Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in August 2018
Page 1 / 4   >   >>
Machine Identities Need Protection, Too
Quick Hits  |  8/31/2018  | 
A new study shows that device identities need a level of protection that they're not getting from most organizations.
How Hackers Hit Printers
News  |  8/31/2018  | 
New Booz Allen Hamilton report advises companies to include printers in their overall security strategy.
Why Automation Will Free Security Pros to Do What They Do Best
Commentary  |  8/31/2018  | 
There are three reasons today's security talent pool is neither scalable nor effective in addressing the rapid evolution of cyberattacks.
Cryptocurrency Scams Replacing Ransomware as Attackers' Fave
News  |  8/30/2018  | 
Cryptojacking miners and fileless malware see biggest growth in first half of 2018.
Lessons From the Black Hat USA NOC
Commentary  |  8/30/2018  | 
The conference's temporary network operations center provides a snapshot of what is possible when a variety of professionals work together.
Who's At Greatest Risk for BEC Attacks? Not the CEO
News  |  8/30/2018  | 
CEOs only make up 2.2% of business email compromise targets, a sign most victims are further down the corporate ladder.
Botnets Serving Up More Multipurpose Malware
News  |  8/30/2018  | 
Attackers increasingly are distributing malware that can be used for a variety of different tasks, Kaspersky Lab says.
Carbanak/Cobalt/FIN7 Group Targets Russian, Romanian Banks in New Attacks
News  |  8/30/2018  | 
Latest campaign by the hard-to-kill cybercrime group hides malicious code behind legitimate files, Windows processes.
New Pen Test Tool Tricks Targets with Microsoft WCX Files
Quick Hits  |  8/30/2018  | 
The open-source tool lets penetration testers gather credentials by convincing targets to open a Microsoft WCX file.
4 Benefits of a World with Less Privacy
Commentary  |  8/30/2018  | 
The privacy issue is a problem for a lot of people. I see it differently.
'Celebgate' Hacker Heading to Prison
Quick Hits  |  8/30/2018  | 
Connecticut man gets eight months for role in attack involving leak of personal celebrity photos, including those of actress Jennifer Lawrence.
'Security Fatigue' Could Put Business at Risk
News  |  8/29/2018  | 
The relentless march of security breaches may cause some individuals to drop their guard, but there's more to the story than that.
IT Professionals Think They're Better Than Their Security
Quick Hits  |  8/29/2018  | 
More than half of professionals think they have a good shot at a successful insider attack.
Overestimating WebAssembly's Security Benefits Is Risky for Developers
Overestimating WebAssembly's Security Benefits Is Risky for Developers
Dark Reading Videos  |  8/29/2018  | 
Although WebAssembly technology promises both better performance and better security to developers, it also creates a new risk for native exploits in the browser.
Windows Zero-Day Flaw Disclosed Via Twitter
News  |  8/29/2018  | 
Security experts confirm the privilege escalation vulnerability in Microsoft Windows still works.
Telecommunications Industry in the Bullseye
News  |  8/29/2018  | 
New report cites higher volume and increased sophistication of threats to the sector.
Passport Numbers Exposed in Air Canada Data Breach
Quick Hits  |  8/29/2018  | 
Mobile app hit in cyberattack that compromised 20K user accounts.
Instagram Debuts New Security Tools
Quick Hits  |  8/29/2018  | 
Updates include a new feature to verify the authenticity of popular accounts and a means of integrating two-factor authentication.
How One Companys Cybersecurity Problem Becomes Another's Fraud Problem
Commentary  |  8/29/2018  | 
The solution: When security teams see something in cyberspace, they need to say something.
7 Steps to Start Searching with Shodan
Slideshows  |  8/29/2018  | 
The right know-how can turn the search engine for Internet-connected devices into a powerful tool for security professionals.
Free Cybersecurity Services Offer a First Step to Securing US Elections
News  |  8/28/2018  | 
Some key security vendors - including Microsoft, Google, Cloudflare - are offering pro bono services and tools for election jurisdictions and campaigns this election season. But will it help?
Fileless Attacks Jump 94% in First Half of 2018
News  |  8/28/2018  | 
While ransomware is still popular, fileless and PowerShell attacks are the threats to watch this year.
PCI SSC Releases New Security Tools for Small Businesses
Quick Hits  |  8/28/2018  | 
Tool intended to help small businesses understand their risk and how well they're being addressed.
Why Security Needs a Software-Defined Perimeter
Commentary  |  8/28/2018  | 
Most security teams today still don't know whether a user at the end of a remote connection is a hacker, spy, fraudster -- or even a dog. An SDP can change that.
Polish Parliament Enacts National Cybersecurity System
Quick Hits  |  8/28/2018  | 
The system classifies security incidents and splits national incident response into three separate teams.
WhatsApp: Mobile Phishing's Newest Attack Target
Commentary  |  8/28/2018  | 
In 2018, mobile communication platforms such as WhatsApp, Skype, and SMS have far less protection against app-based phishing than email.
Iranian Hackers Target Universities in Global Cyberattack Campaign
News  |  8/27/2018  | 
Cobalt Dickens threat group is suspected to be behind a large-scale cyberattack wave targeting credentials to access academic resources.
North Korean Hacking Group Steals $13.5 Million From Indian Bank
News  |  8/27/2018  | 
Tactics that Lazarus Group used to siphon money from India's Cosmos Bank were highly sophisticated, Securonix says.
6.4 Billion Fake Emails Sent Each Day
Quick Hits  |  8/27/2018  | 
US the leading source of phony messages worldwide.
Why CISOs Should Make Friends With Their CMOs
Slideshows  |  8/27/2018  | 
A partnership between IT security and marketing could offer many benefits to each group and to the entire enterprise.
Proof-of-Concept Released for Apache Struts Vulnerability
News  |  8/27/2018  | 
Python script for easier exploitation of the flaw is now available as well on Github.
How Can We Improve the Conversation Among Blue Teams?
Commentary  |  8/27/2018  | 
Dark Reading seeks new ways to bring defenders together to share information and best practices
The Difference Between Sandboxing, Honeypots & Security Deception
Commentary  |  8/27/2018  | 
A deep dive into the unique requirements and ideal use cases of three important prevention and analysis technologies.
Cheddar's Scratch Kitchen Chain Suffers Data Breach
Quick Hits  |  8/24/2018  | 
The cyberattack occurred sometime between Nov. 3, 2017, and Jan. 2, 2018.
T-Mobile Hit With Customer Information Hack
Quick Hits  |  8/24/2018  | 
Approximately 2 million users said to be affected.
A False Sense of Security
Commentary  |  8/24/2018  | 
Emerging threats over the next two years stem from biometrics, regulations, and insiders.
Half of Small Businesses Believe They're Not Cybercrime Targets
News  |  8/24/2018  | 
New SMB version of the NIST Cybersecurity Framework could help these organizations properly assess and respond to their security risks.
Modular Downloaders Could Pose New Threat for Enterprises
News  |  8/24/2018  | 
Proofpoint says it has recently discovered two downloaders that let attackers modify malware after it has been installed on a system.
Researcher Cracks San Francisco's Emergency Siren System
Researcher Cracks San Francisco's Emergency Siren System
Dark Reading Videos  |  8/24/2018  | 
Bastille researcher Balint Seeber discusses the process of creating SirenJack and cracking one of a city's critical safety systems.
AI-Based POC, DeepLocker, Could Conceal Targeted Attacks
AI-Based POC, DeepLocker, Could Conceal Targeted Attacks
Dark Reading Videos  |  8/23/2018  | 
IBM research scientist discusses DeepLocker, a stealthy artificial intelligence-enhanced proof-of-concept that won't release any payload until the attacker reaches its ultimate target.
New Apache Struts Vulnerability Leaves Major Websites Exposed
News  |  8/23/2018  | 
The vulnerability, found in Struts' core functionality, could be more critical than the one involved in last year's Equifax breach.
6 Reasons Security Awareness Programs Go Wrong
Slideshows  |  8/23/2018  | 
While plenty of progress has been made on the training front, there's still some work ahead in getting the word out and doing so effectively.
Lazarus Group Builds its First MacOS Malware
News  |  8/23/2018  | 
This isn't the first time Lazarus Group has infiltrated a cryptocurrency exchange as the hacking team has found new ways to achieve financial gain.
The GDPR Ripple Effect
Commentary  |  8/23/2018  | 
Will we ever see a truly global data security and privacy mandate?
New Mirai Variants Leverage Open Source Project
Quick Hits  |  8/23/2018  | 
Aboriginal Linux gives Mirai new cross-platform capabilities - including Android.
CA Man Arrested for Conspiracy to Launder BEC Earnings
Quick Hits  |  8/23/2018  | 
Ochenetchouwe Adegor Ederaine Jr., was involved with an organization engaged with wire fraud and related criminal activity, the DoJ reports.
Embedding Security into the DevOps Toolchain
Commentary  |  8/23/2018  | 
Security teams need to let go of the traditional security stack, stop fighting DevOps teams, and instead jump in right beside them.
DNC Incident Was a Phishing Exercise
Quick Hits  |  8/23/2018  | 
False alarm sent Democratic National Committee into high alert this week amid concerns of a new cyberattack.
Turla Threat Group Uses Email PDF Attachments to Control Stealthy Backdoor
News  |  8/23/2018  | 
The Russian-speaking group's latest tactic is the only known case of malware that's completely controllable via email, researchers at ESET say.
Wickr Adds New Censorship Circumvention Feature to its Encrypted App
News  |  8/23/2018  | 
Secure Open Access addresses void created by Google, Amazon decision to disallow domain fronting, company says.
Page 1 / 4   >   >>


Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
How Attackers Infiltrate the Supply Chain & What to Do About It
Shay Nahari, Head of Red-Team Services at CyberArk,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-13961
PUBLISHED: 2019-07-18
A CSRF vulnerability was found in flatCore before 1.5, leading to the upload of arbitrary .php files via acp/core/files.upload-script.php.
CVE-2019-13962
PUBLISHED: 2019-07-18
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.
CVE-2019-10101
PUBLISHED: 2019-07-18
OECMS v4.3.R60321 and v4.3 later is affected by: Cross Site Request Forgery (CSRF). The impact is: The victim clicks on adding an administrator account. The component is: admincp.php. The attack vector is: network connectivity. The fixed version is: v4.3.
CVE-2019-10102
PUBLISHED: 2019-07-18
MailCleaner before c888fbb6aaa7c5f8400f637bcf1cbb844de46cd9 is affected by: Unauthenticated MySQL database password information disclosure. The impact is: MySQL database content disclosure (e.g. username, password). The component is: The API call in the function allowAction() in NewslettersControlle...
CVE-2019-10102
PUBLISHED: 2019-07-18
Open Information Security Foundation Suricata prior to version 4.1.3 is affected by: Denial of Service - TCP/HTTP detection bypass. The impact is: An attacker can evade a signature detection with a specialy formed sequence of network packets. The component is: detect.c (https://github.com/OISF/suric...