Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in September 2019
Page 1 / 4   >   >>
Microsoft Announces Ability to Force TLS Version Compliance
Quick Hits  |  9/30/2019  | 
Transport Layer Security (TLS) can be critical for security, but it must be deployed in a current version. Microsoft now provides a mechanism for administrators to guarantee the right version in their network.
Baltimore Reportedly Had No Data Backup Process for Many Systems
News  |  9/30/2019  | 
City lost key data in a ransomware attack earlier this year that's already cost more than $18.2 million in recovery and related expenses.
MSFT Updates Outlook Ban List for Downloads
Larry Loeb  |  9/30/2019  | 
Microsoft did some Outlook tweaking recently. They realized that the list of the file extensions that the program should refuse to download needed some updating.
218M Words with Friends Players Compromised in Data Breach
Quick Hits  |  9/30/2019  | 
The same attacker was reportedly behind the Collection #1 and Collection #2 data dumps earlier this year.
'Harvesting Attacks' & the Quantum Revolution
Commentary  |  9/30/2019  | 
Stockpiles of stolen information sitting in foreign databases are ready to be exposed the minute there's a working quantum computer in five to ten years. The time to act is now.
8 Microsegmentation Pitfalls to Avoid
Slideshows  |  9/30/2019  | 
Don't fall victim to these common mistakes on the path to developing better security boundaries and limiting the blast radius of security incidents.
Cloud Vulnerability Could Let One Server Compromise Thousands
News  |  9/27/2019  | 
A flaw in the OnApp cloud management platform could let an attacker compromise a private cloud with access to a single server.
Apple Patches Multiple Vulnerabilities Across Platforms
Quick Hits  |  9/27/2019  | 
Updates address two separate issues in Apple's desktop and mobile operating systems.
Cybersecurity Certification in the Spotlight Again
News  |  9/27/2019  | 
Swiss technology non-profit group joins others, such as the Obama-era President's Commission, in recommending that certain classes of technology products be tested.
Report Predicts DevSecOps Boom Over Next 2 Years
Larry Loeb  |  9/27/2019  | 
Sixty-eight percent of companies say they will be securing three quarters or more of their cloud-native applications with DevSecOps within two years.
DoorDash Breach Affects 4.9M Merchants, Customers, Workers
Quick Hits  |  9/27/2019  | 
The May 4 incident exposed data belonging to users on the platform on or before April 5, 2018.
Is Your Organization Suffering from Security Tool Sprawl?
Commentary  |  9/27/2019  | 
Most companies have too many tools, causing increased costs and security issues.
Mass Exploitation of vBulletin Flaw Raises Alarm
News  |  9/26/2019  | 
The remote code execution bug was a 0-day when it was publicly disclosed Monday, but has now been patched.
Cloud-Native Applications: Shift to Serverless is Underway
News  |  9/26/2019  | 
A new report explores changes in cloud-native applications and complexities involved with securing them.
Ransomware Hits Multiple, Older Vulnerabilities
Quick Hits  |  9/26/2019  | 
Ransomware attacks are taking advantage of vulnerabilities that are older and less severe, a new report finds.
Voting Machine Systems New & Old Contain 'Design' Flaws
News  |  9/26/2019  | 
DEF CON Voting Village organizers presented a final report on their findings at the Capitol.
Bridging the Gap Between Security & DevOps
Commentary  |  9/26/2019  | 
An inside look into the engineering mindset of DevOps from the vantage of a career security professional.
Airbus Cyberattack Landed on Suppliers' Networks
Quick Hits  |  9/26/2019  | 
Four separate incidents over the past year have targeted Airbus suppliers for the manufacturer's sensitive commercial data.
OWASP's Common Web Program Security Problems: Part 2
Larry Loeb  |  9/26/2019  | 
We continue the countdown of OWASP's Top Ten nasties.
Why You Need to Think About API Security
Commentary  |  9/26/2019  | 
Businesses of all sorts are increasingly relying on APIs to interact with customers in smartphone apps, but they have their own unique set of vulnerabilities.
Enterprise Ransomware & Consumer Ransomware: They're Not That Different
Larry Loeb  |  9/26/2019  | 
RiskSense researchers identified 57 vulnerabilities that are heavily tied to ransomware threats in enterprises and government organizations as opposed to individuals.
New Emergency Communications Plan Released by CISA
Quick Hits  |  9/25/2019  | 
The Cybersecurity and Infrastructure Security Agency's latest version of the National Emergency Communications Plan comes after a two-year process to improve the cybersecurity and flexibility of the nation's emergency communications.
GandCrab Developers Behind Destructive REvil Ransomware
News  |  9/25/2019  | 
Code similarities show a definite technical link between the malware strains, Secureworks says.
When Compliance Isn't Enough: A Case for Integrated Risk Management
News  |  9/25/2019  | 
Why governance, risk, and compliance solutions lull companies into a false sense of security, and how to form a more effective approach.
Long-Lining: Reeling In the Big Fish in Your Supply Chain
Commentary  |  9/25/2019  | 
The object of this new attack campaign is not swordfish or tuna but high-ranking executives within target organizations.
5 Updates from PCI SSC That You Need to Know
Slideshows  |  9/25/2019  | 
As payment technologies evolve, so do the requirements for securing cardholder data.
Web Attacks Focus on SQL Injection, Malware on Credentials
News  |  9/25/2019  | 
Attackers continue to focus on bread-and-butter tactics, according to a quarterly threat report.
Microsoft's Azure Sentinel SIEM Now Generally Available
Quick Hits  |  9/25/2019  | 
The cloud-native SIEM is designed to search data from users, applications, servers, and devices running on-prem and in the cloud.
The Future of Account Security: A World Without Passwords?
Commentary  |  9/25/2019  | 
First step: Convince machines that we are who we say we are with expanded biometrics, including behaviors, locations, and other information that makes "us" us.
Startup Cowbell Cyber Launches 'Continuous Underwriting' Platform
News  |  9/24/2019  | 
New inside-out approach will give SMBs a way to buy insurance coverage based on a realistic and ongoing assessment of their risk, company says.
Iranian Government Hackers Target US Veterans
News  |  9/24/2019  | 
'Tortoiseshell' discovered hosting a phony military-hiring website that drops a Trojan backdoor on visitors.
How to Define & Prioritize Risk Management Goals
News  |  9/24/2019  | 
As risk management programs differ from business to business, these factors remain constant.
Cloudflare Introduces 'Bot Fight Mode' Option for Site Operators
News  |  9/24/2019  | 
Goal is to help websites detect and block bad bot traffic, vendor says.
Russia Chooses Resiliency Over Efficiency in Cyber Ops
News  |  9/24/2019  | 
New analysis of the software used by espionage groups linked to Russia finds little overlap in their development, suggesting that the groups are siloed.
4 Cybersecurity Best Practices for Electrical Engineers
Commentary  |  9/24/2019  | 
Most electrical engineering firms are targeted by threat actors of opportunity because of two necessary ingredients: people and computers. These four tips will help keep you safer.
Wyoming Hospital the Latest to Be Hit With Ransomware Attack
Quick Hits  |  9/24/2019  | 
A attack has had a significant impact on the operations of Wyoming's Campbell County Memorial Hospital.
Microsoft Defender Bug Fixed with Emergency Patch
Quick Hits  |  9/24/2019  | 
A second out-of-band patch issued this week addresses a denial-of-service vulnerability in Microsoft Defender.
OWASP Lists the Most Common Security Stings
Larry Loeb  |  9/24/2019  | 
OWASP's Top 10 is made up of high-risk, common weaknesses and flaws that are seen over and over again.
6 Best Practices for Performing Physical Penetration Tests
Commentary  |  9/24/2019  | 
A cautionary tale from a pen test gone wrong in an Iowa county courthouse.
JP Morgan Hacker Pleads Guilty
Quick Hits  |  9/23/2019  | 
Andrei Tyurin, a Russian national, pleaded guilty to hacking charges related to a massive cyberattack campaign targeting US financial institutions and other companies.
Rethinking Risk Management
News  |  9/23/2019  | 
Where most organizations fall short in risk management tools, technologies, and talent, and how they can improve.
Microsoft Issues Out-of-Band Patch for Internet Explorer
Quick Hits  |  9/23/2019  | 
The security update fixes a vulnerability that could allow an attacker to remotely execute code at the same privilege as the legitimate user.
YouTube Creators Hit in Account Hijacking Campaign
Quick Hits  |  9/23/2019  | 
The victims, who post car reviews and other videos about the auto industry, were targeted in a seemingly coordinated campaign to steal account access.
How Network Logging Mitigates Legal Risk
Commentary  |  9/23/2019  | 
Logging that is turned on, captured, and preserved immediately after a cyber event is proof positive that personal data didn't fall into the hands of a cybercriminal.
7 Ways VPNs Can Turn from Ally to Threat
Slideshows  |  9/21/2019  | 
VPNs are critical pieces of the security infrastructure, but they can be vulnerable, hackable, and weaponized against you. Here are seven things to be aware of before you ignore your VPN.
HP Purchases Security Startup Bromium
Quick Hits  |  9/20/2019  | 
The purchase will bring new isolation and threat intelligence capabilities to the HP portfolio.
Ransomware Strikes 49 School Districts & Colleges in 2019
News  |  9/20/2019  | 
The education sector has seen 10 new victims in the past nine days alone, underscoring a consistent trend throughout 2019.
LastPass Extensions for Chrome & Opera Can Leak Passwords
Larry Loeb  |  9/20/2019  | 
A history of password-stealing potential vulnerabilities has LastPass users worried.
WeWork's Wi-Fi Exposed Files, Credentials, Emails
Quick Hits  |  9/20/2019  | 
For years, sensitive documents and corporate data have been easily viewable on the coworking space's open network.
A Safer IoT Future Must Be a Joint Effort
Commentary  |  9/20/2019  | 
We're just at the beginning of an important conversation about the future of our homes and cities, which must involve both consumers and many players in the industry
Page 1 / 4   >   >>


Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27254
PUBLISHED: 2021-03-05
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encrypti...
CVE-2021-27255
PUBLISHED: 2021-03-05
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refresh_status.aspx endpoint. The issue results from a lack of...
CVE-2021-27256
PUBLISHED: 2021-03-05
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists wit...
CVE-2021-27257
PUBLISHED: 2021-03-05
This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via...
CVE-2021-26705
PUBLISHED: 2021-03-05
An issue was discovered in SquareBox CatDV Server through 9.2. An attacker can invoke sensitive RMI methods such as getConnections without authentication, the results of which can be used to generate valid authentication tokens. These tokens can then be used to invoke administrative tasks within the...