Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in August 2017
Page 1 / 5   >   >>
LookingGlass Raises $26.3M to Bring Order to Chaos
Simon Marshall  |  8/31/2017  | 
New threat-intelligence-as-a-service company raises the stakes on scale in the market.
Big IoT Security Benefits From Service Providers Thinking Small
News Analysis-Security Now  |  8/31/2017  | 
It doesn't take many bad devices to wreck a network. Concentrating on a small number of miscreants can reap huge benefits for service providers.
Using Market Pressures to Improve Cybersecurity
Using Market Pressures to Improve Cybersecurity
Dark Reading Videos  |  8/31/2017  | 
Post-MedSec, Chris Wysopal discusses what impact the investor community -- if not consumers -- can have on squashing vulnerabilities and improving cybersecurity.
New Facebook, Instagram Bugs Demonstrate Social Media Risk
News  |  8/31/2017  | 
Security flaws in Facebook Messenger and Instagram let hackers propagate attacks and steal personal data.
Verizon Report: Businesses Hit with Payment Card Breaches Not Fully PCI-Compliant
News  |  8/31/2017  | 
Companies struggle to maintain PCI compliance within a year of meeting it, according to a new payment security report by Verizon.
International Firms Struggle to Adapt as China's Cybersecurity Law Takes Shape
Commentary  |  8/31/2017  | 
After the release of new guidelines on critical information infrastructure, international companies are still searching for clarity on how to comply with the country's new cyber regime.
US Debit Card Compromises Up 39%: FICO
Quick Hits  |  8/31/2017  | 
FICO reports an increase in the number of compromised debit cards, ATMs, and point-of-sale devices in the first six months of 2017.
Phishing for Your Information: How Phishers Bait Their Hooks
Partner Perspectives  |  8/31/2017  | 
A treasure trove of PII from social networks and the public Internet is there for the taking.
Ransomware is Going More Corporate, Less Consumer
News  |  8/30/2017  | 
Cybercriminals on average charge $544 for ransom per device, signaling a new sweet spot for payouts.
St. Jude Pacemaker Gets Firmware Update 'Intended as a Recall'
News  |  8/30/2017  | 
The devices that were the subject of a vulnerability disclosure debate last summer now have an FDA-approved fix.
Execs Underestimate Risks to Oracle EBS
News  |  8/30/2017  | 
It's another sign that ERP keeps getting short shrift on the security front.
Russian-Speaking Turla Group Uses New Tools to Target Embassies, Consulates
News  |  8/30/2017  | 
Turla cyber espionage gang has been around for a long time and appears to be back in action after a temporary lull.
Millions of Email Addresses Exposed in Latest Malware Database
Curt Franklin  |  8/30/2017  | 
A database housed in the Netherlands is found to contain hundreds of millions of hacked email addresses.
'Onliner' Spambot Amassed Hundreds of Millions of Stolen Email Addresses
Quick Hits  |  8/30/2017  | 
Massive spambot relying on stolen email addresses, credentials, and SMTP and port information to expand.
Office 365: A Vehicle for Internal Phishing Attacks
News  |  8/30/2017  | 
A new threat uses internal accounts to spread phishing attacks, making fraudulent emails even harder to detect.
Hacking the Security Job Application Process
Commentary  |  8/30/2017  | 
Simple advice to help job seekers dig out of the black hole of recruiter and employer hiring portals.
7 Things to Know About Today's DDoS Attacks
Slideshows  |  8/30/2017  | 
DDoS attacks are no longer something that just big companies in a few industries need to worry about. They have become a threat to every business.
Do Autonomous Cars Dream of Driverless Roads?
Partner Perspectives  |  8/30/2017  | 
The connected car is coming and with it a need for consistent innovation of network technologies throughput, latency, coverage, and cost to keep us safe.
Cloud Security Alliance Offers Metrics for Cyber Resiliency
Quick Hits  |  8/30/2017  | 
As cyberattacks grow in scale and complexity, businesses need metrics and processes to measure threats and restore functionality.
How Hackers Hide Their Malware: Advanced Obfuscation
Commentary  |  8/30/2017  | 
Hackers continue to develop new ways to break into systems. Here are three of them, along with ways to fight back.
The Active Directory Botnet
The Active Directory Botnet
Dark Reading Videos  |  8/30/2017  | 
It's a nightmare of an implementation error with no easy fix. Ty Miller and Paul Kalinin explain how and why an attacker could build an entire botnet inside your organization.
Shellshock Still in the Crosshairs
News  |  8/29/2017  | 
Spike in scans for the flaw spotted en masse in Q2.
Automation Deserves Skepticism
Curt Franklin  |  8/29/2017  | 
While automation might be the next great tech wave, let's take some time to consider it.
Training Courses for Aspiring Cybercriminals Put Security Education To Shame
Training Courses for Aspiring Cybercriminals Put Security Education To Shame
Dark Reading Videos  |  8/29/2017  | 
Reasonably priced, module-based training courses and helpful forums will train a beginner in all the tools and techniques of the successful cybercriminal, Rick Holland of Digital Shadows explains.
IoTCandyJar: A HoneyPot for any IoT Device
IoTCandyJar: A HoneyPot for any IoT Device
Dark Reading Videos  |  8/29/2017  | 
Palo Alto Networks researchers explain how they designed an affordable, behavior-based honeypot to detect attacks on an IoT device -- any kind of IoT device.
Security Analytics: Making the Leap from Data Lake to Meaningful Insight
Commentary  |  8/29/2017  | 
Once you've got a lake full of data, it's essential that your analysis isn't left stranded on the shore.
Dark Reading Now HTTPS
Commentary  |  8/29/2017  | 
Moving a site that's more than a decade old to HTTPS has been a journey, and we're almost there.
FBI/IRS-Themed Email Scam Spreads Ransomware
Quick Hits  |  8/29/2017  | 
Fake IRS and FBI emails are circulating on the Internet that attempt to lure victims into downloading malware that will ultimately hold their data hostage.
How Hackers Hide Their Malware: The Basics
Commentary  |  8/29/2017  | 
Malware depends on these four basic techniques to avoid detection.
FTC to Issue Refunds Following Tech Support Scam
Quick Hits  |  8/29/2017  | 
The Federal Trade Commision will issue partial refunds to victims of a scheme that deceived hundreds of thousands of people.
Bitcoin Attacks Mount as Criminals & States Seek Targets
Simon Marshall  |  8/29/2017  | 
Bitcoin and other cryptocurrencies are under increasing attack from a variety of actors and it looks like things will only get worse.
India & Pakistan: Commonplace Exploits Access High-Value Information
Simon Marshall  |  8/28/2017  | 
India and Pakistan are proving yet again that it doesn't take an advanced attack to yield big results.
US CERT Warns of Potential Hurricane Harvey Phishing Scams
Quick Hits  |  8/28/2017  | 
Be wary of malicious emails purportedly tied to the storm, officials say.
New York's Historic FinSec Regulation Covers DDoS, Not Just Data
News  |  8/28/2017  | 
Starting today, New York banks and insurers must report to authorities within 72 hours on any security event that has a 'reasonable likelihood' of causing material harm to normal operations.
Massive Android DDoS Botnet Derailed
News  |  8/28/2017  | 
WireX was being used to launch DDoS attacks against targets in multiple industries; Google removes 300 botnet-related apps from Play Store.
Black Hats Win: Results From the Latest SecurityNow.com Poll
Curt Franklin  |  8/28/2017  | 
The hat you wear as a security researcher matters, say those who took the latest SecurityNow.com poll. And the most effective hat color is black.
Forcepoint Snaps Up RedOwl
Quick Hits  |  8/28/2017  | 
The acquisition aims to bolster Forcepoint's behavioral analytics offerings.
VMware Offers App Security From the 'Goldilocks Zone'
News Analysis-Security Now  |  8/28/2017  | 
Making good on a theme pitched by Martin Casado and Tom Corn, VMware launches AppDefense to put the hypervisor at the heart of application security.
Antivirus: From Stand-Alone Product to Endpoint Feature
News  |  8/28/2017  | 
Endpoint experts discuss the evolution of AV and its shift from stand-alone product to a feature in broader security tools.
10 Time-Consuming Tasks Security People Hate
Slideshows  |  8/28/2017  | 
Whether it is dealing with false positives, reporting to auditors, or patching software, here's the scut work security people dread.
Cybersecurity: An Asymmetrical Game of War
Commentary  |  8/28/2017  | 
To stay ahead of the bad guys, security teams need to think like criminals, leverage AIs ability to find malicious threats, and stop worrying that machine learning will take our jobs.
Google: Big Cloud, Tiny Titan Chip
Simon Marshall  |  8/25/2017  | 
Google develops a tiny chip to close a big security hole before it opens. Is there a tiny Titan in your future, too?
DDoS Trends Show Big Impact From Fewer Servers
Curt Franklin  |  8/25/2017  | 
A change in control networks means that this quarter saw DDoS attacks from fewer endpoints, each having a bigger impact.
Chinese National with Possible Links to OPM Breach Arrested
News  |  8/25/2017  | 
Charging documents reveal sophistication and a surprising degree of sloppiness.
Closing Gaps in DNS
News Analysis-Security Now  |  8/25/2017  | 
Everyone uses DNS. How can you prevent hackers from using it to disrupt your business?
New Targeted Ransomware Hits Healthcare, Manufacturing
Quick Hits  |  8/25/2017  | 
A new ransomware strain, Defray, that focuses on certain verticals in narrow and select attacks is making the rounds in the healthcare, education, manufacturing, and technology sectors.
Friday Haiku: Fear the Zombie Server
Curt Franklin  |  8/25/2017  | 
DDoS attacks are lurking in armies of zombie servers.
Turning Sound Into Keystrokes: Skype & Type
Turning Sound Into Keystrokes: Skype & Type
Dark Reading Videos  |  8/25/2017  | 
Don't let your fingers do the talking in a Skype session. The callers on the other end could know what you're writing, researcher Daniele Lain explains.
A Call for New Voices on the Security Conference Circuit
Commentary  |  8/25/2017  | 
If the mere idea of talking in public makes you want to hide in a bathroom stall with a stuffed bobcat, think again.
Continuous Compliance and Effective Audit Preparation for the Cloud
Partner Perspectives  |  8/25/2017  | 
Why audits are a necessary evil, and how they can actually help you improve your brand value.
Page 1 / 5   >   >>


News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20538
PUBLISHED: 2021-05-10
IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive information or perform actions they should not have access to due to incorrect authorization mechanisms. IBM X-Force ID: 198919.
CVE-2021-20559
PUBLISHED: 2021-05-10
IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199228.
CVE-2021-20577
PUBLISHED: 2021-05-10
IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force I...
CVE-2021-29501
PUBLISHED: 2021-05-10
Ticketer is a command based ticket system cog (plugin) for the red discord bot. A vulnerability allowing discord users to expose sensitive information has been found in the Ticketer cog. Please upgrade to version 1.0.1 as soon as possible. As a workaround users may unload the ticketer cog to disable...
CVE-2020-13529
PUBLISHED: 2021-05-10
An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.