News & Commentary

Latest Content
Page 1 / 2   >   >>
7 Low-Cost Security Tools
Slideshows  |  3/15/2019  | 
Security hardware doesn't have to be expensive or complex to do the job. Here are seven examples of low-cost hardware that could fill a need in your security operations.
Could Beto O'Rourke Become the First Hacker President?
Quick Hits  |  3/15/2019  | 
New report details the Democratic candidate's time as a member of Cult of the Dead Cow.
Proof-of-Concept Tracking System Finds RATs Worldwide
News  |  3/15/2019  | 
Using a combination of Shodan scans and data from partners, Recorded Future finds nearly 500 malware controllers for 14 different families of remote-access Trojans, as well as the corporate networks they have infected.
On Norman Castles and the Internet
Commentary  |  3/15/2019  | 
When the Normans conquered England, they built castles to maintain security. But where are the castles of the Internet?
Criminals Use One Line of Code to Steal Card Data from E-Commerce Sites
News  |  3/14/2019  | 
New JavaScript sniffer is similar to malware used in the Magecart campaign last year that affected over 800 sites.
Ransomware's New Normal
News  |  3/14/2019  | 
GandCrab's evolution underscores a shift in ransomware attack methods.
Anomaly Detection Techniques: Defining Normal
Commentary  |  3/14/2019  | 
The challenge is identifying suspicious events in training sets where no anomalies are encountered. Part two of a two-part series.
US Prosecutors Investigate Facebook's Data-Sharing Deals
Quick Hits  |  3/14/2019  | 
The news follows a long, tumultuous period of scandal around Facebook and its privacy practices.
Businesses Increase Investments in AI and Machine Learning
Quick Hits  |  3/14/2019  | 
More than three-quarters of IT pros say they feel safer for having done so, according to a new report.
4 Reasons to Take an 'Inside Out' View of Security
Commentary  |  3/14/2019  | 
When you approach security from the inside out, you're protecting your data by determining the most vital applications and using a risk-based strategy, which focuses on the most valuable and vulnerable assets.
New Malware Shows Marketing Polish
News  |  3/13/2019  | 
A new strain of point-of-sale malware skims credit card numbers and comes via a highly polished marketing campaign.
Three in Five Politicians Websites Dont Use HTTPS
News  |  3/13/2019  | 
Comparitech assessed the websites of more than 7,500 politicians in 37 countries and found 60.8% did not use valid SSL certificates.
Autism, Cybercrime, and Security's Skill Struggle
News  |  3/13/2019  | 
People on the autism spectrum often possess traits that could help them succeed in cybersecurity providing they don't fall into cybercrime first.
GPS Spoof Hits Geneva Motor Show
Quick Hits  |  3/13/2019  | 
Incident leaves GPS units showing a location in England and a date 17 years in the future.
Enterprise Cloud Infrastructure a Big Target for Cryptomining Attacks
News  |  3/13/2019  | 
Despite the declining values of cryptocurrencies, criminals continue to hammer away at container management platforms, cloud APIs, and control panels.
IoT Anomaly Detection 101: Data Science to Predict the Unexpected
Commentary  |  3/13/2019  | 
Yes! You can predict the chance of a mechanical failure or security breach before it happens. Part one of a two-part series.
'SimBad': Android Adware Hits 210 Apps with 150M Downloads
Quick Hits  |  3/13/2019  | 
Google has removed infected applications from the Google Play store after a form of adware potentially affected millions of users.
The Case for Transparency in End-User License Agreements
Commentary  |  3/13/2019  | 
Why it behooves technology companies to consider EULAs as an opportunity to accurately inform customers about privacy issues and other important information.
There May Be a Ceiling on Vulnerability Remediation
News  |  3/12/2019  | 
Most organizations are doing all they can to keep up with the release of vulnerabilities, new research shows.
Web Apps Are Becoming Less Secure
News  |  3/12/2019  | 
Critical vulnerabilities in Web applications tripled in 2018, according to a new study.
Citrix Breach Underscores Password Perils
News  |  3/12/2019  | 
Attackers used a short list of passwords to knock on every digital door to find vulnerable systems in the vendor's network.
Microsoft Patch Tuesday: 64 Vulnerabilities Patched, 2 Under Attack
News  |  3/12/2019  | 
Seventeen vulnerabilities patches today are rated critical, four are publicly known, and two have been exploited in the wild.
How the Best DevSecOps Teams Make Risk Visible to Developers
News  |  3/12/2019  | 
DevOps-minded CISOs say enterprise security teams need to do a better job scoring and visualizing risk for developers and business executives.
Box Mistakes Leave Enterprise Data Exposed
Quick Hits  |  3/12/2019  | 
User errors in enterprise Box accounts have left hundreds of thousands of sensitive documents exposed to thieves and peeping toms.
5 Essentials for Securing and Managing Windows 10
Commentary  |  3/12/2019  | 
It's possible to intelligently deploy and utilize Windows 10's many security enhancements while avoiding common and costly migration pitfalls.
It Takes an Average of 3 to 6 Months to Fill a Cybersecurity Job
News  |  3/12/2019  | 
Meanwhile, organizations are looking at unconventional ways to staff up and train their workforce as technical expertise gets even harder to find.
Cybercriminals Think Small to Earn Big
Quick Hits  |  3/12/2019  | 
As the number of breaches increased 424% in 2018, the average breach size shrunk 4.7 times as attackers aimed for smaller, more vulnerable targets.
The 12 Worst Serverless Security Risks
Commentary  |  3/12/2019  | 
A new guide from the Cloud Security Alliance offers mitigations, best practices, and a comparison between traditional applications and their serverless counterparts.
763M Email Addresses Exposed in Latest Database Misconfiguration Episode
News  |  3/11/2019  | 
MongoDB once again used by database admin who opens unencrypted database to the whole world.
Cryptominers Remain Top Threat but Coinhive's Exit Could Change That
News  |  3/11/2019  | 
Coinhive has remained on top of Check Point Software's global threat index for 15 straight months.
NSA, DHS Call for Info Sharing Across Public and Private Sectors
News  |  3/11/2019  | 
Industry leaders debate how government and businesses can work together on key cybersecurity issues.
3 Places Security Teams Are Wasting Time
News  |  3/11/2019  | 
Dark Reading caught up with RSA Security president Rohit Ghai at the RSA Conference to discuss critical areas where CISOs and their teams are spinning their wheels.
Hackers Break into System That Houses College Application Data
Quick Hits  |  3/11/2019  | 
More than 900 colleges and universities use Slate, owned by Technolutions, to collect and manage information on applicants.
Georgia's Jackson County Pays $400K to Ransomware Attackers
Quick Hits  |  3/11/2019  | 
The ransomware campaign started March 1 and shut down most of Jackson County's IT systems.
IT Security Administrators Aren't Invincible
Commentary  |  3/11/2019  | 
IT security administrators and their teams are responsible for evaluating an organization's security tools and technologies, but are they armed with the proper tools, considerations, and budget to do so? Fourth in a six-part series.
Citrix Hacked by 'International Cybercriminals'
Quick Hits  |  3/8/2019  | 
FBI informed Citrix this week of a data breach that appears to have begun with a 'password spraying' attack to steal weak credentials to access the company's network.
Tina Fey, RSAC, and Parallels Between Improv and Cyber
Quick Hits  |  3/8/2019  | 
This year's RSA Conference concluded with actress Tina Fey and program chair Hugh Thompson chatting about team building, diversity, and improv.
Shifting Attacks Put Increasing ID Fraud Burden on Consumers
News  |  3/8/2019  | 
Card-present fraud is down, but attackers continue to find new strategies, and consumers are paying the price.
DHS: No Investigation Planned for Electrical Grid Incursions
News  |  3/8/2019  | 
The subtext to a panel discussion during RSA is that risks to national infrastructure are fraught with political considerations.
Ultrasound Machine Diagnosed with Major Security Gaps
News  |  3/8/2019  | 
Check Point researchers investigate security risks and point to implications for medical IoT devices.
Companies Having Trouble Translating Security to Mobile Devices
News  |  3/7/2019  | 
As more enterprise work takes place on mobile devices, more companies are feeling insecure about the security of their mobile fleet, according to a new Verizon report.
Phishing Attacks Evolve as Detection & Response Capabilities Improve
News  |  3/7/2019  | 
Social engineering scam continued to be preferred attack vector last year, but attackers were forced to adapt and change.
How China & Russia Use Social Media to Sway the West
News  |  3/7/2019  | 
Researchers break down the differences in how China and Russia use social media to manipulate American audiences.
Twitter, Facebook, NSA Discuss Fight Against Misinformation
News  |  3/7/2019  | 
RSA panelists address the delicate technical challenges of combating information warfare online without causing First Amendment freedoms to take collateral damage.
Debunking 5 Myths About Zero Trust Security
Commentary  |  3/7/2019  | 
Rather than "trust but verify," a zero trust model assumes that attackers will inevitably get in if they aren't already. However, several misconceptions are impeding its adoption.
Deep Instinct Touts Predictive Aspects of Deep Learning
Deep Instinct Touts Predictive Aspects of Deep Learning
Dark Reading Videos  |  3/7/2019  | 
Deep learning, as a subset of machine learning (which is itself a subset of artificial intelligence), can help transform a companys security posture, says Deep Instincts Guy Caspi. Deep learnings predictive capabilities also change the security management equation reactive to proactive, an important breakthrough in forecasting and risk management.
4 Ways At-Work Apps Are Vulnerable to Attack
Commentary  |  3/7/2019  | 
Collaboration applications make users and IT teams more efficient. But they come with an added cost: security.
Regular User Awareness Training Still the Best Security Tactic
Regular User Awareness Training Still the Best Security Tactic
Dark Reading Videos  |  3/7/2019  | 
Email continues to be the largest area of exposure for most organizations, and phishing emails lead the charge, according to Stu Sjouwerman, founder and CEO of KnowBe4. And while AI and machine learning can make a difference, these same tools are used by the bad guys, Sjouwerman adds. Regular, monthly trainings help reduce phishing click rates.
eSentire: Boost Security with Managed Detection & Orchestrated Response
eSentire: Boost Security with Managed Detection & Orchestrated Response
Dark Reading Videos  |  3/7/2019  | 
By integrating endpoint security with network security, end-users can reduce their risk and greatly improve their overall security, says Ashley Fidler of eSentire. For managed detection to deliver an orchestrated response, they must tap a reliable framework for decision-making and management, she adds.
Raytheon IIS Seizes the Moment with Cybersecurity as a Service
Raytheon IIS Seizes the Moment with Cybersecurity as a Service
Dark Reading Videos  |  3/7/2019  | 
Tapping the flexibility and reach of the cloud makes good sense for customers, according to Jon Check, senior director, cyber protection solutions for Raytheon Intelligence, Information and Services. Cybersecurity as a Service (CYaaS) ensures both data resilience and cyber resilience by integrating analytics and automation features into the mix.
Page 1 / 2   >   >>


It Takes an Average of 3 to 6 Months to Fill a Cybersecurity Job
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6149
PUBLISHED: 2019-03-18
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
CVE-2018-15509
PUBLISHED: 2019-03-18
Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2).
CVE-2018-20806
PUBLISHED: 2019-03-17
Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).
CVE-2019-5616
PUBLISHED: 2019-03-15
CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser.
CVE-2018-17882
PUBLISHED: 2019-03-15
An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.