Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Privacy posted in March 2018
Under Armour App Breach Exposes 150 Million Records
Quick Hits  |  3/30/2018  | 
A breach in a database for MyFitnessPal exposes information on 150 million users.
New Android Cryptojacker Can Brick Phones
News  |  3/28/2018  | 
Mobile cryptojacking malware mines Monero.
Destructive and False Flag Cyberattacks to Escalate
News  |  3/28/2018  | 
Rising geopolitical tensions between the US and Russia, Iran, and others are the perfect recipe for nastier nation-state cyberattacks.
Fixing Hacks Has Deadly Impact on Hospitals
News  |  3/28/2018  | 
A study from Vanderbilt University shows that remediating data breaches has a very real impact on mortality rates at hospitals.
Bad Bots Increasingly Hide Out in Cloud Data Centers
News  |  3/27/2018  | 
Humans accounted for nearly 58% of website traffic in 2017 -- the rest were bad and good bots.
Privacy: Do We Need a National Data Breach Disclosure Law?
Commentary  |  3/27/2018  | 
Some say we need a more consistent approach, while others worry a national law might supersede and water down some state laws already on the books.
Facebook Adds Machine Learning to Fraud Fight
Quick Hits  |  3/26/2018  | 
Machine learning tools will assist trained human reviewers who Facebook says block millions of fake accounts at the time of registration every day.
Winners and Losers in Password 'Bracketology'
Quick Hits  |  3/23/2018  | 
A recent study shows that there's a clear winner in the 'most used sports mascot' password competition.
A Look at Cybercrime's Banal Nature
News  |  3/20/2018  | 
Cybercrime is becoming a more boring business, a new report shows, and that's a huge problem for victims and law enforcement.
Facebook CISO Stamos to Depart from the Social Media Firm: Report
Quick Hits  |  3/20/2018  | 
Stamos will remain in his position through August, according to a report in The New York Times.
Russian APT Compromised Cisco Router in Energy Sector Attacks
News  |  3/19/2018  | 
DragonFly hacking team that targeted US critical infrastructure compromised a network router as part of its attack campaign against UK energy firms last year.
A Data Protection Officer's Guide to the GDPR Galaxy
Commentary  |  3/19/2018  | 
Impending deadline got you freaking out? These five tips might help you calm down, at least a little.
Google Rolls Out New Security Features for Chrome Enterprise
Quick Hits  |  3/16/2018  | 
The business-friendly browser now includes new admin controls, EMM partnerships, and additions to help manage Active Directory.
Voice-Operated Devices, Enterprise Security & the 'Big Truck' Attack
Commentary  |  3/15/2018  | 
The problem with having smart speakers and digital assistants in the workplace is akin to having a secure computer inside your office while its wireless keyboard is left outside for everyone to use.
New 'Mac-A-Mal' Tool Automates Mac Malware Hunting & Analysis
News  |  3/14/2018  | 
Researchers at Black Hat Asia will demonstrate a new framework they created for catching and studying Apple MacOS malware.
SEC Charges Former Equifax Exec with Insider Trading
Quick Hits  |  3/14/2018  | 
CIO of a US business unit within Equifax had reportedly learned of the company's data breach and sold his shares for nearly $1 million.
Medical Apps Come Packaged with Hardcoded Credentials
News  |  3/14/2018  | 
Vulnerabilities in DocuTrac applications also include weak encryption, according to Rapid7.
AMD Investigating Report of Vulnerabilities in its Microprocessors
Quick Hits  |  3/13/2018  | 
Israel-based firm says it found critical bugs in AMD's newest chip families.
Microsoft Remote Access Protocol Flaw Affects All Windows Machines
News  |  3/13/2018  | 
Attackers can exploit newly discovered critical crypto bug in CredSSP via a man-in-the-middle attack and then move laterally within a victim network.
Malware 'Cocktails' Raise Attack Risk
News  |  3/13/2018  | 
Malware mash-ups hiding in encrypted traffic are boosting attack numbers and increasing the danger to data, according to recent reports.
Chinese APT Backdoor Found in CCleaner Supply Chain Attack
News  |  3/12/2018  | 
Avast discovers ShadowPad tool for use in apparent planned third stage of the targeted attack campaign.
Georgia Man Pleads Guilty to Business Email Compromise Attacks
Quick Hits  |  3/12/2018  | 
Kerby Rigaud has pleaded guilty to using BEC attacks in attempts to steal more than $1 million from US businesses.
DevSecOps: The Importance of Building Security from the Beginning
Commentary  |  3/9/2018  | 
Here are four important areas to tackle in order to master DevSecOps: code, privacy, predictability, and people.
Privilege Abuse Attacks: 4 Common Scenarios
Commentary  |  3/7/2018  | 
It doesn't matter if the threat comes from a disgruntled ex-employee or an insider anticipating financial gain, privilege abuse patterns are pretty much the same, and they're easy to avoid.
What Enterprises Can Learn from Medical Device Security
Commentary  |  3/1/2018  | 
In today's cloud-native world, organizations need a highly distributed approach that ties security to the workload itself in order to prevent targeted attacks.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/27/2020
Are You One COVID-19 Test Away From a Cybersecurity Disaster?
Alan Brill, Senior Managing Director, Cyber Risk Practice, Kroll,  10/21/2020
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
David Pearson, Principal Threat Researcher,  10/21/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11854
PUBLISHED: 2020-10-27
Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravil...
CVE-2020-11858
PUBLISHED: 2020-10-27
Code execution with escalated privileges vulnerability in Micro Focus products Operation Bridge Manager and Operation Bridge (containerized). The vulneravility affects: 1.) Operation Bridge Manager versions: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 ...
CVE-2020-23945
PUBLISHED: 2020-10-27
A SQL injection vulnerability exists in Victor CMS V1.0 in the cat_id parameter of the category.php file. This parameter can be used by sqlmap to obtain data information in the database.
CVE-2020-7754
PUBLISHED: 2020-10-27
This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters.
CVE-2020-6023
PUBLISHED: 2020-10-27
Check Point ZoneAlarm before version 15.8.139.18543 allows a local actor to escalate privileges while restoring files in Anti-Ransomware.