Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Advanced Threats
Page 1 / 2   >   >>
Medical Devices on the IoT Put Lives at Risk
Commentary  |  4/9/2020  | 
Device security must become as important a product design feature as safety and efficacy.
Active Directory Attacks Hit the Mainstream
Commentary  |  4/1/2020  | 
Understanding the limitations of authentication protocols, especially as enterprises link authentication to cloud services to Active Directory, is essential for security teams in the modern federated enterprise.
The Wild, Wild West(world) of Cybersecurity
Commentary  |  3/27/2020  | 
Though set in the future, HBO's "Westworld" works as an allegory for the present moment in cybersecurity.
Vulnerability Management Isn't Just a Numbers Game
Commentary  |  3/24/2020  | 
Attackers work 24/7, so you have to be vigilant around the clock. Time for some game theory.
Security Ratings Are a Dangerous Fantasy
Commentary  |  3/20/2020  | 
They don't predict breaches, and they don't help people make valuable business decisions or make users any safer.
TrickBot Module Takes Aim at Remote Desktops
News  |  3/18/2020  | 
The module, still in development, focuses on compromising Windows systems by brute-forcing accounts via the Remote Desktop Protocol.
This Tax Season, Save the Scorn and Protect Customers from Phishing Scams
Commentary  |  3/17/2020  | 
As security professionals, it's easy to get cynical about the continued proliferation of tax ID theft and blame the consumers themselves. But that doesn't help anyone.
Texas Chose to Fight Ransomware and Not Pay. What About the Rest of Us?
Commentary  |  3/13/2020  | 
Law-abiding folks like us applauded Texas for its bravery but would we have the steel will to stand on the side of justice if it happened to us? Probably not.
How the Rise of IoT Is Changing the CISO Role
Commentary  |  3/11/2020  | 
Prepare for the future by adopting a risk-based approach. Following these five steps can help.
How Network Metadata Can Transform Compromise Assessment
Commentary  |  3/10/2020  | 
Listen more closely and your network's metadata will surrender insights the bad guys counted on keeping secret
Threat Awareness: A Critical First Step in Detecting Adversaries
Commentary  |  3/9/2020  | 
One thing seems certain: Attackers are only getting more devious and lethal. Expect to see more advanced attacks.
3 Ways to Strengthen Your Cyber Defenses
Commentary  |  3/4/2020  | 
By taking proactive action, organizations can face down threats with greater agility and earned confidence.
6 Truths About Disinformation Campaigns
Slideshows  |  2/28/2020  | 
Disinformation goes far beyond just influencing election outcomes. Here's what security pros need to know.
How We Enabled Ransomware to Become a Multibillion-Dollar Industry
Commentary  |  2/27/2020  | 
As an industry, we must move beyond one-dimensional approaches to assessing ransomware exposures. Asking these four questions will help.
What Your Company Needs to Know About Hardware Supply Chain Security
Commentary  |  2/27/2020  | 
By establishing a process and framework, you can ensure you're not giving more advanced attackers carte blanche to your environment.
Ensure Your Cloud Security Is as Modern as Your Business
Commentary  |  2/25/2020  | 
Take a comprehensive approach to better protect your organization. Security hygiene is a must, but also look at your risk posture through a data protection lens.
Solving the Cloud Data Security Conundrum
Commentary  |  2/24/2020  | 
Trusting the cloud involves a change in mindset. You must be ready to use runtime encryption in the cloud.
Zero-Factor Authentication: Owning Our Data
Commentary  |  2/19/2020  | 
Are you asking the right questions to determine how well your vendors will protect your data? Probably not.
Don't Let Iowa Bring Our Elections Back to the Stone Age
Commentary  |  2/19/2020  | 
The voting experience should be the same whether the vote is in person, by mail, or over the Internet. Let's not allow one bad incident stop us from finding new ways to achieve this.
Cyber Fitness Takes More Than a Gym Membership & a Crash Diet
Commentary  |  2/18/2020  | 
Make cybersecurity your top priority, moving away from addressing individual problems with Band-Aids and toward attaining a long-term cyber-fitness plan.
5 Common Errors That Allow Attackers to Go Undetected
Commentary  |  2/12/2020  | 
Make these mistakes and invaders might linger in your systems for years.
Why Ransomware Will Soon Target the Cloud
Commentary  |  2/11/2020  | 
As businesses' daily operations become more dependent on cloud services, ransomware authors will follow to maximize profits. The good news: Many of the best practices for physical servers also apply to the cloud.
China's Military Behind 2017 Equifax Breach: DoJ
News  |  2/10/2020  | 
Four members of China's People Liberation Army hacked the information broker, leading to the theft of sensitive data on approximately 145 million citizens.
6 Factors That Raise the Stakes for IoT Security
Slideshows  |  2/10/2020  | 
Developments that exacerbate the risk and complicate making Internet of Things devices more secure.
Day in the Life of a Bot
Commentary  |  2/10/2020  | 
A typical workday for a bot, from its own point of view.
Ransomware Attacks: Why It Should Be Illegal to Pay the Ransom
Commentary  |  2/4/2020  | 
For cities, states and towns, paying up is short-sighted and only makes the problem worse.
Embracing a Prevention Mindset to Protect Critical Infrastructure
Commentary  |  1/31/2020  | 
A zero-trust, prevention-first approach is necessary to keep us safe, now and going forward.
Securing Containers with Zero Trust
Commentary  |  1/29/2020  | 
A software identity-based approach should become a standard security measure for protecting workloads in all enterprise networks.
Eight Flaws in MSP Software Highlight Potential Ransomware Vector
News  |  1/22/2020  | 
An attack chain of vulnerabilities in ConnectWise's software for MSPs has similarities to some of the details of the August attack on Texas local and state agencies.
Why DPOs and CISOs Must Work Closely Together
Commentary  |  1/22/2020  | 
Recent data protection laws mean that the data protection officer and CISO must work in tandem to make sure users' data is protected.
Phishing Today, Deepfakes Tomorrow: Training Employees to Spot This Emerging Threat
Commentary  |  1/16/2020  | 
Cybercriminals are evolving their tactics, and the security community anticipates voice and video fraud to play a role in one of the next big data breaches -- so start protecting your business now.
New Report Spotlights Changes in Phishing Techniques
News  |  1/15/2020  | 
Common and evolving strategies include the use of zero-font attacks, homograph attacks, and new tactics for fake attachments.
Dustman Attack Underscores Iran's Cyber Capabilities
News  |  1/14/2020  | 
For nearly six months, an attack group linked to Iran reportedly had access to the network of Bahrain's national oil company, Bapco, before it executed a destructive payload.
Will This Be the Year of the Branded Cybercriminal?
Commentary  |  1/13/2020  | 
Threat actors will continue to grow enterprise-style businesses that evolve just like their legitimate counterparts.
Operationalizing Threat Intelligence at Scale in the SOC
Commentary  |  1/9/2020  | 
Open source platforms such as the Malware Information Sharing Platform are well positioned to drive a community-based approach to intelligence sharing.
Mechanics of a Crypto Heist: How SIM Swappers Can Steal Cryptocurrency
Commentary  |  1/2/2020  | 
The true vulnerability at the heart of SIM-swap attacks on crypto accounts lies in crypto exchanges' and email providers' variable implementation of 2FA.
2020 & Beyond: The Evolution of Cybersecurity
Commentary  |  12/23/2019  | 
As new technologies disrupt the industry, remember that security is a process, not a goal. Educate yourself on how you can best secure your corner of the Web.
7 Tips to Keep Your Family Safe Online Over the Holidays
Slideshows  |  12/17/2019  | 
Security experts offer key cyber advice for family members.
Why Enterprises Buy Cybersecurity 'Ferraris'
Commentary  |  12/16/2019  | 
You wouldn't purchase an expensive sports car if you couldn't use it properly. So, why make a pricey security investment before knowing it fits into your ecosystem?
Get Organized Like a Villain
Commentary  |  12/12/2019  | 
What cybercrime group FIN7 can teach us about using agile frameworks.
Intel's CPU Flaws Continue to Create Problems for the Tech Community
Commentary  |  12/10/2019  | 
We can't wait out this problem and hope that it goes away. We must be proactive.
4 Tips to Run Fast in the Face of Digital Transformation
Commentary  |  12/9/2019  | 
This gridiron-inspired advice will guarantee your digital transformation success and keep your data safe.
Application & Infrastructure Risk Management: You've Been Doing It Backward
Commentary  |  12/4/2019  | 
Before getting more scanning tools, think about what's needed to defend your organization's environment and devise a plan to ensure all needed tools can work together productively.
How to Get Prepared for Privacy Legislation
Commentary  |  11/27/2019  | 
All the various pieces of legislation, both in the US and worldwide, can feel overwhelming. But getting privacy basics right is a solid foundation.
DDoS: An Underestimated Threat
Commentary  |  11/26/2019  | 
Distributed denial-of-service (DDoS) attacks have become more common, more powerful, and more useful to attackers. Here's how to fight back.
The 5-Step Methodology for Spotting Malicious Bot Activity on Your Network
Commentary  |  11/22/2019  | 
Bot detection over IP networks isn't easy, but it's becoming a fundamental part of network security practice.
Most Companies Lag Behind '1-10-60' Benchmark for Breach Response
News  |  11/19/2019  | 
Average company needs 162 hours to detect, triage, and contain a breach, according to a new CrowdStrike survey.
A Security Strategy That Centers on Humans, Not Bugs
Commentary  |  11/19/2019  | 
The industry's fixation on complex exploits has come at the expense of making fundamentals easy and intuitive for end users.
Quantum Computing Breakthrough Accelerates the Need for Future-Proofed PKI
Commentary  |  11/18/2019  | 
Public key infrastructure is a foundational security tool that has evolved to become a critical base for future advancements. Today's generation of PKI can be coupled with quantum-resistant algorithms to extend the lifespan of digital certificates for decades.
BSIMM10 Shows Industry Vertical Maturity
Commentary  |  11/14/2019  | 
The Building Security In Maturity Model is the only detailed measuring stick for software security initiatives, and it continues to evolve.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 4/7/2020
The Coronavirus & Cybersecurity: 3 Areas of Exploitation
Robert R. Ackerman Jr., Founder & Managing Director, Allegis Capital,  4/7/2020
'Unkillable' Android Malware App Continues to Infect Devices Worldwide
Jai Vijayan, Contributing Writer,  4/8/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18375
PUBLISHED: 2020-04-10
The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console.
CVE-2019-18376
PUBLISHED: 2020-04-10
A CSRF token disclosure vulnerability allows a remote attacker, with access to an authenticated Management Center (MC) user's web browser history or a network device that intercepts/logs traffic to MC, to obtain CSRF tokens and use them to perform CSRF attacks against MC.
CVE-2019-7305
PUBLISHED: 2020-04-10
Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP. Introduced in the Makefile patch file debian/patches/debian-changes-2.1.0b6+dfsg-1 or debian/patches/adds-a-makefile.patch, this can lead to data leakage, information di...
CVE-2020-8832
PUBLISHED: 2020-04-10
The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacke...
CVE-2020-1633
PUBLISHED: 2020-04-09
Due to a new NDP proxy feature for EVPN leaf nodes introduced in Junos OS 17.4, crafted NDPv6 packets could transit a Junos device configured as a Broadband Network Gateway (BNG) and reach the EVPN leaf node, causing a stale MAC address entry. This could cause legitimate traffic to be discarded, lea...