News & Commentary

Content posted in September 2017
Page 1 / 3   >   >>
Best and Worst Security Functions to Outsource
Slideshows  |  9/29/2017  | 
Which security functions are best handled by third parties, and which should be kept in-house? Experts weigh in.
Apple Shares More Data with US in First Half of 2017
Quick Hits  |  9/29/2017  | 
Device-based data requests from government agencies dropped in the first half over last year, but Apple fulfilled a higher percentage of those requests, according to its transparency report.
Whole Foods Reports Credit Card Breach
Quick Hits  |  9/29/2017  | 
The breach affects customers of certain Whole Foods taprooms and table-service restaurants.
Apple Mac Models Vulnerable to Targeted Attacks
News  |  9/29/2017  | 
Several updated Mac models don't receive EFI security fixes, putting machines at risk for targeted cyberattacks.
Analyzing Cybersecurity's Fractured Educational Ecosystem
Commentary  |  9/29/2017  | 
We have surprisingly little data on how to evaluate infosec job candidates academic qualifications. That needs to change.
CISOs Offer Soup-to-Nuts C-Suite Strategy
News  |  9/29/2017  | 
Chief information security officers from Dell, RCB Bank and other organizations share what it takes to become a security exec, sit in the C-Suite, and keep the job.
New Locky Ransomware Phishing Attacks Beat Machine Learning Tools
News  |  9/28/2017  | 
Late September attacks highlight the persistent nature of ransomware threats, Comodo says.
Key Security Innovations Focus on Policy and Tech
News  |  9/28/2017  | 
The New York Cyber Task Force says strategic innovations, not only technical ones, have made the biggest difference.
Report: Bank Email Fraud Increases since Equifax Breach
Quick Hits  |  9/28/2017  | 
Cyberthieves are impersonating banks to send bogus "secure" bank email messages.
Central Banks Propose Better Inter-Bank Security
Quick Hits  |  9/28/2017  | 
Institutions from the world's largest economies want to improve security following abuse of inter-bank messaging and payment systems.
Ransomware Numbers Continue to Look Abysmal
News  |  9/28/2017  | 
Ransomware is one of the fastest-growing concerns among IT pros, according to several studies out this week.
Equihax: Identifying & Wrangling Vulnerabilities
Commentary  |  9/28/2017  | 
Now that we know what was taken from Equifax, how it was taken, and what is being sold, what more do we need to learn before the next time?
TrickBot Rapidly Expands its Targets in August
Partner Perspectives  |  9/28/2017  | 
TrickBot shifted its focus to U.S banks and credit card companies, soaring past the 1,000 target URL mark in a single configuration.
Malware Investigation Leads to Sophisticated Mideast Threat Network
News  |  9/27/2017  | 
The infrastructure behind a Web shell used in an attack earlier this year suggests methodical and purposeful threat actors, Palo Alto Networks says.
Caterpillar Eyes Competitive Edge with Connected Asset Security Program
News  |  9/27/2017  | 
Launches program to incorporate security by design and a strategic governance policy across all of its IoT products.
Companies Push to Decode Cloud Encryption
News  |  9/27/2017  | 
Businesses buckle down on encryption as it becomes table stakes for securing data in the cloud.
Sonic Data Breach Potentially Affects Millions
Quick Hits  |  9/27/2017  | 
Sonic first heard about the breach when its credit-card processor detected unusual activity on customers' payment cards.
How to Live by the Code of Good Bots
Commentary  |  9/27/2017  | 
Following these four tenets will show the world that your bot means no harm.
7 SIEM Situations That Can Sack Security Teams
Slideshows  |  9/27/2017  | 
SIEMs are considered an important tool for incident response, yet a large swath of users find seven major problems when working with SIEMs.
Popular Mobile Trading Apps Riddled With Vulnerabilities, Security Firm Warns
News  |  9/26/2017  | 
IOActive's review of 21 of the most used mobile apps for investment trading shows a majority of them exposing users to various security risks.
Cybercrime Costs Each Business $11.7M Per Year
News  |  9/26/2017  | 
The most expensive attacks are malware infections, which cost global businesses $2.4 million per incident.
Chevron's Jump to the Cloud is a Journey
News  |  9/26/2017  | 
Enterprises entertaining a move to the cloud should brace themselves for a challenging path of discovery.
How Security Metrics Fail Us & How We Fail Them
How Security Metrics Fail Us & How We Fail Them
Dark Reading Videos  |  9/26/2017  | 
Joseph Carson of Thycotic discusses how infosec professionals buy security products they don't need and make other bad decisions, because of poor use of metrics.
SEC Attackers Had Authentic Data Used in Business Tests: Reuters
Quick Hits  |  9/26/2017  | 
Sources say the hackers behind last year's SEC breach accessed financial data used by companies testing its EDGAR filing system.
Why Your Business Must Care about Privacy
Commentary  |  9/26/2017  | 
It might not have something to hide, but it definitely has something to protect.
Equifax CEO Retires in Wake of Breach
Quick Hits  |  9/26/2017  | 
After the company's CIO and CSO resigned Sep. 14, Chairman and CEO Richard F. Smith follows them out the door.
FBI's Freese Shares Risk Management Tips
News  |  9/26/2017  | 
Deputy Assistant Director Donald Freese advises enterprises to lead with a business case and not fear addressing the C-suite on risk management.
After DHS Notice, 21 States Reveal They Were Targeted During Election
Quick Hits  |  9/25/2017  | 
Election officials in swing states Florida, Ohio, and Pennsylvania among those who report Russian state-sponsored attackers targeted their systems.
Microsoft Builds Automation into Windows Defender ATP
News  |  9/25/2017  | 
Automation can help manage and respond to alert overflow, but will come with its own specific set of challenges.
Breach at Deloitte Exposes Emails, Client Data
News  |  9/25/2017  | 
Intrusion may have resulted from company's failure to properly secure a key administrator account.
Privacy Shield Framework Gains Popularity in EU, US: Report
Quick Hits  |  9/25/2017  | 
The IAPP-EY Privacy Governance Survey shows marked interest in the Privacy Shield framework to transfer personal data.
PassGAN: Password Cracking Using Machine Learning
News  |  9/25/2017  | 
Researchers demo how deep neural networks can be trained to generate passwords better than the best password-cracking tools.
Security's #1 Problem: Economic Incentives
Commentary  |  9/25/2017  | 
The industry rewards cutting corners rather than making software safe. Case in point: the Equifax breach.
1.4 Million New Phishing Sites Launched Each Month
Quick Hits  |  9/22/2017  | 
The number of phishing attacks reach a record rate in 2017, but the majority of the phishing sites remain active for just four- to eight hours.
Americans Rank Criminal Hacking as Their Number One Threat
News  |  9/22/2017  | 
Global warming and artificial intelligence rate as less of a threat to human health, safety, and prosperity, than getting hacked, according to a survey released today.
Health IT & Cybersecurity: 5 Hiring Misconceptions to Avoid
Commentary  |  9/22/2017  | 
Why healthcare organizations need a good strategy to find talent, or get left behind.
10 Security Product Flaw Scares
Slideshows  |  9/22/2017  | 
CCleaner compromise puts the crown on several years' worth of headlines about cybersecurity product weaknesses.
Where Do Security Vulnerabilities Come From?
Partner Perspectives  |  9/22/2017  | 
There are three major causes: code quality, complexity, and trusted data inputs.
SEC Says Intruders May Have Accessed Insider Data for Illegal Trading
News  |  9/21/2017  | 
2016 breach of the Securities and Exchange Commission's EDGAR database dents its reputation as a federal cybersecurity enforcer.
CCleaner Malware Targeted Tech Giants Cisco, Google, Microsoft
News  |  9/21/2017  | 
The backdoor discovered in Avast's CCleaner targeted top tech companies including Google, Microsoft, Samsung, Sony, VMware, and Cisco.
Why Size Doesn't Matter in DDoS Attacks
Commentary  |  9/21/2017  | 
Companies both large and small are targets. Never think "I'm not big enough for a hacker's attention."
SMBs Paid $301 Million to Ransomware Attackers
Quick Hits  |  9/21/2017  | 
But small- to midsized businesses are taking a tougher stand against ransomware attacks, according to a survey released today of the 2016-2017 period.
OPM Data Breach Lawsuit Tossed, Fed Plaintiffs will Appeal
Quick Hits  |  9/21/2017  | 
A judge ruled federal employees cannot sue for damages from the 2015 Office of Personnel Management data breach.
Iranian Cyberspy Group Targets Aerospace, Energy Firms
News  |  9/20/2017  | 
APT33 focused on gathering information to bolster Iran's aviation industry and military decision-making capability, FireEye says.
Cisco SMI Still Exposing Network Switches Online
News  |  9/20/2017  | 
The high number of exposed and vulnerable devices online has remained largely unchanged since researchers began exploring SMI in 2010.
Mobile Ransomware Hits Browsers with Old-School Techniques
News  |  9/20/2017  | 
Several types of malware sold on the dark Web advertise the ability to spy on Android smartphones, encrypt files, and demand payment.
Artificial Intelligence: Getting the Results You Want
Partner Perspectives  |  9/20/2017  | 
Finding a vendor that doesnt claim to do AI is hard these days. But getting the benefits you need and expect is even harder.
Software Assurance: Thinking Back, Looking Forward
Commentary  |  9/20/2017  | 
Ten personal observations that aim to bolster state-of-the-art and state-of-practice in application security.
SecureAuth to Merge with Core Security
News  |  9/20/2017  | 
K1 Investment Management, which owns Core Security, plans to acquire the identity management and authentication company for more than $200 million.
1.9 Billion Data Records Exposed in First Half of 2017
News  |  9/20/2017  | 
Every second, 122 records are exposed in breaches around the globe, a new report shows. And that's doesn't even include the new Equifax breach data.
Page 1 / 3   >   >>


More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark Reading,  5/24/2018
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11489
PUBLISHED: 2018-05-26
The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact.
CVE-2018-11490
PUBLISHED: 2018-05-26
The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspe...
CVE-2018-11493
PUBLISHED: 2018-05-26
An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a friendship link via index.php?m=link&f=index&v=add.
CVE-2018-11487
PUBLISHED: 2018-05-26
PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php.
CVE-2018-11471
PUBLISHED: 2018-05-25
Cockpit 0.5.5 has XSS via a collection, form, or region.