Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Content by kjhiggins

kjhiggins
Member Since: March 12, 2014
Strategist
Blog Posts: 3206
Posts: 62

Most Recently Posted

100 items
Former Salesforce Execs Launch Data Protection Startup
News  |  5/22/2020  | 
Cloud-based API service stores and manages sensitive consumer data with a zero-trust, database-as-a service approach.
5-Year-Long Cyber Espionage Campaign Hid in Google Play
News  |  4/28/2020  | 
OceanLotus targeted Android devices in the so-called PhantomLance campaign.
White-Hat Hackers Help 'Fold' COVID-19 Proteins
News  |  4/23/2020  | 
A grassroots effort provides scientists with computing power to help simulate the novel coronavirus' proteins and come up with therapeutic solutions for the disease.
Web Pioneers Launch Identity Startup That Ditches Passwords
News  |  4/14/2020  | 
Legendary founders of Netscape and @Home Network roll out a new cloud-based identity management firm that makes the user his or her own certificate authority.
Schneier on Hacking Society
News  |  4/9/2020  | 
How the hacker mindset and skill set could play a role in improving and securing societal systems, according to renowned security technologist Bruce Schneier.
Major Cloud, CDN Providers Join Secure Routing Initiative
News  |  4/1/2020  | 
Akamai, AWS, Azion, Cloudflare, Facebook, and Netflix are now members of the Mutually Agreed Norms for Routing Security (MANRS) effort.
TA505 Targets HR Departments with Poisoned CVs
News  |  3/19/2020  | 
Infamous cybercrime organization spotted in attacks that employ legitimate software -- and Google Drive.
Startup Offering Secure Access to Corporate Apps Emerges from Stealth
News  |  3/17/2020  | 
Axis Security has raised $17 million in VC funding.
Over 80% of Medical Imaging Devices Run on Outdated Operating Systems
News  |  3/10/2020  | 
New data on live Internet of Things devices in healthcare and other organizations shines a light on security risks.
Most Cyberattacks in 2019 Were Waged Without Malware
News  |  3/4/2020  | 
If the "malware-free" attack trajectory continues, it could mean major trouble for defenders, according to experts from CrowdStrike and other security companies.
NSS Labs Revises Endpoint Security Test Model
News  |  3/3/2020  | 
New product ratings system comes amid growing shift in the testing market toward more "open and transparent" evaluation of security tools.
'Cloud Snooper' Attack Circumvents AWS Firewall Controls
News  |  2/27/2020  | 
Possible nation-state supply chain attack that cheated both cloud and on-premise firewalls acts like a "wolf in sheep's clothing," Sophos says.
Wanted: Hands-On Cybersecurity Experience
News  |  2/25/2020  | 
Organizations lament a lack of qualified job candidates as they continue to struggle to hire and retain security teams, the new ISACA State of Cybersecurity 2020 report shows.
Dell Sells RSA to Private Equity Firm for $2.1B
News  |  2/18/2020  | 
Deal with private equity entity Symphony Technology Group revealed one week before the security industry's RSA Conference in San Francisco.
Some Democrats Lead Trump in Campaign Domain-Security Efforts
News  |  2/10/2020  | 
Sanders and Trump campaigns lack proper DMARC security enforcement, study finds.
Vixie: The Unintended Consequences of Internet Privacy Efforts
News  |  2/5/2020  | 
Paul Vixie says emerging encryption protocols for endpoints could "break" security in enterprise - and even home - networks.
Aftermath of a Major ICS Hacking Contest
News  |  1/29/2020  | 
Pwn2Own Miami could help spur more research on and attention to the security of industrial control system products, experts say.
New Social Engineering Event to Train Business Pros on Human Hacking
Quick Hits  |  1/24/2020  | 
The DEF CON Social Engineering Capture the Flag contest inspired a new event aimed at teaching both security and non-security professionals on the fine art of hacking human behavior.
Ryuk Ransomware Hit Multiple Oil & Gas Facilities, ICS Security Expert Says
News  |  1/23/2020  | 
Attackers 'weaponized' Active Directory to spread the ransomware.
Elaborate Honeypot 'Factory' Network Hit with Ransomware, RAT, and Cryptojacking
News  |  1/21/2020  | 
A fictitious industrial company with phony employees personas, website, and PLCs sitting on a simulated factory network fooled malicious hackers - and raised alarms for at least one white-hat researcher who stumbled upon it.
Industrial Control System Features at Risk
News  |  1/14/2020  | 
How some ICS product functions can be weaponized by altering their configurations.
Cloudflare Adds New Endpoint, Web Security Service
News  |  1/7/2020  | 
"Teams" and a new browser security acquisition expand the cloud firm's security offerings.
The Coolest Hacks of 2019
News  |  12/30/2019  | 
A FaceTime fail, weaponized sound, a 'Prying Eye,' and a wearable fingerprint ring, were among the more novel and odd hacks this year.
Ransomware 'Crisis' in US Schools: More Than 1,000 Hit So Far in 2019
News  |  12/16/2019  | 
Meanwhile, the mayor of the city of New Orleans says no ransom money demands were made as her city struggles to recover from a major ransomware attack launched last week.
Intel Issues Fix for 'Plundervolt' SGX Flaw
News  |  12/11/2019  | 
Researchers were able to extract AES encryption key using SGX's voltage-tuning function.
Data Leak Week: Billions of Sensitive Files Exposed Online
News  |  12/10/2019  | 
A total of 2.7 billion email addresses, 1 billion email account passwords, and nearly 800,000 applications for copies of birth certificate were found on unsecured cloud buckets.
When Rogue Insiders Go to the Dark Web
News  |  12/3/2019  | 
Employees gone bad sell stolen company information, sometimes openly touting their companies, researchers say.
Siemens Offers Workarounds for Newly Found PLC Vulnerability
Quick Hits  |  12/3/2019  | 
An undocumented hardware-based special access feature recently found by researchers in Siemens' S7-1200 can be used by attackers to gain control of the industrial devices.
Anatomy of a BEC Scam
News  |  11/21/2019  | 
A look at the characteristics of real-world business email compromise attacks and what makes them tick.
Siemens PLC Feature Can Be Exploited for Evil - and for Good
News  |  11/5/2019  | 
A hidden feature in some newer models of the vendor's programmable logic controllers leaves the devices open to attack. Siemens says it plans to fix it.
Free & Discounted Security Services Now Available for US Election Orgs
News  |  11/1/2019  | 
Nonprofit Defending Digital Campaigns (DDC) offers security services for email, user education, mobile, and encrypted communications, to federal election committees.
Is Voting by Mobile App a Better Security Option or Just 'A Bad Idea'?
Edge-DRsplash-10-edge-articles  |  10/28/2019  | 
Security experts say voting by app adds another level of risk, as mobile-voting pilots expand for overseas military and voters with disabilities.
Bugcrowd Enters the IT Asset Discovery Business
News  |  10/22/2019  | 
New service searches for errant or vulnerable devices on the Internet.
Security Tool Sprawl Reaches Tipping Point
News  |  10/9/2019  | 
How a new open source initiative for interoperable security tools and a wave of consolidation could finally provide some relief for overwhelmed security analysts and SOCs.
ReliaQuest Acquires Threatcare
Quick Hits  |  10/2/2019  | 
Attack simulation tool will be integrated into ReliaQuest's GreyMatter platform.
Targeted Cybercrime On a Tear
News  |  10/1/2019  | 
CrowdStrike threat hunting data shows major increase in targeted financially motivated attacks in the first six months of 2019.
Voting Machine Systems New & Old Contain 'Design' Flaws
News  |  9/26/2019  | 
DEF CON Voting Village organizers presented a final report on their findings at the Capitol.
Iranian Government Hackers Target US Veterans
News  |  9/24/2019  | 
'Tortoiseshell' discovered hosting a phony military-hiring website that drops a Trojan backdoor on visitors.
Metasploit Creator HD Moore's Latest Hack: IT Assets
News  |  9/19/2019  | 
Moore has built a network asset discovery tool that wasn't intended to be a pure security tool, but it addresses a glaring security problem.
Saudi IT Providers Hit in Cyber Espionage Operation
News  |  9/18/2019  | 
Symantec identifies new 'Tortoiseshell' nation-state group as the attackers.
Overburdened SOC Analysts Shift Priorities
News  |  8/30/2019  | 
Many SOC analysts are starting to shut off high-alert features to keep pace with the volume, new study shows.
WannaCry Remains No. 1 Ransomware Weapon
News  |  8/27/2019  | 
Of all of the ransomware variants spotted targeting victims in the first half of 2019, the infamous WannaCry was by far the most prevalent, according to Trend Micro's detection data.
Aviation Faces Increasing Cybersecurity Scrutiny
News  |  8/22/2019  | 
Some aviation experts and security researchers are trying to foster closer alliances for securing airplane networks.
Internet Routing Security Initiative Launches Online 'Observatory'
News  |  8/13/2019  | 
Mutually Agreed Norms for Routing Security (MANRS) lets network operators and the public view online router incidents worldwide.
DEF CON Voting Village: It's About 'Risk'
News  |  8/12/2019  | 
DHS, security experts worry about nation-state or other actors waging a disruptive or other attack on the 2020 election to sow distrust of the election process.
Siemens S7 PLCs Share Same Crypto Key Pair, Researchers Find
News  |  8/8/2019  | 
Researchers at Black Hat USA reveal how security authentication weaknesses in popular Siemens ICS family let them control a PLC.
Boeing 787 On-Board Network Vulnerable to Remote Hacking, Researcher Says
News  |  8/7/2019  | 
Boeing disputes IOActive findings ahead of security firm's Black Hat USA presentation.
DARPA to Bring its Smart Ballot Boxes to DEF CON for Hacking
News  |  8/1/2019  | 
The agency this week will share the source code and hardware specifications for the secure voting system prototypes.
Suffering SOC Saga Continues
News  |  7/30/2019  | 
New study exposes low confidence among security professionals in their security operations centers.
Malware-based Attacks Dropped 20% Worldwide
News  |  7/24/2019  | 
Meanwhile, criminals waged more encrypted, ransomware, and IoT attacks.
Open Source Hacking Tool Grows Up
News  |  7/18/2019  | 
Koadic toolkit gets upgrades and a little love from nation-state hackers.
What the AppSec Penetration Test Found
News  |  7/9/2019  | 
New data drills down on the types of security misconfigurations and challenges dogging application developers.
Researchers Poke Holes in Siemens Simatic S7 PLCs
News  |  7/8/2019  | 
Black Hat USA session will reveal how they reverse-engineered the proprietary cryptographic protocol to attack the popular programmable logic controller.
Toyota's Car-Hacking Tool Now Available
News  |  7/2/2019  | 
'PASTA' hardware and software kit now retails for $28,300.
Triton Attackers Seen Scanning US Power Grid Networks
News  |  6/14/2019  | 
The development follows speculation and concern among security experts that the attack group would expand its scope to the power grid.
'Lone Wolf' Scammer Built a Multifaceted BEC Cybercrime Operation
News  |  6/10/2019  | 
A one-man 419 scam evolved into a lucrative social-engineering syndicate over the past decade that conducts a combination of business email compromise, romance, and financial fraud.
Robbinhood: Inside the Ransomware That Slammed Baltimore
News  |  6/4/2019  | 
Attackers appear to have used a ransomware-as-a-service platform to wage the attack.
Baltimore Ransomware Attacker Was Behind Now-Suspended Twitter Account
News  |  6/3/2019  | 
Researchers at Armor were able to confirm the person or persons behind a Twitter account that appeared to be leaking confidential files was the actual ransomware attacker that hit the city.
NSS Labs Admits Its Test of CrowdStrike Falcon Was 'Inaccurate'
News  |  5/24/2019  | 
CrowdStrike, NSS Labs reach confidential settlement over 2017 endpoint product testing dispute.
FEC Gives Green Light for Free Cybersecurity Help in Federal Elections
News  |  5/23/2019  | 
Official opinion issued by the Federal Election Commission to nonprofit Defending Digital Campaigns is good news for free and reduced-cost security offerings to political candidates and committees.
How a Manufacturing Firm Recovered from a Devastating Ransomware Attack
News  |  5/20/2019  | 
The infamous Ryuk ransomware slammed a small company that makes heavy-duty vehicle alternators for government and emergency fleet. Here's what happened.
Baltimore Ransomware Attack Takes Strange Twist
News  |  5/14/2019  | 
Tweet suggests possible screenshot of stolen city documents and credentials in the wake of attack that took down city servers last week.
US DoJ Indicts Chinese Man for Anthem Breach
News  |  5/9/2019  | 
Fujie Wang allegedly worked as part of a hacking team out of China that stole information on nearly 80 million Americans in the massive healthcare breach.
How the Skills Gap Strains and Constrains Security Pros
News  |  5/9/2019  | 
New ISSA/ESG survey underscores increasing pressures and security fallout of a strapped security team.
Russian Nation-State Group Employs Custom Backdoor for Microsoft Exchange Server
News  |  5/7/2019  | 
Turla hacking team abuses a legitimate feature of the Exchange server in order to hide out and access all of the target organization's messages.
'Matrix'-Themed Ransomware Variant Spreads
Quick Hits  |  5/6/2019  | 
MegaCortex uses a compromised domain controller in its attack.
Indeed.com: Slight Dip in Clicks on US Cybersecurity Job Listings
News  |  4/25/2019  | 
Meanwhile, most of the highest-paying positions pay more than $100K, according to new analysis from the job posting site.
New Twist in the Stuxnet Story
News  |  4/23/2019  | 
What a newly discovered missing link to Stuxnet and the now-revived Flame cyber espionage malware add to the narrative of the epic cyber-physical attack.
Decoding a 'New' Elite Cyber Espionage Team
News  |  4/16/2019  | 
Stealthy and well-heeled hacking group went undetected for five years and wields a massive attack framework of some 80 different modules.
Triton/Trisis Attacks Another Victim
News  |  4/11/2019  | 
FireEye Mandiant incident responders reveal a new attack by the hacking group that previously targeted a petrochemical plant in Saudi Arabia in 2017.
'MuddyWater' APT Spotted Attacking Android
News  |  4/10/2019  | 
Cyber espionage attack group adds mobile malware to its toolset.
'Digital Doppelganger' Underground Takes Payment Card Theft to the Next Level
News  |  4/9/2019  | 
Massive criminal marketplace discovered packaging and selling stolen credentials along with victims' online behavior footprints.
Women Now Hold One-Quarter of Cybersecurity Jobs
News  |  4/2/2019  | 
New data from ISC(2) shows younger women are making more money than in previous generations in the field but overall gender pay disparity persists.
New Shodan Tool Warns Organizations of Their Internet-Exposed Devices
News  |  3/27/2019  | 
Shodan Monitor is free to members of the popular Internet search engine.
Ex-NSA Director Rogers: Insider Threat Prevention a 'Contract'
News  |  3/26/2019  | 
Ret. Admiral Michael Rogers who served as head of the NSA and the US Cyber Command from 2014 to 2018 on how to handle the risk of insiders exposing an organization's sensitive data.
Microsoft Office Dominates Most Exploited List
News  |  3/19/2019  | 
Lone Android vulnerability among the top 10 software flaws most abused by cybercriminals.
Ransomware's New Normal
News  |  3/14/2019  | 
GandCrab's evolution underscores a shift in ransomware attack methods.
It Takes an Average of 3 to 6 Months to Fill a Cybersecurity Job
News  |  3/12/2019  | 
Meanwhile, organizations are looking at unconventional ways to staff up and train their workforce as technical expertise gets even harder to find.
Meet the New 'Public-Interest Cybersecurity Technologist'
News  |  3/6/2019  | 
A grassroots movement is emerging to train high-risk groups and underrepresented communities in cybersecurity protection and skills all for the public good.
Chronicle Releases Chapter One: Backstory
News  |  3/4/2019  | 
Google spin-off Alphabet rolls out a new cloud-based security data platform that ultimately could displace some security tools in organizations.
Security Firm to Offer Free Hacking Toolkit
News  |  2/27/2019  | 
CQTools suite includes both exploit kits and information-extraction functions, its developers say.
Former Kaspersky Lab Expert Sentenced in Russia for Treason
Quick Hits  |  2/26/2019  | 
Ruslan Stoyanov gets 14 years in Russian prison.
19 Minutes to Escalation: Russian Hackers Move the Fastest
News  |  2/19/2019  | 
New data from CrowdStrike's incident investigations in 2018 uncover just how quickly nation-state hackers from Russia, North Korea, China, and Iran pivot from patient zero in a target organization.
ICS/SCADA Attackers Up Their Game
News  |  2/15/2019  | 
With attackers operating more aggressively and stealthily, some industrial network operators are working to get a jump on the threats.
Toyota Prepping 'PASTA' for its GitHub Debut
News  |  2/14/2019  | 
Carmaker's open source car-hacking tool platform soon will be available to the research community.
Ex-US Intel Officer Charged with Helping Iran Target Her Former Colleagues
News  |  2/13/2019  | 
Monica Witt, former Air Force and counterintel agent, has been indicted for conspiracy activities with Iranian government, hackers.
New Zombie 'POODLE' Attack Bred from TLS Flaw
News  |  2/8/2019  | 
Citrix issues update for encryption weakness dogging the popular security protocol.
Iran Ups its Traditional Cyber Espionage Tradecraft
News  |  1/30/2019  | 
Newly named APT39 hacking team exemplifies Iran's growing sophistication in nation-state hacking operations.
FaceTime Bug an AppSec Fail
News  |  1/29/2019  | 
Apple has shut off Group FaceTime while it prepares a fix for a newly found security flaw found by a 14-year-old gamer.
Cisco Study Finds Fewer Data Breaches at GDPR-Ready Firms
News  |  1/24/2019  | 
Many organizations find that getting their data privacy house in order is paying off.
RF Hacking Research Exposes Danger to Construction Sites
News  |  1/23/2019  | 
Trend Micro team unearthed 17 vulnerabilities among seven vendors' remote controller devices.
Malware Built to Hack Building Automation Systems
News  |  1/16/2019  | 
Researchers dig into vulnerabilities in popular building automation systems, devices.
Triton/Trisis Attack Was More Widespread Than Publicly Known
News  |  1/16/2019  | 
Signs of the attack first showed up two months before it was identified as a cyberattack, but they were mistaken for a pure equipment failure by Schneider Electric, security expert reveals at S4x19.
Hijacking a PLC Using its Own Network Features
News  |  1/15/2019  | 
Researcher at S4x19 to show how attackers can exploit the built-in advanced connectivity functions in some Rockwell PLCs.
The Coolest Hacks of 2018
News  |  12/28/2018  | 
In-flight airplanes, social engineers, and robotic vacuums were among the targets of resourceful white-hat hackers this year.
2018 In the Rearview Mirror
Commentary  |  12/20/2018  | 
Among this year's biggest news stories: epic hardware vulnerabilities, a more lethal form of DDoS attack, Olympic 'false flags,' hijacked home routers, fileless malware and a new world's record for data breaches.
CrowdStrike: More Organizations Now Self-Detect Their Own Cyberattacks
News  |  12/11/2018  | 
But it still takes an average of 85 days to spot one, the security firm's incident response investigations found.
'PowerSnitch' Hacks Androids via Power Banks
News  |  12/8/2018  | 
Researcher demonstrates how attackers could steal data from smartphones while they're charging.
Toyota Builds Open-Source Car-Hacking Tool
News  |  12/5/2018  | 
PASTA testing platform specs will be shared via open-source.
Former Estonian Foreign Minister Urges Cooperation in Cyberattack Attribution, Policy
News  |  12/5/2018  | 
Nations must band together to face nation-state cyberattack threats, said Marina Kaljurand.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/27/2020
The Problem with Artificial Intelligence in Security
Dr. Leila Powell, Lead Security Data Scientist, Panaseer,  5/26/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11059
PUBLISHED: 2020-05-27
In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm. This has been fixed in 21.10.1.
CVE-2020-10936
PUBLISHED: 2020-05-27
Sympa before 6.2.56 allows privilege escalation.
CVE-2020-6774
PUBLISHED: 2020-05-27
Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system.
CVE-2020-13633
PUBLISHED: 2020-05-27
Fork before 5.8.3 allows XSS via navigation_title or title.
CVE-2020-10945
PUBLISHED: 2020-05-27
Centreon before 19.10.7 exposes Session IDs in server responses.