Dark Reading | Security | Protect The Business

Network Computing Dark Reading

Advertise

About Us

Join us live at

7 Hot Cybersecurity Trends to Be Highlighted at Black Hat

Back to Basics with Log Management, SIEMs & MSSPs

10 Ways to Keep a Rogue RasPi From Wrecking Your Network

To Pay or Not To Pay? That Is the (Ransomware) Question

Top Stories

7 Hot Cybersecurity Trends to Be ...

Back to Basics with Log Management, SIEMs ...

10 Ways to Keep a Rogue RasPi From ...

Name That Toon: Beat the Heat

To Pay or Not To Pay? That Is the ...

News & Commentary

Lenovo NAS Firmware Flaw Exposes Stored Data

News

More than 5,100 vulnerable devices containing multiple terabytes of data are open to exploitation, researchers found.

By Jai Vijayan Contributing Writer, 7/16/2019

0 comments | Read | Post a Comment

Security Snapshot: OS, Authentication, Browser & Cloud Trends

Kelly Sheridan, Staff Editor, Dark Reading

News

New research shows cloud apps are climbing, SMS authentication is falling, Chrome is the enterprise browser favorite, and Android leads outdated devices.

By Kelly Sheridan Staff Editor, Dark Reading, 7/16/2019

0 comments | Read | Post a Comment

FBI Publishes GandCrab Decryption Keys

Quick Hits

Publishing the keys should render existing versions of the ransomware far less dangerous for victims.

By Dark Reading Staff , 7/16/2019

0 comments | Read | Post a Comment

How Attackers Infiltrate the Supply Chain & What to Do About It

Shay Nahari, Head of Red-Team Services at CyberArk

Commentary

With some security best practices, enterprises can significantly reduce the chances that a potential supply chain attack will affect business operations.

By Shay Nahari Head of Red-Team Services at CyberArk, 7/16/2019

0 comments | Read | Post a Comment

US Mayors Commit to Just Saying No to Ransomware

News

The group of more than 1,400 top elected municipal officials takes the admirable, recommended stance against paying ransoms. However, can towns and cities secure their information technology infrastructure to withstand attacks?

By Robert Lemos Contributing Writer, 7/16/2019

1 Comment | Read | Post a Comment

Latest Comment: RyanSepe, This is always the correct response. You operate under two assumptions if you...

Symantec Builds Out Cloud Portfolio to Enforce 'Zero Trust'

Quick Hits

New additions to its Integrated Cyber Defense Platform aim to give businesses greater control over access to cloud resources and applications.

By Dark Reading Staff , 7/16/2019

1 Comment | Read | Post a Comment

Latest Comment: RyanSepe, This has me curious how this may be leveraged. I've seen cerficate issuance...

Is 2019 the Year of the CISO?

Terry Ray, Chief Technology Officer, Imperva

Commentary

The case for bringing the CISO to the C-suite's risk and business-strategy table.

By Terry Ray Chief Technology Officer, Imperva, 7/16/2019

0 comments | Read | Post a Comment

Flaws in Telegram & WhatsApp on Android Put Data at Risk

Curtis Franklin Jr., Senior Editor at Dark Reading

News

App settings combined with Android behavior can put data integrity at risk for WhatsApp and Telegram users.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/15/2019

1 Comment | Read | Post a Comment

Latest Comment: tonny123, very nice

Meet DoppelPaymer, BitPaymer's Ransomware Lookalike

News

New ransomware variant DoppelPaymer was leveraged in campaigns against the City of Edcouch, Texas, and the Chilean Ministry of Agriculture.

By Kelly Sheridan Staff Editor, Dark Reading, 7/15/2019

0 comments | Read | Post a Comment

FTC Reportedly Ready to Sock Facebook with Record $5 Billion Fine

Quick Hits

The fine, for the social media giant's role in the Cambridge Analytica scandal, would be the largest ever against a tech company.

By Dark Reading Staff , 7/15/2019

2 comments | Read | Post a Comment

Latest Comment: tdsan, I do think that facebook will fight this because this is unprecedented. Per...

Software Developers Face Secure Coding Challenges

News

Seven in ten developers are expected to write secure code, but less than half receive feedback on security, a survey finds.

By Robert Lemos Contributing Writer, 7/15/2019

0 comments | Read | Post a Comment

18% of Enterprises Holding Back on Windows 10 Upgrade

Quick Hits

Microsoft will officially end support for Windows 7 on January 14, 2020. Many large businesses aren't ready.

By Dark Reading Staff , 7/15/2019

0 comments | Read | Post a Comment

Is Machine Learning the Future of Cloud-Native Security?

Pawan Shankar, Senior Security Product Marketing Manager at Sysdig

Commentary

The nature of containers and microservices makes them harder to protect. Machine learning might be the answer going forward.

By Pawan Shankar Senior Security Product Marketing Manager at Sysdig, 7/15/2019

0 comments | Read | Post a Comment

Where Businesses Waste Endpoint Security Budgets

Too many systems, failure to test tools, and fear of replacement drive endpoint complexity and render products less effective.

By Kelly Sheridan Staff Editor, Dark Reading, 7/15/2019

3 comments | Read | Post a Comment

Latest Comment: Lyngiten, This new term is really popular today because of circumstances

German Schools Ban Office 365, Cite Privacy Concerns

Quick Hits

The ruling follows years of debate over whether German schools and institutions should use Microsoft tools and services.

By Dark Reading Staff , 7/12/2019

1 Comment | Read | Post a Comment

Latest Comment: tdsan, I think it is a simple fix: - Disable Windows Telemetry - Disable Office...

Competing Priorities Mean Security Risks for Small Businesses

Quick Hits

Small business IT professionals are trying to balance multiple priorities and finding that the balance often leaves the company with serious security risks.

By Dark Reading Staff , 7/12/2019

2 comments | Read | Post a Comment

Latest Comment: REISEN1955, True - small business cannot afford a large CSirt department or a full time...

A Lawyer’s Guide to Cyber Insurance: 4 Basic Tips

Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC

Commentary

The time to read the fine print in your cybersecurity insurance policy is before you sign on the dotted line.

By Beth Burgin Waller Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC, 7/12/2019

3 comments | Read | Post a Comment

Latest Comment: REISEN1955, Point taken and it would be wise for insurance companies to provide these services...

Data Center Changes Push Cyber Risk to Network's Edge

News

Changes in fundamental enterprise architectures coupled with shifts in human resources mean that companies are considering new risks to their infrastructure.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/11/2019

1 Comment | Read | Post a Comment

Latest Comment: tdsan, Concerns about whether these more intelligent systems might become an attack...

APT Groups Make Quadruple What They Spend on Attack Tools

News

Some advanced persistent threat actors can spend north of $1 million on attacks, but the return on that investment can be huge.

By Jai Vijayan Contributing Writer, 7/11/2019

0 comments | Read | Post a Comment

How to Catch a Phish: Where Employee Awareness Falls Short

News

Advanced phishing techniques and poor user behaviors that exacerbate the threat of successful attacks.

By Kelly Sheridan Staff Editor, Dark Reading, 7/11/2019

0 comments | Read | Post a Comment

More Stories

Current Conversations

Posted by RyanSepe

This is always the correct response. You operate under two assumptions if you don't. You expect your non-ethical attackers to act ethically and return your data after payment. Secondly, that they won't try to sell that data...

In reply to: Correct response
Post Your Own Reply

Posted by RyanSepe

This has me curious how this may be leveraged. I've seen cerficate issuance to unauthorized devices via NAC solutions but I always found this to be not as comprehenisve as a CASB solution. Maybe some of the CASB functionalities...

In reply to: enables CASB security controls for unmanaged devices
Post Your Own Reply

Posted by tdsan

I do think that facebook will fight this because this is unprecedented. Per the article, Google was fined 12 million but 5 billion is way over the limit. What they could do, is to allocate that money to improve their security...

In reply to: This is excessive
Post Your Own Reply

Posted by tdsan

That's a problem, because customers don't care if it was the company's supplier that lost the data, not the company itself.. —Lyngiten Interesting comment, let me play devil's advocate; if a cloud vendor worked with...

In reply to: Re: attack
Post Your Own Reply

Posted by Joe Stanganelli

"Jim, stop pretending you're drowning in tickets."

In reply to: js02
Post Your Own Reply

Posted by Joe Stanganelli

"Hey! Don't Task.Run on the pool!"

In reply to: js01
Post Your Own Reply

Posted by tdsan

From my understanding, most organizations are part of this GDPR group? Health care agencies have experienced a number of hacks where they have lost more PII data than any organizational group. If this aspect is one of...

In reply to: Are Hospitals part of GDPR?
Post Your Own Reply

Posted by iOtta

2 years after this article is written and we are still no further ahead. Facebook has just been fined $5Billion dollars and the stock went up in price. One months revenue! It is cheaper to pay the fine than to actually...

In reply to: 2 years later!
Post Your Own Reply

Posted by REISEN1955

Point taken and it would be wise for insurance companies to provide these services and also make sure their suggestions ARE being carriesd out !!! Periodic review would be mandatory.

In reply to: Re: Monetary protection only
Post Your Own Reply

Posted by mcavanaugh1

No, not all Cyber Insurance policies are limited to monetary protection. Many carriers providing standalone Cyber Insurance policies provide Pre-breach Risk Management services including policies & procedure templates,...

In reply to: Re: Monetary protection only
Post Your Own Reply

Posted by Lyngiten

Only 18 percent of companies says they knew if those vendors were, in turn, sharing that information with other suppliers. That's a problem, because customers don't care if it was the company's supplier that lost the data,...

In reply to: attack
Post Your Own Reply

Posted by Lyngiten

The combination of Chronicle's analytics services and Google Cloud's big-data expertise seems likely to position the new Chronicle as a competitor to Splunk, LogRhythm, ArcSight, and companies with similar analytics offe...

In reply to: Chronicle
Post Your Own Reply

More Conversations

Products & Releases

Perimeter 81 Launches Zero Trust Application Access

FireEye Expands Managed Defense MDR Services

Radware Expands Its Cloud Workload Protection Service to Include Crypto-Jacking Detection

Day Trader Pleads Guilty to Computer Hacking and Securities Fraud Scheme Targeting Online Brokerage Accounts

Dragos Appoints CrowdStrike Cofounder and CTO Dmitri Alperovitch to Board of Directors

YL Ventures Closes Fourth Fund with $120M of Committed Capital

Digital Shadows Raises $10M Strategic Investment Round Led by National Australia Bank Ventures

Internet Isolation Vendor Menlo Security Raises $75 Million in Series D Funding

More Products & Releases

PR Newswire

sponsored by



The latest on the number of attacks, types of attacks, and threats to enterprises' most critical IT infrastructure.

GDPR: The Good, the Bad, and the Uncertain

One year post-GDPR implementation it's time to ask the tough question of whether companies are celebrating or cursing these consumer privacy mandates.

My Company Is Looking at WAFs to Help Secure Traffic. Where Do We Start?

Frank Taylor: Better Processes Lead to Tighter Security

Live Events

Webinars

Come to Black Hat USA for the latest hardware hacks

Black Hat Trainings - August 3-6

Prepare for the Future of WorkSpaces! Register Today!

More Informa Tech Live Events

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: "Jim, stop pretending you're drowning in tickets."

Cartoon Archive

White Papers

Security 101

7 Reasons You Need Security at the Edge

Solve the Robo-Calling Plague

Testing for Compliance Just Became Easier

The 2019 Trust Report

More White Papers

Current Issue

Building and Managing an IT Security Operations Program

As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.

Download This Issue!

Back Issues | Must Reads

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2019-3571
PUBLISHED: 2019-07-16

An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows malicious clients to send files to users that would be displayed with a wrong extension.

CVE-2019-6160
PUBLISHED: 2019-07-16

A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API.

CVE-2019-9700
PUBLISHED: 2019-07-16

Norton Password Manager, prior to 6.3.0.2082, may be susceptible to an address spoofing issue. This type of issue may allow an attacker to disguise their origin IP address in order to obfuscate the source of network traffic.

CVE-2019-12990
PUBLISHED: 2019-07-16

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal.

CVE-2019-12991
PUBLISHED: 2019-07-16

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).

Reports

The State of IT Operations and Cybersecurity Operations

Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Here’s some insight on what's working – and what isn't – in the data center.

Download Now!

How Enterprises Are Developing Secure Applications

0 comments

The State of Cyber Security Incident Response

0 comments

How Enterprises Are Attacking the Cybersecurity Problem

0 comments

More Reports

Flash Poll

All Polls

Video