Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in August 2019
<<   <   Page 4 / 4
Wipro Says That Target on the Enterprise's Back Just Got Bigger
Larry Loeb  |  8/7/2019  | 
Wipro has presented the third edition of their 'State of Cybersecurity Report,' looking at trends and behaviors that have occurred over the last year.
North Korean Cyber Ops Reportedly Stole $2B to Fund Weapons Programs
News  |  8/7/2019  | 
Unlike many nations, North Korea often engages in cyber operations to generate much-needed cash for the country's coffers. In that respect, its hackers have been extremely successful.
Enterprises Must Be Wary of Ransomware Targeting Network File Shares & Cloud Assets
News  |  8/7/2019  | 
New research shows that criminals are evolving ransomware attacks against servers, network hosts, and IaaS cloud assets in search of bigger payoffs from businesses.
Boeing 787 On-Board Network Vulnerable to Remote Hacking, Researcher Says
News  |  8/7/2019  | 
Boeing disputes IOActive findings ahead of security firm's Black Hat USA presentation.
Rethinking Website Spoofing Mitigation
Commentary  |  8/7/2019  | 
Deception technology is evolving rapidly, making it easier for organizations to turn the tables on their attackers. Here's how.
New Speculative Execution Vulnerability Gives CISOs a New Reason to Lose Sleep
News  |  8/6/2019  | 
The vulnerability, dubbed SWAPGS, is an undetectable threat to data security, similar in some respects to Spectre and Meltdown.
US Air Force Bug Bounty Program Nets 54 Flaws for $123,000
News  |  8/6/2019  | 
The Air Force brought together 50 vetted hackers to find the vulnerabilities in the latest bug-bounty program hosted by a branch of the US military.
Russian Attack Group Uses Phones & Printers to Breach Corporate Networks
Quick Hits  |  8/6/2019  | 
Microsoft spotted Strontium, also known as APT28 or Fancy Bear, using IoT devices to breach businesses and seek high-value data.
Ongoing Campaign Spoofs Walmart, Dating, Movie Sites
News  |  8/6/2019  | 
A new investigation detects more than 540 domain names linked to the Walmart brand and camouflaged as career, dating, and entertainment websites.
When Perceived Cybersecurity Risk Outweighs Reality
Commentary  |  8/6/2019  | 
Teams need to manage perceived risks so they can focus on fighting the real fires.
FBI Issues Relationship Fraud/Confidence Scheme Warning
Quick Hits  |  8/6/2019  | 
Criminals are getting increasingly sophisticated in their efforts to commit fraud and recruit 'money mules,' according to the FBI.
Security & the Infinite Capacity to Rationalize
Commentary  |  8/6/2019  | 
To improve the security posture of our organizations, we must open our eyes to rationalization and put an end to it with logic. Here's how.
Mimecast Rejected Over 67 Billion Emails. Here's What It Learned
News  |  8/6/2019  | 
New research warns that security pros must guard against updates to older malware and more manipulative social-engineering techniques.
Ransomware Used in Multimillion-Dollar Attacks Gets More Automated
News  |  8/5/2019  | 
The authors of MegaCortex appear to have traded security for convenience and speed, say researchers at Accenture iDefense.
Destructive Malware Attacks Up 200% in 2019
News  |  8/5/2019  | 
Organizations hit with destructive malware can lose more than 12,000 machines and face $200 million or more in costs, IBM X-Force reports.
Has Your Employee Been Compromised by Sextortion?
Larry Loeb  |  8/5/2019  | 
Sextortion is one particular kind of extortion that is defined by the Cambridge dictionary as "The practice of forcing someone to do something by threatening to publish sexual information about them."
Database of 200M-Plus Potential 'Sextortion' Victims Published
Quick Hits  |  8/5/2019  | 
Researchers have discovered a botnet (and the database it feeds on) dedicated to extortion schemes.
Microsoft Opens Azure Security Lab, Raises Top Azure Bounty to $40K
News  |  8/5/2019  | 
Microsoft has invited security experts to 'come and do their worst' to mimic cybercriminals in the Azure Security Lab.
Fighting Back Against Mobile Fraudsters
Commentary  |  8/5/2019  | 
The first step toward identifying and preventing mobile fraud threats is acknowledging that mobile security requires a unique solution.
8 Head-Turning Ransomware Attacks to Hit City Governments
Slideshows  |  8/5/2019  | 
Hackers know vulnerable systems when they see them, and they also know this: Many government systems are decades old, running Windows 7 and even Windows XP.
US Utilities Hit with Phishing Attack
Quick Hits  |  8/2/2019  | 
An email phishing attack, thought to be from a nation-state actor, claims that engineers have failed licensing exams.
Bulletproof Proxy Providers Try to Hide Botnet IP Address Needles in Haystacks
Larry Loeb  |  8/2/2019  | 
Cequence Security's CQ Prime research team thinks it has spotted a new trend it calls 'bulletproof proxies.'
Capital One: What We Should Learn This Time
News  |  8/2/2019  | 
Where Capital One went wrong, what the bank did right, and more key takeaways from the latest mega-breach.
Black Hat: A Summer Break from the Mundane and Controllable
Commentary  |  8/2/2019  | 
Enjoy the respite from the security tasks that await you back at home. Then prepare yourself for the uphill battles to come. Here's how.
Cisco Pays $8.6M in First False Claims Suit for Vulnerabilities in Security Product
News  |  8/1/2019  | 
A security consultant reported vulnerabilities in Cisco's Video Surveillance Manager in 2009 but the company ignored the issues and fired the consultant.
47% of Android Anti-Malware Apps Are Flawed
News  |  8/1/2019  | 
Protection failures come at a time when malicious Android software is becoming more of a problem.
PCI Security Council, Retail ISAC Warn Retailers on Magecart Attacks
News  |  8/1/2019  | 
Online card-skimming activities grew sharply this summer fueled by the availability of attack kits and other factors, Malwarebytes says.
DARPA to Bring its Smart Ballot Boxes to DEF CON for Hacking
News  |  8/1/2019  | 
The agency this week will share the source code and hardware specifications for the secure voting system prototypes.
Who Is Phoning Home on Your Firm's Dime?
Larry Loeb  |  8/1/2019  | 
ExtraHop customers in 2018 and the first weeks of 2019 took a look at some third-party supplied enterprise software's behavior and were not pleased when it would, unannounced, call home for its creators.
1M Payment Cards Exposed in South Korea Breach
Quick Hits  |  8/1/2019  | 
South Korea is the largest victim of card present data theft at a time when criminals are ramping up cyberattacks in the Asia-Pacific region.
Researcher Find Open 'Road Map' to Honda Computers
Quick Hits  |  8/1/2019  | 
An unprotected database, now secured, contained information on every computer owned by the automobile giant.
Demystifying New FIDO Standards & Innovations
Commentary  |  8/1/2019  | 
Staying on top of the latest cybersecurity risks and preferred attack methods can feel impossible, but standards like FIDO2 are designed to help relieve the burden.
SecOps Success Through Employee Retention
Commentary  |  8/1/2019  | 
To keep your turnover low, focus on these areas: compensation, advancement opportunities, training, and environment.
<<   <   Page 4 / 4


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30485
PUBLISHED: 2021-04-11
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_internal_dtd(), while parsing a crafted XML file, performs incorrect memory handling, leading to a NULL pointer dereference while running strcmp() on a NULL pointer.
CVE-2021-30481
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
CVE-2021-20020
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
CVE-2021-30480
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
CVE-2021-21194
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.