Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in September 2019
Page 1 / 3   >   >>
Microsoft Announces Ability to Force TLS Version Compliance
Quick Hits  |  9/30/2019  | 
Transport Layer Security (TLS) can be critical for security, but it must be deployed in a current version. Microsoft now provides a mechanism for administrators to guarantee the right version in their network.
Baltimore Reportedly Had No Data Backup Process for Many Systems
News  |  9/30/2019  | 
City lost key data in a ransomware attack earlier this year that's already cost more than $18.2 million in recovery and related expenses.
218M Words with Friends Players Compromised in Data Breach
Quick Hits  |  9/30/2019  | 
The same attacker was reportedly behind the Collection #1 and Collection #2 data dumps earlier this year.
'Harvesting Attacks' & the Quantum Revolution
Commentary  |  9/30/2019  | 
Stockpiles of stolen information sitting in foreign databases are ready to be exposed the minute there's a working quantum computer in five to ten years. The time to act is now.
8 Microsegmentation Pitfalls to Avoid
Slideshows  |  9/30/2019  | 
Don't fall victim to these common mistakes on the path to developing better security boundaries and limiting the blast radius of security incidents.
Cloud Vulnerability Could Let One Server Compromise Thousands
News  |  9/27/2019  | 
A flaw in the OnApp cloud management platform could let an attacker compromise a private cloud with access to a single server.
Apple Patches Multiple Vulnerabilities Across Platforms
Quick Hits  |  9/27/2019  | 
Updates address two separate issues in Apple's desktop and mobile operating systems.
Cybersecurity Certification in the Spotlight Again
News  |  9/27/2019  | 
Swiss technology non-profit group joins others, such as the Obama-era President's Commission, in recommending that certain classes of technology products be tested.
DoorDash Breach Affects 4.9M Merchants, Customers, Workers
Quick Hits  |  9/27/2019  | 
The May 4 incident exposed data belonging to users on the platform on or before April 5, 2018.
Is Your Organization Suffering from Security Tool Sprawl?
Commentary  |  9/27/2019  | 
Most companies have too many tools, causing increased costs and security issues.
Mass Exploitation of vBulletin Flaw Raises Alarm
News  |  9/26/2019  | 
The remote code execution bug was a 0-day when it was publicly disclosed Monday, but has now been patched.
Cloud-Native Applications: Shift to Serverless is Underway
News  |  9/26/2019  | 
A new report explores changes in cloud-native applications and complexities involved with securing them.
Ransomware Hits Multiple, Older Vulnerabilities
Quick Hits  |  9/26/2019  | 
Ransomware attacks are taking advantage of vulnerabilities that are older and less severe, a new report finds.
Voting Machine Systems New & Old Contain 'Design' Flaws
News  |  9/26/2019  | 
DEF CON Voting Village organizers presented a final report on their findings at the Capitol.
Bridging the Gap Between Security & DevOps
Commentary  |  9/26/2019  | 
An inside look into the engineering mindset of DevOps from the vantage of a career security professional.
Airbus Cyberattack Landed on Suppliers' Networks
Quick Hits  |  9/26/2019  | 
Four separate incidents over the past year have targeted Airbus suppliers for the manufacturer's sensitive commercial data.
Why You Need to Think About API Security
Commentary  |  9/26/2019  | 
Businesses of all sorts are increasingly relying on APIs to interact with customers in smartphone apps, but they have their own unique set of vulnerabilities.
New Emergency Communications Plan Released by CISA
Quick Hits  |  9/25/2019  | 
The Cybersecurity and Infrastructure Security Agency's latest version of the National Emergency Communications Plan comes after a two-year process to improve the cybersecurity and flexibility of the nation's emergency communications.
GandCrab Developers Behind Destructive REvil Ransomware
News  |  9/25/2019  | 
Code similarities show a definite technical link between the malware strains, Secureworks says.
When Compliance Isn't Enough: A Case for Integrated Risk Management
News  |  9/25/2019  | 
Why governance, risk, and compliance solutions lull companies into a false sense of security, and how to form a more effective approach.
Long-Lining: Reeling In the Big Fish in Your Supply Chain
Commentary  |  9/25/2019  | 
The object of this new attack campaign is not swordfish or tuna but high-ranking executives within target organizations.
5 Updates from PCI SSC That You Need to Know
Slideshows  |  9/25/2019  | 
As payment technologies evolve, so do the requirements for securing cardholder data.
Web Attacks Focus on SQL Injection, Malware on Credentials
News  |  9/25/2019  | 
Attackers continue to focus on bread-and-butter tactics, according to a quarterly threat report.
Microsoft's Azure Sentinel SIEM Now Generally Available
Quick Hits  |  9/25/2019  | 
The cloud-native SIEM is designed to search data from users, applications, servers, and devices running on-prem and in the cloud.
The Future of Account Security: A World Without Passwords?
Commentary  |  9/25/2019  | 
First step: Convince machines that we are who we say we are with expanded biometrics, including behaviors, locations, and other information that makes "us" us.
Startup Cowbell Cyber Launches 'Continuous Underwriting' Platform
News  |  9/24/2019  | 
New inside-out approach will give SMBs a way to buy insurance coverage based on a realistic and ongoing assessment of their risk, company says.
Iranian Government Hackers Target US Veterans
News  |  9/24/2019  | 
'Tortoiseshell' discovered hosting a phony military-hiring website that drops a Trojan backdoor on visitors.
How to Define & Prioritize Risk Management Goals
News  |  9/24/2019  | 
As risk management programs differ from business to business, these factors remain constant.
Cloudflare Introduces 'Bot Fight Mode' Option for Site Operators
News  |  9/24/2019  | 
Goal is to help websites detect and block bad bot traffic, vendor says.
Wyoming Hospital the Latest to Be Hit With Ransomware Attack
Quick Hits  |  9/24/2019  | 
A attack has had a significant impact on the operations of Wyoming's Campbell County Memorial Hospital.
Russia Chooses Resiliency Over Efficiency in Cyber Ops
News  |  9/24/2019  | 
New analysis of the software used by espionage groups linked to Russia finds little overlap in their development, suggesting that the groups are siloed.
4 Cybersecurity Best Practices for Electrical Engineers
Commentary  |  9/24/2019  | 
Most electrical engineering firms are targeted by threat actors of opportunity because of two necessary ingredients: people and computers. These four tips will help keep you safer.
Microsoft Defender Bug Fixed with Emergency Patch
Quick Hits  |  9/24/2019  | 
A second out-of-band patch issued this week addresses a denial-of-service vulnerability in Microsoft Defender.
6 Best Practices for Performing Physical Penetration Tests
Commentary  |  9/24/2019  | 
A cautionary tale from a pen test gone wrong in an Iowa county courthouse.
JP Morgan Hacker Pleads Guilty
Quick Hits  |  9/23/2019  | 
Andrei Tyurin, a Russian national, pleaded guilty to hacking charges related to a massive cyberattack campaign targeting US financial institutions and other companies.
Rethinking Risk Management
News  |  9/23/2019  | 
Where most organizations fall short in risk management tools, technologies, and talent, and how they can improve.
Microsoft Issues Out-of-Band Patch for Internet Explorer
Quick Hits  |  9/23/2019  | 
The security update fixes a vulnerability that could allow an attacker to remotely execute code at the same privilege as the legitimate user.
YouTube Creators Hit in Account Hijacking Campaign
Quick Hits  |  9/23/2019  | 
The victims, who post car reviews and other videos about the auto industry, were targeted in a seemingly coordinated campaign to steal account access.
How Network Logging Mitigates Legal Risk
Commentary  |  9/23/2019  | 
Logging that is turned on, captured, and preserved immediately after a cyber event is proof positive that personal data didn't fall into the hands of a cybercriminal.
7 Ways VPNs Can Turn from Ally to Threat
Slideshows  |  9/21/2019  | 
VPNs are critical pieces of the security infrastructure, but they can be vulnerable, hackable, and weaponized against you. Here are seven things to be aware of before you ignore your VPN.
HP Purchases Security Startup Bromium
Quick Hits  |  9/20/2019  | 
The purchase will bring new isolation and threat intelligence capabilities to the HP portfolio.
Ransomware Strikes 49 School Districts & Colleges in 2019
News  |  9/20/2019  | 
The education sector has seen 10 new victims in the past nine days alone, underscoring a consistent trend throughout 2019.
WeWork's Wi-Fi Exposed Files, Credentials, Emails
Quick Hits  |  9/20/2019  | 
For years, sensitive documents and corporate data have been easily viewable on the coworking space's open network.
A Safer IoT Future Must Be a Joint Effort
Commentary  |  9/20/2019  | 
We're just at the beginning of an important conversation about the future of our homes and cities, which must involve both consumers and many players in the industry
Lion Air the Latest to Get Tripped Up by Misconfigured AWS S3
News  |  9/19/2019  | 
The breach, which reportedly exposed data on millions of passengers, is one of many that have resulted from organizations leaving data publicly accessible in cloud storage buckets.
Metasploit Creator HD Moore's Latest Hack: IT Assets
News  |  9/19/2019  | 
Moore has built a network asset discovery tool that wasn't intended to be a pure security tool, but it addresses a glaring security problem.
BSIMM10 Emphasizes DevOps' Role in Software Security
News  |  9/19/2019  | 
The latest model, with insights from 122 firms, shows DevOps adoption is far enough along to influence how companies approach software security.
California's IoT Security Law Causing Confusion
News  |  9/19/2019  | 
The law, which goes into effect January 1, requires manufacturers to equip devices with 'reasonable security feature(s).' What that entails is still an open question.
Security Pros Value Disclosure ... Sometimes
Quick Hits  |  9/19/2019  | 
Security professionals will coordinate disclosure with researchers but may keep their self-discovered vulnerabilities secret, a new study shows.
Deconstructing an iPhone Spearphishing Attack
Commentary  |  9/19/2019  | 
How criminals today bypass smartphone anti-theft protection and harvest AppleID and passwords taken from fake Apple servers.
Page 1 / 3   >   >>


Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18216
PUBLISHED: 2019-10-20
** DISPUTED ** The BIOS configuration design on ASUS ROG Zephyrus M GM501GS laptops with BIOS 313 relies on the main battery instead of using a CMOS battery, which reduces the value of a protection mechanism in which booting from a USB device is prohibited. Attackers who have physical laptop access ...
CVE-2019-18214
PUBLISHED: 2019-10-19
The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once. (The workload is not queued for serial execution.)
CVE-2019-18202
PUBLISHED: 2019-10-19
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests.
CVE-2019-18209
PUBLISHED: 2019-10-19
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer.
CVE-2019-18198
PUBLISHED: 2019-10-18
In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.