Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in August 2018
Page 1 / 5   >   >>
Machine Identities Need Protection, Too
Quick Hits  |  8/31/2018  | 
A new study shows that device identities need a level of protection that they're not getting from most organizations.
How Hackers Hit Printers
News  |  8/31/2018  | 
New Booz Allen Hamilton report advises companies to include printers in their overall security strategy.
Why Automation Will Free Security Pros to Do What They Do Best
Commentary  |  8/31/2018  | 
There are three reasons today's security talent pool is neither scalable nor effective in addressing the rapid evolution of cyberattacks.
Exploitable Flaws Found in Trusted Platform Module 2.0
Larry Loeb  |  8/31/2018  | 
The US Department of Defense uses the TPM as a key element in dealing with security of device identification and authentication, encryption and similar tasks.
Cryptocurrency Scams Replacing Ransomware as Attackers' Fave
News  |  8/30/2018  | 
Cryptojacking miners and fileless malware see biggest growth in first half of 2018.
Lessons From the Black Hat USA NOC
Commentary  |  8/30/2018  | 
The conference's temporary network operations center provides a snapshot of what is possible when a variety of professionals work together.
Botnets Serving Up More Multipurpose Malware
News  |  8/30/2018  | 
Attackers increasingly are distributing malware that can be used for a variety of different tasks, Kaspersky Lab says.
Who's At Greatest Risk for BEC Attacks? Not the CEO
News  |  8/30/2018  | 
CEOs only make up 2.2% of business email compromise targets, a sign most victims are further down the corporate ladder.
Carbanak/Cobalt/FIN7 Group Targets Russian, Romanian Banks in New Attacks
News  |  8/30/2018  | 
Latest campaign by the hard-to-kill cybercrime group hides malicious code behind legitimate files, Windows processes.
New Pen Test Tool Tricks Targets with Microsoft WCX Files
Quick Hits  |  8/30/2018  | 
The open-source tool lets penetration testers gather credentials by convincing targets to open a Microsoft WCX file.
4 Benefits of a World with Less Privacy
Commentary  |  8/30/2018  | 
The privacy issue is a problem for a lot of people. I see it differently.
'Celebgate' Hacker Heading to Prison
Quick Hits  |  8/30/2018  | 
Connecticut man gets eight months for role in attack involving leak of personal celebrity photos, including those of actress Jennifer Lawrence.
Cryptojacking: How Bad Actors Make Money off Your Data Center
News Analysis-Security Now  |  8/30/2018  | 
Cryptojacking is all the rage right now among bad actors. However, it's not only smartphones that are being targeted, but enterprise data centers as well. Here's how security teams can protect their infrastructure.
'Security Fatigue' Could Put Business at Risk
News  |  8/29/2018  | 
The relentless march of security breaches may cause some individuals to drop their guard, but there's more to the story than that.
IT Professionals Think They're Better Than Their Security
Quick Hits  |  8/29/2018  | 
More than half of professionals think they have a good shot at a successful insider attack.
Windows Zero-Day Flaw Disclosed Via Twitter
News  |  8/29/2018  | 
Security experts confirm the privilege escalation vulnerability in Microsoft Windows still works.
Overestimating WebAssembly's Security Benefits Is Risky for Developers
Overestimating WebAssembly's Security Benefits Is Risky for Developers
Dark Reading Videos  |  8/29/2018  | 
Although WebAssembly technology promises both better performance and better security to developers, it also creates a new risk for native exploits in the browser.
Telecommunications Industry in the Bullseye
News  |  8/29/2018  | 
New report cites higher volume and increased sophistication of threats to the sector.
Passport Numbers Exposed in Air Canada Data Breach
Quick Hits  |  8/29/2018  | 
Mobile app hit in cyberattack that compromised 20K user accounts.
Instagram Debuts New Security Tools
Quick Hits  |  8/29/2018  | 
Updates include a new feature to verify the authenticity of popular accounts and a means of integrating two-factor authentication.
How One Companys Cybersecurity Problem Becomes Another's Fraud Problem
Commentary  |  8/29/2018  | 
The solution: When security teams see something in cyberspace, they need to say something.
7 Steps to Start Searching with Shodan
Slideshows  |  8/29/2018  | 
The right know-how can turn the search engine for Internet-connected devices into a powerful tool for security professionals.
Data Leaks Via Smart Light Bulbs? Believe It
Larry Loeb  |  8/29/2018  | 
Researchers from the University of Texas at San Antonio have shown it's possible to exfiltrate data from a smart-bulb system. But there's no need to go back to candles just yet.
Free Cybersecurity Services Offer a First Step to Securing US Elections
News  |  8/28/2018  | 
Some key security vendors - including Microsoft, Google, Cloudflare - are offering pro bono services and tools for election jurisdictions and campaigns this election season. But will it help?
Fileless Attacks Jump 94% in First Half of 2018
News  |  8/28/2018  | 
While ransomware is still popular, fileless and PowerShell attacks are the threats to watch this year.
PCI SSC Releases New Security Tools for Small Businesses
Quick Hits  |  8/28/2018  | 
Tool intended to help small businesses understand their risk and how well they're being addressed.
Why Security Needs a Software-Defined Perimeter
Commentary  |  8/28/2018  | 
Most security teams today still don't know whether a user at the end of a remote connection is a hacker, spy, fraudster -- or even a dog. An SDP can change that.
Polish Parliament Enacts National Cybersecurity System
Quick Hits  |  8/28/2018  | 
The system classifies security incidents and splits national incident response into three separate teams.
WhatsApp: Mobile Phishing's Newest Attack Target
Commentary  |  8/28/2018  | 
In 2018, mobile communication platforms such as WhatsApp, Skype, and SMS have far less protection against app-based phishing than email.
Microsoft Outlook Backdoor Amped Up by Russia-Linked Group
Larry Loeb  |  8/28/2018  | 
The Russia-linked Turla group uses PDF attachments to email messages to exfiltrate data, according to ESET.\r\n
Kaspersky: Lazarus Takes Aim at macOS in Cryptocurrency Campaign
Jeffrey Burt  |  8/28/2018  | 
Kaspersky researchers said users of Apple and Linux systems should see the AppleJesus campaign as a warning not to get lax in their cybersecurity efforts.
Iranian Hackers Target Universities in Global Cyberattack Campaign
News  |  8/27/2018  | 
Cobalt Dickens threat group is suspected to be behind a large-scale cyberattack wave targeting credentials to access academic resources.
North Korean Hacking Group Steals $13.5 Million From Indian Bank
News  |  8/27/2018  | 
Tactics that Lazarus Group used to siphon money from India's Cosmos Bank were highly sophisticated, Securonix says.
6.4 Billion Fake Emails Sent Each Day
Quick Hits  |  8/27/2018  | 
US the leading source of phony messages worldwide.
Why CISOs Should Make Friends With Their CMOs
Slideshows  |  8/27/2018  | 
A partnership between IT security and marketing could offer many benefits to each group and to the entire enterprise.
Proof-of-Concept Released for Apache Struts Vulnerability
News  |  8/27/2018  | 
Python script for easier exploitation of the flaw is now available as well on Github.
How Can We Improve the Conversation Among Blue Teams?
Commentary  |  8/27/2018  | 
Dark Reading seeks new ways to bring defenders together to share information and best practices
The Difference Between Sandboxing, Honeypots & Security Deception
Commentary  |  8/27/2018  | 
A deep dive into the unique requirements and ideal use cases of three important prevention and analysis technologies.
Five IoT Endpoint Security Recommendations for the Enterprise
Alan Zeichick  |  8/27/2018  | 
It's 2:00 a.m. Do you know where your devices are? Find out five IoT security tips to help you sleep at night.
Cheddar's Scratch Kitchen Chain Suffers Data Breach
Quick Hits  |  8/24/2018  | 
The cyberattack occurred sometime between Nov. 3, 2017, and Jan. 2, 2018.
T-Mobile Hit With Customer Information Hack
Quick Hits  |  8/24/2018  | 
Approximately 2 million users said to be affected.
A False Sense of Security
Commentary  |  8/24/2018  | 
Emerging threats over the next two years stem from biometrics, regulations, and insiders.
Half of Small Businesses Believe They're Not Cybercrime Targets
News  |  8/24/2018  | 
New SMB version of the NIST Cybersecurity Framework could help these organizations properly assess and respond to their security risks.
Modular Downloaders Could Pose New Threat for Enterprises
News  |  8/24/2018  | 
Proofpoint says it has recently discovered two downloaders that let attackers modify malware after it has been installed on a system.
Apache Struts Critical Weakness Found, Patched
Larry Loeb  |  8/24/2018  | 
The open source framework for Java-based web apps has a critical flaw the Apache Software Foundation is trying to counter.
Researcher Cracks San Francisco's Emergency Siren System
Researcher Cracks San Francisco's Emergency Siren System
Dark Reading Videos  |  8/24/2018  | 
Bastille researcher Balint Seeber discusses the process of creating SirenJack and cracking one of a city's critical safety systems.
AI-Based POC, DeepLocker, Could Conceal Targeted Attacks
AI-Based POC, DeepLocker, Could Conceal Targeted Attacks
Dark Reading Videos  |  8/23/2018  | 
IBM research scientist discusses DeepLocker, a stealthy artificial intelligence-enhanced proof-of-concept that won't release any payload until the attacker reaches its ultimate target.
New Apache Struts Vulnerability Leaves Major Websites Exposed
News  |  8/23/2018  | 
The vulnerability, found in Struts' core functionality, could be more critical than the one involved in last year's Equifax breach.
6 Reasons Security Awareness Programs Go Wrong
Slideshows  |  8/23/2018  | 
While plenty of progress has been made on the training front, there's still some work ahead in getting the word out and doing so effectively.
Lazarus Group Builds its First MacOS Malware
News  |  8/23/2018  | 
This isn't the first time Lazarus Group has infiltrated a cryptocurrency exchange as the hacking team has found new ways to achieve financial gain.
Page 1 / 5   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-21195
PUBLISHED: 2021-04-09
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.