News & Commentary

Latest Content
Page 1 / 2   >   >>
70 US Election Jurisdictions Adopt Free Website Security Service
News  |  7/19/2018  | 
Hawaii, Idaho, North Carolina, and Rhode Island are among states now using gratis DDoS mitigation, firewall, and user access control service from Cloudflare.
Cyberattacks in Finland Surge During Trump-Putin Summit
News  |  7/19/2018  | 
Attackers targeted IoT devices like they did during Trump's June meeting with North Korea's Kim Jong-un, but this time China was the top-attacking nation.
Robotic Vacuums May Hoover Your Data
Quick Hits  |  7/19/2018  | 
Researchers have discovered a pair of vulnerabilities that allow unauthorized code execution in a robotic vacuum.
Free New Scanner Aims to Protect Home Networks
Quick Hits  |  7/19/2018  | 
Free software pinpoints vulnerabilities and offers suggestions for remediation.
The Fundamental Flaw in Security Awareness Programs
Commentary  |  7/19/2018  | 
It's a ridiculous business decision to rely on the discretion of a minimally trained user to thwart a highly skilled sociopath, financially motivated criminal, or nation-state.
6 Ways to Tell an Insider Has Gone Rogue
Slideshows  |  7/19/2018  | 
Malicious activity by trusted users can be very hard to catch, so look for these red flags.
Beyond Passwords: Why Your Company Should Rethink Authentication
Commentary  |  7/19/2018  | 
Scaling security infrastructure requires scaling trust of users, devices, and methods of authentication. Here's how to get started.
Number of Retailers Impacted by Breaches Doubles
News  |  7/19/2018  | 
The retail race for digital transformation is being run without the safety of security measures.
Microsoft Identity Bounty Program Pays $500 to $100,000 for Bugs
News  |  7/18/2018  | 
Researchers will be rewarded for vulnerabilities found in identity solutions and implementations of certain OpenID standards.
Messenger Apps Top Risk Hit Parade
Quick Hits  |  7/18/2018  | 
Whether running on iOS or Android, Facebook's and WhatsApp's messenger apps present a 'winning' combination.
Make Security Boring Again
Commentary  |  7/18/2018  | 
In the public sector and feeling overwhelmed? Focus on the basics, as mind numbing as that may sound.
New Subscription Service Takes on Ransomware Protection
News  |  7/18/2018  | 
Training and response is the basis of a new offering that addresses ransomware and extortion attacks.
Microsoft Moves Up As Phishers' Favorite Target for Brand Spoofing
Quick Hits  |  7/18/2018  | 
Researchers compiled a list of the most common brands to impersonate by detecting and analyzing new phishing URLs.
From Bullets to Clicks: The Evolution of the Cyber Arms Race
Commentary  |  7/18/2018  | 
Cyber strategies have become as important as physical weapons in the battle for political advantage. Here's a quick look at four broad categories.
White House Cybersecurity Strategy at a Crossroads
News  |  7/17/2018  | 
Trump administration's initial lack of a unified front in the wake of Russian election-hacking indictments worries cybersecurity experts.
One-Third of Businesses Lack a Cybersecurity Expert
News  |  7/17/2018  | 
Alarming, yes, but it's actually an improvement over past years, a new Gartner survey of more than 3,000 CIOs reveals.
Cloud Security: Lessons Learned from Intrusion Prevention Systems
Commentary  |  7/17/2018  | 
The advancement of AI-driven public cloud technology is changing the game of "protection by default" in the enterprise.
Nearly Half of Security Pros Reuse Passwords
Quick Hits  |  7/17/2018  | 
Survey exposes poor security practices by the people who should know better.
SCADA/ICS Dangers & Cybersecurity Strategies
Commentary  |  7/17/2018  | 
Nearly 60% of surveyed organizations using SCADA or ICS reported they experienced a breach in those systems in the last year. Here are four tips for making these systems safer.
7 Nigerians Indicted for Fraud Operation on Dating Sites
Quick Hits  |  7/17/2018  | 
Con artists have been charged with operating a scheme that cost users of American dating websites more than $1.5 million.
Russian National Vulnerability Database Operation Raises Suspicions
News  |  7/16/2018  | 
Recorded Future says Russia's Federal Service for Technical and Export Control has ability to find, weaponize vulnerabilities under cover of doing technology inspections.
Less Than Half of Cyberattacks Detected via Antivirus: SANS
News  |  7/16/2018  | 
Companies are buying next-gen antivirus and fileless attack detection tools but few have the resources to use them, researchers report.
Trump Dismisses Russian Interference Indictments in Presser with Putin
Quick Hits  |  7/16/2018  | 
Russian President Vladamir Putin 'just said it's not Russia,' US President Trump said.
10 Ways to Protect Protocols That Aren't DNS
Slideshows  |  7/16/2018  | 
Here's how to safeguard three other network foundation protocols so they don't become weapons or critical vulnerabilities.
India Telecom Regulator: Users Have Primary Data Rights
Quick Hits  |  7/16/2018  | 
Organizations 'should be restrained from using metadata to identify individual users,' says the Telecom Regulatory Authority of India.
Time to Yank Cybercrime into the Light
Commentary  |  7/16/2018  | 
Too many organizations are still operating blindfolded, research finds.
Mueller Probe Yields Hacking Indictments for 12 Russian Military Officers
News  |  7/13/2018  | 
GRU hackers used bitcoin to fund US computer network infrastructure supporting and hiding the operation.
GandCrab Ransomware Continues to Evolve But Can't Spread Via SMB Shares Yet
News  |  7/13/2018  | 
Recent fears that this year's most prolific ransomware threat has acquired new WannaCry-like propagation capabilities appear unfounded at the moment.
8 Big Processor Vulnerabilities in 2018
Slideshows  |  7/13/2018  | 
Security researchers have been working in overdrive examining processors for issues and they haven't come up empty-handed.
Congressional Report Cites States Most Vulnerable to Election Hacking
Quick Hits  |  7/13/2018  | 
A new report details issues with 18 states along with suggestions on what can be done.
FBI: Email Account Compromise Losses Reach $12B
Quick Hits  |  7/13/2018  | 
There were more than 78K business email account (BEC) and email account compromise (EAC) scam incidents worldwide between October 2013 and May 2018.
How to Structure an Enterprise-Wide Threat Intelligence Strategy
Commentary  |  7/13/2018  | 
To keep an organization safe, you must think about the entire IT ecosystem.
SOCs Use Automation to Compensate for Training, Technology Issues
News  |  7/13/2018  | 
Executives and front-line SOC teams see human and technology issues in much different ways, according to two new reports.
WordPress Sites Targeted in World Cup-Themed Spam Scam
News  |  7/12/2018  | 
Spammers using a 'spray & pray' approach to post comments on WordPress powered blogs, forums, says Imperva.
What's Cooking With Caleb Sima
News  |  7/12/2018  | 
Security Pro File: Web app security pioneer dishes on his teenage security career, his love of electric scooters, Ace Ventura and a new baby food business venture with his wife and famed chef, Kathy Fang.
Lessons from My Strange Journey into InfoSec
Commentary  |  7/12/2018  | 
Establishing an entre into the security world can be a maddeningly slow process. For those of us already here, it can be an opportunity to help others.
ICS Security: 'The Enemy Is in the Wire'
Commentary  |  7/12/2018  | 
Threats to industrial control systems are real and frightening. The government is taking steps to keep us safer in the future, but there are near-term steps you can take right now.
Timehop Releases New Details About July 4 Breach
Quick Hits  |  7/12/2018  | 
Additional information includes PII affected and the authentication issue that led to the breach.
Ukraine Security Service Stops VPNFilter Attack at Chlorine Station
Quick Hits  |  7/12/2018  | 
The facility's process control system and emergency-detection system were infected, Interfax Ukraine reports.
Hacker Exploits 2-Year Old Router Issue To Steal Sensitive US Military Data
News  |  7/11/2018  | 
A moderately skilled hacker managed to steal export-restricted data pertaining to the Reaper drone and Abrams tank from computers belonging to two US Army officials.
Newly Found Spectre Variants Bring New Concerns
News  |  7/11/2018  | 
Two new variants on a theme of Spectre underscore the expanding nature of the critical vulnerabilities.
Critical Vulns Earn $2K Amid Rise of Bug Bounty Programs
News  |  7/11/2018  | 
As of June, a total of $31 million has been awarded to security researchers for this year already a big jump from the $11.7 million awarded for the entire 2017.
Banks Suffer an Average of 3.8 Data Leak Incidents Per Week
Quick Hits  |  7/11/2018  | 
New study examines how financial services information gets sold and shared in the Dark Web.
Getting Safe, Smart & Secure on S3
Commentary  |  7/11/2018  | 
AWS Simple Storage Service has proven to be a security minefield. It doesn't have to be if you pay attention to people, process, and technology.
This Is How Much a 'Mega Breach' Really Costs
News  |  7/11/2018  | 
The average cost of a data breach is $3.86 million, but breaches affecting more than 1 million records are far more expensive.
New Cyber Center Opens at Augusta University in Georgia
Quick Hits  |  7/11/2018  | 
University partners with state on $100 million Georgia Cyber Center for cybersecurity education and research.
Major International Airport System Access Sold for $10 on Dark Web
News  |  7/11/2018  | 
Researchers from the McAfee Advanced Threat Research team began with an open search on Russian RDP shop UAS to make their discovery.
What We Talk About When We Talk About Risk
Commentary  |  7/11/2018  | 
Measuring security risk is not that hard if you get your terms straight and leverage well-established methods and principles from other disciplines.
Apple Releases Wave of Security Updates
News  |  7/11/2018  | 
Apple updates software for nearly every hardware platform, though one new feature almost steals the security show.
Ticketmaster Breach Part of Massive Payment Card Hacking Campaign
News  |  7/10/2018  | 
Threat actor Magecart has infiltrated over 800 e-commerce sites with card skimming software installed on third-party software components, RiskIQ says.
Page 1 / 2   >   >>


White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
Mueller Probe Yields Hacking Indictments for 12 Russian Military Officers
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/13/2018
10 Ways to Protect Protocols That Aren't DNS
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/16/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Siri??  You're a guy?
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2016-10727
PUBLISHED: 2018-07-20
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensitive ...
CVE-2018-8018
PUBLISHED: 2018-07-20
Apache Ignite 2.5 and earlier serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a spe...
CVE-2018-14415
PUBLISHED: 2018-07-20
An issue was discovered in idreamsoft iCMS before 7.0.10. XSS exists via the fourth and fifth input elements on the admincp.php?app=prop&do=add screen.
CVE-2018-14418
PUBLISHED: 2018-07-20
In Msvod Cms v10, SQL Injection exists via an images/lists?cid= URI.
CVE-2018-14419
PUBLISHED: 2018-07-20
MetInfo 6.0.0 allows XSS via a modified name of the navigation bar on the home page.