Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in September 2018
Page 1 / 4   >   >>
4 Traits of a Cyber-Resilient Culture
News  |  9/28/2018  | 
Companies with a solid track record of cybersecurity share these practices and characteristics.
'Torii' Breaks New Ground For IoT Malware
News  |  9/28/2018  | 
Stealth, persistence mechanism and ability to infect a wide swath of devices make malware dangerous and very different from the usual Mirai knockoffs, Avast says.
FBI IC3 Warns of RDP Vulnerability
Quick Hits  |  9/28/2018  | 
Government agencies remind users that RDP can be used for malicious purposes by criminal actors.
50M Facebook Accounts Exposed Due to Software Vulnerability
News Analysis-Security Now  |  9/28/2018  | 
A vulnerability in Facebook's 'View As' feature could have exposed the personal information of 50 million of the social network's users.
Facebook Hacked, 50 Million Users Affected
News  |  9/28/2018  | 
A vulnerability in Facebook's "View As" feature let attackers steal security tokens linked to 50 million accounts, the company confirms.
How Data Security Improves When You Engage Employees in the Process
Commentary  |  9/28/2018  | 
When it comes to protecting information, we can all do better. But encouraging a can-do attitude goes a long way toward discouraging users' risky behaviors.
Majority of Cyber Attacks Against Small Businesses Can Cost $500K
News Analysis-Security Now  |  9/28/2018  | 
For the majority of small and midsized businesses, a cyber attack can cost a company $500,000, although some incidents can skyrocket to $2.5 million, according to a report from Cisco.
Magecart Group Likely Behind Increase in Formjacking Attacks
Larry Loeb  |  9/28/2018  | 
A recent analysis by Symantec researchers has found a significant increase in formjacking attacks. The reason, according to some, is an increase in activity from the Magecart group.
7 Most Prevalent Phishing Subject Lines
Slideshows  |  9/28/2018  | 
The most popular subject lines crafted to trick targets into opening malicious messages, gleaned from thousands of phishing emails.
Russia's Sednit Deploys First Firmware-Level Rootkit in the Wild
News  |  9/27/2018  | 
The advanced persistent threat group's LoJax can install malware capable of surviving both OS reinstallation and hard disk replacement.
Ransomware Attack Hits Port of San Diego
Quick Hits  |  9/27/2018  | 
The attack began Monday and continues to have an impact on services at the port.
How to Keep Up Security in a Bug-Infested World
Commentary  |  9/27/2018  | 
Good digital hygiene will lower your risk, and these six tips can help.
Twitter Bug May Have Exposed Millions of DMs
Quick Hits  |  9/27/2018  | 
The year-long bug could have compromised interactions between customers and businesses, the social media firm reports.
Security Flaw Found in Apple Mobile Device Enrollment Program
News  |  9/27/2018  | 
Authentication weakness in Apple's DEP could open a window of opportunity for attackers.
Alphabet's Chronicle Releases VirusTotal Enterprise
News  |  9/27/2018  | 
Chronicle, the cybersecurity business under Alphabet, releases a major update to VirusTotal geared toward corporate threat hunters.
Managing Data the Way We Manage Money
Commentary  |  9/27/2018  | 
In the data-driven enterprise, myriad types of data have become a new form and flow of currency. Why, then, hasn't the CISO achieved parity with the CFO?
VPNFilter Is 'Swiss Army Knife' of Malware
News Analysis-Security Now  |  9/27/2018  | 
A report from Cisco Talos finds that the VPNFilter malware, which infected some 500,000 routers worldwide, is even more versatile than previously thought, thanks to seven additional third-stage modules.
Google to Let Users Disable Automatic Login to Chrome
News  |  9/27/2018  | 
The decision comes days after security researcher had blasted company for jeopardizing user privacy with browser update.
Verizon Study Finds PCI DSS Compliance Falls Worldwide
Jeffrey Burt  |  9/27/2018  | 
Verizon's report says that fewer businesses are complying with the PCI DSS payment standard despite the rising threat of security breaches and consumer data theft.
Uber Settles With California Authorities Over 2016 Data Breach
News Analysis-Security Now  |  9/27/2018  | 
Uber has agreed to pay the California Attorney General and the San Francisco District Attorney $148 million to settle charges stemming from the 2016 data breach.
Critical Linux Kernel Flaw Gives Root Access to Attackers
News  |  9/26/2018  | 
All versions of Red Hat Enterprise Linux, CentOS vulnerable to 'Mutagen Astronomy' flaw, according to Qualys.
Inside Microsoft Azure Sphere
News  |  9/26/2018  | 
Microsoft engineer details how the company's IoT security solution operates - at multiple layers starting with the microcontroller.
Uber Agrees to Pay $148 Million in Nationwide Settlement
Quick Hits  |  9/26/2018  | 
Ride-sharing company settles legal cases with 50 states and the District of Columbia for its handling of 2016 data breach.
VPNFilter Evolving to Be a More Dangerous Threat
Quick Hits  |  9/26/2018  | 
VPNFilter malware is adding capabilities to become a more fully-featured tool for threat actors.
SEC Slams Firm with $1M Fine for Weak Security Policies
Quick Hits  |  9/26/2018  | 
This is the first SEC enforcement cracking down on violation of the Identity Theft Red Flags Rule, intended to protect confidential data.
A 'Cyber Resilience' Report Card for the Public Sector
Commentary  |  9/26/2018  | 
Government agencies are making great strides in defending themselves against cyberattacks, according to new research from Accenture. But technology alone won't solve the problem.
Owning Security in the Industrial Internet of Things
Commentary  |  9/26/2018  | 
Why IIoT leaders from both information technology and line-of-business operations need to join forces to develop robust cybersecurity techniques that go beyond reflexive patching.
Cryptomining Malware Continues to Surge as Cybercriminals Cash In
News Analysis-Security Now  |  9/26/2018  | 
The latest research by McAfee Labs shows that cybercriminals are still raking in big bucks from cryptomining malware. Ransomware also continues to plague enterprises.
Mirai Authors Escape Jail Time But Here Are 7 Other Criminal Hackers Who Didn't
Slideshows  |  9/26/2018  | 
Courts are getting tougher on the cybercrooks than some might realize.
USB Drives Remain Critical Cyberthreat
News  |  9/26/2018  | 
USB thumb drives may be used less frequently than before, but they are still commonly used as infection vectors for a wide variety of malware.
Adwind RAT Squeaks Past Linux, Windows, macOS Defenses
Larry Loeb  |  9/26/2018  | 
A newer version of the Adwind 3.0 Trojan can elude the AV defenses of Linux, Windows and macOS systems, according to Talos and ReversingLabs.
Ex-NSA Developer Gets 5 1/2-Year Prison Sentence
News  |  9/25/2018  | 
Nghia Hoang Pho, who illegally took home classified NSA information, also sentenced to three years of supervised release after prison term.
The Cyber Kill Chain Gets a Makeover
News  |  9/25/2018  | 
A new report demonstrates how the cyber kill chain is consolidating as criminals find ways to accelerate the spread of their targeted cyberattacks.
Cryptomining Malware Continues Rapid Growth: Report
Quick Hits  |  9/25/2018  | 
Cryptomining malware is the fastest-growing category of malicious software, according to a new report.
The Cloud Security Conundrum: Assets vs. Infrastructure
Commentary  |  9/25/2018  | 
The issue for cloud adopters is no longer where your data sits in AWS, on-premises, Azure, Salesforce, or what have you. The important questions are: Who has access to it, and how is it protected?
Payment Security Compliance Takes a Turn for the Worse
Quick Hits  |  9/25/2018  | 
This is the first time in six years that Verizon's "Payment Security Report" shows a downward trend, leaving cardholders vulnerable.
United Nations' Websites Besieged by Data Leaks, Exposed Files
News Analysis-Security Now  |  9/25/2018  | 
In time for the UN's General Assembly this week, two reports find that the United Nations' websites have been leaking data for months, thanks to unsecured files and applications.
The Human Factor in Social Media Risk
Commentary  |  9/25/2018  | 
Your employees need help recognizing the warning signs and understanding how to protect themselves online.
Zero Trust & Network Segmentation: Keys to Securing IoT
News Analysis-Security Now  |  9/25/2018  | 
As IoT devices become more popular both in the home and within businesses, enterprises need new approaches to security. Here's how zero trust and network segmentation can be combined to create a more robust defense.
iOS 12: How Apple Keeps Getting Mobile Security Wrong
Joe Stanganelli  |  9/25/2018  | 
Are iOS updates for suckers? Apple's iOS 12 may represent the latest in a series of flawed releases that could compound user mistrust further training the company's users to delay updates and patches.
Fault-Tolerant Method Used for Security Purposes in New Framework
News  |  9/24/2018  | 
A young company has a new patent for using fault tolerance techniques to protect against malware infection in applications.
In Quiet Change, Google Now Automatically Logging Users Into Chrome
News  |  9/24/2018  | 
The change is a complete departure from Google's previous practice of keeping sign-in for Chrome separate from sign-ins to any Google service.
Microsoft Deletes Passwords for Azure Active Directory Applications
News  |  9/24/2018  | 
At Ignite 2018, security took center stage as Microsoft rolled out new security services and promised an end to passwords for online apps.
6 Dark Web Pricing Trends
Slideshows  |  9/24/2018  | 
For cybercriminals, the Dark Web grows more profitable every day.
'Scan4you' Operator Gets 14-Year Sentence
Quick Hits  |  9/24/2018  | 
The counter antivirus service, which was shut down in 2016, caused a total loss amount of $20.5 billion, according to the DoJ.
Hacking Back: Simply a Bad Idea
Commentary  |  9/24/2018  | 
While the concept may sound appealing, it's rife with drawbacks and dangers.
Microsoft Looks to End the Era of Security Passwords
News Analysis-Security Now  |  9/24/2018  | 
At its Ignite show this week, Microsoft plans to update its users on a number of security products and updates, including a plan to eliminate passwords for good through its Authenticator app, which works with Azure.
Malicious Bot-Enabled, Credential-Stuffing Jamming Networks
Larry Loeb  |  9/24/2018  | 
A research report from Akamai finds the number of bot-enabled, credential-stuffing incidents has spiked in recent months, jamming networks with malicious traffic.
The 'Opsec Fail' That Helped Unmask a North Korean State Hacker
News  |  9/21/2018  | 
How Park Jin Hyok charged by the US government for alleged computer crimes for the Sony, Bank of Bangladesh, WannaCry cyberattacks inadvertently blew his cover via email accounts.
Romanian Hacker Pleads Guilty for Role in Inauguration Surveillance Ransomware
Quick Hits  |  9/21/2018  | 
Attack against the Metropolitan Police Department was disrupted before malware could be sent to additional systems.
Page 1 / 4   >   >>


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30174
PUBLISHED: 2021-05-11
RiyaLab CloudISO event item is added, special characters in specific field of time management page are not properly filtered, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks.
CVE-2021-32544
PUBLISHED: 2021-05-11
Special characters of IGT search function in igt+ are not filtered in specific fields, which allow remote authenticated attackers can inject malicious JavaScript and carry out DOM-based XSS (Cross-site scripting) attacks.
CVE-2021-32563
PUBLISHED: 2021-05-11
An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) without user confirmation. This could be used to achieve code execution.
CVE-2020-23369
PUBLISHED: 2021-05-10
In YzmCMS 5.6, XSS was discovered in member/member_content/init.html via the SRC attribute of an IFRAME element because of using UEditor 1.4.3.3.
CVE-2020-23370
PUBLISHED: 2021-05-10
In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web script or HTML.