Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in September 2019
Page 1 / 3   >   >>
Microsoft Announces Ability to Force TLS Version Compliance
Quick Hits  |  9/30/2019  | 
Transport Layer Security (TLS) can be critical for security, but it must be deployed in a current version. Microsoft now provides a mechanism for administrators to guarantee the right version in their network.
Baltimore Reportedly Had No Data Backup Process for Many Systems
News  |  9/30/2019  | 
City lost key data in a ransomware attack earlier this year that's already cost more than $18.2 million in recovery and related expenses.
218M Words with Friends Players Compromised in Data Breach
Quick Hits  |  9/30/2019  | 
The same attacker was reportedly behind the Collection #1 and Collection #2 data dumps earlier this year.
'Harvesting Attacks' & the Quantum Revolution
Commentary  |  9/30/2019  | 
Stockpiles of stolen information sitting in foreign databases are ready to be exposed the minute there's a working quantum computer in five to ten years. The time to act is now.
8 Microsegmentation Pitfalls to Avoid
Slideshows  |  9/30/2019  | 
Don't fall victim to these common mistakes on the path to developing better security boundaries and limiting the blast radius of security incidents.
Cloud Vulnerability Could Let One Server Compromise Thousands
News  |  9/27/2019  | 
A flaw in the OnApp cloud management platform could let an attacker compromise a private cloud with access to a single server.
Apple Patches Multiple Vulnerabilities Across Platforms
Quick Hits  |  9/27/2019  | 
Updates address two separate issues in Apple's desktop and mobile operating systems.
Cybersecurity Certification in the Spotlight Again
News  |  9/27/2019  | 
Swiss technology non-profit group joins others, such as the Obama-era President's Commission, in recommending that certain classes of technology products be tested.
DoorDash Breach Affects 4.9M Merchants, Customers, Workers
Quick Hits  |  9/27/2019  | 
The May 4 incident exposed data belonging to users on the platform on or before April 5, 2018.
Is Your Organization Suffering from Security Tool Sprawl?
Commentary  |  9/27/2019  | 
Most companies have too many tools, causing increased costs and security issues.
Mass Exploitation of vBulletin Flaw Raises Alarm
News  |  9/26/2019  | 
The remote code execution bug was a 0-day when it was publicly disclosed Monday, but has now been patched.
Cloud-Native Applications: Shift to Serverless is Underway
News  |  9/26/2019  | 
A new report explores changes in cloud-native applications and complexities involved with securing them.
Ransomware Hits Multiple, Older Vulnerabilities
Quick Hits  |  9/26/2019  | 
Ransomware attacks are taking advantage of vulnerabilities that are older and less severe, a new report finds.
Voting Machine Systems New & Old Contain 'Design' Flaws
News  |  9/26/2019  | 
DEF CON Voting Village organizers presented a final report on their findings at the Capitol.
Bridging the Gap Between Security & DevOps
Commentary  |  9/26/2019  | 
An inside look into the engineering mindset of DevOps from the vantage of a career security professional.
Airbus Cyberattack Landed on Suppliers' Networks
Quick Hits  |  9/26/2019  | 
Four separate incidents over the past year have targeted Airbus suppliers for the manufacturer's sensitive commercial data.
Why You Need to Think About API Security
Commentary  |  9/26/2019  | 
Businesses of all sorts are increasingly relying on APIs to interact with customers in smartphone apps, but they have their own unique set of vulnerabilities.
New Emergency Communications Plan Released by CISA
Quick Hits  |  9/25/2019  | 
The Cybersecurity and Infrastructure Security Agency's latest version of the National Emergency Communications Plan comes after a two-year process to improve the cybersecurity and flexibility of the nation's emergency communications.
GandCrab Developers Behind Destructive REvil Ransomware
News  |  9/25/2019  | 
Code similarities show a definite technical link between the malware strains, Secureworks says.
When Compliance Isn't Enough: A Case for Integrated Risk Management
News  |  9/25/2019  | 
Why governance, risk, and compliance solutions lull companies into a false sense of security, and how to form a more effective approach.
Long-Lining: Reeling In the Big Fish in Your Supply Chain
Commentary  |  9/25/2019  | 
The object of this new attack campaign is not swordfish or tuna but high-ranking executives within target organizations.
5 Updates from PCI SSC That You Need to Know
Slideshows  |  9/25/2019  | 
As payment technologies evolve, so do the requirements for securing cardholder data.
Web Attacks Focus on SQL Injection, Malware on Credentials
News  |  9/25/2019  | 
Attackers continue to focus on bread-and-butter tactics, according to a quarterly threat report.
Microsoft's Azure Sentinel SIEM Now Generally Available
Quick Hits  |  9/25/2019  | 
The cloud-native SIEM is designed to search data from users, applications, servers, and devices running on-prem and in the cloud.
The Future of Account Security: A World Without Passwords?
Commentary  |  9/25/2019  | 
First step: Convince machines that we are who we say we are with expanded biometrics, including behaviors, locations, and other information that makes "us" us.
Startup Cowbell Cyber Launches 'Continuous Underwriting' Platform
News  |  9/24/2019  | 
New inside-out approach will give SMBs a way to buy insurance coverage based on a realistic and ongoing assessment of their risk, company says.
Iranian Government Hackers Target US Veterans
News  |  9/24/2019  | 
'Tortoiseshell' discovered hosting a phony military-hiring website that drops a Trojan backdoor on visitors.
How to Define & Prioritize Risk Management Goals
News  |  9/24/2019  | 
As risk management programs differ from business to business, these factors remain constant.
Cloudflare Introduces 'Bot Fight Mode' Option for Site Operators
News  |  9/24/2019  | 
Goal is to help websites detect and block bad bot traffic, vendor says.
Wyoming Hospital the Latest to Be Hit With Ransomware Attack
Quick Hits  |  9/24/2019  | 
A attack has had a significant impact on the operations of Wyoming's Campbell County Memorial Hospital.
Russia Chooses Resiliency Over Efficiency in Cyber Ops
News  |  9/24/2019  | 
New analysis of the software used by espionage groups linked to Russia finds little overlap in their development, suggesting that the groups are siloed.
4 Cybersecurity Best Practices for Electrical Engineers
Commentary  |  9/24/2019  | 
Most electrical engineering firms are targeted by threat actors of opportunity because of two necessary ingredients: people and computers. These four tips will help keep you safer.
Microsoft Defender Bug Fixed with Emergency Patch
Quick Hits  |  9/24/2019  | 
A second out-of-band patch issued this week addresses a denial-of-service vulnerability in Microsoft Defender.
6 Best Practices for Performing Physical Penetration Tests
Commentary  |  9/24/2019  | 
A cautionary tale from a pen test gone wrong in an Iowa county courthouse.
JP Morgan Hacker Pleads Guilty
Quick Hits  |  9/23/2019  | 
Andrei Tyurin, a Russian national, pleaded guilty to hacking charges related to a massive cyberattack campaign targeting US financial institutions and other companies.
Rethinking Risk Management
News  |  9/23/2019  | 
Where most organizations fall short in risk management tools, technologies, and talent, and how they can improve.
Microsoft Issues Out-of-Band Patch for Internet Explorer
Quick Hits  |  9/23/2019  | 
The security update fixes a vulnerability that could allow an attacker to remotely execute code at the same privilege as the legitimate user.
YouTube Creators Hit in Account Hijacking Campaign
Quick Hits  |  9/23/2019  | 
The victims, who post car reviews and other videos about the auto industry, were targeted in a seemingly coordinated campaign to steal account access.
How Network Logging Mitigates Legal Risk
Commentary  |  9/23/2019  | 
Logging that is turned on, captured, and preserved immediately after a cyber event is proof positive that personal data didn't fall into the hands of a cybercriminal.
7 Ways VPNs Can Turn from Ally to Threat
Slideshows  |  9/21/2019  | 
VPNs are critical pieces of the security infrastructure, but they can be vulnerable, hackable, and weaponized against you. Here are seven things to be aware of before you ignore your VPN.
HP Purchases Security Startup Bromium
Quick Hits  |  9/20/2019  | 
The purchase will bring new isolation and threat intelligence capabilities to the HP portfolio.
Ransomware Strikes 49 School Districts & Colleges in 2019
News  |  9/20/2019  | 
The education sector has seen 10 new victims in the past nine days alone, underscoring a consistent trend throughout 2019.
WeWork's Wi-Fi Exposed Files, Credentials, Emails
Quick Hits  |  9/20/2019  | 
For years, sensitive documents and corporate data have been easily viewable on the coworking space's open network.
A Safer IoT Future Must Be a Joint Effort
Commentary  |  9/20/2019  | 
We're just at the beginning of an important conversation about the future of our homes and cities, which must involve both consumers and many players in the industry
Lion Air the Latest to Get Tripped Up by Misconfigured AWS S3
News  |  9/19/2019  | 
The breach, which reportedly exposed data on millions of passengers, is one of many that have resulted from organizations leaving data publicly accessible in cloud storage buckets.
Metasploit Creator HD Moore's Latest Hack: IT Assets
News  |  9/19/2019  | 
Moore has built a network asset discovery tool that wasn't intended to be a pure security tool, but it addresses a glaring security problem.
BSIMM10 Emphasizes DevOps' Role in Software Security
News  |  9/19/2019  | 
The latest model, with insights from 122 firms, shows DevOps adoption is far enough along to influence how companies approach software security.
California's IoT Security Law Causing Confusion
News  |  9/19/2019  | 
The law, which goes into effect January 1, requires manufacturers to equip devices with 'reasonable security feature(s).' What that entails is still an open question.
Security Pros Value Disclosure ... Sometimes
Quick Hits  |  9/19/2019  | 
Security professionals will coordinate disclosure with researchers but may keep their self-discovered vulnerabilities secret, a new study shows.
Deconstructing an iPhone Spearphishing Attack
Commentary  |  9/19/2019  | 
How criminals today bypass smartphone anti-theft protection and harvest AppleID and passwords taken from fake Apple servers.
Page 1 / 3   >   >>


7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8003
PUBLISHED: 2020-01-27
A double-free vulnerability in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to cause a denial of service by triggering texture allocation failure, because vrend_renderer_resource_allocated_texture is not an appropriate place for a free.
CVE-2019-20427
PUBLISHED: 2020-01-27
In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic, and possibly remote code execution, due to the lack of validation for specific fields of packets sent by a client. Interaction between req_capsule_get_size and tgt_brw_write leads to a tgt_shortio2pages integ...
CVE-2019-20428
PUBLISHED: 2020-01-27
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic due to the lack of validation for specific fields of packets sent by a client. The ldl_request_cancel function mishandles a large lock_count parameter.
CVE-2019-20429
PUBLISHED: 2020-01-27
In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic (via a modified lm_bufcount field) due to the lack of validation for specific fields of packets sent by a client. This is caused by interaction between sptlrpc_svc_unwrap_request and lustre_msg_hdr_size_v2...
CVE-2019-20430
PUBLISHED: 2020-01-27
In the Lustre file system before 2.12.3, the mdt module has an LBUG panic (via a large MDT Body eadatasize field) due to the lack of validation for specific fields of packets sent by a client.