Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in August 2019
Page 1 / 4   >   >>
@jack Got Hacked: Twitter CEO's Tweets Hijacked
Quick Hits  |  8/30/2019  | 
Twitter CEO Jack Dorsey's Twitter account was, apparently, hijacked for roughly 20 minutes and used for a racist rant.
New Credential-Theft Attack Weaponizes DNS
Quick Hits  |  8/30/2019  | 
The recently discovered campaign sends stolen data out of the network as part of a DNS query.
Google Uncovers Massive iPhone Attack Campaign
News  |  8/30/2019  | 
A group of hacked websites has been silently compromising fully patched iPhones for at least two years, Project Zero reports.
Overburdened SOC Analysts Shift Priorities
News  |  8/30/2019  | 
Many SOC analysts are starting to shut off high-alert features to keep pace with the volume, new study shows.
To Navigate a Sea of Cybersecurity Solutions, Learn How to Fish
Commentary  |  8/30/2019  | 
Three steps for relieving the pressure of picking the right tools.
7 Breaches & Hacks That Throw Shade on Biometric Security
Slideshows  |  8/30/2019  | 
Stolen fingerprints, fake hands, voice synthetization, and other nefarious techniques show biometrics has plenty of challenges.
Retadup Worm Squashed After Infecting 850K Machines
News  |  8/29/2019  | 
An operation involving French law enforcement, the FBI, and Avast forces Retadup to delete itself from victim machines.
Google Announces New, Expanded Bounty Programs
Quick Hits  |  8/29/2019  | 
The company is significantly expanding the bug-bounty program for Google Play and starting a program aimed at user data protection.
Bug Bounties Continue to Rise, but Market Has Its Own 1% Problem
News  |  8/29/2019  | 
The average payout for a critical vulnerability has almost reached $3,400, but only the top bug hunters of a field of 500,000 are truly profiting.
Google Cloud Releases Beta of Managed Service to Microsoft AD
Quick Hits  |  8/29/2019  | 
Managed Service for Microsoft Active Directory was built to help admins handle cloud-based workloads.
New Botnet Targets Android Set-Top Boxes
News  |  8/29/2019  | 
ARES has already infected thousands of devices and is growing, IoT security firm says.
Privacy 2019: We're Not Ready
Commentary  |  8/29/2019  | 
To facilitate the innovative use of data and unlock the benefits of new technologies, we need privacy not just in the books but also on the ground.
Facebook Patches Second Account-Takeover Flaw in Instagram
News  |  8/28/2019  | 
The password-recovery mechanism once again puts users of the photo- and video-sharing platform at risk.
Magecart Shops for Victims as E-Commerce Market Grows
News  |  8/28/2019  | 
In 2.5 hours of research, one security expert uncovered more than 80 actively compromised ecommerce websites.
TrickBot Comes to Cellular Carriers
Quick Hits  |  8/28/2019  | 
A new malicious campaign seeks cell account PINs from victims.
Fancy Bear Dons Plain Clothes to Try to Defeat Machine Learning
News  |  8/28/2019  | 
An analysis of a sample published by the US government shows Russian espionage group APT28, also known as Fancy Bear, has stripped down its initial infector in an attempt to defeat ML-based defenses.
Malware Found in Android App with 100M Users
Quick Hits  |  8/28/2019  | 
CamScanner, a legitimate app used to scan and manage documents, was found executing payloads on Android devices.
Securing Our Infrastructure: 3 Steps OEMs Must Take in the IoT Age
Commentary  |  8/28/2019  | 
Security has lagged behind adoption of the Internet of Things. The devices hold much promise, but only if a comprehensive security model is constructed.
Imperva Customer Database Exposed
Quick Hits  |  8/27/2019  | 
A subset of customers for the company's Incapsula web application firewall had their email addresses, hashed/salted passwords, and more open to unauthorized access, Imperva announced.
CrowdStrike Launches Fund for Early-Stage Endpoint Security Startups
News  |  8/27/2019  | 
It's goal is to accelerate delivery of third-party apps that add on and extend the company's Falcon cloud-hosted services.
New 'Lyceum' Threat Group Eyes Critical Infrastructure
Quick Hits  |  8/27/2019  | 
Researchers report Lyceum, otherwise known as Hexane, has targeted organizations in South Africa and the Middle East.
WannaCry Remains No. 1 Ransomware Weapon
News  |  8/27/2019  | 
Of all of the ransomware variants spotted targeting victims in the first half of 2019, the infamous WannaCry was by far the most prevalent, according to Trend Micro's detection data.
6 Ways Airlines and Hotels Can Keep Their Networks Secure
Slideshows  |  8/27/2019  | 
As recent news can attest, travel and hospitality companies are prime targets for cybercriminals. Here are six privacy and security tips that can help lock down privacy and security.
Unsecured IoT: 8 Ways Hackers Exploit Firmware Vulnerabilities
Commentary  |  8/27/2019  | 
As new Internet of Things products enter the market, speed shouldn't trump concerns about security.
Consumers Urged to Secure Their Digital Lives
News  |  8/27/2019  | 
Security options for consumers improve as Internet of Things devices invade homes and data on consumers proliferates online.
Apple Releases Emergency Patch for iPhone Jailbreak Flaw
Quick Hits  |  8/26/2019  | 
iOS version 12.4.1 fixes the "use after free" vulnerability.
More Than Half of Social Media Login Attempts Are Fraud
News  |  8/26/2019  | 
Overall, account registrations for tech companies are four times more likely to be malicious than legitimate, a new report states.
3 Arrested in Transnational Fraud Indictments
Quick Hits  |  8/26/2019  | 
According to the indictments, the accused impersonated government officials when they demanded money from their victims.
IRS Alerts Taxpayers to New Email Scam
Quick Hits  |  8/26/2019  | 
A spoofed IRS.gov link leads victims to a fraudulent Web page where they are prompted to download malware.
Cryptography & the Hype Over Quantum Computing
Commentary  |  8/26/2019  | 
It's not time to move to post-quantum cryptography yet -- too many things are still up in the air. But you can start to become prepared by making sure your infrastructure is agile.
Ransomware Trains Its Sights on Cloud Providers
Ransomware Trains Its Sights on Cloud Providers
Dark Reading Videos  |  8/23/2019  | 
Ransomware writers are now targeting cloud service providers with network file encryption attacks as a way to hold hostage the maximum number of customers that they can, notes Chris Morales, head of security analytics for Vectra. He also discusses Vectra's new ransomware report, which offers tips for protecting against virtual hostage taking.
Qualys Launches Free App for IT Asset Discovery and Inventory
Qualys Launches Free App for IT Asset Discovery and Inventory
Dark Reading Videos  |  8/23/2019  | 
Qualys's Chairman and CEO, Philippe Courtot talks about changes in the security landscape he's witnessed during the company's 20-year lifespan, as well as what motivated the vendor to give away its Global IT Asset Discovery and Inventory app for free.
IBM Announces Quantum Safe Encryption
Quick Hits  |  8/23/2019  | 
Techniques too tough for quantum computing solutions will be part of public cloud and tape storage encryption.
80 Charged in Massive BEC Operation Bust
News  |  8/23/2019  | 
A group of mostly Nigerian nationals attempted to steal $46 million through business email compromise and romance scams, the FBI reports.
Virtual World of Containers, VMs Creates New Security Challenges
Virtual World of Containers, VMs Creates New Security Challenges
Dark Reading Videos  |  8/23/2019  | 
Containers, virtual machines, and the advent of DevOps as a software creation tool all put new pressures on organizations' security strength, according to Dan Hubbard, CEO of Lacework. Cloud's ability to offer scale, capacity, and processing power may even exacerbate the vulnerabilities unless properly managed, he adds.
VMware to Buy Carbon Black for $2.1B
Quick Hits  |  8/23/2019  | 
Virtual machine giant's big cloud move includes plans to shell out $2.7 billion in stock transactions for Pivotal Software.
Capital One Breach: What Security Teams Can Do Now
Commentary  |  8/23/2019  | 
Knowing the methods of the attacker, as laid out in the federal indictment, allow us to prevent similar attacks.
Spirent Nixes Over-Reliance on Compliance Checklists for Good Security
Spirent Nixes Over-Reliance on Compliance Checklists for Good Security
Dark Reading Videos  |  8/23/2019  | 
Enterprises must regularly validate their security efficacy based on real-time conditions, not compliance criteria, says John Weinschenk, General manager, Enterprise Network and Application Security of Spirent. That sort of testing returns actionable data to tune devices, update policies, and fortify defenses before they are compromised, he adds.
10 Low-Cost (or Free!) Ways to Boost Your Security AI Skills
Slideshows  |  8/23/2019  | 
The following hardware and software options will amplify your know-how about artificial intelligence and how to apply it to security without busting any budgets.
App Security Still Dogs Developers, End-User Organizations
App Security Still Dogs Developers, End-User Organizations
Dark Reading Videos  |  8/23/2019  | 
Lots of re-used code, cost pressures and long lead times for application software all lead to porous security where application software is concerned, says Chris Eng, Chief Research Officer for Veracode. But an emerging role he calls a "security champion" can help circumvent those problems and make apps safer for everyone.
Cloud Services Require a Shift in Security Strategy
Cloud Services Require a Shift in Security Strategy
Dark Reading Videos  |  8/22/2019  | 
End-user organizations have their security management tools, but so do cloud service providers, and that forces some hard questions about whose tools will be used to keep everything locked down, says Jesse Rothstein, CTO and Co-Founder of ExtraHop. And he makes the case that better data hygiene can help decrease the chances of a breach.
Regular User Training Most Effective Security Antidote
Regular User Training Most Effective Security Antidote
Dark Reading Videos  |  8/22/2019  | 
Social engineering remains the top vulnerability organizations face because humans remain the easiest way to access networks or databases, says Stu Sjouwerman, Founder and CEO of KnowBe4. Regular training sessions coupled with creation of a "human firewall" remain the most effective protections against social engineering and phishing, he adds.
Analytics and Data Prove Effective Security Hybrid
Analytics and Data Prove Effective Security Hybrid
Dark Reading Videos  |  8/22/2019  | 
Against the backdrop of consolidation in the SIEM and SOAR sectors, infosec professionals are deploying some combination of analytics and security, according to Haiyan Song, Senior Vice President & General Manager of Security Markets for Splunk. Analytics helps organizations make better decisions and detect anomalies faster, she adds.
New Malware Variant Targets Old Adobe, Office Vulnerabilities
News  |  8/22/2019  | 
Criminals appear to have developed it knowing some users have not patched or updated to newer versions, Trend Micro says.
Time to Get Smarter About Threat Intel
Time to Get Smarter About Threat Intel
Dark Reading Videos  |  8/22/2019  | 
Bad actors move faster than threat intelligence feeds and the infosec pros who monitor them, notes Joakim Kennedy, Threat Intel Manager for Anomali Research. Organizations need to establish a dedicated team to manage threat intel, and an adequate budget. Kennedy also encourages intelligence sharing as part of a stepped-up protection strategy.
Microsoft Tops Phishers' Favorite Brands as Facebook Spikes
News  |  8/22/2019  | 
Microsoft remains the favorite brand to spoof in phishing campaigns, but more attackers are impersonating Facebook.
Aviation Faces Increasing Cybersecurity Scrutiny
News  |  8/22/2019  | 
Some aviation experts and security researchers are trying to foster closer alliances for securing airplane networks.
Make DNS a Cornerstone of Your Cyber Security Arsenal
Make DNS a Cornerstone of Your Cyber Security Arsenal
Dark Reading Videos  |  8/22/2019  | 
Better known for their essential role in networking, Domain Name Servers should be tapped as a means to identify and shut down suspicious or destructive activity, according to Anthony James, VP of Marketing for Infoblox. He also explains how to combine DNS with DHCP and IP address management to improve an organization's security.
Threat Intelligence Gateways: A Useful Adjunct to Overworked Perimeter Security
Commentary  |  8/22/2019  | 
Comparative research shows the relative strengths and weaknesses of five TIG vendors and which kinds of security organization will reap the most benefit.
Endgame Boosts Apple Security to Be Commensurate with Windows Security
Endgame Boosts Apple Security to Be Commensurate with Windows Security
Dark Reading Videos  |  8/22/2019  | 
Gone are the days when users could take refuge from Windows threats with Apple devices, as malware writers are exploiting OSX and iOS with real vigor, says Mark Dufresne, VP of R&D at Endgame. And though it's taken a while, Mac security has achieved parity with Windows so that Apple users need no longer settle for "protected enough."
Page 1 / 4   >   >>


DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Human Nature vs. AI: A False Dichotomy?
John McClurg, Sr. VP & CISO, BlackBerry,  11/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: -when I told you that our cyber-defense was from another age
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-3350
PUBLISHED: 2019-11-19
masqmail 0.2.21 through 0.2.30 improperly calls seteuid() in src/log.c and src/masqmail.c that results in improper privilege dropping.
CVE-2011-3352
PUBLISHED: 2019-11-19
Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the 'themename' parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context ...
CVE-2011-3349
PUBLISHED: 2019-11-19
lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation.
CVE-2019-10080
PUBLISHED: 2019-11-19
The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE) and reveal information such as the versions of Java, Jersey, and Apache that the NiFI ...
CVE-2019-10083
PUBLISHED: 2019-11-19
When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the request includes all of its contents (at the top most level, not recursively). The response included details about processors and controller services which the user may not have had read access to.