there.
FBI/IRS-Themed Email Scam Spreads Ransomware
Quick Hits  |  8/29/2017  | 
Fake IRS and FBI emails are circulating on the Internet that attempt to lure victims into downloading malware that will ultimately hold their data hostage.
How Hackers Hide Their Malware: The Basics
Commentary  |  8/29/2017  | 
Malware depends on these four basic techniques to avoid detection.
FTC to Issue Refunds Following Tech Support Scam
Quick Hits  |  8/29/2017  | 
The Federal Trade Commision will issue partial refunds to victims of a scheme that deceived hundreds of thousands of people.
US CERT Warns of Potential Hurricane Harvey Phishing Scams
Quick Hits  |  8/28/2017  | 
Be wary of malicious emails purportedly tied to the storm, officials say.
New York's Historic FinSec Regulation Covers DDoS, Not Just Data
News  |  8/28/2017  | 
Starting today, New York banks and insurers must report to authorities within 72 hours on any security event that has a 'reasonable likelihood' of causing material harm to normal operations.
Massive Android DDoS Botnet Derailed
News  |  8/28/2017  | 
WireX was being used to launch DDoS attacks against targets in multiple industries; Google removes 300 botnet-related apps from Play Store.
Forcepoint Snaps Up RedOwl
Quick Hits  |  8/28/2017  | 
The acquisition aims to bolster Forcepoint's behavioral analytics offerings.
Antivirus: From Stand-Alone Product to Endpoint Feature
News  |  8/28/2017  | 
Endpoint experts discuss the evolution of AV and its shift from stand-alone product to a feature in broader security tools.
10 Time-Consuming Tasks Security People Hate
Slideshows  |  8/28/2017  | 
Whether it is dealing with false positives, reporting to auditors, or patching software, here's the scut work security people dread.
Cybersecurity: An Asymmetrical Game of War
Commentary  |  8/28/2017  | 
To stay ahead of the bad guys, security teams need to think like criminals, leverage AIs ability to find malicious threats, and stop worrying that machine learning will take our jobs.
Chinese National with Possible Links to OPM Breach Arrested
News  |  8/25/2017  | 
Charging documents reveal sophistication and a surprising degree of sloppiness.
New Targeted Ransomware Hits Healthcare, Manufacturing
Quick Hits  |  8/25/2017  | 
A new ransomware strain, Defray, that focuses on certain verticals in narrow and select attacks is making the rounds in the healthcare, education, manufacturing, and technology sectors.
Turning Sound Into Keystrokes: Skype & Type
Turning Sound Into Keystrokes: Skype & Type
Dark Reading Videos  |  8/25/2017  | 
Don't let your fingers do the talking in a Skype session. The callers on the other end could know what you're writing, researcher Daniele Lain explains.
A Call for New Voices on the Security Conference Circuit
Commentary  |  8/25/2017  | 
If the mere idea of talking in public makes you want to hide in a bathroom stall with a stuffed bobcat, think again.
Continuous Compliance and Effective Audit Preparation for the Cloud
Partner Perspectives  |  8/25/2017  | 
Why audits are a necessary evil, and how they can actually help you improve your brand value.
Apple iOS Exploit Takes Complete Control of Kernel
News  |  8/24/2017  | 
Researcher demonstrates 'severe' ZIVA exploit at Hack in the Box.
Mac's Biggest Threats Lurk in the Apple App Store
News  |  8/24/2017  | 
Mac malware is on the rise, especially adware and potentially unwanted programs in the App Store.
How Quantum Computing Will Change Browser Encryption
Partner Perspectives  |  8/24/2017  | 
From a protocol point of view, were closer to a large-scale quantum computer than many people think. Heres why thats an important milestone.
GoT & the Inside Threat: Compromised Insiders Make Powerful Adversaries
Commentary  |  8/24/2017  | 
What Game of Thrones' Arya Stark and the Faceless Men can teach security pros about defending against modern malware and identity theft.
Insecure IoT Devices Pose Physical Threat to General Public
Insecure IoT Devices Pose Physical Threat to General Public
Dark Reading Videos  |  8/24/2017  | 
At the car wash, look out for attack robots. Billy Rios discusses how IoT devices could be hacked to physically attack people -- not just on factory floors, but in everyday public settings.
GDPR Compliance Preparation: A High-Stakes Guessing Game
Commentary  |  8/24/2017  | 
It's difficult to tell if your company is meeting the EU's data privacy and security standards -- or US standards, for that matter.
China, US Top List Of Countries With Most Malicious IPs
News  |  8/24/2017  | 
Brazil has 20% more risky IPs than Russia, Recorded Future's analysis shows.
Suspect in Yahoo Breach Pleads Not Guilty
Quick Hits  |  8/23/2017  | 
Karim Baratov enters his plea in US Courts today, after waiving his extradition hearing in Canada last week.
Phish Bait: DMARC Adoption Failures Leave Companies Exposed
News  |  8/23/2017  | 
More than 90% of Fortune 500 companies leave customers and brand names vulnerable to domain name spoofing as a result of not fully implementing DMARC.
72% of Government Agencies Hit with Security Incidents
Quick Hits  |  8/23/2017  | 
The cause of the incidents large fell on human error and employee misuse.
The Changing Face & Reach of Bug Bounties
Commentary  |  8/23/2017  | 
HackerOne CEO Mrten Mickos reflects on the impact of vulnerability disclosure on today's security landscape and leadership.
Why You Need to Study Nation-State Attacks
Commentary  |  8/23/2017  | 
Want to know what attacks against businesses will look like soon? Examine nation-state attacks now.
Page 1 / 4   >   >>


12 Free, Ready-to-Use Security Tools
Steve Zurier, Freelance Writer,  10/12/2018
Most IT Security Pros Want to Change Jobs
Dark Reading Staff 10/12/2018
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.