Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in August 2018
Page 1 / 5   >   >>
Machine Identities Need Protection, Too
Quick Hits  |  8/31/2018  | 
A new study shows that device identities need a level of protection that they're not getting from most organizations.
How Hackers Hit Printers
News  |  8/31/2018  | 
New Booz Allen Hamilton report advises companies to include printers in their overall security strategy.
Why Automation Will Free Security Pros to Do What They Do Best
Commentary  |  8/31/2018  | 
There are three reasons today's security talent pool is neither scalable nor effective in addressing the rapid evolution of cyberattacks.
Exploitable Flaws Found in Trusted Platform Module 2.0
Larry Loeb  |  8/31/2018  | 
The US Department of Defense uses the TPM as a key element in dealing with security of device identification and authentication, encryption and similar tasks.
Cryptocurrency Scams Replacing Ransomware as Attackers' Fave
News  |  8/30/2018  | 
Cryptojacking miners and fileless malware see biggest growth in first half of 2018.
Lessons From the Black Hat USA NOC
Commentary  |  8/30/2018  | 
The conference's temporary network operations center provides a snapshot of what is possible when a variety of professionals work together.
Who's At Greatest Risk for BEC Attacks? Not the CEO
News  |  8/30/2018  | 
CEOs only make up 2.2% of business email compromise targets, a sign most victims are further down the corporate ladder.
Botnets Serving Up More Multipurpose Malware
News  |  8/30/2018  | 
Attackers increasingly are distributing malware that can be used for a variety of different tasks, Kaspersky Lab says.
Carbanak/Cobalt/FIN7 Group Targets Russian, Romanian Banks in New Attacks
News  |  8/30/2018  | 
Latest campaign by the hard-to-kill cybercrime group hides malicious code behind legitimate files, Windows processes.
New Pen Test Tool Tricks Targets with Microsoft WCX Files
Quick Hits  |  8/30/2018  | 
The open-source tool lets penetration testers gather credentials by convincing targets to open a Microsoft WCX file.
4 Benefits of a World with Less Privacy
Commentary  |  8/30/2018  | 
The privacy issue is a problem for a lot of people. I see it differently.
'Celebgate' Hacker Heading to Prison
Quick Hits  |  8/30/2018  | 
Connecticut man gets eight months for role in attack involving leak of personal celebrity photos, including those of actress Jennifer Lawrence.
Cryptojacking: How Bad Actors Make Money off Your Data Center
News Analysis-Security Now  |  8/30/2018  | 
Cryptojacking is all the rage right now among bad actors. However, it's not only smartphones that are being targeted, but enterprise data centers as well. Here's how security teams can protect their infrastructure.
'Security Fatigue' Could Put Business at Risk
News  |  8/29/2018  | 
The relentless march of security breaches may cause some individuals to drop their guard, but there's more to the story than that.
IT Professionals Think They're Better Than Their Security
Quick Hits  |  8/29/2018  | 
More than half of professionals think they have a good shot at a successful insider attack.
Windows Zero-Day Flaw Disclosed Via Twitter
News  |  8/29/2018  | 
Security experts confirm the privilege escalation vulnerability in Microsoft Windows still works.
Overestimating WebAssembly's Security Benefits Is Risky for Developers
Overestimating WebAssembly's Security Benefits Is Risky for Developers
Dark Reading Videos  |  8/29/2018  | 
Although WebAssembly technology promises both better performance and better security to developers, it also creates a new risk for native exploits in the browser.
Telecommunications Industry in the Bullseye
News  |  8/29/2018  | 
New report cites higher volume and increased sophistication of threats to the sector.
Passport Numbers Exposed in Air Canada Data Breach
Quick Hits  |  8/29/2018  | 
Mobile app hit in cyberattack that compromised 20K user accounts.
Instagram Debuts New Security Tools
Quick Hits  |  8/29/2018  | 
Updates include a new feature to verify the authenticity of popular accounts and a means of integrating two-factor authentication.
How One Companys Cybersecurity Problem Becomes Another's Fraud Problem
Commentary  |  8/29/2018  | 
The solution: When security teams see something in cyberspace, they need to say something.
7 Steps to Start Searching with Shodan
Slideshows  |  8/29/2018  | 
The right know-how can turn the search engine for Internet-connected devices into a powerful tool for security professionals.
Data Leaks Via Smart Light Bulbs? Believe It
Larry Loeb  |  8/29/2018  | 
Researchers from the University of Texas at San Antonio have shown it's possible to exfiltrate data from a smart-bulb system. But there's no need to go back to candles just yet.
Free Cybersecurity Services Offer a First Step to Securing US Elections
News  |  8/28/2018  | 
Some key security vendors - including Microsoft, Google, Cloudflare - are offering pro bono services and tools for election jurisdictions and campaigns this election season. But will it help?
Fileless Attacks Jump 94% in First Half of 2018
News  |  8/28/2018  | 
While ransomware is still popular, fileless and PowerShell attacks are the threats to watch this year.
PCI SSC Releases New Security Tools for Small Businesses
Quick Hits  |  8/28/2018  | 
Tool intended to help small businesses understand their risk and how well they're being addressed.
Why Security Needs a Software-Defined Perimeter
Commentary  |  8/28/2018  | 
Most security teams today still don't know whether a user at the end of a remote connection is a hacker, spy, fraudster -- or even a dog. An SDP can change that.
Polish Parliament Enacts National Cybersecurity System
Quick Hits  |  8/28/2018  | 
The system classifies security incidents and splits national incident response into three separate teams.
WhatsApp: Mobile Phishing's Newest Attack Target
Commentary  |  8/28/2018  | 
In 2018, mobile communication platforms such as WhatsApp, Skype, and SMS have far less protection against app-based phishing than email.
Microsoft Outlook Backdoor Amped Up by Russia-Linked Group
Larry Loeb  |  8/28/2018  | 
The Russia-linked Turla group uses PDF attachments to email messages to exfiltrate data, according to ESET.\r\n
Kaspersky: Lazarus Takes Aim at macOS in Cryptocurrency Campaign
Jeffrey Burt  |  8/28/2018  | 
Kaspersky researchers said users of Apple and Linux systems should see the AppleJesus campaign as a warning not to get lax in their cybersecurity efforts.
Iranian Hackers Target Universities in Global Cyberattack Campaign
News  |  8/27/2018  | 
Cobalt Dickens threat group is suspected to be behind a large-scale cyberattack wave targeting credentials to access academic resources.
North Korean Hacking Group Steals $13.5 Million From Indian Bank
News  |  8/27/2018  | 
Tactics that Lazarus Group used to siphon money from India's Cosmos Bank were highly sophisticated, Securonix says.
6.4 Billion Fake Emails Sent Each Day
Quick Hits  |  8/27/2018  | 
US the leading source of phony messages worldwide.
Why CISOs Should Make Friends With Their CMOs
Slideshows  |  8/27/2018  | 
A partnership between IT security and marketing could offer many benefits to each group and to the entire enterprise.
Proof-of-Concept Released for Apache Struts Vulnerability
News  |  8/27/2018  | 
Python script for easier exploitation of the flaw is now available as well on Github.
How Can We Improve the Conversation Among Blue Teams?
Commentary  |  8/27/2018  | 
Dark Reading seeks new ways to bring defenders together to share information and best practices
The Difference Between Sandboxing, Honeypots & Security Deception
Commentary  |  8/27/2018  | 
A deep dive into the unique requirements and ideal use cases of three important prevention and analysis technologies.
Five IoT Endpoint Security Recommendations for the Enterprise
Alan Zeichick  |  8/27/2018  | 
It's 2:00 a.m. Do you know where your devices are? Find out five IoT security tips to help you sleep at night.
Cheddar's Scratch Kitchen Chain Suffers Data Breach
Quick Hits  |  8/24/2018  | 
The cyberattack occurred sometime between Nov. 3, 2017, and Jan. 2, 2018.
T-Mobile Hit With Customer Information Hack
Quick Hits  |  8/24/2018  | 
Approximately 2 million users said to be affected.
A False Sense of Security
Commentary  |  8/24/2018  | 
Emerging threats over the next two years stem from biometrics, regulations, and insiders.
Half of Small Businesses Believe They're Not Cybercrime Targets
News  |  8/24/2018  | 
New SMB version of the NIST Cybersecurity Framework could help these organizations properly assess and respond to their security risks.
Modular Downloaders Could Pose New Threat for Enterprises
News  |  8/24/2018  | 
Proofpoint says it has recently discovered two downloaders that let attackers modify malware after it has been installed on a system.
Apache Struts Critical Weakness Found, Patched
Larry Loeb  |  8/24/2018  | 
The open source framework for Java-based web apps has a critical flaw the Apache Software Foundation is trying to counter.
Researcher Cracks San Francisco's Emergency Siren System
Researcher Cracks San Francisco's Emergency Siren System
Dark Reading Videos  |  8/24/2018  | 
Bastille researcher Balint Seeber discusses the process of creating SirenJack and cracking one of a city's critical safety systems.
AI-Based POC, DeepLocker, Could Conceal Targeted Attacks
AI-Based POC, DeepLocker, Could Conceal Targeted Attacks
Dark Reading Videos  |  8/23/2018  | 
IBM research scientist discusses DeepLocker, a stealthy artificial intelligence-enhanced proof-of-concept that won't release any payload until the attacker reaches its ultimate target.
New Apache Struts Vulnerability Leaves Major Websites Exposed
News  |  8/23/2018  | 
The vulnerability, found in Struts' core functionality, could be more critical than the one involved in last year's Equifax breach.
6 Reasons Security Awareness Programs Go Wrong
Slideshows  |  8/23/2018  | 
While plenty of progress has been made on the training front, there's still some work ahead in getting the word out and doing so effectively.
Lazarus Group Builds its First MacOS Malware
News  |  8/23/2018  | 
This isn't the first time Lazarus Group has infiltrated a cryptocurrency exchange as the hacking team has found new ways to achieve financial gain.
Page 1 / 5   >   >>


Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27254
PUBLISHED: 2021-03-05
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encrypti...
CVE-2021-27255
PUBLISHED: 2021-03-05
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of...
CVE-2021-27256
PUBLISHED: 2021-03-05
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists wit...
CVE-2021-27257
PUBLISHED: 2021-03-05
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via...
CVE-2021-26705
PUBLISHED: 2021-03-05
An issue was discovered in SquareBox CatDV Server through 9.2. An attacker can invoke sensitive RMI methods such as getConnections without authentication, the results of which can be used to generate valid authentication tokens. These tokens can then be used to invoke administrative tasks within the...