Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in September 2017
Page 1 / 4   >   >>
Friday Haiku: The Quantum Future
Curt Franklin  |  9/29/2017  | 
The Friday Haiku reflects on a week in Orlando's heat.
Best and Worst Security Functions to Outsource
Slideshows  |  9/29/2017  | 
Which security functions are best handled by third parties, and which should be kept in-house? Experts weigh in.
Consumers Think Security When Choosing Brands
Simon Marshall  |  9/29/2017  | 
Consumers are beginning to pay attention to security reputation when choosing which brands to support.
Authentication Tackles Forests at Microsoft Ignite
Curt Franklin  |  9/29/2017  | 
Authentication is an issue on a personal computer. It's a complex problem in AD forest management.
Apple Shares More Data with US in First Half of 2017
Quick Hits  |  9/29/2017  | 
Device-based data requests from government agencies dropped in the first half over last year, but Apple fulfilled a higher percentage of those requests, according to its transparency report.
Whole Foods Reports Credit Card Breach
Quick Hits  |  9/29/2017  | 
The breach affects customers of certain Whole Foods taprooms and table-service restaurants.
Apple Mac Models Vulnerable to Targeted Attacks
News  |  9/29/2017  | 
Several updated Mac models don't receive EFI security fixes, putting machines at risk for targeted cyberattacks.
Analyzing Cybersecurity's Fractured Educational Ecosystem
Commentary  |  9/29/2017  | 
We have surprisingly little data on how to evaluate infosec job candidates academic qualifications. That needs to change.
CISOs Offer Soup-to-Nuts C-Suite Strategy
News  |  9/29/2017  | 
Chief information security officers from Dell, RCB Bank and other organizations share what it takes to become a security exec, sit in the C-Suite, and keep the job.
Security Takes On Malicious DNA (Files)
News Analysis-Security Now  |  9/28/2017  | 
Securing biomedical research can mean protecting systems from malicious code in the samples under investigation.
New Locky Ransomware Phishing Attacks Beat Machine Learning Tools
News  |  9/28/2017  | 
Late September attacks highlight the persistent nature of ransomware threats, Comodo says.
Fortanix Has Series A Funding for Run-Time Encryption
Simon Marshall  |  9/28/2017  | 
Fortanix has introduced new technology for run-time encryption to protect sensitive data.
Key Security Innovations Focus on Policy and Tech
News  |  9/28/2017  | 
The New York Cyber Task Force says strategic innovations, not only technical ones, have made the biggest difference.
Report: Bank Email Fraud Increases since Equifax Breach
Quick Hits  |  9/28/2017  | 
Cyberthieves are impersonating banks to send bogus "secure" bank email messages.
Central Banks Propose Better Inter-Bank Security
Quick Hits  |  9/28/2017  | 
Institutions from the world's largest economies want to improve security following abuse of inter-bank messaging and payment systems.
Ransomware Numbers Continue to Look Abysmal
News  |  9/28/2017  | 
Ransomware is one of the fastest-growing concerns among IT pros, according to several studies out this week.
Equihax: Identifying & Wrangling Vulnerabilities
Commentary  |  9/28/2017  | 
Now that we know what was taken from Equifax, how it was taken, and what is being sold, what more do we need to learn before the next time?
TrickBot Rapidly Expands its Targets in August
Partner Perspectives  |  9/28/2017  | 
TrickBot shifted its focus to U.S banks and credit card companies, soaring past the 1,000 target URL mark in a single configuration.
Three Reasons Facial Recognition Will Win
Curt Franklin  |  9/27/2017  | 
Facial recognition technology is coming to a device near you. Here are three reasons it's inevitable.
Malware Investigation Leads to Sophisticated Mideast Threat Network
News  |  9/27/2017  | 
The infrastructure behind a Web shell used in an attack earlier this year suggests methodical and purposeful threat actors, Palo Alto Networks says.
Caterpillar Eyes Competitive Edge with Connected Asset Security Program
News  |  9/27/2017  | 
Launches program to incorporate security by design and a strategic governance policy across all of its IoT products.
Companies Push to Decode Cloud Encryption
News  |  9/27/2017  | 
Businesses buckle down on encryption as it becomes table stakes for securing data in the cloud.
Sonic Data Breach Potentially Affects Millions
Quick Hits  |  9/27/2017  | 
Sonic first heard about the breach when its credit-card processor detected unusual activity on customers' payment cards.
Deloitte Hack Still Has More Questions Than Answers
Simon Marshall  |  9/27/2017  | 
The huge hack of global accounting firm Deloitte is still presenting more questions than answers for security professionals.
How to Live by the Code of Good Bots
Commentary  |  9/27/2017  | 
Following these four tenets will show the world that your bot means no harm.
7 SIEM Situations That Can Sack Security Teams
Slideshows  |  9/27/2017  | 
SIEMs are considered an important tool for incident response, yet a large swath of users find seven major problems when working with SIEMs.
Popular Mobile Trading Apps Riddled With Vulnerabilities, Security Firm Warns
News  |  9/26/2017  | 
IOActive's review of 21 of the most used mobile apps for investment trading shows a majority of them exposing users to various security risks.
Cybercrime Costs Each Business $11.7M Per Year
News  |  9/26/2017  | 
The most expensive attacks are malware infections, which cost global businesses $2.4 million per incident.
Microsoft Ignite: 9 Things to Know
Curt Franklin  |  9/26/2017  | 
Microsoft's largest annual conference, Ignite, is underway in Orlando, Fla. Security Now is there and here's what we're seeing.
Chevron's Jump to the Cloud is a Journey
News  |  9/26/2017  | 
Enterprises entertaining a move to the cloud should brace themselves for a challenging path of discovery.
Safety Starts With Data: An Interview With GM's Head of Product Cybersecurity
Simon Marshall  |  9/26/2017  | 
An insightful Security Now interview with Jeff Massimilla, vice president global vehicle safety and product cybersecurity at General Motors.
How Security Metrics Fail Us & How We Fail Them
How Security Metrics Fail Us & How We Fail Them
Dark Reading Videos  |  9/26/2017  | 
Joseph Carson of Thycotic discusses how infosec professionals buy security products they don't need and make other bad decisions, because of poor use of metrics.
Splunk Ups Machine IQ in Software Updates
Curt Franklin  |  9/26/2017  | 
Splunk has increased machine intelligence and analytics capabilities in a series of software updates.
SEC Attackers Had Authentic Data Used in Business Tests: Reuters
Quick Hits  |  9/26/2017  | 
Sources say the hackers behind last year's SEC breach accessed financial data used by companies testing its EDGAR filing system.
Why Your Business Must Care about Privacy
Commentary  |  9/26/2017  | 
It might not have something to hide, but it definitely has something to protect.
Equifax CEO Retires in Wake of Breach
Quick Hits  |  9/26/2017  | 
After the company's CIO and CSO resigned Sep. 14, Chairman and CEO Richard F. Smith follows them out the door.
FBI's Freese Shares Risk Management Tips
News  |  9/26/2017  | 
Deputy Assistant Director Donald Freese advises enterprises to lead with a business case and not fear addressing the C-suite on risk management.
Microsoft's Nadella Shares the Future at Ignite
Curt Franklin  |  9/25/2017  | 
Satya Nadella's keynote address can be boiled down to four phrases or words. Here's what you need to know to get ready for the Microsoft future.
Encryption: 6 Ways to Make It Matter
Curt Franklin  |  9/25/2017  | 
A Security Now special report provides best practice notes for encryption in the enterprise.
After DHS Notice, 21 States Reveal They Were Targeted During Election
Quick Hits  |  9/25/2017  | 
Election officials in swing states Florida, Ohio, and Pennsylvania among those who report Russian state-sponsored attackers targeted their systems.
Microsoft Builds Automation into Windows Defender ATP
News  |  9/25/2017  | 
Automation can help manage and respond to alert overflow, but will come with its own specific set of challenges.
Breach at Deloitte Exposes Emails, Client Data
News  |  9/25/2017  | 
Intrusion may have resulted from company's failure to properly secure a key administrator account.
Privacy Shield Framework Gains Popularity in EU, US: Report
Quick Hits  |  9/25/2017  | 
The IAPP-EY Privacy Governance Survey shows marked interest in the Privacy Shield framework to transfer personal data.
PassGAN: Password Cracking Using Machine Learning
News  |  9/25/2017  | 
Researchers demo how deep neural networks can be trained to generate passwords better than the best password-cracking tools.
Law Comes to the Self-Driving Wild West, Part 2
Simon Marshall  |  9/25/2017  | 
Legislators and regulators are scrambling to build a legal framework to support intelligent, connected and self-driving cars.
Security's #1 Problem: Economic Incentives
Commentary  |  9/25/2017  | 
The industry rewards cutting corners rather than making software safe. Case in point: the Equifax breach.
Right & Wrong Lessons From the Equifax Breach
Curt Franklin  |  9/22/2017  | 
There are lots of lessons to learn from the Equifax breach. Just make sure you're learning the right ones.
Friday Haiku: Gem or Not?
Curt Franklin  |  9/22/2017  | 
How will CISOs respond to the pressure of recent breaches? The Friday haiku asks the question.
NIST Redefines the Good Password
News Analysis-Security Now  |  9/22/2017  | 
NIST has offered new guidelines for best practices in passwords.
1.4 Million New Phishing Sites Launched Each Month
Quick Hits  |  9/22/2017  | 
The number of phishing attacks reach a record rate in 2017, but the majority of the phishing sites remain active for just four- to eight hours.
Page 1 / 4   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-37436
PUBLISHED: 2021-07-24
Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing pers...
CVE-2021-32686
PUBLISHED: 2021-07-23
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and ...
CVE-2021-32783
PUBLISHED: 2021-07-23
Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy rem...
CVE-2021-3169
PUBLISHED: 2021-07-23
An issue in Jumpserver 2.6.2 and below allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.
CVE-2020-20741
PUBLISHED: 2021-07-23
Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6 allows remote attackers to bypass authentication via the "CE Remote Display Tool" as it does not close the incoming connection on the Windows CE side if t...