News & Commentary

Latest Content tagged with Privacy
<<   <   Page 2 / 2
Under Armour App Breach Exposes 150 Million Records
Quick Hits  |  3/30/2018  | 
A breach in a database for MyFitnessPal exposes information on 150 million users.
New Android Cryptojacker Can Brick Phones
News  |  3/28/2018  | 
Mobile cryptojacking malware mines Monero.
Destructive and False Flag Cyberattacks to Escalate
News  |  3/28/2018  | 
Rising geopolitical tensions between the US and Russia, Iran, and others are the perfect recipe for nastier nation-state cyberattacks.
Fixing Hacks Has Deadly Impact on Hospitals
News  |  3/28/2018  | 
A study from Vanderbilt University shows that remediating data breaches has a very real impact on mortality rates at hospitals.
Bad Bots Increasingly Hide Out in Cloud Data Centers
News  |  3/27/2018  | 
Humans accounted for nearly 58% of website traffic in 2017 -- the rest were bad and good bots.
Privacy: Do We Need a National Data Breach Disclosure Law?
Commentary  |  3/27/2018  | 
Some say we need a more consistent approach, while others worry a national law might supersede and water down some state laws already on the books.
Facebook Adds Machine Learning to Fraud Fight
Quick Hits  |  3/26/2018  | 
Machine learning tools will assist trained human reviewers who Facebook says block millions of fake accounts at the time of registration every day.
Winners and Losers in Password 'Bracketology'
Quick Hits  |  3/23/2018  | 
A recent study shows that there's a clear winner in the 'most used sports mascot' password competition.
A Look at Cybercrime's Banal Nature
News  |  3/20/2018  | 
Cybercrime is becoming a more boring business, a new report shows, and that's a huge problem for victims and law enforcement.
Facebook CISO Stamos to Depart from the Social Media Firm: Report
Quick Hits  |  3/20/2018  | 
Stamos will remain in his position through August, according to a report in The New York Times.
Russian APT Compromised Cisco Router in Energy Sector Attacks
News  |  3/19/2018  | 
DragonFly hacking team that targeted US critical infrastructure compromised a network router as part of its attack campaign against UK energy firms last year.
A Data Protection Officer's Guide to the GDPR Galaxy
Commentary  |  3/19/2018  | 
Impending deadline got you freaking out? These five tips might help you calm down, at least a little.
Google Rolls Out New Security Features for Chrome Enterprise
Quick Hits  |  3/16/2018  | 
The business-friendly browser now includes new admin controls, EMM partnerships, and additions to help manage Active Directory.
Voice-Operated Devices, Enterprise Security & the 'Big Truck' Attack
Commentary  |  3/15/2018  | 
The problem with having smart speakers and digital assistants in the workplace is akin to having a secure computer inside your office while its wireless keyboard is left outside for everyone to use.
New 'Mac-A-Mal' Tool Automates Mac Malware Hunting & Analysis
News  |  3/14/2018  | 
Researchers at Black Hat Asia will demonstrate a new framework they created for catching and studying Apple MacOS malware.
SEC Charges Former Equifax Exec with Insider Trading
Quick Hits  |  3/14/2018  | 
CIO of a US business unit within Equifax had reportedly learned of the company's data breach and sold his shares for nearly $1 million.
Medical Apps Come Packaged with Hardcoded Credentials
News  |  3/14/2018  | 
Vulnerabilities in DocuTrac applications also include weak encryption, according to Rapid7.
AMD Investigating Report of Vulnerabilities in its Microprocessors
Quick Hits  |  3/13/2018  | 
Israel-based firm says it found critical bugs in AMD's newest chip families.
Microsoft Remote Access Protocol Flaw Affects All Windows Machines
News  |  3/13/2018  | 
Attackers can exploit newly discovered critical crypto bug in CredSSP via a man-in-the-middle attack and then move laterally within a victim network.
Malware 'Cocktails' Raise Attack Risk
News  |  3/13/2018  | 
Malware mash-ups hiding in encrypted traffic are boosting attack numbers and increasing the danger to data, according to recent reports.
Chinese APT Backdoor Found in CCleaner Supply Chain Attack
News  |  3/12/2018  | 
Avast discovers ShadowPad tool for use in apparent planned third stage of the targeted attack campaign.
Georgia Man Pleads Guilty to Business Email Compromise Attacks
Quick Hits  |  3/12/2018  | 
Kerby Rigaud has pleaded guilty to using BEC attacks in attempts to steal more than $1 million from US businesses.
DevSecOps: The Importance of Building Security from the Beginning
Commentary  |  3/9/2018  | 
Here are four important areas to tackle in order to master DevSecOps: code, privacy, predictability, and people.
Privilege Abuse Attacks: 4 Common Scenarios
Commentary  |  3/7/2018  | 
It doesn't matter if the threat comes from a disgruntled ex-employee or an insider anticipating financial gain, privilege abuse patterns are pretty much the same, and they're easy to avoid.
What Enterprises Can Learn from Medical Device Security
Commentary  |  3/1/2018  | 
In today's cloud-native world, organizations need a highly distributed approach that ties security to the workload itself in order to prevent targeted attacks.
Hacking on TV: 8 Binge-Worthy and Cringe-Worthy Examples
Slideshows  |  2/28/2018  | 
From the psycho-drama Mr. Robot to portraying the outright dangers of ransomware taking down a hospital in Greys Anatomy, hacking themes now run deep in todays TV shows.
How to Secure 'Permissioned' Blockchains
Commentary  |  2/28/2018  | 
At the heart of every blockchain is a protocol that agrees to the order and security of transactions in the next block. Here's how to maintain the integrity of the chain.
SEC: Companies Must Disclose More Info on Cybersecurity Attacks & Risks
Quick Hits  |  2/22/2018  | 
New agency guidance statement also says company officials, execs can't trade stocks if they have unannounced information on a security breach at the company.
13 Russians Indicted for Massive Operation to Sway US Election
News  |  2/16/2018  | 
Russian nationals reportedly used stolen American identities and infrastructure to influence the 2016 election outcome.
Can Android for Work Redefine Enterprise Mobile Security?
Commentary  |  2/13/2018  | 
Google's new mobility management framework makes great strides in addressing security and device management concerns while offering diverse deployment options. Here are the pros and cons.
Passwords: 4 Biometric Tokens and How They Can Be Beaten
Commentary  |  1/31/2018  | 
Authentication security methods are getting better all the time, but they are still not infallible.
K-12 Study Gives Schools Low Marks for Protecting Student Privacy Online
News  |  1/31/2018  | 
Survey says local school districts and education departments lack even the most basic security and privacy safeguards.
Digital Extortion to Expand Beyond Ransomware
News  |  1/30/2018  | 
In the future of digital extortion, ransomware isn't the only weapon, and database files and servers won't be the only targets.
6 Tips for Building a Data Privacy Culture
Slideshows  |  1/26/2018  | 
Experts say it's not enough to just post data classification guidelines and revisit the topic once a year. Companies have to build in privacy by design.
House Passes Bill to Renew NSA's Warrantless Surveillance Program
Quick Hits  |  1/12/2018  | 
The bill passed without an amendment which would require a warrant to analyze Americans' incidentally collected data.
Microsoft Launches 'Private Conversations' in Skype
Quick Hits  |  1/11/2018  | 
New feature uses Signal Protocol for strong encryption.
Privacy: The Dark Side of the Internet of Things
Commentary  |  1/11/2018  | 
Before letting an IoT device into your business or home, consider what data is being collected and where it is going.
Vulnerable Mobile Apps: The Next ICS/SCADA Cyber Threat
News  |  1/11/2018  | 
Researchers find nearly 150 vulnerabilities in SCADA mobile apps downloadable from Google Play.
20 Cybersecurity Vendors Getting Venture Capital Love
Slideshows  |  1/9/2018  | 
VCs splashed a record $4B in funding in the cybersecurity pool - here are some highlights among the early- to middle-stage startups who snagged big deals last year.
Wi-Fi Alliance Launches WPA2 Enhancements and Debuts WPA3
News  |  1/8/2018  | 
WPA2 protocol enhancements bring stronger security protection and best practices, while new WPA3 protocol offers new security capabilities.
China Shuts Down 13,000 Websites for Breaking Internet Laws
Quick Hits  |  12/29/2017  | 
The government says its rules are to protect security and stability, but some say they are repressive.
Digital Forensics & the Illusion of Privacy
Commentary  |  12/21/2017  | 
Forensic examiners don't work for bounties. They do what is required to catch criminals, pedophiles, or corporate embezzlers, and now their important security research is finally being acknowledged.
Oracle Product Rollout Underscores Need for Trust in the Cloud
News  |  12/11/2017  | 
Oracle updates its Identity SOC and management cloud with security tools to verify and manage users trusted with access to cloud-based data and applications.
Gartner: IT Security Spending to Reach $96 Billion in 2018
News  |  12/8/2017  | 
Identity access management and security services to drive worldwide spending growth.
Time to Pull an Uber and Disclose Your Data Breach Now
Commentary  |  11/22/2017  | 
There is never a good time to reveal a cyberattack. But with EU's GDPR looming, the fallout is only going to get harder and more expensive if you wait.
A Call for Greater Regulation of Digital Currencies
News  |  11/21/2017  | 
A new report calls for international collaboration to create more transparency with virtual currencies and track money used for cybercrime.
We're Still Not Ready for GDPR? What is Wrong With Us?
Commentary  |  11/17/2017  | 
The canary in the coalmine died 12 years ago, the law went into effect 19 months ago, but many organizations still won't be ready for the new privacy regulations when enforcement begins in May.
Who Am I? Best Practices for Next-Gen Authentication
Commentary  |  11/15/2017  | 
By their very nature, antiquated, static identifiers like Social Security numbers and dates of birth are worse than passwords.
Emerging IT Security Technologies: 13 Categories, 26 Vendors
Slideshows  |  11/13/2017  | 
A rundown of some of the hottest security product areas, and vendors helping to shape them.
Yahoo's Ex-CEO Mayer Calls Out Russian Hackers
Quick Hits  |  11/8/2017  | 
Former Yahoo Chief Executive Marissa Mayer apologizes for massive data breach that exposed billions of user accounts.
<<   <   Page 2 / 2


Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
What Israel's Elite Defense Force Unit 8200 Can Teach Security about Diversity
Lital Asher-Dotan, Senior Director, Security Research and Content, Cybereason,  5/21/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Shhh!  They're watching... And you have a laptop?  
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-3018
PUBLISHED: 2018-05-24
The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354.
CVE-2013-3023
PUBLISHED: 2018-05-24
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 might allow remote attackers to obtain sensitive information about Tomcat credentials by sniffing the network for a session in which HTTP is used. IBM X-Force ID: 84361.
CVE-2013-3024
PUBLISHED: 2018-05-24
IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362.
CVE-2018-5674
PUBLISHED: 2018-05-24
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
CVE-2018-5675
PUBLISHED: 2018-05-24
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...