Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in September 2018
<<   <   Page 2 / 4   >   >>
6 Security Training Hacks to Increase Cyber IQ Org-Wide
Slideshows  |  9/21/2018  | 
Move beyond generic, annual security awareness training with these important tips.
US Approves Cyber Weapons Against Foreign Enemies
Quick Hits  |  9/21/2018  | 
The White House is changing the rules on its use of digital weapons to fight adversaries targeting US networks.
Data Manipulation: How Security Pros Can Respond to an Emerging Threat
Commentary  |  9/21/2018  | 
Industry leaders are scrambling to address the issue, which will take new thinking to overcome.
Cloudflare Looks to Take the Pain Out of DNSSEC Protocol Adoption
Larry Loeb  |  9/21/2018  | 
Uptake of the newer DNSSEC protocol has been slow, but a new tool from Cloudflare looks to make it easier to ensure secure websites and more control over DNS.
Executive Branch Makes Significant Progress As DMARC Deadline Nears
News  |  9/21/2018  | 
The DHS directive on email security has an approaching deadline that most departments in the executive branch might actually meet.
Xbash Malware: Dangerous Mix of Threats
Jeffrey Burt  |  9/21/2018  | 
The Xbash malware includes ransomware and cryptomining functions as well as botnet and self-propagation capabilities and will delete Linux databases.
Think Like An Attacker: How a Red Team Operates
News  |  9/20/2018  | 
Seasoned red teamers explain the value-add of a red team, how it operates, and how to maximize its effectiveness.
Retail Sector Second-Worst Performer on Application Security
News  |  9/20/2018  | 
A "point-in-time" approach to PCI compliance could be one reason why so many retailers appear to be having a hard time.
Account Takeover Attacks Become a Phishing Fave
Quick Hits  |  9/20/2018  | 
More than three-quarters of ATOs resulted in a phishing email, a new report shows.
3 Drivers Behind the Increasing Frequency of DDoS Attacks
Commentary  |  9/20/2018  | 
What's causing the uptick? Motivation, opportunity, and new capabilities.
Japanese Cryptocurrency Exchange Hit with $60M Theft
Quick Hits  |  9/20/2018  | 
The incident highlights a broader problem of poor security in cryptocurrency exchanges throughout the country.
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Commentary  |  9/20/2018  | 
Actionable advice for tailoring the National Institute of Standards and Technology's security road map to your company's business needs.
Ransomware Developers Embrace Politics, Targeting Obama, Trump & Merkel
Jeffrey Burt  |  9/20/2018  | 
Recent malware campaigns have used names such as Barak Obama, Angela Merkel and Donald Trump to entice unsuspecting users to download the ransomware, McAfee researchers have found.
Hackers Still Targeting Windows 10, Windows 8 Survey
News Analysis-Security Now  |  9/20/2018  | 
A newly released survey by PAM specialist Thycotic finds that hackers are continuing to target Windows 10 and Windows 8 by using social engineering techniques. The solution is to adopt a zero-trust policy.
Account Takeover Attacks Are on the Rise
News Analysis-Security Now  |  9/20/2018  | 
An analysis by Barracuda Networks finds that Account Takeover attacks are increasing as cybercriminals and even amateurs are using this technique to create more sophisticated phishing campaigns.
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
News  |  9/19/2018  | 
Suit underscores longtime battle between vendors and labs over control of security testing protocols.
Cryptojackers Grow Dramatically on Enterprise Networks
News  |  9/19/2018  | 
A new report shows that illicit cryptomining malware is growing by leaps and bounds on the networks of unsuspecting victims.
As Tech Drives the Business, So Do CISOs
News  |  9/19/2018  | 
Security leaders are evolving from technicians to business executives as tech drives enterprise projects, applications, and goals.
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
Commentary  |  9/19/2018  | 
New standards offer protection against hacking, credential theft, phishing attacks, and hope for the end of an era of passwords as a security construct.
Mirai Hackers' Sentence Includes No Jail Time
Quick Hits  |  9/19/2018  | 
The trio behind Mirai sentenced to probation and public service in return for cooperation with law enforcement and researchers.
FBI: Phishing Attacks Aim to Swap Payroll Information
Quick Hits  |  9/19/2018  | 
Social engineering scams target employees' payroll credentials so attackers can access and change their bank account data.
5 Steps to Success for New CISOs
Commentary  |  9/19/2018  | 
You've been hired to make an impact. These tips can help set you up for continued success.
8 Keys to a Successful Penetration Test
Slideshows  |  9/19/2018  | 
Pen tests are expensive, but there are key factors that can make them worth the investment.
Data Breach Can Affect Company's Long-Term Stock Price
Larry Loeb  |  9/19/2018  | 
A recent study by CompariTech finds that data breaches can have some long-term effects when it comes to a company's stock price, but most of the financial damage diminishes over time.
California Looks to Pass Rudimentary IoT Security Legislation
Joe Stanganelli  |  9/19/2018  | 
A California bill specific to IoT cybersecurity measures sits on Gov. Jerry Brown's desk, ready for him to sign it into law. The wording and limits of the law, however, leaves questions as to just how big an effect it will have.
House Bill Would Create Federal Standards for Data Breach Notifications
News Analysis-Security Now  |  9/19/2018  | 
A bill that has now passed the House Financial Services Committee would create federal standards for how banks and other financial institutions notify customers when a data breach occurs.
Internet-Connected CCTV Cameras Vulnerable to 'Peekaboo' Hack
News  |  9/18/2018  | 
Zero-day flaw in China-based NUUO's video recorder technology still unfixed three months after vendor was alerted.
The Security Costs of Cloud-Native Applications
News  |  9/18/2018  | 
More than 60% of organizations report the bulk of new applications are built in the cloud. What does this mean for security?
Websites Attack Attempts Rose in Q2
News  |  9/18/2018  | 
New data shows hackers hit websites, on average, every 25 minutes.
The Top 5 Security Threats & Mitigations for Industrial Networks
Commentary  |  9/18/2018  | 
While vastly different than their IT counterparts, operational technology environments share common risks and best practices.
IoT Threats Triple Since 2017
Quick Hits  |  9/18/2018  | 
Rapidly evolving malware is posing an ever-greater threat to the IoT and business users of the Internet.
Symantec Offers Free Website Security Service for Midterm Elections
News  |  9/18/2018  | 
Security vendor offers US election jurisdictions its Project Dolphin phishing/website spoofing-detection service and security resources.
GovPayNow Leak of 14M+ Records Dates Back to 2012
Quick Hits  |  9/18/2018  | 
Thousands of US state and local governments use the service to process online payments for everything from traffic tickets to court fines.
Overhauling the 3 Pillars of Security Operations
Commentary  |  9/18/2018  | 
Modern apps and the cloud mean that organizations must now rethink older security practices.
PyLocky Ransomware Can Get Around Machine Learning Solutions
Jeffrey Burt  |  9/18/2018  | 
The PyLocky ransomware, detected by Trend Micro, puts a focus on the ongoing machine learning race between cybersecurity experts and bad actors.
'Peekaboo' Zero-Day Exploit Targets Security Camera
News Analysis-Security Now  |  9/18/2018  | 
Researchers at Tenable are detailing a new zero-day exploit dubbed 'Peekaboo,' which targets the software that runs security cameras and other surveillance equipment.\r\n\r\n
New Xbash Malware a Cocktail of Malicious Functions
News  |  9/17/2018  | 
The new malware tool targeting Windows and Linux systems combines cryptomining, ransomware, botnet, and self-propagation capabilities.
RDP Ports Prove Hot Commodities on the Dark Web
News  |  9/17/2018  | 
Remote desktop protocol access continues to thrive in underground markets, primarily to hackers who lack expertise to find exposed ports themselves.
Yahoo Class-Action Suits Set for Settlement
Quick Hits  |  9/17/2018  | 
Altaba tells SEC it will incur $47 million to settle consumer litigation for massive Yahoo data breaches.
Ransomware Takes Down Airport's Flight Information Screens
Quick Hits  |  9/17/2018  | 
The attack left airport staff to post flight times and gates on whiteboards at Bristol Airport in Britain.
Data Breaches Costing More C-Level Executives Their Jobs
News Analysis-Security Now  |  9/17/2018  | 
A survey conducted by Kaspersky Labs shows that a major data breach can cost CIOs, CISOs and even CEOs their jobs, especially in North America.
The 7 Habits of Highly Effective Security Teams
Commentary  |  9/17/2018  | 
Security requires smart people, processes, and technology. Too often, the "people" portion of the PPT equation is neglected.
Fuji's Electric V-Server Susceptible to Numerous Vulnerabilities
Larry Loeb  |  9/17/2018  | 
Another industrial control system is shown to have a series of serious flaws. This time, it's Fuji's Electric V-Server, according to warnings from ICS-CERT.
Why CISOs Need a Seat at the IoT Projects Table
Dawn Kawamoto  |  9/17/2018  | 
Only 38% of CISOs and IT security professionals are asked for their input when IoT projects are launched, despite frequent attacks against IoT devices, according to a recent Trend Micro report.
How Secure are our Voting Systems for November 2018?
How Secure are our Voting Systems for November 2018?
Dark Reading Videos  |  9/14/2018  | 
Anomali CEO Hugh Njemanze discusses the importance of sharing threat intelligence across the countrys highly decentralized voting systems to safeguard the integrity of upcoming elections.
EternalBlue Infections Persist
Quick Hits  |  9/14/2018  | 
Indonesia, Taiwan, Vietnam, Thailand, Egypt, Russia, China, among the top 10 nations with the most machines infected with the exploit.
Military, Government Users Just as Bad About Password Hygiene as Civilians
News  |  9/14/2018  | 
New report comes out just as group of US senators chastise Secretary of State Mike Pompeo for not using multifactor authentication.
Guccifer to Be Extradited to US for Prison Sentence
Quick Hits  |  9/14/2018  | 
Four-year, four-month term will follow a longer sentence in hacker's home country of Romania.
Cybersecurity Is Only 1 Part of Election Security
Commentary  |  9/14/2018  | 
Protecting the 2018 election cycle means fixing the information infrastructure.
Iran Targeting ISIS Supporters, Kurds With Spyware
Jeffrey Burt  |  9/14/2018  | 
Check Point researchers found that victims of Iran's campaign were enticed to download mobile apps that were packed with spyware.
<<   <   Page 2 / 4   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24028
PUBLISHED: 2021-04-14
An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.
CVE-2021-29370
PUBLISHED: 2021-04-13
A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website.
CVE-2021-3460
PUBLISHED: 2021-04-13
The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.
CVE-2021-3462
PUBLISHED: 2021-04-13
A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.
CVE-2021-3463
PUBLISHED: 2021-04-13
A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error.