News & Commentary

Content tagged with Privacy posted in March 2018
Winners and Losers in Password 'Bracketology'
Quick Hits  |  3/23/2018
A recent study shows that there's a clear winner in the 'most used sports mascot' password competition.
A Look at Cybercrime's Banal Nature
News  |  3/20/2018
Cybercrime is becoming a more boring business, a new report shows, and that's a huge problem for victims and law enforcement.
Facebook CISO Stamos to Depart from the Social Media Firm: Report
Quick Hits  |  3/20/2018
Stamos will remain in his position through August, according to a report in The New York Times.
Russian APT Compromised Cisco Router in Energy Sector Attacks
News  |  3/19/2018
DragonFly hacking team that targeted US critical infrastructure compromised a network router as part of its attack campaign against UK energy firms last year.
A Data Protection Officer's Guide to the GDPR Galaxy
Commentary  |  3/19/2018
Impending deadline got you freaking out? These five tips might help you calm down, at least a little.
Google Rolls Out New Security Features for Chrome Enterprise
Quick Hits  |  3/16/2018
The business-friendly browser now includes new admin controls, EMM partnerships, and additions to help manage Active Directory.
Voice-Operated Devices, Enterprise Security & the 'Big Truck' Attack
Commentary  |  3/15/2018
The problem with having smart speakers and digital assistants in the workplace is akin to having a secure computer inside your office while its wireless keyboard is left outside for everyone to use.
New 'Mac-A-Mal' Tool Automates Mac Malware Hunting & Analysis
News  |  3/14/2018
Researchers at Black Hat Asia will demonstrate a new framework they created for catching and studying Apple MacOS malware.
SEC Charges Former Equifax Exec with Insider Trading
Quick Hits  |  3/14/2018
CIO of a US business unit within Equifax had reportedly learned of the company's data breach and sold his shares for nearly $1 million.
Medical Apps Come Packaged with Hardcoded Credentials
News  |  3/14/2018
Vulnerabilities in DocuTrac applications also include weak encryption, according to Rapid7.
AMD Investigating Report of Vulnerabilities in its Microprocessors
Quick Hits  |  3/13/2018
Israel-based firm says it found critical bugs in AMD's newest chip families.
Microsoft Remote Access Protocol Flaw Affects All Windows Machines
News  |  3/13/2018
Attackers can exploit newly discovered critical crypto bug in CredSSP via a man-in-the-middle attack and then move laterally within a victim network.
Malware 'Cocktails' Raise Attack Risk
News  |  3/13/2018
Malware mash-ups hiding in encrypted traffic are boosting attack numbers and increasing the danger to data, according to recent reports.
Chinese APT Backdoor Found in CCleaner Supply Chain Attack
News  |  3/12/2018
Avast discovers ShadowPad tool for use in apparent planned third stage of the targeted attack campaign.
Georgia Man Pleads Guilty to Business Email Compromise Attacks
Quick Hits  |  3/12/2018
Kerby Rigaud has pleaded guilty to using BEC attacks in attempts to steal more than $1 million from US businesses.
DevSecOps: The Importance of Building Security from the Beginning
Commentary  |  3/9/2018
Here are four important areas to tackle in order to master DevSecOps: code, privacy, predictability, and people.
Privilege Abuse Attacks: 4 Common Scenarios
Commentary  |  3/7/2018
It doesn't matter if the threat comes from a disgruntled ex-employee or an insider anticipating financial gain, privilege abuse patterns are pretty much the same, and they're easy to avoid.
What Enterprises Can Learn from Medical Device Security
Commentary  |  3/1/2018
In today's cloud-native world, organizations need a highly distributed approach that ties security to the workload itself in order to prevent targeted attacks.

The Case for Integrating Physical Security & Cybersecurity
Paul Kurtz, CEO & Cofounder, TruSTAR Technology,  3/20/2018
A Look at Cybercrime's Banal Nature
Curtis Franklin Jr., Senior Editor at Dark Reading,  3/20/2018
City of Atlanta Hit with Ransomware Attack
Dark Reading Staff 3/23/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.