Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News Analysis-Security Now

Latest Content
Page 1 / 2   >   >>
5G Security Transformation: Why Businesses Need to Prepare Now
News Analysis-Security Now  |  1/29/2019  | 
5G technology holds a good deal of promise for businesses, from expanded IoT capabilities to new ways to reach customers. The downside is that these networks require a new security approach, which InfoSec teams need to start thinking about now.
In the Cloud, SD-WAN Provides Security at the Edge
News Analysis-Security Now  |  1/23/2019  | 
As businesses move to the cloud, remote locations are relying more and more on SD-WAN. However, this change means a different approach to security. Here's why enterprises should look to the edge.
Exposed Oklahoma Server Shows On-Premises Data Is Vulnerable, Too
News Analysis-Security Now  |  1/18/2019  | 
Over the last year, vulnerable, cloud-based databases have shown that dangers of trusting data to others. However, an exposed government server in Oklahoma proves that attackers can find on-premises data, too.
'Collection #1' Repository Totals 87GB of Stolen Email Addresses & Passwords
News Analysis-Security Now  |  1/17/2019  | 
With the discovery of 'Collection #1,' security researcher Troy Hunt appears to have found the largest repository of stolen email addresses and passwords ever, totaling more than 87GB and 12,000 separate files.
A Diverse Security Workforce Is a Stable Security Workforce
News Analysis-Security Now  |  1/17/2019  | 
In an era when enterprises are scrambling to keep up with security demands, a new industry survey from ISF finds that having more diverse skills on the InfoSec team is one way to ensure a more stable workforce.
Fancy Bear's LoJax C&C Servers Still Functioning in the Wild
News Analysis-Security Now  |  1/17/2019  | 
A new report from NetScout's ASERT Team found that two command-and-control servers associated with Fancy Bear's LoJax malware are still active.
Cyber Attacks, Climate Change Are Top Global Risk for Businesses & Governments
News Analysis-Security Now  |  1/17/2019  | 
The World Economic Forum ranks climate change, economic instability, cyber attacks and data thefts as some of the top concerns facing businesses around the globe.
Justice Department Indicts 2 Ukrainian Nationals With Hacking SEC
News Analysis-Security Now  |  1/16/2019  | 
The Justice Department has charged two Ukrainian nationals with hacking into the SEC's EDGAR systems and accessing sensitive company reports and other data before the information was made public.
Zix Acquiring AppRiver to Bolster Email Security for SMBs
News Analysis-Security Now  |  1/16/2019  | 
In a move to bolster its email security portfolio for small and midsized businesses, Dallas-based Zix is paying $275 million for AppRiver.
Schneider Electric EV Charging Stations Vulnerable to Attack
News Analysis-Security Now  |  1/15/2019  | 
Researchers at Positive Technologies have found three vulnerabilities within Schneider Electric's EVlink Parking electric vehicle charging stations, which could allow an attacker to take control of the system.
Average Cyber Attack Cleanup Tops $1M, Radware Finds
News Analysis-Security Now  |  1/15/2019  | 
Over the last year, the amount that companies pay out to clean up from a cyber attack jumped more than 50%, topping $1 million on average, according to a new industry survey from Radware.
Texas City Hit With Ransomware
News Analysis-Security Now  |  1/15/2019  | 
It's back to paper and pen for a while for Del Rio, Texas, which was hit with a ransomware attack earlier this month.
Ryuk Ransomware Origin Remains a Mystery
News Analysis-Security Now  |  1/14/2019  | 
After shutting down newspaper printing facilities, as well as a cloud hosting firm, security researchers are debating who is behind the Ryuk ransomware. While it seemed that North Korea played a role, more research shows that a Russian gang might be responsible.
Hyatt Hotels Kicks Off Bug Bounty Program
News Analysis-Security Now  |  1/11/2019  | 
Hyatt Hotels is teaming with HackerOne on a new bug bounty hunting program that looks to pay up to $4,000 for critical vulnerabilities in software.
Zerodium Ups Ante for Zero-Day Exploits, Especially in iOS
News Analysis-Security Now  |  1/10/2019  | 
Zerodium, which buys flaws and exploits for its customers, is upping the amount it pays for several different types of vulnerabilities, especially Apple's iOS.
Sophos & Akamai Target Cloud Security With Acquisitions
News Analysis-Security Now  |  1/9/2019  | 
As companies move more data to the cloud, data security becomes a major issue. To address these concerns, Sophos is acquiring Avid Security and Akamai inked a deal for Janrain.
Radware Boosts Bot-Fighting Capabilities With ShieldSquare Acquisition
News Analysis-Security Now  |  1/8/2019  | 
Radware plans to bolster its cloud security portfolio with a deal for ShieldSquare, which offers tools for fighting bots.
New Malvertising Campaign Delivers Vidar Stealer Plus Ransomware
News Analysis-Security Now  |  1/8/2019  | 
Malwarebytes Labs has uncovered a new malvertising campaign in the wild that delivers a one-two punch: the Vidar data stealer and GrandCrab ransomware.
Marriott Revises Data Breach Numbers as Investigation Continues
News Analysis-Security Now  |  1/4/2019  | 
Marriott has revised the number of customer accounts it believes were affected during a massive data breach. While the overall number dropped, the company now believes 5 million unencrypted passport numbers were exposed.
Six CISO Trends to Watch in 2019
News Analysis-Security Now  |  1/4/2019  | 
From legislation to insurance to staffing, 2019 is shaping up as a challenging year for CISOs. Here are six top trends security executives need to watch.
Ryuk Ransomware Tied to Printing Press & Cloud Service Provider Attacks
News Analysis-Security Now  |  1/3/2019  | 
A series of cyber attacks over the holiday week that targeted newspaper printing presses and a cloud service provider are tied to a specific strain of ransomware called Ryuk.
Phishing & Social Engineering Attacks Will Rise in 2019
News Analysis-Security Now  |  1/2/2019  | 
The rise of fileless attack techniques and other developments is making phishing a much more serious problem for enterprise security. As we head into 2019, a new approach is needed.
4 Global Cybersecurity Threats for 2019
News Analysis-Security Now  |  12/31/2018  | 
As the calendar turns to 2018, ISF is urging members to watch out for four specific security issues: ransomware, legislation, IoT and supply chain.
5G Network Security Needs a Comprehensive Approach in 2019
News Analysis-Security Now  |  12/28/2018  | 
As the first 5G rollouts are anticipated to start in 2019, service providers need to take a more holistic and comprehensive approach to securing these new networks and the businesses and customers using them.
Security Leaders Need to Heed the Harsh Security Lessons of 2018
News Analysis-Security Now  |  12/26/2018  | 
The sheer number of incidents from 2018 has put even more of the spotlight on enterprise security. Over the next 12 months, businesses need be on the lookout for email and stolen privileges schemes, nation-state attacks and increases in compliance legislation.
Justice Department Ties 2 Chinese Nationals to Notorious APT10 Group
News Analysis-Security Now  |  12/21/2018  | 
In another indictment aimed at China's cyberespionage infrastructure, the Justice Department has charged two Chinese nationals with belonging to the notorious APT10 group, which targeted industries in the US, Japan and other countries.
McAfee: IoT & Crypomining Malware Growth Exploded in Q3
News Analysis-Security Now  |  12/20/2018  | 
In its new quarterly threat report, McAfee Labs researchers found that malware targeting IoT devices, as well as cryptomining, continued to grow, specifically by taking advantage of lax security practices.
US Ballistic Missile Defense System Riddled With Security Flaws
News Analysis-Security Now  |  12/18/2018  | 
An Inspector General's report concerning the Defense Department's Ballistic Missile Defense System found numerous security flaws, including a lack of multi-factor authentication and classified information stored on removable drives.
Shamoon Malware Re-Emerges With Attacks in Italy, Middle East
News Analysis-Security Now  |  12/18/2018  | 
Over the last week, several reports emerged that the Shamoon malware, which was last seen in 2016, has re-emerged with attacks in Italy and the Middle East. This version includes a destructive data file wiper.
Spam Emails Bring Bomb Threats to US Businesses, Schools
News Analysis-Security Now  |  12/14/2018  | 
On Thursday, US businesses and schools began receiving a number of bomb threats that demanded Bitcoin as ransom. All these seem related to a series of spam emails.
China Suspected of Massive Marriott Data Breach Report
News Analysis-Security Now  |  12/13/2018  | 
A New York Times report finds that investigators believe China-backed attackers pulled off the massive data breach at Marriott, exposing the records of 500 million guests. It's a continuation of the tensions between China and the US.
'Operation Sharpshooter': Lazarus Revived or False Flag Operation?
News Analysis-Security Now  |  12/12/2018  | 
McAfee Labs has homed in on a new attack targeting critical infrastructure that they call 'Operation Sharpshooter.' However, while there is technical overlap with the Lazarus Group, there's also the possibility of a false flag operation.
Supermicro: Report Clears Company of Hacking Allegations
News Analysis-Security Now  |  12/12/2018  | 
Following a Bloomberg report that found hackers implanted specialized chips in its motherboards, Supermicro claims an audit has cleared the company of wrongdoing.
New Google+ Bug Affects 52M Users, Accelerating Site's Demise
News Analysis-Security Now  |  12/11/2018  | 
While the latest disclosure does not seem to have leaked any data, it accelerates Google+'s demise.
Cloud, Compliance & the Death of the IT Checklist
News Analysis-Security Now  |  12/7/2018  | 
For years, IT could rely on various checklists to ensure that systems and infrastructure were in compliance with various government regulations. The cloud has upended that structure, and a new, more automated approach is now needed.
North Korean-Backed Group Suspected of 'Stolen Pencil' Campaign
News Analysis-Security Now  |  12/6/2018  | 
The ASERT Team at NetScout has published a report that details a campaign dubbed "Stolen Pencil," which targeted universities and other academic groups. A North Korean-backed group is suspected of starting it.
Citrix: Password Reset Necessary to Stop Credential Stuffing Attack
News Analysis-Security Now  |  12/6/2018  | 
Citrix forced users of its ShareFile tool to reset their passwords this week, following concerns that an attacker may have attempted to use credential stuffing to access accounts.
IoT Botnets Are Increasing Source of Malware on SP Networks
News Analysis-Security Now  |  12/5/2018  | 
IoT botnets now make up 78% of the malware found on service provider networks, according to a new analysis by Nokia. These bots are being used for a wide-range of criminal activity, including cryptomining.
Quora Breach Hits 100M User Accounts Containing Highly Personal Data
News Analysis-Security Now  |  12/5/2018  | 
The latest mega data breach hit question-and-answer portal Quora, which reported 100 million user accounts were accessed by a malicious third-party. The data also contains highly personal details about customers.
FBI Investigating 'Cyber Intrusion' of NRCC Report
News Analysis-Security Now  |  12/4/2018  | 
In an echo of the same cyberattack that hit Democrats two years ago, the FBI is investigating the theft of emails from the National Republican Congressional Committee, according to a public report.
Microsoft, Mastercard Team Up on Identity Management Technology
News Analysis-Security Now  |  12/4/2018  | 
While not explicit in their announcement, it seems Microsoft and Mastercard plan to use some form of blockchain to create what they call a 'universally-recognized digital identity.'
Marriott: 500 Million Guest Records Compromised in Data Breach
News Analysis-Security Now  |  11/30/2018  | 
Marriott is investigating a possible data breach that may have compromised the personal data of 500 million Starwood guests, including credit card information, names, addresses and more.
Dell: Your Personal Info May, or May Not, Have Been Stolen
News Analysis-Security Now  |  11/29/2018  | 
It appears attackers attempted to penetrate Dell's network in early November. While the company does not believe any personal data was taken, Dell cannot guarantee no one was compromised.
Ransomware, New Privacy Laws Are Top Security Concerns for 2019
News Analysis-Security Now  |  11/29/2018  | 
It's never too early for New Year's predictions. The Information Security Forum is focused on four areas for 2019: ransomware; new privacy laws and regulations; IoT; and supply chain.
Iranian Hackers Charged With Creating SamSam Ransomware
News Analysis-Security Now  |  11/29/2018  | 
The Justice Department has charged two Iranian hackers with creating the SamSam ransomware that helped them collect about $6 million in Bitcoin ransom and caused about $30 million in damage.
Feds Charge 8 in Large-Scale Ad Fraud & Botnet Scheme
News Analysis-Security Now  |  11/28/2018  | 
The Justice Department has charged eight people with operating a large-scale ad fraud scheme that involved a pair of botnets based on malware dubbed Kovter and Boaxxe.
UK & Dutch Authorities Slap Uber With Fines Over 2016 Data Breach
News Analysis-Security Now  |  11/28/2018  | 
On the same day, authorities in the UK and the Netherlands each fined Uber for a data breach that occurred in 2016 and affected millions of customers, as well as Uber drivers.
Cross-Functional Communication Can Better Secure Your Enterprise
News Analysis-Security Now  |  11/26/2018  | 
Security teams are being asked to not only handle a greater threat landscape, but help the entire enterprise stay secure. Cross-functional communication can help your security work more effectively outside the InfoSec department.
Former FBI Agent James Gagliano: 'Cyber Touches Everything'
News Analysis-Security Now  |  11/20/2018  | 
Former FBI Agent James Gagliano sees the worlds of physical security and cybersecurity increasingly merging in the area of critical infrastructure.
BlackBerry Acquiring Security & AI Firm Cylance for $1.4B
News Analysis-Security Now  |  11/16/2018  | 
BlackBerry is continuing to move away from its smartphone legacy with the acquisition of Cylance, a firm that specializes in artificial intelligence and security, in a deal worth $1.4 billion.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: Exactly
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24619
PUBLISHED: 2020-09-22
In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuses TLS because of setPeerVerifyMode(QSslSocket::VerifyNone). A man-in-the-middle attacker could offer a spoofed download resource.
CVE-2020-8887
PUBLISHED: 2020-09-22
Telestream Tektronix Medius before 10.7.5 and Sentry before 10.7.5 have a SQL injection vulnerability allowing an unauthenticated attacker to dump database contents via the page parameter in a page=login request to index.php (aka the server login page).
CVE-2020-7734
PUBLISHED: 2020-09-22
All versions of package cabot are vulnerable to Cross-site Scripting (XSS) via the Endpoint column.
CVE-2020-6564
PUBLISHED: 2020-09-21
Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page.
CVE-2020-6565
PUBLISHED: 2020-09-21
Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.