News & Commentary

Latest Content tagged with Advanced Threats
Page 1 / 2   >   >>
Mac Malware Cracks WatchGuards Top 10 List
News  |  12/12/2018  | 
Hundreds of sites also still support insecure versions of the SSL encryption protocol, the security vendor reports.
The Grinch Bot Before Christmas: A Security Story for the Holidays
Commentary  |  12/11/2018  | 
Once upon a time, buyers purchased products from certified sellers. Today, hoarders use botnets to amass goods at significant markup for a new gray-market economy.
Toyota Builds Open-Source Car-Hacking Tool
News  |  12/5/2018  | 
PASTA testing platform specs will be shared via open-source.
A Shift from Cybersecurity to Cyber Resilience: 6 Steps
Commentary  |  12/5/2018  | 
Getting to cyber resilience means federal agencies must think differently about how they build and implement their systems. Here's where to begin.
5 Emerging Trends in Cybercrime
Commentary  |  12/4/2018  | 
Organizations can start today to protect against 2019's threats. Look out for crooks using AI "fuzzing" techniques, machine learning, and swarms.
Overall Volume of Thanksgiving Weekend Malware Attacks Lower This Year
News  |  11/29/2018  | 
But ransomware attacks go through the roof, new threat data from SonicWall shows.
Establishing True Trust in a Zero-Trust World
Commentary  |  11/29/2018  | 
Our goal should not be to merely accept zero trust but gain the visibility required to establish true trust.
Data Breach Threats Bigger Than Ever
Commentary  |  11/28/2018  | 
A quarter of IT and security leaders expect a major data breach in the next year.
Cyber Crooks Diversify Business with Multi-Intent Malware
Commentary  |  11/15/2018  | 
The makers of malware have realized that if they're going to invest time and money in compromising cyber defenses, they should do everything they can to monetize their achievement.
Understanding Evil Twin AP Attacks and How to Prevent Them
Commentary  |  11/14/2018  | 
The attack surface remains largely unprotected from Wi-Fi threats that can result in stolen credentials and sensitive information as well as backdoor/malware payload drops.
User Behavior Analytics Could Find a Home in the OT World of the IIoT
Commentary  |  11/8/2018  | 
The technology never really took off in IT, but it could be very helpful in the industrial world.
5 Things the Most Secure Software Companies Do (and How You Can Be Like Them)
Commentary  |  11/8/2018  | 
What sets apart the largest and most innovative software engineering organizations? These five approaches are a good way to start, and they won't break the bank.
IT-to-OT Solutions That Can Bolster Security in the IIoT
Commentary  |  11/7/2018  | 
Industrial companies can use the hard-won, long-fought lessons of IT to leapfrog to an advanced state of Industrial Internet of Things security.
5 Reasons Why Threat Intelligence Doesn't Work
Commentary  |  11/7/2018  | 
Cybersecurity folks often struggle to get threat intelligence's benefits. Fortunately, there are ways to overcome these problems.
Hidden Costs of IoT Vulnerabilities
Commentary  |  11/6/2018  | 
IoT devices have become part of our work and personal lives. Unfortunately, building security into these devices was largely an afterthought.
Tackling Cybersecurity from the Inside Out
Commentary  |  11/2/2018  | 
New online threats require new solutions.
Chinese Intel Agents Indicted for 5-Year IP Theft Campaign
News  |  10/31/2018  | 
Intelligence agents aimed for aerospace manufacturing targets, with help of cyberattackers, corporate insiders, and one IT security manager.
10 Steps for Creating Strong Customer Authentication
Commentary  |  10/30/2018  | 
Between usability goals and security/regulatory pressures, setting up customer-facing security is difficult. These steps and best practices can help.
AppSec Is Dead, but Software Security Is Alive & Well
Commentary  |  10/29/2018  | 
Application security must be re-envisioned to support software security. It's time to shake up your processes.
3 Keys to Reducing the Threat of Ransomware
Commentary  |  10/26/2018  | 
Following these steps could mean the difference between an inconvenience and a multimillion-dollar IT system rebuild -- for the public and private sectors alike.
Tackling Supply Chain Threats
Commentary  |  10/24/2018  | 
Vendor-supplied malware is a threat that has been largely overlooked. That has to change.
Benefits of DNS Service Locality
Commentary  |  10/24/2018  | 
Operating one's own local DNS resolution servers is one of the simplest and lowest-cost things an IT administrator can do to monitor and protect applications, services, and users from potential risks.
Cybercrime-as-a-Service: No End in Sight
Commentary  |  10/17/2018  | 
Cybercrime is easy and rewarding, making it a perfect arena for criminals everywhere.
A Cybersecurity Weak Link: Linux and IoT
Commentary  |  10/16/2018  | 
Linux powers many of the IoT devices on which we've come to rely -- something that enterprises must address.
Spies Among Us: Tracking, IoT & the Truly Inside Threat
Commentary  |  10/16/2018  | 
In today's ultra-connected world, it's important for users to understand how to safeguard security while browsing the web and using electronic devices.
4 Ways to Fight the Email Security Threat
Commentary  |  10/15/2018  | 
It's time to reimagine employee training with fresh, more aggressive approaches that better treat email security as a fundamentally human problem.
Not All Multifactor Authentication Is Created Equal
Commentary  |  10/11/2018  | 
Users should be aware of the strengths and weaknesses of the various MFA methods.
Security Researchers Struggle with Bot Management Programs
Commentary  |  10/10/2018  | 
Bots are a known problem, but researchers will tell you that bot defenses create problems of their own when it comes to valuable data.
Stop Saying 'Digital Pearl Harbor'
Commentary  |  10/2/2018  | 
Yes, there are serious dangers posed by malevolent nation-states. But the hype is distracting us from the reality of the threats.
How to Keep Up Security in a Bug-Infested World
Commentary  |  9/27/2018  | 
Good digital hygiene will lower your risk, and these six tips can help.
The Human Factor in Social Media Risk
Commentary  |  9/25/2018  | 
Your employees need help recognizing the warning signs and understanding how to protect themselves online.
Hacking Back: Simply a Bad Idea
Commentary  |  9/24/2018  | 
While the concept may sound appealing, it's rife with drawbacks and dangers.
Data Manipulation: How Security Pros Can Respond to an Emerging Threat
Commentary  |  9/21/2018  | 
Industry leaders are scrambling to address the issue, which will take new thinking to overcome.
3 Drivers Behind the Increasing Frequency of DDoS Attacks
Commentary  |  9/20/2018  | 
What's causing the uptick? Motivation, opportunity, and new capabilities.
Overhauling the 3 Pillars of Security Operations
Commentary  |  9/18/2018  | 
Modern apps and the cloud mean that organizations must now rethink older security practices.
The 7 Habits of Highly Effective Security Teams
Commentary  |  9/17/2018  | 
Security requires smart people, processes, and technology. Too often, the "people" portion of the PPT equation is neglected.
How Secure are our Voting Systems for November 2018?
How Secure are our Voting Systems for November 2018?
Dark Reading Videos  |  9/14/2018  | 
Anomali CEO Hugh Njemanze discusses the importance of sharing threat intelligence across the countrys highly decentralized voting systems to safeguard the integrity of upcoming elections.
Enterprise Security Needs an Open Data Solution
Commentary  |  9/13/2018  | 
What would it look like if more than a tiny fraction of enterprises had access to all the signals hidden in their big data today?
The Increasingly Vulnerable Software Supply Chain
Commentary  |  9/13/2018  | 
Nation-state adversaries from Iran to Russia have leveraged the supply chain as a vehicle to compromise infrastructure and disrupt businesses.
Foreshadow, SGX & the Failure of Trusted Execution
Commentary  |  9/12/2018  | 
Trusted execution environments are said to provide a hardware-protected enclave that runs software and cannot be accessed externally, but recent developments show they fall far short.
4 Practical Measures to Improve Election Security Now
Commentary  |  9/11/2018  | 
It's more critical than ever for states to protect our democratic system and voting infrastructure from foreign cyber espionage.
DevOps Demystified: A Primer for Security Practitioners
Commentary  |  9/10/2018  | 
Key starting points for those still struggling to understand the concept.
Palestinian, Middle East Targets Hit with New Surveillance Attacks
Quick Hits  |  9/7/2018  | 
'Big Bang' group returns with new campaign after last year's RAT attacks.
The Weakest Security Links in the (Block)Chain
Commentary  |  9/5/2018  | 
Despite the technology's promise to transform how business is done, there are significant limitations and potential risks at the intersection of the digital and physical worlds.
Lean, Mean & Agile Hacking Machine
Commentary  |  9/4/2018  | 
Hackers are thinking more like developers to evade detection and are becoming more precise in their targeting.
A False Sense of Security
Commentary  |  8/24/2018  | 
Emerging threats over the next two years stem from biometrics, regulations, and insiders.
Researcher Cracks San Francisco's Emergency Siren System
Researcher Cracks San Francisco's Emergency Siren System
Dark Reading Videos  |  8/24/2018  | 
Bastille researcher Balint Seeber discusses the process of creating SirenJack and cracking one of a city's critical safety systems.
AI-Based POC, DeepLocker, Could Conceal Targeted Attacks
AI-Based POC, DeepLocker, Could Conceal Targeted Attacks
Dark Reading Videos  |  8/23/2018  | 
IBM research scientist discusses DeepLocker, a stealthy artificial intelligence-enhanced proof-of-concept that won't release any payload until the attacker reaches its ultimate target.
New Apache Struts Vulnerability Leaves Major Websites Exposed
News  |  8/23/2018  | 
The vulnerability, found in Struts' core functionality, could be more critical than the one involved in last year's Equifax breach.
What a Forensic Analysis of 'Worst Voting Machine Ever' Turned Up
What a Forensic Analysis of 'Worst Voting Machine Ever' Turned Up
Dark Reading Videos  |  8/22/2018  | 
University of Copenhagen associate professor discusses what he found when he dug into some decommissioned WinVote voting machines.
Page 1 / 2   >   >>


Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: So now we are monitoring the monitor?
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14623
PUBLISHED: 2018-12-14
A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is vulne...
CVE-2018-18093
PUBLISHED: 2018-12-14
Improper file permissions in the installer for Intel VTune Amplifier 2018 Update 3 and before may allow unprivileged user to potentially gain privileged access via local access.
CVE-2018-18096
PUBLISHED: 2018-12-14
Improper memory handling in Intel QuickAssist Technology for Linux (all versions) may allow an authenticated user to potentially enable a denial of service via local access.
CVE-2018-18097
PUBLISHED: 2018-12-14
Improper directory permissions in Intel Solid State Drive Toolbox before 3.5.7 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2018-3704
PUBLISHED: 2018-12-14
Improper directory permissions in the installer for the Intel Parallel Studio before 2019 Gold may allow authenticated users to potentially enable an escalation of privilege via local access.