Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content
Page 1 / 2   >   >>
Equifax to Pay Up to $700mn for Data Breach Damages
News  |  7/22/2019  | 
In a settlement with the FTC, consumers affected by the breach are eligible for up to $20,000 in a cash settlement, depending on damages they can prove.
How Cybercriminals Break into the Microsoft Cloud
News  |  7/22/2019  | 
Microsoft and Trimarc researchers explore the most common attacks against the cloud and effective defenses and mitigation.
Firmware Vulnerabilities Show Supply Chain Risks
Quick Hits  |  7/22/2019  | 
A recently announced pair of vulnerabilities in server firmware could put enterprise IT at risk.
Ex-NSA Contractor Gets 9 Years for Retaining Defense Data
Quick Hits  |  7/22/2019  | 
Law enforcement recovered two decades' worth of stolen material from the home and car of former government contractor Harold Martin.
CISO Pressures: Why the Role Stinks and How to Fix It
Commentary  |  7/22/2019  | 
CISOs spend much less time in their role than other members of the boardroom. It's a serious problem that must be addressed.
6 Actions That Made GDPR Real in 2019
Slideshows  |  7/22/2019  | 
In the wake of recent fines levied against British Airways, Marriott, and Facebook, companies are starting to take data privacy and security more seriously.
Malware in PyPI Code Shows Supply Chain Risks
News  |  7/19/2019  | 
A code backdoor in a package on the Python Package Index demonstrates the importance of verifying code brought in from code repositories.
Europol Head Fears 5G Will Give Criminals an Edge
Quick Hits  |  7/19/2019  | 
Catherine De Bolle is concerned law enforcement will lose its ability to track criminals with the arrival of 5G networks.
Mirai Groups Target Business IoT Devices
News  |  7/19/2019  | 
More than 30% of Mirai attacks, and an increasing number of variants of the malicious malare, are going after enterprise IoT devices, raising the stakes for business.
The Problem with Proprietary Testing: NSS Labs vs. CrowdStrike
Commentary  |  7/19/2019  | 
Why apples-to-apples performance tests are the only way to accurately gauge the impact of network security products and solutions.
Security Lessons From a New Programming Language
News  |  7/18/2019  | 
A security professional needed a secure language for IoT development. So he wrote his own, applying learned lessons about memory and resources in the process.
BitPaymer Ransomware Operators Wage Custom, Targeted Attacks
News  |  7/18/2019  | 
A new framework is allowing the threat group to compile variants of the malware for each victim, Morphisec says.
Open Source Hacking Tool Grows Up
News  |  7/18/2019  | 
Koadic toolkit gets upgrades and a little love from nation-state hackers.
RDP Bug Takes New Approach to Host Compromise
News  |  7/18/2019  | 
Researchers show how simply connecting to a rogue machine can silently compromise the host.
8 Legit Tools and Utilities That Cybercriminals Commonly Misuse
Slideshows  |  7/18/2019  | 
Threat actors are increasingly 'living off the land,' using publicly available management and administration tools to conceal malicious activity.
Bulgarian Tax Breach Nets All the Records
Quick Hits  |  7/18/2019  | 
An attack by a 'wizard hacker' results in leaked records for virtually every Bulgarian taxpayer.
How Capture the Flag Competitions Strengthen the Cybersecurity Workforce
Commentary  |  7/18/2019  | 
These competitions challenge participants with problems involving digital forensics, cryptography, binary analysis, web security, and many other fields.
79% of US Consumers Fear Webcams Are Watching
Quick Hits  |  7/18/2019  | 
Widespread privacy concerns have caused 60% of people to cover their laptop webcams some in creative ways survey data shows.
Calculating the Value of Security
Commentary  |  7/18/2019  | 
What will it take to align staff and budget to protect the organization?
MITRE ATT&CK Framework Not Just for the Big Guys
News  |  7/17/2019  | 
At Black Hat, analysts from MITRE and Splunk will detail how organizations of many different sizes are leveraging ATT&CK's common language.
Bluetooth Bug Enables Tracking on Windows 10, iOS & macOS Devices
News  |  7/17/2019  | 
Researchers discover a third-party algorithm in multiple high-profile Bluetooth devices exposes users to third-party tracking and data access.
800K Systems Still Vulnerable to BlueKeep
News  |  7/17/2019  | 
Organizations with systems exploitable via the RDP flaw pose an increasing risk to themselves and other organizations, BitSight says.
Sprint Reveals Account Breach via Samsung Website
News  |  7/17/2019  | 
The last-June breach exposed data including names, phone numbers, and account numbers.
A Password Management Report Card
Commentary  |  7/17/2019  | 
New research on password management tools identifies the relative strengths and weaknesses of 12 competing offerings.
Data Loss, Leakage Top Cloud Security Concerns
Quick Hits  |  7/17/2019  | 
Compliance, accidental exposure of credentials, and data control are also primary concerns for senior IT and security managers.
For Real Security, Don't Let Failure Be Your Measure of Success
Commentary  |  7/17/2019  | 
For too long, we've focused almost exclusively on keeping out the bad guys rather than what to do when they get in (and they will).
The 10 Essentials of Infosec Forensics
Slideshows  |  7/17/2019  | 
Whether it's your first investigation or 500th, review the basics of IT forensics to streamline and simplify your discovery.
Lenovo NAS Firmware Flaw Exposes Stored Data
News  |  7/16/2019  | 
More than 5,100 vulnerable devices containing multiple terabytes of data are open to exploitation, researchers found.
Security Snapshot: OS, Authentication, Browser & Cloud Trends
News  |  7/16/2019  | 
New research shows cloud apps are climbing, SMS authentication is falling, Chrome is the enterprise browser favorite, and Android leads outdated devices.
FBI Publishes GandCrab Decryption Keys
Quick Hits  |  7/16/2019  | 
Publishing the keys should render existing versions of the ransomware far less dangerous for victims.
How Attackers Infiltrate the Supply Chain & What to Do About It
Commentary  |  7/16/2019  | 
With some security best practices, enterprises can significantly reduce the chances that a potential supply chain attack will affect business operations.
US Mayors Commit to Just Saying No to Ransomware
News  |  7/16/2019  | 
The group of more than 1,400 top elected municipal officials takes the admirable, recommended stance against paying ransoms. However, can towns and cities secure their information technology infrastructure to withstand attacks?
Symantec Builds Out Cloud Portfolio to Enforce 'Zero Trust'
Quick Hits  |  7/16/2019  | 
New additions to its Integrated Cyber Defense Platform aim to give businesses greater control over access to cloud resources and applications.
Is 2019 the Year of the CISO?
Commentary  |  7/16/2019  | 
The case for bringing the CISO to the C-suite's risk and business-strategy table.
Flaws in Telegram & WhatsApp on Android Put Data at Risk
News  |  7/15/2019  | 
App settings combined with Android behavior can put data integrity at risk for WhatsApp and Telegram users.
Meet DoppelPaymer, BitPaymer's Ransomware Lookalike
News  |  7/15/2019  | 
New ransomware variant DoppelPaymer was leveraged in campaigns against the City of Edcouch, Texas, and the Chilean Ministry of Agriculture.
FTC Reportedly Ready to Sock Facebook with Record $5 Billion Fine
Quick Hits  |  7/15/2019  | 
The fine, for the social media giant's role in the Cambridge Analytica scandal, would be the largest ever against a tech company.
Software Developers Face Secure Coding Challenges
News  |  7/15/2019  | 
Seven in ten developers are expected to write secure code, but less than half receive feedback on security, a survey finds.
18% of Enterprises Holding Back on Windows 10 Upgrade
Quick Hits  |  7/15/2019  | 
Microsoft will officially end support for Windows 7 on January 14, 2020. Many large businesses aren't ready.
Is Machine Learning the Future of Cloud-Native Security?
Commentary  |  7/15/2019  | 
The nature of containers and microservices makes them harder to protect. Machine learning might be the answer going forward.
Where Businesses Waste Endpoint Security Budgets
Slideshows  |  7/15/2019  | 
Too many systems, failure to test tools, and fear of replacement drive endpoint complexity and render products less effective.
German Schools Ban Office 365, Cite Privacy Concerns
Quick Hits  |  7/12/2019  | 
The ruling follows years of debate over whether German schools and institutions should use Microsoft tools and services.
Competing Priorities Mean Security Risks for Small Businesses
Quick Hits  |  7/12/2019  | 
Small business IT professionals are trying to balance multiple priorities and finding that the balance often leaves the company with serious security risks.
A Lawyers Guide to Cyber Insurance: 4 Basic Tips
Commentary  |  7/12/2019  | 
The time to read the fine print in your cybersecurity insurance policy is before you sign on the dotted line.
Data Center Changes Push Cyber Risk to Network's Edge
News  |  7/11/2019  | 
Changes in fundamental enterprise architectures coupled with shifts in human resources mean that companies are considering new risks to their infrastructure.
APT Groups Make Quadruple What They Spend on Attack Tools
News  |  7/11/2019  | 
Some advanced persistent threat actors can spend north of $1 million on attacks, but the return on that investment can be huge.
How to Catch a Phish: Where Employee Awareness Falls Short
News  |  7/11/2019  | 
Advanced phishing techniques and poor user behaviors that exacerbate the threat of successful attacks.
Software Engineer Charged for Taking Stolen Trade Secrets to China
Quick Hits  |  7/11/2019  | 
Xudong Yao reportedly stole proprietary information from his employer and brought it to China, where he is believed to currently reside.
Most Organizations Lack Cyber Resilience
Commentary  |  7/11/2019  | 
Despite increasing threats, many organizations continue to run with only token cybersecurity and resilience.
Monroe College Hit with Ransomware Attack
Quick Hits  |  7/11/2019  | 
All campuses are affected, with attackers demanding $2 million in Bitcoin in exchange for decryption keys.
Page 1 / 2   >   >>


How Attackers Infiltrate the Supply Chain & What to Do About It
Shay Nahari, Head of Red-Team Services at CyberArk,  7/16/2019
US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
The Problem with Proprietary Testing: NSS Labs vs. CrowdStrike
Brian Monkman, Executive Director at NetSecOPEN,  7/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12551
PUBLISHED: 2019-07-22
In SweetScape 010 Editor 9.0.1, improper validation of arguments in the internal implementation of the Memcpy function (provided by the scripting engine) allows an attacker to overwrite arbitrary memory, which could lead to code execution.
CVE-2019-12552
PUBLISHED: 2019-07-22
In SweetScape 010 Editor 9.0.1, an integer overflow during the initialization of variables could allow an attacker to cause a denial of service.
CVE-2019-3414
PUBLISHED: 2019-07-22
All versions up to V1.19.20.02 of ZTE OTCP product are impacted by XSS vulnerability. Due to XSS, when an attacker invokes the security management to obtain the resources of the specified operation code owned by a user, the malicious script code could be transmitted in the parameter. If the front en...
CVE-2019-10102
PUBLISHED: 2019-07-22
tcpdump.org tcpdump 4.9.2 is affected by: CWE-126: Buffer Over-read. The impact is: May expose Saved Frame Pointer, Return Address etc. on stack. The component is: line 234: "ND_PRINT((ndo, "%s", buf));", in function named "print_prefix", in "print-hncp.c". Th...
CVE-2019-10102
PUBLISHED: 2019-07-22
aubio 0.4.8 and earlier is affected by: null pointer. The impact is: crash. The component is: filterbank. The attack vector is: pass invalid arguments to new_aubio_filterbank. The fixed version is: after commit eda95c9c22b4f0b466ae94c4708765eaae6e709e.