Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in August 2018
<<   <   Page 2 / 5   >   >>
The GDPR Ripple Effect
Commentary  |  8/23/2018  | 
Will we ever see a truly global data security and privacy mandate?
New Mirai Variants Leverage Open Source Project
Quick Hits  |  8/23/2018  | 
Aboriginal Linux gives Mirai new cross-platform capabilities - including Android.
CA Man Arrested for Conspiracy to Launder BEC Earnings
Quick Hits  |  8/23/2018  | 
Ochenetchouwe Adegor Ederaine Jr., was involved with an organization engaged with wire fraud and related criminal activity, the DoJ reports.
Embedding Security into the DevOps Toolchain
Commentary  |  8/23/2018  | 
Security teams need to let go of the traditional security stack, stop fighting DevOps teams, and instead jump in right beside them.
DNC Incident Was a Phishing Exercise
Quick Hits  |  8/23/2018  | 
False alarm sent Democratic National Committee into high alert this week amid concerns of a new cyberattack.
Turla Threat Group Uses Email PDF Attachments to Control Stealthy Backdoor
News  |  8/23/2018  | 
The Russian-speaking group's latest tactic is the only known case of malware that's completely controllable via email, researchers at ESET say.
Social Media Malware: Fake News or Real Threat to Democracy?
News Analysis-Security Now  |  8/23/2018  | 
With new elections coming up this fall in the US, it's time to reconsider and rethink the security we apply to our social media networks.
Wickr Adds New Censorship Circumvention Feature to its Encrypted App
News  |  8/23/2018  | 
Secure Open Access addresses void created by Google, Amazon decision to disallow domain fronting, company says.
It Takes an Average 38 Days to Patch a Vulnerability
News  |  8/22/2018  | 
Analysis of 316 million-plus security incidents uncovers most common types of real-world attacks taking place within in-production Web apps in the AWS and Azure cloud ecosystems.
Adobe Software at Center of Two Vulnerability Disclosures
News  |  8/22/2018  | 
Newly discovered Photoshop and Ghostscript vulnerabilities allow remote code execution.
DNC Reports Attempted Cyberattack on its Voter Database
Quick Hits  |  8/22/2018  | 
FBI is investigating phony domain posing as Votebuilder.
Attackers Using 'Legitimate' Remote Admin Tool in Multiple Threat Campaigns
News  |  8/22/2018  | 
Researchers from Cisco Talos say Breaking Security's Remcos software allows attackers to fully control and monitor any Windows system from XP onward.
New Insurance Product Adds Coverage for Cryptomining Malware Losses
Quick Hits  |  8/22/2018  | 
Product also covers all forms of illicit use of business services, including toll fraud and unauthorized use of cloud services.
The Votes Are In: Election Security Matters
Commentary  |  8/22/2018  | 
Three ways to make sure that Election Day tallies are true.
Vulnerable Web Apps Top Threat to Enterprises
Jeffrey Burt  |  8/22/2018  | 
A report by Kaspersky researchers found that 73% of successful network perimeter breaches in 2017 were committed via web apps, while inside threats continue to put companies at risk.
What a Forensic Analysis of 'Worst Voting Machine Ever' Turned Up
What a Forensic Analysis of 'Worst Voting Machine Ever' Turned Up
Dark Reading Videos  |  8/22/2018  | 
University of Copenhagen associate professor discusses what he found when he dug into some decommissioned WinVote voting machines.
Microsoft Yanks Suspected Russian-Intelligence Domains
Larry Loeb  |  8/22/2018  | 
Microsoft has pulled the plug on domains it suspected as fronts for Russian Intelligence. The company says the targets were US conservative groups.
How Threats Increase in Internet Time
News  |  8/21/2018  | 
Cybercrime incidents and costs increase with each passing minute on the Internet.
Microsoft Sinkholes 6 Fancy Bear/APT28 Internet Domains
News  |  8/21/2018  | 
Operation appears to have disrupted early stages of an attack campaign using spoofed nonprofit, Senate, and Microsoft domains.
How to Gauge the Effectiveness of Security Awareness Programs
Commentary  |  8/21/2018  | 
If you spend $10,000 on an awareness program and expect it to completely stop tens of millions of dollars in losses, you are a fool. If $10,000 prevents $100,000 in loss, that's a 10-fold ROI.
Clinging to TLS 1.0 Puts Sites Outside PCI DSS Compliance
Quick Hits  |  8/21/2018  | 
More than half of organizations could be out of compliance, new research shows.
Open-Source Hybrid Analysis Portal Gets a Boost
Quick Hits  |  8/21/2018  | 
CrowdStrike donates its accelerated search engine to the free malware analysis site.
Latin America Served with 'Dark Tequila' Banking Malware
Quick Hits  |  8/21/2018  | 
The complex operation packs a multistage payload and spreads via spear-phishing emails and infected USB devices.
Proving ROI: How a Security Road Map Can Sway the C-Suite
Commentary  |  8/21/2018  | 
When executives are constantly trying to cut the fat, CISOs need to develop a flexible structure to improve baseline assessments and target goals, tactics, and capabilities. Here's how.
Hackers Use Public Cloud Features to Breach, Persist In Business Networks
News  |  8/21/2018  | 
Attackers are abusing the characteristics of cloud services to launch and hide their activity as they traverse target networks.
7 Serious IoT Vulnerabilities
Slideshows  |  8/21/2018  | 
A growing number of employees have various IoT devices in their homes where they're also connecting to an enterprise network to do their work. And that means significant threats loom.
Electrical Grid Attack via IoT Devices Successfully Simulated
Larry Loeb  |  8/21/2018  | 
Researchers have successfully simulated an attack on an electrical power grid that employs IoT devices to trigger a blackout.
Busting the Open Source Security Myth
News Analysis-Security Now  |  8/20/2018  | 
Cloud training expert says too many developers assume that open source software is inherently more secure but that's not always the case and it can lead to security issues.
Ohio Man Sentenced To 15 Months For BEC Scam
Quick Hits  |  8/20/2018  | 
Olumuyiwa Adejumo and co-conspirators targeted CEOs, CFOs, and other enterprise leaders in the US with fraudulent emails.
Google Updates: Cloud HSM Beta, Binary Authorization for Kubernetes
News  |  8/20/2018  | 
Google's latest cloud security rollouts include early releases of its cloud-hosted security module and a container security tool to verify signed images.
Augusta University Health Reports Major Data Breach
Quick Hits  |  8/20/2018  | 
Over 400K individuals affected by the breach, which was the result of a successful phishing attack that occurred in September 2017.
The Uncertain Fate of WHOIS, & Other Matters of Internet Accountability
The Uncertain Fate of WHOIS, & Other Matters of Internet Accountability
Dark Reading Videos  |  8/20/2018  | 
Paul Vixie discusses the uncertain fate of WHOIS in the age of GDPR, the risks of domain name homographs, and other underpinnings of the Internet that are hard to trust and harder to fix.
Real Estate Industry Remains Rich Target for Cybercrime
News  |  8/20/2018  | 
Trojans, file downloaders, stolen credentials, and BEC scams, hitting the real estate sector.
Data Privacy Careers Are Helping to Close the IT Gender Gap
Commentary  |  8/20/2018  | 
There are three main reasons why the field has been more welcoming for women. Can other tech areas step up?
Foreshadow-NG Vulnerability Sets Tech Giants Scrambling
Larry Loeb  |  8/20/2018  | 
Foreshadow vulnerabilities expose processors and even the cloud to penetration.
How Better Intel Can Reduce, Prevent Payment Card Fraud
How Better Intel Can Reduce, Prevent Payment Card Fraud
Dark Reading Videos  |  8/20/2018  | 
Royal Bank of Canada machine learning researcher and Terbium Labs chief scientist discuss how they use intelligence about the carding market to predict the next payment card fraud victims.
Make a Wish: Dark Reading Caption Contest Winners
Commentary  |  8/18/2018  | 
Certification, endpoint security, 2FA, phishing, and PII were among the themes and puns offered by readers in our latest cartoon caption competition. And the winners are ...
Researchers Find New Fast-Acting Side-Channel Vulnerability
News  |  8/17/2018  | 
A group of researchers from Georgia Tech have discovered a method for pulling encryption keys from mobile devices without ever touching the phones, themselves.
Malicious Cryptomining & Other Shifting Threats
Malicious Cryptomining & Other Shifting Threats
Dark Reading Videos  |  8/17/2018  | 
Skybox Security CMO Michelle Johnson Cobb discloses research results that include a spike in malicious cryptomining during Bitcoins peak, a shift to outside-the-perimeter mobile threats, and more.
The Economics of AI-Enabled Security
The Economics of AI-Enabled Security
Dark Reading Videos  |  8/17/2018  | 
While AI greatly enhances security, Securonix CTO Tanuj Gulati points out the need for predictable cost models that insulate SOCs from the variables of massive data volume and intense real-time processing.
Using Threat Deception on Malicious Insiders
Using Threat Deception on Malicious Insiders
Dark Reading Videos  |  8/17/2018  | 
Illusive Networks CEO Ofer Israeli reveals how distributed deception technology can be as effective against insider threats as it is against outsiders, since it thwarts the lateral movement common to both.
Filtering the Threat Intelligence Tsunami
Filtering the Threat Intelligence Tsunami
Dark Reading Videos  |  8/17/2018  | 
Reversing Labs CEO Mario Vuksan contends that SOCs are overwhelmed by global threat intelligence, and can benefit more from a targeted "pull" model that focuses on YARA-type binary pattern matching.
Ensuring Web Applications Are Hardened, Secure
Ensuring Web Applications Are Hardened, Secure
Dark Reading Videos  |  8/17/2018  | 
Ofer Maor of Synopsys Software Integrity Group describes how automated testing can non-intrusively pinpoint where developers may be inadvertently exposing data and/or violating compliance mandates.
Marap Malware Appears, Targeting Financial Sector
Quick Hits  |  8/17/2018  | 
A new form of modular downloader packs the ability to download other modules and payloads.
Building Security into the DevOps Pipeline
Building Security into the DevOps Pipeline
Dark Reading Videos  |  8/17/2018  | 
As companies pump more code into production at a faster pace, CA Veracode VP of Security Research Chris Eng stresses the importance of avoiding vulnerabilities by building security directly into the DevOps pipeline.
Supplementing the SOC with Cyber-as-a-Service
Supplementing the SOC with Cyber-as-a-Service
Dark Reading Videos  |  8/17/2018  | 
Raytheon Cyber Protection Solutions CTO Mark Orlando suggests under-resourced SOCs enhance their effectiveness at-scale by tapping the advanced cyber defense automation his company has developed.
Exploring, Exploiting Active Directory Admin Flaws
News  |  8/17/2018  | 
Common methods AD administrators use to protect their environments can easily be exploited. Here's how.
Assessing & Mitigating Increased Exposure to Third-Party Risk
Assessing & Mitigating Increased Exposure to Third-Party Risk
Dark Reading Videos  |  8/17/2018  | 
As we increasingly connect with each other digitally, CyberGRX CRO Scott Schneider believes we need to be much more diligent about sharing validated insight into the infosec maturity of our organizations.
Leveraging the Power of your End-Users Human Cognition
Leveraging the Power of your End-Users Human Cognition
Dark Reading Videos  |  8/17/2018  | 
Cofense CEO Rohyt Belani makes a case for more aggressively leveraging the unique ability of your most perceptive and well-trained end-users to help you more quickly spot and stop email threats.
Australian Teen Hacked Apple Network
Quick Hits  |  8/17/2018  | 
The 16-year-old made off with 90 gigs of sensitive data.
<<   <   Page 2 / 5   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27180
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail (aka WorldClient). It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user.
CVE-2021-27181
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Remote Administration allows an attacker to perform a fixation of the anti-CSRF token. In order to exploit this issue, the user has to click on a malicious URL provided by the attacker and successfully authenticate into the application. Having the va...
CVE-2021-27182
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. There is an IFRAME injection vulnerability in Webmail (aka WorldClient). It can be exploited via an email message. It allows an attacker to perform any action with the privileges of the attacked user.
CVE-2021-27183
PUBLISHED: 2021-04-14
An issue was discovered in MDaemon before 20.0.4. Administrators can use Remote Administration to exploit an Arbitrary File Write vulnerability. An attacker is able to create new files in any location of the filesystem, or he may be able to modify existing files. This vulnerability may directly lead...
CVE-2021-29449
PUBLISHED: 2021-04-14
Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details.