Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in September 2017
<<   <   Page 4 / 4
Microsoft: Ransomware Decline Reversed in March 2017
News  |  9/7/2017  | 
Researchers discovered 71 new ransomware families in the first half of 2017, when attacks picked up after several months of decline.
How to Use Purple Teaming for Smarter SOCs
How to Use Purple Teaming for Smarter SOCs
Dark Reading Videos  |  9/7/2017  | 
Justin Harvey explains why the standard blue team vs. red team can be improved upon, and provides tips on doing purple teaming right.
Is Public Sector Cybersecurity Adequate?
Commentary  |  9/7/2017  | 
Many governmental organizations are unstaffed, underfunded, and unprepared to fight common attacks, and they could learn a thing or two from the private sector.
10% of Ransomware Attacks on SMBs Targeted IoT Devices
News  |  9/7/2017  | 
IoT ransomware attacks are expected to ramp up in the coming years, a new survey shows.
SANS Study Says Reputation Is a Cyber-Casualty
Curt Franklin  |  9/7/2017  | 
The latest security study says that you've probably been attacked and your reputation has taken the biggest hit.
Bitdefender Bug Bounty Program Goes Public with Bugcrowd
Quick Hits  |  9/7/2017  | 
Security researchers will be rewarded between $100 and $1,500 USD depending on the impact and severity of bugs discovered.
Sandbox-Aware Malware Foreshadows Potential Attacks
Commentary  |  9/7/2017  | 
For the continuous monitoring industry to remain relevant, it needs to match the vigor of sandbox vendors against targeted subversion.
CIO or C-Suite: To Whom Should the CISO Report?
Partner Perspectives  |  9/7/2017  | 
Five reasons why the chief information security officer needs to get out from under the control of IT.
Virtual Terrorism: 21st Century Cyber Warfare
Virtual Terrorism: 21st Century Cyber Warfare
Security TV  |  9/7/2017  | 
Keith Furst of Data Derivatives interviews Daniel Wagner, author of a new book, Virtual Terror: 21st Century Cyber Warfare. They discuss the ways that governments strategically use cyber warfare, how the 'virtual caliphate' recruits terrorists online as well as the future threats posed by new technologies like biometrics, drones and self-driving cars.
BroadSoft Error Exposes TWC PII on AWS S3
Curt Franklin  |  9/6/2017  | 
A mis-configured Amazon Web Storage (AWS) instance has once again exposed millions of private customer records to the public Internet. Is it time for companies to re-think the way they're building their AWS buckets?
New Microsoft Kernel Bug Could Permit Malicious Modules
News  |  9/6/2017  | 
Researchers found a Microsoft kernel bug that could allow attackers to bypass antivirus systems and load malware.
'Dragonfly' APT Now Able to Disrupt US Power Grid Operations, Symantec Warns
News  |  9/6/2017  | 
Recent attacks on energy sector targets suggest Dragonfly group has access to computers that control operational systems.
Is Your Organization Merely PCI-Compliant or Is It Actually Secure?
Commentary  |  9/6/2017  | 
The Host Identity Protocol might be the answer to inadequate check-the-box security standards.
AI Just Gets Bigger
Simon Marshall  |  9/6/2017  | 
The market for "friendly" consumer AI continues to expand, but security issues could be lurking in the growth.
How Legendary Carder, Hacker Roman Seleznev Was Caught, Sentenced
How Legendary Carder, Hacker Roman Seleznev Was Caught, Sentenced
Dark Reading Videos  |  9/6/2017  | 
Assistant US Attorney Norman Barbosa visits the Dark Reading News Desk to discuss details of the credit card hacking case that led to an unprecedented 27-year prison sentence.
GDPR Confusion Persists Among Businesses, Survey Shows
Quick Hits  |  9/6/2017  | 
Top executives appear dismissive about the penalties they could face if failing to fulfill the EU's General Data Protection Regulation (GDPR) requirements.
Workplace IoT Puts Companies on Notice for Smarter Security
Commentary  |  9/6/2017  | 
Blacklisting every "thing" in sight and banning connections to the corporate network may sound tempting, but it's not a realistic strategy.
Women Will Solve the Cybersecurity Skills Shortage
News Analysis-Security Now  |  9/6/2017  | 
If you need more cybersecurity professionals there's an untapped pool of candidates: women with great technical skills.
Data Breach Costs Vary Significantly by Organization
News  |  9/5/2017  | 
Don't use publicly reported breach costs at other organizations as an estimate for what you might end up paying for a breach, Forrester says.
Amazon S3 Bucket Leaks Expose Classified US Veteran Data
News  |  9/5/2017  | 
Improperly configured Amazon S3 buckets led to the exposure of data belonging to veterans with Top Secret security clearance and Time Warner Cable customers.
72% of Educational Institutions Lack Designated InfoSec Staff
Quick Hits  |  9/5/2017  | 
Vast majority of IT specialists in this sector feel ill-prepared for cybersecurity risks, according to report.
Debit Card Fraud Numbers Explode
Simon Marshall  |  9/5/2017  | 
Technology is making it easier than ever for thieves and scammers to steal debit card numbers – and the bank accounts they access.
Activists Beware: The Latest In 3G & 4G Spying
Activists Beware: The Latest In 3G & 4G Spying
Dark Reading Videos  |  9/5/2017  | 
Ravi Borgaonkar describes new 3G & 4G vulnerabilities that enable IMSI catchers to be smarter, stealthier snoopers.
Judge Rules that Yahoo Breach Victims Can Sue
Quick Hits  |  9/5/2017  | 
The 1 billion users who were victims in Yahoo's massive data breaches between 2013 to 2016 received court approval to move forward with their case.
Endpoint Security Overload
News  |  9/5/2017  | 
CISOs and their teams are over-investing in endpoint security tools, driving inefficiency and a need to consolidate data.
3 Ways AI Could Help Resolve the Cybersecurity Talent Crisis
Commentary  |  9/5/2017  | 
There's no escaping the fact that there's a skills shortage, and companies aren't doing enough to cultivate talent. AI could relieve some of the pressure.
Qadium Gets $40M Series B for Internet Visibility
Curt Franklin  |  9/5/2017  | 
Qadium indexes every device on the public Internet, a technology that's attracted some big-time Silicon Valley investors.
IoT Security Needs Creative Solutions
Larry Loeb  |  9/5/2017  | 
Not every security solution has a place in the IoT. Professionals must look in new directions to keep the Internet of Things secure.
To Improve Diversity, 'Have the Uncomfortable Conversations'
To Improve Diversity, 'Have the Uncomfortable Conversations'
Dark Reading Videos  |  9/5/2017  | 
Jules Okafor of Fortress Information Security explains that diversity efforts cannot shy away from discussions of racism and sexism.
Mikko Hypponen's Vision of the Cybersecurity Future
Mikko Hypponen's Vision of the Cybersecurity Future
Dark Reading Videos  |  9/4/2017  | 
Twenty years from now, will everything be in the Internet of Things, and if so, how does the security industry need to prepare? F-Secure's chief research officer weighs in on this and what else the future promises (and threatens).
CISOs' Salaries Expected to Edge Above $240,000 in 2018
News  |  9/1/2017  | 
Other IT security professionals may garner six-figure salaries as well, new report shows.
How Effective Boards Drive Security Mandates
Commentary  |  9/1/2017  | 
The focus on cybersecurity policies must be prioritized from the top down.
Friday Haiku: I Authenticate, Therefore, I Am
Curt Franklin  |  9/1/2017  | 
Are we more than our authentication factors?
Juniper Networks to Buy Cyphort for Threat Detection
Quick Hits  |  9/1/2017  | 
Company will integrate Cyphort into its Sky ATP platform to support more file types, and offer on- and off-premise support, analytics, and improved malware detection.
New Malware Builder Makes Hacking Easier
Curt Franklin  |  9/1/2017  | 
A free new builder for trojans makes it easier than ever to be a criminal hacker.
Has Facial Recognition's Time Arrived?
Simon Marshall  |  9/1/2017  | 
Startup iProov says it has cracked the code on a reliable, secure facial recognition system.
Automated Lateral Movement: Targeted Attack Tools for the Masses
Automated Lateral Movement: Targeted Attack Tools for the Masses
Dark Reading Videos  |  9/1/2017  | 
Tal Be'ery and Tal Maor explain that the most pervasive, worst defended tactic of sophisticated attackers will soon be ready for script kiddies, and release GoFetch: a new lateral movement automation tool.
<<   <   Page 4 / 4


Commentary
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
Edge-DRsplash-10-edge-articles
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23394
PUBLISHED: 2021-06-13
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
CVE-2021-34682
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
CVE-2021-31811
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-32552
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.