Dark Reading | Security | Protect The Business

Network Computing Dark Reading

Advertise

About Us

8 Infosec Page-Turners for Days Spent Indoors

The Wild, Wild West(world) of Cybersecurity

Dark Reading Cybersecurity Crossword Puzzle

State of Cybersecurity Incident Response

Top Stories

8 Infosec Page-Turners for Days Spent Indoors

The Wild, Wild West(world) of Cybersecurity

Dark Reading Cybersecurity Crossword Puzzle

State of Cybersecurity Incident Response

10 Security Services Options for SMBs ...

News & Commentary

Defense Evasion Dominated 2019 Attack Tactics

Kelly Sheridan, Staff Editor, Dark Reading

News

Researchers mapped tactics and techniques to the MITRE ATT&CK framework to determine which were most popular last year.

By Kelly Sheridan Staff Editor, Dark Reading, 3/31/2020

0 comments | Read | Post a Comment

Researchers Uncover Unsophisticated - But Creative - Watering-Hole Attack

News

Holy Water campaign is targeting users of a specific religious and ethnic group in Asia, Kaspersky says.

By Jai Vijayan Contributing Writer, 3/31/2020

1 Comment | Read | Post a Comment

Latest Comment: RyanSepe, Even in a world of technology its the human element that makes us the most...

Data from 5.2M Marriott Loyalty Program Members Hit by Breach

Quick Hits

The data was breached through the credentials of two franchisee employees.

By Dark Reading Staff , 3/31/2020

1 Comment | Read | Post a Comment

Latest Comment: RyanSepe, Its pretty much a given if administrative accounts are not handled appropriately...

Latest Security News & Commentary about COVID-19

News

Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.

By Dark Reading Staff , 3/31/2020

1 Comment | Read | Post a Comment

Latest Comment: RyanSepe, This is a great way to quick truncate down the subject matter during these...

Why Third-Party Risk Management Has Never Been More Important

Jake Olcott, VP of Communications & Government Affairs, Bitsight Technologies

Commentary

Given today's coronavirus pandemic, the need for companies to collect cybersecurity data about their business partners is more critical than ever. Here's how to start.

By Jake Olcott VP of Communications & Government Affairs, Bitsight Technologies, 3/31/2020

0 comments | Read | Post a Comment

Patching Poses Security Problems with Move to More Remote Work

News

Security teams were not ready for the wholesale move to remote work and the sudden expansion of the attack surface area, experts say.

By Robert Lemos Contributing Writer, 3/31/2020

1 Comment | Read | Post a Comment

Latest Comment: RyanSepe, Definitely adds another complex variable to the equation but not enough to...

Palo Alto Networks to Buy CloudGenix for $420M

Quick Hits

Palo Alto Networks plans to integrate CloudGenix's SD-WAN technology into its Prisma SASE platform following the deal.

By Dark Reading Staff , 3/31/2020

1 Comment | Read | Post a Comment

Latest Comment: RyanSepe, Security humor aside, we are now most definitely in the age of acquisition....

Does the 2020 Online Census Account for Security Risk?

News

Experts discuss the security issues surrounding a census conducted online and explain how COVID-19 could exacerbate the risk.

By Kelly Sheridan Staff Editor, Dark Reading, 3/31/2020

0 comments | Read | Post a Comment

How Much Downtime Can Your Company Handle?

Marc Wilczek, Digital Strategist & COO of Link11

Commentary

Why every business needs cyber resilience and quick recovery times.

By Marc Wilczek Digital Strategist & COO of Link11, 3/31/2020

0 comments | Read | Post a Comment

Limited-Time Free Offers to Secure the Enterprise Amid COVID-19

These products and services could be of immediate help to infosec pros now protecting their organizations while working from home.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/31/2020

1 Comment | Read | Post a Comment

Latest Comment: Guillaume de Systancia, Hello, Given the current exceptional circumstances related to the COVID-19...

Researchers Spot Sharp Increase in Zoom-Themed Domain Registrations

News

Attackers are attempting to take advantage of the surge in teleworking prompted by COVID-19, Check Point says.

By Jai Vijayan Contributing Writer, 3/30/2020

0 comments | Read | Post a Comment

Microsoft Edge Will Tell You If Credentials Are Compromised

Quick Hits

Password Monitor, InPrivate mode, and ad-tracking prevention are three new additions to Microsoft Edge.

By Dark Reading Staff , 3/30/2020

11 comments | Read | Post a Comment

Latest Comment: RyanSepe, Yup, passing the hash is serious cause for concern. Definitely a reason to...

HackerOne Drops Mobile Voting App Vendor Voatz

Quick Hits

Bug bounty platform provider cited "Voatz's pattern of interactions with the research community" in its decision to halt the app vendor's vuln disclosure program on HackerOne.

By Dark Reading Staff , 3/30/2020

3 comments | Read | Post a Comment

Latest Comment: RyanSepe, You hit the nail right on the head here my friend. Very comprehensive analysis....

Untangling Third-Party Risk (and Fourth, and Fifth...)

Third parties bring critical products and services to your organization. They also bring risk that must be understood and managed.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/30/2020

0 comments | Read | Post a Comment

Securing Your Remote Workforce: A Coronavirus Guide for Businesses

Lance Spitzner, Director, SANS Institute Securing The Human Security Awareness Program

Commentary

Often the hardest part in creating an effective awareness program is deciding what NOT to teach.

By Lance Spitzner Director, SANS Institute Securing The Human Security Awareness Program, 3/30/2020

0 comments | Read | Post a Comment

Malicious USB Drive Hides Behind Gift Card Lure

Quick Hits

Victims are being enticed to insert an unknown USB drive into their computers.

By Dark Reading Staff , 3/27/2020

11 comments | Read | Post a Comment

Latest Comment: Dr.T, " testers would scatter these around corporate parking lots and see who plugged...

Virgin Media Could Pay £4.5B for Leak Affecting 900,000 Customers

Quick Hits

A misconfigured database holding personal data was left available online between April 2019 and February 2020.

By Dark Reading Staff , 3/27/2020

11 comments | Read | Post a Comment

Latest Comment: RyanSepe, 100% agree. Its the difference between direct cost (fines, protection fess,...

The Wild, Wild West(world) of Cybersecurity

Bil Harmer, CISO & Chief Evangelist at SecureAuth

Commentary

Though set in the future, HBO's "Westworld" works as an allegory for the present moment in cybersecurity.

By Bil Harmer CISO & Chief Evangelist at SecureAuth, 3/27/2020

0 comments | Read | Post a Comment

Purported Brute-Force Attack Aims at Linksys Routers as More People Work Remotely

News

The attack takes control of poorly secured network devices, redirecting Web addresses to a COVID-themed landing page that attempts to fool victims into downloading malware.

By Robert Lemos Contributing Writer, 3/27/2020

1 Comment | Read | Post a Comment

Latest Comment: RyanSepe, I'm glad I don't have a Linksys router in this case. Not that the brand I'm...

Cyber Version of 'Justice League' Launches to Fight COVID-19 Related Hacks

News

Goal is to help organizations — especially healthcare entities — protect against cybercriminals trying to take advantage of the pandemic.

By Jai Vijayan Contributing Writer, 3/26/2020

0 comments | Read | Post a Comment

More Stories

Current Conversations

Posted by RyanSepe

Even in a world of technology its the human element that makes us the most vulnerable. It seems that as our technological capabilities increase it only exacerbates this premise. Allows us to reach higher but also opens...

In reply to: The Great Irony
Post Your Own Reply

Posted by RyanSepe

Definitely adds another complex variable to the equation but not enough to risk not patching. Servers its an easy point for me to make so I'll stay away from that. For workstations, yes it can be more difficult because if...

In reply to: Another variable but not an excuse
Post Your Own Reply

Posted by RyanSepe

I'm glad I don't have a Linksys router in this case. Not that the brand I'm using isn't prone to attacks as well. With the current state of the pandemic even apps that revolve around virtual meetings are struggling due to...

In reply to: Have Enough Trouble w/o the attacks
Post Your Own Reply

Posted by RyanSepe

You hit the nail right on the head here my friend. Very comprehensive analysis. These vendors need to be held accountable. Otherwise, instances like this will run rampant and we will be sacrificing consumer security and...

In reply to: Re: Two problems
Post Your Own Reply

Posted by RyanSepe

Yup, passing the hash is serious cause for concern. Definitely a reason to have encryption ciphers be super complex and have long keylengths.

In reply to: Re: Pretty Cool Features
Post Your Own Reply

Posted by RyanSepe

I think they are "hybridizing" it and it was just a misnomer. In a Private or an Incognito mode, none of that information is stored so there is nothing to wipe. Maybe they more aptly meant to say that private code automatically...

In reply to: Re: InPrivate
Post Your Own Reply

Posted by RyanSepe

Yeah that is exactly the point I was trying to make. In the search to seeing if anyone duplicated your lock you have to expose the key. In which lies a potential problem.

In reply to: Re: Password Monitor
Post Your Own Reply

Posted by RyanSepe

Security humor aside, we are now most definitely in the age of acquisition. It feels as if companies are being created with the sole desire to be acquired.

In reply to: Another Little Phish Gets Swallowed Up
Post Your Own Reply

Posted by RyanSepe

This is a great way to quick truncate down the subject matter during these times. Staying informed can be one of our greatest tools in uncertain times such as this.

In reply to: Effective Grouping
Post Your Own Reply

Posted by RyanSepe

100% agree. Its the difference between direct cost (fines, protection fess, and forensics) vs. indirect cost (brand reputation, lost of customer trust, etc). Both have a huge detriment to the company.

In reply to: Re: COULD PAY
Post Your Own Reply

Posted by RyanSepe

Yeah, what a truly remarkable place it would be if we learned from our mistakes and tried doing things the right way. Instead of the quick way.

In reply to: Re: misconfigured
Post Your Own Reply

Posted by RyanSepe

Its pretty much a given if administrative accounts are not handled appropriately that if they are compromised it will lead to something catastrophic such as this. Its surprising that Marriot wouldn't have PAM controls in...

In reply to: Employee Accounts
Post Your Own Reply

More Conversations

Products & Releases

RiskSense Introduces Full Spectrum Risk-Based Vulnerability Management

Axonius Announces $58 Million in New Funding

Jon Lovitz Joins NINJIO as Lead Voice Actor and Recurring Character

KnowBe4 Report Finds 37.9% of Untrained End Users Will Fail a Phishing Test

Link11 Offers Free DDoS Protection to Public Sector Organizations

(ISC)² Announces CEO Succession Plan

cPacket Networks Secures $15 Million Investment from Morgan Stanley Expansion Capital

SailPoint Extends SailPoint Predictive Identity Platform with New Cloud Governance Solutions

More Products & Releases

PR Newswire

Security Now Joins Dark Reading

Find out more about the combination of two of the industry's leading cybersecurity news sites.

Untangling Third-Party Risk (and Fourth, and Fifth...)

Third parties bring critical products and services to your organization. They also bring risk that must be understood and managed.

How to Evict Attackers Living Off Your Land

As cyber defenses improve, adversaries are shifting to stealthy "living-off-the-land" attacks that use targets' own tools against them. Here are some tips to defend your turf.

What Should I Do If Someone Is Impersonating My Company in a Phishing Campaign?

Two security awareness advocates from KnowBe4 provide some solid suggestions.

Webinars

Building a Strategy for Detection and Response

Chatbots for the Enterprise

5 Steps to Integrate SAST into the DevSecOps Pipeline

Webinar Archives

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: "The news mentioned there was a new virus going around through malicious video conference links..."

Cartoon Archive

White Papers

eSentire Annual Threat Intelligence Report: 2019 Perspectives and 2020 Predictions

Cybersecurity Research: 2019 AWS Cloud Security Report

Securing Real-Time Communications for Dummies Book

Hackers: Your Secret Weapon

Anatomy of a Cloud-Native Data Breach

More White Papers

Current Issue

6 Emerging Cyber Threats That Enterprises Face in 2020

This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!

Download This Issue!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2020-10696
PUBLISHED: 2020-03-31

A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.

CVE-2020-5344
PUBLISHED: 2020-03-31

Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially cr...

CVE-2020-5292
PUBLISHED: 2020-03-31

Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can execute arbitrary SQL queries negatively affecting the confidentiality, integrity, and availability of the site. Attackers can exfiltrate data like the users' and admini...

CVE-2020-7009
PUBLISHED: 2020-03-31

Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.

CVE-2019-13495
PUBLISHED: 2020-03-31

In firmware version 4.50 of Zyxel XGS2210-52HP, multiple stored cross-site scripting (XSS) issues allows remote authenticated users to inject arbitrary web script via an rpSys.html Name or Location field.

Reports

State of Cybersecurity Incident Response

Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.

Download Now!

How Enterprises Are Developing and Maintaining Secure Applications

0 comments

How Enterprises are Attacking the Cybersecurity Problem

0 comments

How Data Breaches affect the Enterprise

0 comments

More Reports

Flash Poll

All Polls

Video