Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in September 2019
<<   <   Page 2 / 4   >   >>
Lion Air the Latest to Get Tripped Up by Misconfigured AWS S3
News  |  9/19/2019  | 
The breach, which reportedly exposed data on millions of passengers, is one of many that have resulted from organizations leaving data publicly accessible in cloud storage buckets.
Metasploit Creator HD Moore's Latest Hack: IT Assets
News  |  9/19/2019  | 
Moore has built a network asset discovery tool that wasn't intended to be a pure security tool, but it addresses a glaring security problem.
BSIMM10 Emphasizes DevOps' Role in Software Security
News  |  9/19/2019  | 
The latest model, with insights from 122 firms, shows DevOps adoption is far enough along to influence how companies approach software security.
California's IoT Security Law Causing Confusion
News  |  9/19/2019  | 
The law, which goes into effect January 1, requires manufacturers to equip devices with 'reasonable security feature(s).' What that entails is still an open question.
Security Pros Value Disclosure ... Sometimes
Quick Hits  |  9/19/2019  | 
Security professionals will coordinate disclosure with researchers but may keep their self-discovered vulnerabilities secret, a new study shows.
Deconstructing an iPhone Spearphishing Attack
Commentary  |  9/19/2019  | 
How criminals today bypass smartphone anti-theft protection and harvest AppleID and passwords taken from fake Apple servers.
Ping Identity Prices IPO at $15 per Share
Quick Hits  |  9/19/2019  | 
The identity management company plans to sell 12.5 million shares, raising $187.5 million in its initial public offering.
Crowdsourced Security & the Gig Economy
Commentary  |  9/19/2019  | 
Crowdsourced platforms have redefined both pentesting and the cybersecurity gig economy. Just not in a good way.
How Human-Centered Security Can Strengthen Your Organizations
Steve Durbin  |  9/19/2019  | 
Humans are often regarded as the 'weakest link' in information security. However, organizations have historically relied on the effectiveness of technical security controls, instead of trying to understand why people are susceptible to mistakes and manipulation.
Saudi IT Providers Hit in Cyber Espionage Operation
News  |  9/18/2019  | 
Symantec identifies new 'Tortoiseshell' nation-state group as the attackers.
WannaCry Detections At An All-Time High
News  |  9/18/2019  | 
More than 12,000 variants of the infamous malware are targeting systems that are still open to the EternalBlue exploit - but the potential danger is low, Sophos warns.
How Cybercriminals Exploit Simple Human Mistakes
News  |  9/18/2019  | 
A new report explores how attackers identify psychological vulnerabilities to effectively manipulate targets.
DevSecOps: Recreating Cybersecurity Culture
Commentary  |  9/18/2019  | 
Bringing developers and security teams together guided by a common goal requires some risk-taking. With patience and confidence, it will pay off. Here's how.
GitHub Becomes CVE Numbering Authority, Acquires Semmle
Quick Hits  |  9/18/2019  | 
Latest moves will make it much more likely that vulnerabilities in open source projects will be found and reported, GitHub says.
New Security Startup Emerges from Stealth Mode
Quick Hits  |  9/18/2019  | 
GK8 creates proprietary platform for securing blockchain transactions, no Internet needed.
One Arrested in Ecuador's Mega Data Leak
Quick Hits  |  9/18/2019  | 
Officials arrest a leader of consulting firm Novaestrat, which owned an unprotected server that exposed 20.8 million personal records.
Cryptominer Attacks Ramp Up, Focus on Persistence
News  |  9/18/2019  | 
The latest attacks, such as Skidmap and Smominru, add capabilities to allow them to persist longer on Windows and Linux systems, surviving initial attempts at eliminating them.
24.3M Unsecured Health Records Expose Patient Data, Images
Quick Hits  |  9/18/2019  | 
Several hundred servers storing medical data are connected to the Internet without any protection for sensitive information and images.
How Ransomware Criminals Turn Friends into Enemies
Commentary  |  9/18/2019  | 
Managed service providers are the latest pawns in ransomware's game of chess.
DNSSEC Can Encourage DDoS – Nexusguard
Larry Loeb  |  9/18/2019  | 
Report found that DNS Amplification contributed to the largest share, compared to other methods, of attack activities in Q2 2019.
MITRE Releases 2019 List of Top 25 Software Weaknesses
News  |  9/17/2019  | 
The list includes the most frequent and critical weaknesses that can lead to serious software vulnerabilities.
Snowden Sued by US Government Over His New Book
Quick Hits  |  9/17/2019  | 
Civil suit argues the former CIA employee and NSA contractor violated his nondisclosure agreements with the two intel agencies.
5 Common Cloud Configuration Mistakes
Commentary  |  9/17/2019  | 
It's a joint responsibility to keep data safe in the cloud. Here's what cloud customers must do to keep their end of the bargain.
Cybercriminal's Black Market Pricing Guide
Slideshows  |  9/17/2019  | 
Common prices criminals pay one another for products and services that fuel the cybercriminal ecosystem.
15K Private Webcams Could Let Attackers View Homes, Businesses
Quick Hits  |  9/17/2019  | 
Webcams could be potentially accessed and manipulated by anyone with an Internet connection, researchers say.
Analytics Startup Claims to Turn Golden Tickets Brass
Joe Stanganelli  |  9/17/2019  | 
The threat of escalation attacks and forged administration levels has plagued Kerberos authentication systems for years. Data-analytics startup Qomplx claims to do the math that solves the problem.
US Companies Unprepared for Privacy Regulations
Quick Hits  |  9/17/2019  | 
US companies are poorly prepared for even the most rudimentary privacy regulations, a new report says.
Impersonation Fraud Still Effective in Obtaining Code Signatures
News  |  9/17/2019  | 
Fraudsters continue to attempt to fool certificate authorities into issuing valid digital certificates for legitimate organizations by impersonating an authoritative user. The reward? The ability to sign code with a legitimate signature.
F-Secure's Honeypots Get Hit 3 Billion Times in First Half of 2019
Larry Loeb  |  9/17/2019  | 
Global network of honeypots measured more than triple the attack traffic of the previous period, to a total of over 2.9 billion events.
How Intel Unlocks the Powerful Potential of Diversity in Cybersecurity
Commentary  |  9/17/2019  | 
Sparking cultural shifts within an organization -- and throughout an entire industry -- can feel like a monumental task, but the juice is well worth the squeeze.
Oracle Expands Cloud Security Services at OpenWorld 2019
News  |  9/16/2019  | 
The company broadens its portfolio with new services developed to centralize and automate cloud security.
US Turning Up the Heat on North Korea's Cyber Threat Operations
News  |  9/16/2019  | 
Sanctions on North Korean nation-state hacking groups came amid reports of fresh malicious campaigns directed at US entities from the isolated nation.
Court Rules In Favor of Firm 'Scraping' Public Data
Quick Hits  |  9/16/2019  | 
US appeals court said a company can legally use publicly available LinkedIn account information.
Data Leak Affects Most of Ecuador's Population
News  |  9/16/2019  | 
An unsecured database containing 18GB of data exposed more than 20 million records, most of which held details about Ecuadorian citizens.
Preventing PTSD and Burnout for Cybersecurity Professionals
Commentary  |  9/16/2019  | 
The safety of our digital lives is at stake, and we need to all do our part in raising awareness of these issues.
NIST Tackles AI
Larry Loeb  |  9/16/2019  | 
But to prepare for something usually means you have an idea about what you are preparing for, no?
Malware Linked to Ryuk Targets Financial & Military Data
News  |  9/13/2019  | 
A newly discovered campaign, packing traces of Ryuk ransomware, aims to steal confidential information.
US Sanctions 3 Cyberattack Groups Tied to DPRK
Quick Hits  |  9/13/2019  | 
Lazarus Group, Bluenoroff, and Andariel were named and sanctioned by the US Treasury for ongoing attacks on financial systems.
6 Questions to Ask Once Youve Learned of a Breach
Slideshows  |  9/13/2019  | 
With GDPR enacted and the California Consumer Privacy Act on the near horizon, companies have to sharpen up their responses. Start by asking these six questions.
No Quick Fix for Security-Worker Shortfall
News  |  9/13/2019  | 
Security professionals see acquiring skills as the way forward, but only half of companies are training their workers, with more continuing to search for highly skilled employees.
Taking a Fresh Look at Security Ops: 10 Tips
Commentary  |  9/13/2019  | 
Maybe you love your executive team, your security processes, tools, or strategy. Maybe you hate them. Whatever the situation, it's likely at some point that things will have changed.
An Image Can Poison Just as Well as an Exploit Can
Larry Loeb  |  9/13/2019  | 
An emerging and increasingly sophisticated threat campaign is employing obscure file formats.
Podcast: Infrastructure Hunting – Stopping Bad Actors in Their Tracks
Podcasts  |  9/13/2019  | 
Being able to effectively build a threat intelligence ecosystem or threat-hunting identification response requires both user and systems sophistication and capabilities. Security, orchestration, automation and response (SOAR) is a new technology designed to provide organizations a single comprehensive platform they can use to implement an intelligence driven security strategy.
Instagram Bug Put User Account Details, Phone Numbers at Risk
News  |  9/12/2019  | 
The vulnerability, now patched, is the latest in a series of bad news for Facebook.
Indictments Do Little to Stop Iranian Group from New Attacks on Universities
News  |  9/12/2019  | 
Cobalt Dickens targeted more than 60 universities in the US and elsewhere this summer, according to a new report.
North Korea Seen Using ELECTRICFISH, BADCALL Malware Variants
Quick Hits  |  9/12/2019  | 
The FBI and CISA issued an alert the same week researchers disclosed a new campaign launched by actors with North Korean ties.
Security Leaders Share Tips for Boardroom Chats
Slideshows  |  9/12/2019  | 
Cisco, Oracle, and LinkedIn security leaders share their challenges in communicating with business teams and advice for how CISOs can navigate the relationship.
A Definitive Guide to Crowdsourced Vulnerability Management
Commentary  |  9/12/2019  | 
Knowing about a bug and actually securing it are very different things. These six steps will get you from "oh, sh*t" to fixed.
NetCAT Vulnerability Is Out of the Bag
Quick Hits  |  9/12/2019  | 
Researchers discover a side-channel vulnerability that exploits the network performance-enhancing capabilities of recent Intel server CPUs.
Podcast: Digital Transformation, SD-WAN & Optimal Security
Podcasts  |  9/12/2019  | 
Dan Reis chats to Cybera's Josh Flynn about how to achieve digital transformation without sacrificing security.
<<   <   Page 2 / 4   >   >>


News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24028
PUBLISHED: 2021-04-14
An invalid free in Thrift's table-based serialization can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2021.02.22.00.
CVE-2021-29370
PUBLISHED: 2021-04-13
A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website.
CVE-2021-3460
PUBLISHED: 2021-04-13
The Motorola MH702x devices, prior to version 2.0.0.301, do not properly verify the server certificate during communication with the support server which could lead to the communication channel being accessible by an attacker.
CVE-2021-3462
PUBLISHED: 2021-04-13
A privilege escalation vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could allow unauthorized access to the driver's device object.
CVE-2021-3463
PUBLISHED: 2021-04-13
A null pointer dereference vulnerability in Lenovo Power Management Driver for Windows 10, prior to version 1.67.17.54, that could cause systems to experience a blue screen error.