Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in September 2017
Page 1 / 4   >   >>
Friday Haiku: The Quantum Future
Curt Franklin  |  9/29/2017  | 
The Friday Haiku reflects on a week in Orlando's heat.
Best and Worst Security Functions to Outsource
Slideshows  |  9/29/2017  | 
Which security functions are best handled by third parties, and which should be kept in-house? Experts weigh in.
Consumers Think Security When Choosing Brands
Simon Marshall  |  9/29/2017  | 
Consumers are beginning to pay attention to security reputation when choosing which brands to support.
Authentication Tackles Forests at Microsoft Ignite
Curt Franklin  |  9/29/2017  | 
Authentication is an issue on a personal computer. It's a complex problem in AD forest management.
Apple Shares More Data with US in First Half of 2017
Quick Hits  |  9/29/2017  | 
Device-based data requests from government agencies dropped in the first half over last year, but Apple fulfilled a higher percentage of those requests, according to its transparency report.
Whole Foods Reports Credit Card Breach
Quick Hits  |  9/29/2017  | 
The breach affects customers of certain Whole Foods taprooms and table-service restaurants.
Apple Mac Models Vulnerable to Targeted Attacks
News  |  9/29/2017  | 
Several updated Mac models don't receive EFI security fixes, putting machines at risk for targeted cyberattacks.
Analyzing Cybersecurity's Fractured Educational Ecosystem
Commentary  |  9/29/2017  | 
We have surprisingly little data on how to evaluate infosec job candidates academic qualifications. That needs to change.
CISOs Offer Soup-to-Nuts C-Suite Strategy
News  |  9/29/2017  | 
Chief information security officers from Dell, RCB Bank and other organizations share what it takes to become a security exec, sit in the C-Suite, and keep the job.
Security Takes On Malicious DNA (Files)
News Analysis-Security Now  |  9/28/2017  | 
Securing biomedical research can mean protecting systems from malicious code in the samples under investigation.
New Locky Ransomware Phishing Attacks Beat Machine Learning Tools
News  |  9/28/2017  | 
Late September attacks highlight the persistent nature of ransomware threats, Comodo says.
Fortanix Has Series A Funding for Run-Time Encryption
Simon Marshall  |  9/28/2017  | 
Fortanix has introduced new technology for run-time encryption to protect sensitive data.
Key Security Innovations Focus on Policy and Tech
News  |  9/28/2017  | 
The New York Cyber Task Force says strategic innovations, not only technical ones, have made the biggest difference.
Report: Bank Email Fraud Increases since Equifax Breach
Quick Hits  |  9/28/2017  | 
Cyberthieves are impersonating banks to send bogus "secure" bank email messages.
Central Banks Propose Better Inter-Bank Security
Quick Hits  |  9/28/2017  | 
Institutions from the world's largest economies want to improve security following abuse of inter-bank messaging and payment systems.
Ransomware Numbers Continue to Look Abysmal
News  |  9/28/2017  | 
Ransomware is one of the fastest-growing concerns among IT pros, according to several studies out this week.
Equihax: Identifying & Wrangling Vulnerabilities
Commentary  |  9/28/2017  | 
Now that we know what was taken from Equifax, how it was taken, and what is being sold, what more do we need to learn before the next time?
TrickBot Rapidly Expands its Targets in August
Partner Perspectives  |  9/28/2017  | 
TrickBot shifted its focus to U.S banks and credit card companies, soaring past the 1,000 target URL mark in a single configuration.
Three Reasons Facial Recognition Will Win
Curt Franklin  |  9/27/2017  | 
Facial recognition technology is coming to a device near you. Here are three reasons it's inevitable.
Malware Investigation Leads to Sophisticated Mideast Threat Network
News  |  9/27/2017  | 
The infrastructure behind a Web shell used in an attack earlier this year suggests methodical and purposeful threat actors, Palo Alto Networks says.
Caterpillar Eyes Competitive Edge with Connected Asset Security Program
News  |  9/27/2017  | 
Launches program to incorporate security by design and a strategic governance policy across all of its IoT products.
Companies Push to Decode Cloud Encryption
News  |  9/27/2017  | 
Businesses buckle down on encryption as it becomes table stakes for securing data in the cloud.
Sonic Data Breach Potentially Affects Millions
Quick Hits  |  9/27/2017  | 
Sonic first heard about the breach when its credit-card processor detected unusual activity on customers' payment cards.
Deloitte Hack Still Has More Questions Than Answers
Simon Marshall  |  9/27/2017  | 
The huge hack of global accounting firm Deloitte is still presenting more questions than answers for security professionals.
How to Live by the Code of Good Bots
Commentary  |  9/27/2017  | 
Following these four tenets will show the world that your bot means no harm.
7 SIEM Situations That Can Sack Security Teams
Slideshows  |  9/27/2017  | 
SIEMs are considered an important tool for incident response, yet a large swath of users find seven major problems when working with SIEMs.
Popular Mobile Trading Apps Riddled With Vulnerabilities, Security Firm Warns
News  |  9/26/2017  | 
IOActive's review of 21 of the most used mobile apps for investment trading shows a majority of them exposing users to various security risks.
Cybercrime Costs Each Business $11.7M Per Year
News  |  9/26/2017  | 
The most expensive attacks are malware infections, which cost global businesses $2.4 million per incident.
Microsoft Ignite: 9 Things to Know
Curt Franklin  |  9/26/2017  | 
Microsoft's largest annual conference, Ignite, is underway in Orlando, Fla. Security Now is there and here's what we're seeing.
Chevron's Jump to the Cloud is a Journey
News  |  9/26/2017  | 
Enterprises entertaining a move to the cloud should brace themselves for a challenging path of discovery.
Safety Starts With Data: An Interview With GM's Head of Product Cybersecurity
Simon Marshall  |  9/26/2017  | 
An insightful Security Now interview with Jeff Massimilla, vice president global vehicle safety and product cybersecurity at General Motors.
How Security Metrics Fail Us & How We Fail Them
How Security Metrics Fail Us & How We Fail Them
Dark Reading Videos  |  9/26/2017  | 
Joseph Carson of Thycotic discusses how infosec professionals buy security products they don't need and make other bad decisions, because of poor use of metrics.
Splunk Ups Machine IQ in Software Updates
Curt Franklin  |  9/26/2017  | 
Splunk has increased machine intelligence and analytics capabilities in a series of software updates.
SEC Attackers Had Authentic Data Used in Business Tests: Reuters
Quick Hits  |  9/26/2017  | 
Sources say the hackers behind last year's SEC breach accessed financial data used by companies testing its EDGAR filing system.
Why Your Business Must Care about Privacy
Commentary  |  9/26/2017  | 
It might not have something to hide, but it definitely has something to protect.
Equifax CEO Retires in Wake of Breach
Quick Hits  |  9/26/2017  | 
After the company's CIO and CSO resigned Sep. 14, Chairman and CEO Richard F. Smith follows them out the door.
FBI's Freese Shares Risk Management Tips
News  |  9/26/2017  | 
Deputy Assistant Director Donald Freese advises enterprises to lead with a business case and not fear addressing the C-suite on risk management.
Microsoft's Nadella Shares the Future at Ignite
Curt Franklin  |  9/25/2017  | 
Satya Nadella's keynote address can be boiled down to four phrases or words. Here's what you need to know to get ready for the Microsoft future.
Encryption: 6 Ways to Make It Matter
Curt Franklin  |  9/25/2017  | 
A Security Now special report provides best practice notes for encryption in the enterprise.
After DHS Notice, 21 States Reveal They Were Targeted During Election
Quick Hits  |  9/25/2017  | 
Election officials in swing states Florida, Ohio, and Pennsylvania among those who report Russian state-sponsored attackers targeted their systems.
Microsoft Builds Automation into Windows Defender ATP
News  |  9/25/2017  | 
Automation can help manage and respond to alert overflow, but will come with its own specific set of challenges.
Breach at Deloitte Exposes Emails, Client Data
News  |  9/25/2017  | 
Intrusion may have resulted from company's failure to properly secure a key administrator account.
Privacy Shield Framework Gains Popularity in EU, US: Report
Quick Hits  |  9/25/2017  | 
The IAPP-EY Privacy Governance Survey shows marked interest in the Privacy Shield framework to transfer personal data.
PassGAN: Password Cracking Using Machine Learning
News  |  9/25/2017  | 
Researchers demo how deep neural networks can be trained to generate passwords better than the best password-cracking tools.
Law Comes to the Self-Driving Wild West, Part 2
Simon Marshall  |  9/25/2017  | 
Legislators and regulators are scrambling to build a legal framework to support intelligent, connected and self-driving cars.
Security's #1 Problem: Economic Incentives
Commentary  |  9/25/2017  | 
The industry rewards cutting corners rather than making software safe. Case in point: the Equifax breach.
Right & Wrong Lessons From the Equifax Breach
Curt Franklin  |  9/22/2017  | 
There are lots of lessons to learn from the Equifax breach. Just make sure you're learning the right ones.
Friday Haiku: Gem or Not?
Curt Franklin  |  9/22/2017  | 
How will CISOs respond to the pressure of recent breaches? The Friday haiku asks the question.
NIST Redefines the Good Password
News Analysis-Security Now  |  9/22/2017  | 
NIST has offered new guidelines for best practices in passwords.
1.4 Million New Phishing Sites Launched Each Month
Quick Hits  |  9/22/2017  | 
The number of phishing attacks reach a record rate in 2017, but the majority of the phishing sites remain active for just four- to eight hours.
Page 1 / 4   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-16060
PUBLISHED: 2021-10-15
Mitsubishi Electric SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI.
CVE-2018-16061
PUBLISHED: 2021-10-15
Mitsubishi Electric SmartRTU devices allow XSS via the username parameter or PATH_INFO to login.php.
CVE-2021-27561
PUBLISHED: 2021-10-15
Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.
CVE-2020-4951
PUBLISHED: 2021-10-15
IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information.
CVE-2021-28021
PUBLISHED: 2021-10-15
Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file.