News & Commentary

Latest Content
Page 1 / 2   >   >>
Fault-Tolerant Method Use for Security Purposes in New Framework
News  |  9/24/2018  | 
A young company has a new patent for using fault tolerance techniques to protect against malware infection in applications.
In Quiet Change, Google Now Automatically Logging Users Into Chrome
News  |  9/24/2018  | 
The change is a complete departure from Google's previous practice of keeping sign-in for Chrome separate from sign-ins to any Google service.
Microsoft Deletes Passwords for Azure Active Directory Applications
News  |  9/24/2018  | 
At Ignite 2018, security took center stage as Microsoft rolled out new security services and promised an end to passwords for online apps.
6 Dark Web Pricing Trends
Slideshows  |  9/24/2018  | 
For cybercriminals, the Dark Web grows more profitable every day.
'Scan4Yyou' Operator Gets 14-Year Sentence
Quick Hits  |  9/24/2018  | 
The counter antivirus service, which was shut down in 2016, caused a total loss amount of $20.5 billion, according to the DoJ.
Hacking Back: Simply a Bad Idea
Commentary  |  9/24/2018  | 
While the concept may sound appealing, it's rife with drawbacks and dangers.
The 'Opsec Fail' That Helped Unmask a North Korean State Hacker
News  |  9/21/2018  | 
How Park Jin Hyok charged by the US government for alleged computer crimes for the Sony, Bank of Bangladesh, WannaCry cyberattacks inadvertently blew his cover via email accounts.
Romanian Hacker Pleads Guilty for Role in Inauguration Surveillance Ransomware
Quick Hits  |  9/21/2018  | 
Attack against the Metropolitan Police Department was disrupted before malware could be sent to additional systems.
6 Security Training Hacks to Increase Cyber IQ Org-Wide
Slideshows  |  9/21/2018  | 
Move beyond generic, annual security awareness training with these important tips.
US Approves Cyber Weapons Against Foreign Enemies
Quick Hits  |  9/21/2018  | 
The White House is changing the rules on its use of digital weapons to fight adversaries targeting US networks.
Data Manipulation: How Security Pros Can Respond to an Emerging Threat
Commentary  |  9/21/2018  | 
Industry leaders are scrambling to address the issue, which will take new thinking to overcome.
Executive Branch Makes Significant Progress As DMARC Deadline Nears
News  |  9/21/2018  | 
The DHS directive on email security has an approaching deadline that most departments in the executive branch might actually meet.
Think Like An Attacker: How a Red Team Operates
News  |  9/20/2018  | 
Seasoned red teamers explain the value-add of a red team, how it operates, and how to maximize its effectiveness.
Retail Sector Second-Worst Performer on Application Security
News  |  9/20/2018  | 
A "point-in-time" approach to PCI compliance could be one reason why so many retailers appear to be having a hard time.
Account Takeover Attacks Become a Phishing Fave
Quick Hits  |  9/20/2018  | 
More than three-quarters of ATOs resulted in a phishing email, a new report shows.
3 Drivers Behind the Increasing Frequency of DDoS Attacks
Commentary  |  9/20/2018  | 
What's causing the uptick? Motivation, opportunity, and new capabilities.
Japanese Cryptocurrency Exchange Hit with $60M Theft
Quick Hits  |  9/20/2018  | 
The incident highlights a broader problem of poor security in cryptocurrency exchanges throughout the country.
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Commentary  |  9/20/2018  | 
Actionable advice for tailoring the National Institute of Standards and Technology's security road map to your company's business needs.
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
News  |  9/19/2018  | 
Suit underscores longtime battle between vendors and labs over control of security testing protocols.
Cryptojackers Grow Dramatically on Enterprise Networks
News  |  9/19/2018  | 
A new report shows that illicit cryptomining malware is growing by leaps and bounds on the networks of unsuspecting victims.
As Tech Drives the Business, So Do CISOs
News  |  9/19/2018  | 
Security leaders are evolving from technicians to business executives as tech drives enterprise projects, applications, and goals.
Mirai Hackers' Sentence Includes No Jail Time
Quick Hits  |  9/19/2018  | 
The trio behind Mirai sentenced to probation and public service in return for cooperation with law enforcement and researchers.
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
Commentary  |  9/19/2018  | 
New standards offer protection against hacking, credential theft, phishing attacks, and hope for the end of an era of passwords as a security construct.
FBI: Phishing Attacks Aim to Swap Payroll Information
Quick Hits  |  9/19/2018  | 
Social engineering scams target employees' payroll credentials so attackers can access and change their bank account data.
5 Steps to Success for New CISOs
Commentary  |  9/19/2018  | 
You've been hired to make an impact. These tips can help set you up for continued success.
8 Keys to a Successful Penetration Test
Slideshows  |  9/19/2018  | 
Pen tests are expensive, but there are key factors that can make them worth the investment.
Internet-Connected CCTV Cameras Vulnerable to 'Peekaboo' Hack
News  |  9/18/2018  | 
Zero-day flaw in China-based NUUO's video recorder technology still unfixed three months after vendor was alerted.
The Security Costs of Cloud-Native Applications
News  |  9/18/2018  | 
More than 60% of organizations report the bulk of new applications are built in the cloud. What does this mean for security?
Websites Attack Attempts Rose in Q2
News  |  9/18/2018  | 
New data shows hackers hit websites, on average, every 25 minutes.
The Top 5 Security Threats & Mitigations for Industrial Networks
Commentary  |  9/18/2018  | 
While vastly different than their IT counterparts, operational technology environments share common risks and best practices.
IoT Threats Triple Since 2017
Quick Hits  |  9/18/2018  | 
Rapidly evolving malware is posing an ever-greater threat to the IoT and business users of the Internet.
Symantec Offers Free Website Security Service for Midterm Elections
News  |  9/18/2018  | 
Security vendor offers US election jurisdictions its Project Dolphin phishing/website spoofing-detection service and security resources.
GovPayNow Leak of 14M+ Records Dates Back to 2012
Quick Hits  |  9/18/2018  | 
Thousands of US state and local governments use the service to process online payments for everything from traffic tickets to court fines.
Overhauling the 3 Pillars of Security Operations
Commentary  |  9/18/2018  | 
Modern apps and the cloud mean that organizations must now rethink older security practices.
New Xbash Malware a Cocktail of Malicious Functions
News  |  9/17/2018  | 
The new malware tool targeting Windows and Linux systems combines cryptomining, ransomware, botnet, and self-propagation capabilities.
RDP Ports Prove Hot Commodities on the Dark Web
News  |  9/17/2018  | 
Remote desktop protocol access continues to thrive in underground markets, primarily to hackers who lack expertise to find exposed ports themselves.
Yahoo Class-Action Suits Set for Settlement
Quick Hits  |  9/17/2018  | 
Altaba tells SEC it will incur $47 million to settle consumer litigation for massive Yahoo data breaches.
Ransomware Takes Down Airport's Flight Information Screens
Quick Hits  |  9/17/2018  | 
The attack left airport staff to post flight times and gates on whiteboards at Bristol Airport in Britain.
The 7 Habits of Highly Effective Security Teams
Commentary  |  9/17/2018  | 
Security requires smart people, processes, and technology. Too often, the "people" portion of the PPT equation is neglected.
How Secure are our Voting Systems for November 2018?
How Secure are our Voting Systems for November 2018?
Dark Reading Videos  |  9/14/2018  | 
Anomali CEO Hugh Njemanze discusses the importance of sharing threat intelligence across the countrys highly decentralized voting systems to safeguard the integrity of upcoming elections.
EternalBlue Infections Persist
Quick Hits  |  9/14/2018  | 
Indonesia, Taiwan, Vietnam, Thailand, Egypt, Russia, China, among the top 10 nations with the most machines infected with the exploit.
Military, Government Users Just as Bad About Password Hygiene as Civilians
News  |  9/14/2018  | 
New report comes out just as group of US senators chastise Secretary of State Mike Pompeo for not using multifactor authentication.
Guccifer to Be Extradited to US for Prison Sentence
Quick Hits  |  9/14/2018  | 
Four-year, four-month term will follow a longer sentence in hacker's home country of Romania.
Cybersecurity Is Only 1 Part of Election Security
Commentary  |  9/14/2018  | 
Protecting the 2018 election cycle means fixing the information infrastructure.
2 Billion Bluetooth Devices Remain Exposed to Airborne Attack Vulnerabilities
News  |  9/13/2018  | 
One year after Armis disclosed 'BlueBorne,' a large number of Android, Linux, and iOS devices remain unpatched.
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
News  |  9/13/2018  | 
Researchers bypass a Trusted Computing Group security measure to manipulate the firmware and steal data in memory.
Enterprise Security Needs an Open Data Solution
Commentary  |  9/13/2018  | 
What would it look like if more than a tiny fraction of enterprises had access to all the signals hidden in their big data today?
Kelihos Botnet Operator Pleads Guilty in Federal Court
Quick Hits  |  9/13/2018  | 
The 38-year-old Russian national operated several botnets and infected thousands of systems with malware.
Bomgar Buys BeyondTrust
Quick Hits  |  9/13/2018  | 
The companies join forces to broaden their privileged access management portfolio and will take on the BeyondTrust name.
The Increasingly Vulnerable Software Supply Chain
Commentary  |  9/13/2018  | 
Nation-state adversaries from Iran to Russia have leveraged the supply chain as a vehicle to compromise infrastructure and disrupt businesses.
Page 1 / 2   >   >>


WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Are you sure this is how we get our data into the cloud?
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-8298
PUBLISHED: 2018-09-24
Multiple SQL injection vulnerabilities in the login page in RXTEC RXAdmin UPDATE 06 / 2012 allow remote attackers to execute arbitrary SQL commands via the (1) loginpassword, (2) loginusername, (3) zusatzlicher, or (4) groupid parameter to index.htm, or the (5) rxtec cookie to index.htm.
CVE-2018-14825
PUBLISHED: 2018-09-24
A skilled attacker with advanced knowledge of the target system could exploit this vulnerability by creating an application that would successfully bind to the service and gain elevated system privileges. This could enable the attacker to obtain access to keystrokes, passwords, personal identifiable...
CVE-2018-17437
PUBLISHED: 2018-09-24
Memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c in the HDF HDF5 through 1.10.3 library allows attackers to cause a denial of service (memory consumption) via a crafted HDF5 file.
CVE-2018-17438
PUBLISHED: 2018-09-24
A SIGFPE signal is raised in the function H5D__select_io() of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempted parse of a crafted HDF file, because of incorrect protection against division by zero. It could allow a remote denial of service attack.
CVE-2018-17439
PUBLISHED: 2018-09-24
An issue was discovered in the HDF HDF5 1.10.3 library. There is a stack-based buffer overflow in the function H5S_extent_get_dims() in H5S.c. Specifically, this issue occurs while converting an HDF5 file to a GIF file.