Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in August 2019
<<   <   Page 2 / 4   >   >>
Time to Get Smarter About Threat Intel
Time to Get Smarter About Threat Intel
Dark Reading Videos  |  8/22/2019  | 
Bad actors move faster than threat intelligence feeds and the infosec pros who monitor them, notes Joakim Kennedy, Threat Intel Manager for Anomali Research. Organizations need to establish a dedicated team to manage threat intel, and an adequate budget. Kennedy also encourages intelligence sharing as part of a stepped-up protection strategy.
Microsoft Tops Phishers' Favorite Brands as Facebook Spikes
News  |  8/22/2019  | 
Microsoft remains the favorite brand to spoof in phishing campaigns, but more attackers are impersonating Facebook.
Aviation Faces Increasing Cybersecurity Scrutiny
News  |  8/22/2019  | 
Some aviation experts and security researchers are trying to foster closer alliances for securing airplane networks.
Make DNS a Cornerstone of Your Cyber Security Arsenal
Make DNS a Cornerstone of Your Cyber Security Arsenal
Dark Reading Videos  |  8/22/2019  | 
Better known for their essential role in networking, Domain Name Servers should be tapped as a means to identify and shut down suspicious or destructive activity, according to Anthony James, VP of Marketing for Infoblox. He also explains how to combine DNS with DHCP and IP address management to improve an organization's security.
Threat Intelligence Gateways: A Useful Adjunct to Overworked Perimeter Security
Commentary  |  8/22/2019  | 
Comparative research shows the relative strengths and weaknesses of five TIG vendors and which kinds of security organization will reap the most benefit.
Endgame Boosts Apple Security to Be Commensurate with Windows Security
Endgame Boosts Apple Security to Be Commensurate with Windows Security
Dark Reading Videos  |  8/22/2019  | 
Gone are the days when users could take refuge from Windows threats with Apple devices, as malware writers are exploiting OSX and iOS with real vigor, says Mark Dufresne, VP of R&D at Endgame. And though it's taken a while, Mac security has achieved parity with Windows so that Apple users need no longer settle for "protected enough."
LinkedIn Details Features of Fight Against Fakes
Quick Hits  |  8/22/2019  | 
A recent blog post explains how the social network is fighting to protect its users from interactions with fake accounts.
Texas Towns Recover, but Local Governments Have Little Hope for Respite from Ransomware
News  |  8/22/2019  | 
Their struggles underscore the difficulties for small towns in dealing with cyberattacks.
SafeGuard Cyber Adds Security, Compliance Capabilities for WeChat
Quick Hits  |  8/22/2019  | 
A lack of visibility into the app could expose business users to compliance risks and security threats, the company says.
Secureworks Pushes Human Intelligence, Machine Learning to Work Together
Secureworks Pushes Human Intelligence, Machine Learning to Work Together
Dark Reading Videos  |  8/22/2019  | 
Eschewing the either-or approach with machine learning, security operations centers must learn to identify and exploit the best of both approaches according to Secureworks' Tim Vidas and Nash Borges. Taken together, human and machine intelligence can be a force multiplier against human cyber adversaries, they say.
5 Identity Challenges Facing Todays IT Teams
Commentary  |  8/22/2019  | 
To take control over your company's security, identify and understand the biggest identity and access management challenges facing IT teams today and start addressing them.
Asset Management Becomes the New Security Model
Asset Management Becomes the New Security Model
Dark Reading Videos  |  8/22/2019  | 
While security pros once rallied around end-device management as their organizing principle, that approach is being subsumed by asset management, according to Dean Sysman, CEO and Co-Founder of Axonius. Device management becomes a subset of asset management, as organizations create a hierarchy to protect what's most valuable to them, he adds.
New FISMA Report Shows Progress, Gaps in Federal Cybersecurity
News  |  8/21/2019  | 
No major incidents mixed with continuing gaps in implementation paint an improving, but still muddy, picture of cybersecurity in the federal government.
Silence APT Group Broadens Attacks on Banks, Gets More Dangerous
News  |  8/21/2019  | 
Over the past year, the financial damage linked to the Russian-speaking threat group has spiked fivefold, Group-IB says.
Splunk Buys SignalFx for $1.05 Billion
Quick Hits  |  8/21/2019  | 
Deal will yield 'one platform that can monitor the entire enterprise application lifecycle,' Splunk CEO says.
MoviePass Leaves Credit Card Numbers, Personal Data Exposed Online
News  |  8/21/2019  | 
Thousands of customers' credit card numbers, MoviePass card numbers, and sensitive data were left in an unprotected database.
'Box Shield' Brings New Security Controls
News  |  8/21/2019  | 
New controls and threat detection capabilities built into Box aim to prevent accidental data leakage and misuse.
eSentire Blends Managed Detection and Response With Machine Learning
eSentire Blends Managed Detection and Response With Machine Learning
Dark Reading Videos  |  8/21/2019  | 
While many infosec pros believe they're getting managed detection response (MDR) from their managed security service providers, that's not necessarily the case, according to Eldon Sprickerhoff, Founder and Chief Innovation Officer of eSentire. Adding machine learning to the mix helps automate MDR, strengthening an organization's security posture.
Ransomware Hits Fortnite Players
Quick Hits  |  8/21/2019  | 
Ransomware masquerading as game "cheats" is hitting Fortnite players. Fortunately, there are ways to recover without paying a ransom.
State-Sponsored Cyberattacks Target Medical Research
News  |  8/21/2019  | 
Cancer research is a particular target among Chinese espionage groups, says security firm FireEye.
New Confidential Computing Consortium Includes Google, Intel, Microsoft
Quick Hits  |  8/21/2019  | 
The Linux Foundation plans to form a community to "define and accelerate" the adoption of confidential computing.
Bad Actors Find Leverage With Automated Active Attacks
Bad Actors Find Leverage With Automated Active Attacks
Dark Reading Videos  |  8/21/2019  | 
Once used only by nation-state attackers, automated active attacks have gone mainstream and allow the average cyber-criminal to gain entry and engage in malfeasance, says Chet Wisniewski, Principal Research scientist with Sophos. Luckily, organizations are getting smarter at spotting these stealthy, customized attacks earlier than they used to.
'Phoning Home': Your Latest Data Exfiltration Headache
Commentary  |  8/21/2019  | 
Companies phone enterprise customer data home securely and for a variety of perfectly legitimate and useful reasons. The problems stem from insufficient disclosure.
7 Big Factors Putting Small Businesses At Risk
Slideshows  |  8/21/2019  | 
Small organizations still face a long list of security threats. These threats and vulnerabilities should be top of mind.
CISOs Struggle with Diminishing Tools to Protect Assets from Growing Threats
Quick Hits  |  8/20/2019  | 
Most CISOs see the risk of cyberattacks growing and feel they're falling behind in their ability to fight back, a new survey finds.
Apple Misstep Leaves iPhones Open to Jailbreak
News  |  8/20/2019  | 
Newest version of iOS contains a critical bug that the company had previously already patched.
Fintech Startups Get Sloppy With Application Security
Larry Loeb  |  8/20/2019  | 
Some startups need to shape up or ship out.
Cyberthreats Against Financial Services Up 56%
Quick Hits  |  8/20/2019  | 
Financial institutions interacting with customers online must prepare for a broader, more sophisticated variety of threats.
New Industry Drives Renewed Interest in Embedded Security
Larry Loeb  |  8/20/2019  | 
Hardware for security may just get hot.
Who Gets Privileged Access & How to Enforce It
Commentary  |  8/20/2019  | 
Let's begin by re-evaluating IT infrastructures to determine who has access to what, why, and when.
Visa Adds New Fraud Disruption Measures
News  |  8/20/2019  | 
Payment card giant creates a 'cyber fraud system' to thwart transaction abuse.
5 Ways to Improve the Patching Process
Slideshows  |  8/20/2019  | 
So many software vulnerabilities, so little time. But failure to patch them can have serious consequences. Here's help for overwhelmed security teams.
What Americans Think About Ransomware
Quick Hits  |  8/19/2019  | 
New Harris Poll survey says most will weigh candidates' cybersecurity positions.
Instagram Added to Facebook Data-Abuse Bounty Program
News  |  8/19/2019  | 
Social media giant also launches invitation-only bug bounty program for 'Checkout on Instagram'.
Towns Across Texas Hit in Coordinated Ransomware Attack
News  |  8/19/2019  | 
The state government and cybersecurity groups have mobilized to respond to a mass ransomware attack that simultaneously hit 22 different towns statewide.
VxWorks TCP/IP Stack Vulnerability Poses Major Manufacturing Risk
News  |  8/19/2019  | 
A new analysis shows the scale of risk posed by networking vulnerabilities in a popular embedded real-time operating system.
US Chamber of Commerce, FICO Report National Risk Score of 688
Quick Hits  |  8/19/2019  | 
While the score was up for large businesses and down for small firms, the report urges all to prioritize third-party risk management.
Tough Love: Debunking Myths about DevOps & Security
Commentary  |  8/19/2019  | 
It's time to move past trivial 'shift left' conceptions of DevSecOps and take a hard look at how security work actually gets accomplished.
Google Analyzes Pilfered Password Reuse
Quick Hits  |  8/16/2019  | 
Password Checkup data shows some users still reuse their exposed passwords.
CTF Protocol Serves as a Low-Level Way to Take Over Windows Machines
Larry Loeb  |  8/16/2019  | 
There is a protocol in Windows that has been around since the days of Windows XP, which has been found to be insecure.
Project Zero Turns 5: How Google's Zero-Day Hunt Has Grown
News  |  8/16/2019  | 
At Black Hat USA, Project Zero's team lead shared details of projects it has accomplished and its influence on the security community.
European Central Bank Website Hit by Malware Attack
Quick Hits  |  8/16/2019  | 
The website was infected with malware that stole information on subscribers to a bank newsletter.
Beat the Heat: Dark Reading Caption Contest Winners
Commentary  |  8/16/2019  | 
Phishing, token codes, training, MFA, polluted data entry, and whales. And the winners are ...
Behind the Scenes at ICS Village
News  |  8/16/2019  | 
ICS Village co-founder Bryson Bort reveals plans for research-dedicated events that team independent researchers, critical infrastructure owners, and government specialists.
More Than 20 Data Breaches Reported Per Day in First Half of 2019
News  |  8/15/2019  | 
But incidents involving SSNs, addresses, birth dates were smaller than in previous years.
NSA Researchers Talk Development, Release of Ghidra SRE Tool
News  |  8/15/2019  | 
NSA researchers took the Black Hat stage to share details of how they developed and released the software reverse-engineering framework.
Adware, Trojans Hit Education Sector Hard
News  |  8/15/2019  | 
Students continue to be weak links for schools and universities, according to data from security firm Malwarebytes.
New Research Finds More Struts Vulnerabilities
Quick Hits  |  8/15/2019  | 
Despite aggressive updating and patching, many organizations are still using versions of Apache Struts with known -- and new -- vulnerabilities.
The Flaw in Vulnerability Management: It's Time to Get Real
Commentary  |  8/15/2019  | 
Companies will never be 100% immune to cyberattacks. But by having a realistic view of the basics, starting with endpoint vulnerabilities, we can build for a safer future.
68% of Companies Say Red Teaming Beats Blue Teaming
Quick Hits  |  8/15/2019  | 
The majority of organizations surveyed find red team exercises more effective than blue team testing, research shows.
<<   <   Page 2 / 4   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27706
PUBLISHED: 2021-04-14
Buffer Overflow in Tenda G1 and G3 routers with firmware version V15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/&quot;IPMacBindIndex &quot;request. This occurs because the &quot;formIPMacBindDel&quot; function directly passes the parameter &quot;IPMacBind...
CVE-2021-27707
PUBLISHED: 2021-04-14
Buffer Overflow in Tenda G1 and G3 routers with firmware v15.11.0.17(9502)_CN allows remote attackers to execute arbitrary code via a crafted action/&quot;portMappingIndex &quot;request. This occurs because the &quot;formDelPortMapping&quot; function directly passes the parameter &quot;portMappingIn...
CVE-2021-28098
PUBLISHED: 2021-04-14
An issue was discovered in Forescout CounterACT before 8.1.4. A local privilege escalation vulnerability is present in the logging function. SecureConnector runs with administrative privileges and writes logs entries to a file in %PROGRAMDATA%\ForeScout SecureConnector\ that has full permissions for...
CVE-2021-30493
PUBLISHED: 2021-04-14
Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the ChromaBroadcast subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other wor...
CVE-2021-30494
PUBLISHED: 2021-04-14
Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the Razer Chroma SDK subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other wo...