Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in September 2017
Page 1 / 4   >   >>
Friday Haiku: The Quantum Future
Curt Franklin  |  9/29/2017  | 
The Friday Haiku reflects on a week in Orlando's heat.
Best and Worst Security Functions to Outsource
Slideshows  |  9/29/2017  | 
Which security functions are best handled by third parties, and which should be kept in-house? Experts weigh in.
Consumers Think Security When Choosing Brands
Simon Marshall  |  9/29/2017  | 
Consumers are beginning to pay attention to security reputation when choosing which brands to support.
Authentication Tackles Forests at Microsoft Ignite
Curt Franklin  |  9/29/2017  | 
Authentication is an issue on a personal computer. It's a complex problem in AD forest management.
Apple Shares More Data with US in First Half of 2017
Quick Hits  |  9/29/2017  | 
Device-based data requests from government agencies dropped in the first half over last year, but Apple fulfilled a higher percentage of those requests, according to its transparency report.
Whole Foods Reports Credit Card Breach
Quick Hits  |  9/29/2017  | 
The breach affects customers of certain Whole Foods taprooms and table-service restaurants.
Apple Mac Models Vulnerable to Targeted Attacks
News  |  9/29/2017  | 
Several updated Mac models don't receive EFI security fixes, putting machines at risk for targeted cyberattacks.
Analyzing Cybersecurity's Fractured Educational Ecosystem
Commentary  |  9/29/2017  | 
We have surprisingly little data on how to evaluate infosec job candidates academic qualifications. That needs to change.
CISOs Offer Soup-to-Nuts C-Suite Strategy
News  |  9/29/2017  | 
Chief information security officers from Dell, RCB Bank and other organizations share what it takes to become a security exec, sit in the C-Suite, and keep the job.
Security Takes On Malicious DNA (Files)
News Analysis-Security Now  |  9/28/2017  | 
Securing biomedical research can mean protecting systems from malicious code in the samples under investigation.
New Locky Ransomware Phishing Attacks Beat Machine Learning Tools
News  |  9/28/2017  | 
Late September attacks highlight the persistent nature of ransomware threats, Comodo says.
Fortanix Has Series A Funding for Run-Time Encryption
Simon Marshall  |  9/28/2017  | 
Fortanix has introduced new technology for run-time encryption to protect sensitive data.
Key Security Innovations Focus on Policy and Tech
News  |  9/28/2017  | 
The New York Cyber Task Force says strategic innovations, not only technical ones, have made the biggest difference.
Report: Bank Email Fraud Increases since Equifax Breach
Quick Hits  |  9/28/2017  | 
Cyberthieves are impersonating banks to send bogus "secure" bank email messages.
Central Banks Propose Better Inter-Bank Security
Quick Hits  |  9/28/2017  | 
Institutions from the world's largest economies want to improve security following abuse of inter-bank messaging and payment systems.
Ransomware Numbers Continue to Look Abysmal
News  |  9/28/2017  | 
Ransomware is one of the fastest-growing concerns among IT pros, according to several studies out this week.
Equihax: Identifying & Wrangling Vulnerabilities
Commentary  |  9/28/2017  | 
Now that we know what was taken from Equifax, how it was taken, and what is being sold, what more do we need to learn before the next time?
TrickBot Rapidly Expands its Targets in August
Partner Perspectives  |  9/28/2017  | 
TrickBot shifted its focus to U.S banks and credit card companies, soaring past the 1,000 target URL mark in a single configuration.
Three Reasons Facial Recognition Will Win
Curt Franklin  |  9/27/2017  | 
Facial recognition technology is coming to a device near you. Here are three reasons it's inevitable.
Malware Investigation Leads to Sophisticated Mideast Threat Network
News  |  9/27/2017  | 
The infrastructure behind a Web shell used in an attack earlier this year suggests methodical and purposeful threat actors, Palo Alto Networks says.
Caterpillar Eyes Competitive Edge with Connected Asset Security Program
News  |  9/27/2017  | 
Launches program to incorporate security by design and a strategic governance policy across all of its IoT products.
Companies Push to Decode Cloud Encryption
News  |  9/27/2017  | 
Businesses buckle down on encryption as it becomes table stakes for securing data in the cloud.
Sonic Data Breach Potentially Affects Millions
Quick Hits  |  9/27/2017  | 
Sonic first heard about the breach when its credit-card processor detected unusual activity on customers' payment cards.
Deloitte Hack Still Has More Questions Than Answers
Simon Marshall  |  9/27/2017  | 
The huge hack of global accounting firm Deloitte is still presenting more questions than answers for security professionals.
How to Live by the Code of Good Bots
Commentary  |  9/27/2017  | 
Following these four tenets will show the world that your bot means no harm.
7 SIEM Situations That Can Sack Security Teams
Slideshows  |  9/27/2017  | 
SIEMs are considered an important tool for incident response, yet a large swath of users find seven major problems when working with SIEMs.
Popular Mobile Trading Apps Riddled With Vulnerabilities, Security Firm Warns
News  |  9/26/2017  | 
IOActive's review of 21 of the most used mobile apps for investment trading shows a majority of them exposing users to various security risks.
Cybercrime Costs Each Business $11.7M Per Year
News  |  9/26/2017  | 
The most expensive attacks are malware infections, which cost global businesses $2.4 million per incident.
Microsoft Ignite: 9 Things to Know
Curt Franklin  |  9/26/2017  | 
Microsoft's largest annual conference, Ignite, is underway in Orlando, Fla. Security Now is there and here's what we're seeing.
Chevron's Jump to the Cloud is a Journey
News  |  9/26/2017  | 
Enterprises entertaining a move to the cloud should brace themselves for a challenging path of discovery.
Safety Starts With Data: An Interview With GM's Head of Product Cybersecurity
Simon Marshall  |  9/26/2017  | 
An insightful Security Now interview with Jeff Massimilla, vice president global vehicle safety and product cybersecurity at General Motors.
How Security Metrics Fail Us & How We Fail Them
How Security Metrics Fail Us & How We Fail Them
Dark Reading Videos  |  9/26/2017  | 
Joseph Carson of Thycotic discusses how infosec professionals buy security products they don't need and make other bad decisions, because of poor use of metrics.
Splunk Ups Machine IQ in Software Updates
Curt Franklin  |  9/26/2017  | 
Splunk has increased machine intelligence and analytics capabilities in a series of software updates.
SEC Attackers Had Authentic Data Used in Business Tests: Reuters
Quick Hits  |  9/26/2017  | 
Sources say the hackers behind last year's SEC breach accessed financial data used by companies testing its EDGAR filing system.
Why Your Business Must Care about Privacy
Commentary  |  9/26/2017  | 
It might not have something to hide, but it definitely has something to protect.
Equifax CEO Retires in Wake of Breach
Quick Hits  |  9/26/2017  | 
After the company's CIO and CSO resigned Sep. 14, Chairman and CEO Richard F. Smith follows them out the door.
FBI's Freese Shares Risk Management Tips
News  |  9/26/2017  | 
Deputy Assistant Director Donald Freese advises enterprises to lead with a business case and not fear addressing the C-suite on risk management.
Microsoft's Nadella Shares the Future at Ignite
Curt Franklin  |  9/25/2017  | 
Satya Nadella's keynote address can be boiled down to four phrases or words. Here's what you need to know to get ready for the Microsoft future.
Encryption: 6 Ways to Make It Matter
Curt Franklin  |  9/25/2017  | 
A Security Now special report provides best practice notes for encryption in the enterprise.
After DHS Notice, 21 States Reveal They Were Targeted During Election
Quick Hits  |  9/25/2017  | 
Election officials in swing states Florida, Ohio, and Pennsylvania among those who report Russian state-sponsored attackers targeted their systems.
Microsoft Builds Automation into Windows Defender ATP
News  |  9/25/2017  | 
Automation can help manage and respond to alert overflow, but will come with its own specific set of challenges.
Breach at Deloitte Exposes Emails, Client Data
News  |  9/25/2017  | 
Intrusion may have resulted from company's failure to properly secure a key administrator account.
Privacy Shield Framework Gains Popularity in EU, US: Report
Quick Hits  |  9/25/2017  | 
The IAPP-EY Privacy Governance Survey shows marked interest in the Privacy Shield framework to transfer personal data.
PassGAN: Password Cracking Using Machine Learning
News  |  9/25/2017  | 
Researchers demo how deep neural networks can be trained to generate passwords better than the best password-cracking tools.
Law Comes to the Self-Driving Wild West, Part 2
Simon Marshall  |  9/25/2017  | 
Legislators and regulators are scrambling to build a legal framework to support intelligent, connected and self-driving cars.
Security's #1 Problem: Economic Incentives
Commentary  |  9/25/2017  | 
The industry rewards cutting corners rather than making software safe. Case in point: the Equifax breach.
Right & Wrong Lessons From the Equifax Breach
Curt Franklin  |  9/22/2017  | 
There are lots of lessons to learn from the Equifax breach. Just make sure you're learning the right ones.
Friday Haiku: Gem or Not?
Curt Franklin  |  9/22/2017  | 
How will CISOs respond to the pressure of recent breaches? The Friday haiku asks the question.
NIST Redefines the Good Password
News Analysis-Security Now  |  9/22/2017  | 
NIST has offered new guidelines for best practices in passwords.
1.4 Million New Phishing Sites Launched Each Month
Quick Hits  |  9/22/2017  | 
The number of phishing attacks reach a record rate in 2017, but the majority of the phishing sites remain active for just four- to eight hours.
Page 1 / 4   >   >>


News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21302
PUBLISHED: 2021-02-26
PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 there is a CSV Injection vulnerability possible by using shop search keywords via the admin panel. The problem is fixed in 1.7.7.2
CVE-2021-21308
PUBLISHED: 2021-02-26
PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 the soft logout system is not complete and an attacker is able to foreign request and executes customer commands. The problem is fixed in 1.7.7.2
CVE-2021-21273
PUBLISHED: 2021-02-26
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key va...
CVE-2021-21274
PUBLISHED: 2021-02-26
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to...
CVE-2021-23345
PUBLISHED: 2021-02-26
All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as <iframe src='file:///etc/passwd'>.