News & Commentary

Latest Content
Page 1 / 2   >   >>
RF Hacking Research Exposes Danger to Construction Sites
News  |  1/23/2019  | 
Trend Micro team unearthed 17 vulnerabilities among seven vendors' remote controller devices.
DHS Issues Emergency Directive on DNS Security
News  |  1/23/2019  | 
All government domain owners are instructed to take immediate steps to strengthen the security of their DNS servers following a successful hacking campaign.
'Anatova' Emerges as Potentially Major New Ransomware Threat
News  |  1/23/2019  | 
Modular design, ability to infect network shares make the malware dangerous, McAfee says.
Aging PCs Running Out-of-Date Software Bring Security Worries
Quick Hits  |  1/23/2019  | 
Age is an issue with application languages and frameworks, too.
The Evolution of SIEM
Commentary  |  1/23/2019  | 
Expectations for these security information and event management systems have grown over the years, in ways that just aren't realistic.
Google Creates Online Phishing Quiz
Quick Hits  |  1/23/2019  | 
Google Alphabet incubator Jigsaw says knowing how to spot a phish plus two-factor authentication are the best defenses against falling for a phishing email.
Cybercriminals Home in on Ultra-High Net Worth Individuals
News  |  1/23/2019  | 
Research shows that better corporate security has resulted in some hackers shifting their sights to the estates and businesses of wealthy families.
Think Twice Before Paying a Ransom
Commentary  |  1/23/2019  | 
Why stockpiling cryptocurrency or paying cybercriminals is not the best response.
Enterprise Malware Detections Up 79% as Attackers Refocus
News  |  1/23/2019  | 
A new report on the state of malware shows a spike in B2B malware, with former banking Trojans Emotet and TrickBot topping the list.
Stealthy New DDoS Attacks Target Internet Service Providers
News  |  1/22/2019  | 
Adversaries took advantage of the large attack surface of large communications networks to spread small volumes of junk traffic across hundreds of IP prefixes in Q3 2018, Nexusguard says.
Hack of Plug-in Website Ruffles WordPress Community
News  |  1/22/2019  | 
An intruder thought to be a former employee used a backdoor into the WPML website to skim email addresses and send a mass email blast.
Security Talent Continues to Fetch Top Dollar on IT Job Market
Quick Hits  |  1/22/2019  | 
IT and cybersecurity positions continue to rank near the top of the salary ranges paid to IT professionals, according to a new survey.
The Fact and Fiction of Homomorphic Encryption
Commentary  |  1/22/2019  | 
The approach's promise continues to entice cryptographers and academics. But don't expect it to help in the real world anytime soon.
Real-World Threats That Trump Spectre & Meltdown
Slideshows  |  1/22/2019  | 
New side-channel attacks are getting lots of attention, but other more serious threats should top your list of threats.
How Cybercriminals Clean Their Dirty Money
Commentary  |  1/22/2019  | 
By using a combination of new cryptocurrencies and peer-to-peer marketplaces, cybercriminals are laundering up to an estimated $200 billion in ill-gotten gains a year. And that's just the beginning.
Google Hit With $57 Million GDPR Fine in France
Quick Hits  |  1/21/2019  | 
The fine represents the first major penalty for a US technology company under the new European regulations.
Shadow IT, IaaS & the Security Imperative
Commentary  |  1/21/2019  | 
Organizations must strengthen their security posture in cloud environments. That means considering five critical elements about their infrastructure, especially when it operates as an IaaS.
2018's Most Common Vulnerabilities Include Issues New and Old
News  |  1/18/2019  | 
The most common vulnerabilities seen last year run the gamut from cross-site scripting to issues with CMS platforms.
VC Investments in Cybersecurity Hit Record Highs in 2018
News  |  1/18/2019  | 
But rate of funding appears unsustainable, according to Strategic Cyber Ventures.
GDPR Suit Filed Against Amazon, Apple
Quick Hits  |  1/18/2019  | 
An Austrian non-profit, led by privacy activist and attorney Max Schrems, has filed suit against 8 tech giants for non-compliance with the EU General Data Protection Regulation.
PCI Council Releases New Software Framework for DevOps Era
News  |  1/18/2019  | 
The PCI Software Security Framework will eventually replace PCI DA-DSS when it expires in 2022.
The Rx for HIPAA Compliance in the Cloud
Commentary  |  1/18/2019  | 
For medical entities, simply following HIPAA cloud service provider guidelines is no longer enough to ensure that your practice is protected from cyber threats, government investigations, and fines.
8 Tips for Monitoring Cloud Security
Slideshows  |  1/18/2019  | 
Cloud security experts weigh in with the practices and tools they prefer to monitor and measure security metrics in the cloud.
773 Million Email Addresses, 21 Million Passwords For Sale on Hacker Forum
News  |  1/17/2019  | 
Data appears to be from multiple breaches over past few years, says researcher who discovered it.
Facebook Shuts Hundreds of Russia-Linked Pages, Accounts for Disinformation
Quick Hits  |  1/17/2019  | 
Facebook says the accounts and pages were part of two unrelated disinformation operations aimed at targets outside the US.
Microsoft Launches New Azure DevOps Bug Bounty Program
Quick Hits  |  1/17/2019  | 
A new program will pay bounties of up to $20,000 for new critical bugs in the company's Azure DevOps systems and services.
New Attacks Target Recent PHP Framework Vulnerability
News  |  1/17/2019  | 
Multiple threat actors are using relatively simple techniques to take advantage of the vulnerability, launching cryptominers, skimmers, and other malware payloads.
The Security Perimeter Is Dead; Long Live the New Endpoint Perimeter
Commentary  |  1/17/2019  | 
The network no longer provides an air gap against external threats, but access devices can take up the slack.
'We Want IoT Security Regulation,' Say 95% of IT Decision-Makers
News  |  1/17/2019  | 
New global survey shows businesses are valuing IoT security more highly, but they are still challenged by IoT data visibility and privacy.
Simulating Lateral Attacks Through Email
Commentary  |  1/17/2019  | 
A skilled attacker can get inside your company by abusing common email applications. Here are three strategies to block them.
Malware Built to Hack Building Automation Systems
News  |  1/16/2019  | 
Researchers dig into vulnerabilities in popular building automation systems, devices.
Oklahoma Data Leak Compromises Years of FBI Data
Quick Hits  |  1/16/2019  | 
The Oklahoma Securities Commission accidentally leaked 3 TB of information, including data on years of FBI investigations.
How the US Chooses Which Zero-Day Vulnerabilities to Stockpile
Commentary  |  1/16/2019  | 
When it comes to acceptable circumstances for government disclosure of zero-days, the new Vulnerabilities Equity Process might be the accountability practice security advocates have been waiting for.
BEC Groups Ramp Up Payroll Diversion Attacks
News  |  1/16/2019  | 
Criminals are increasingly trying to defraud businesses by diverting payrolls of CEOs, other senior executives, Agari says.
Fortnite Players Compromised Via Epic Games Vulnerability
News  |  1/16/2019  | 
Bugs in Epic Games' platform could let intruders take over players' accounts, view personal data, and/or buy in-game currency.
Are You Listening to Your Kill Chain?
Commentary  |  1/16/2019  | 
With the right tools and trained staff, any organization should be able to deal with threats before information is compromised.
Triton/Trisis Attack Was More Widespread Than Publicly Known
News  |  1/16/2019  | 
Signs of the attack first showed up two months before it was identified as a cyberattack, but they were mistaken for a pure equipment failure by Schneider Electric, security expert reveals at S4x19.
Hijacking a PLC Using its Own Network Features
News  |  1/15/2019  | 
Researcher at S4x19 to show how attackers can exploit the built-in advanced connectivity functions in some Rockwell PLCs.
Report: Bots Add Volume to Account Takeover Attacks
Quick Hits  |  1/15/2019  | 
Bots that can launch hundreds of attacks per second are making account takeover fraud more difficult to defend against.
Online Fraud: Now a Major Application Layer Security Problem
Commentary  |  1/15/2019  | 
The explosion of consumer-facing online services and applications is making it easier and cheaper for cybercriminals to host malicious content and launch attacks.
US Judge: Police Can't Force Biometric Authentication
Quick Hits  |  1/15/2019  | 
Law enforcement cannot order individuals to unlock devices using facial or fingerprint scans, a California judge says.
7 Privacy Mistakes That Keep Security Pros on Their Toes
Slideshows  |  1/15/2019  | 
When it comes to privacy, it's the little things that can lead to big mishaps.
SEC Issues Charges in 'Edgar' Database Hack
Quick Hits  |  1/15/2019  | 
One defendant is still facing charges issued in 2015 for a $30 million hacking and securities fraud scheme.
Why Cyberattacks Are the No. 1 Risk
Commentary  |  1/15/2019  | 
The paradigm shift toward always-on IT requires business leaders to rethink their defense strategy.
Former IBM Security Execs Launch Cloud Data Security Startup
News  |  1/15/2019  | 
Sonrai Security, the brainchild of two execs from IBM Security and Q1 Labs, debuts with $18.5 million in Series A funding.
Cryptomining Continues to Be Top Malware Threat
News  |  1/14/2019  | 
Tools for illegally mining Coinhive, Monero, and other cryptocurrency dominate list of most prevalent malware in December 2018.
Radiflow: New Approach for Classifying OT Attack Flaws
Quick Hits  |  1/14/2019  | 
The firm says risk assessment should begin with understanding attacker taxonomy and continue with vulnerability analysis.
Facebook Faces Action From German Watchdog
Quick Hits  |  1/14/2019  | 
German antitrust regulators prepare to require changes from Facebook regarding privacy and personal information.
Advanced Phishing Scenarios You Will Most Likely Encounter This Year
Commentary  |  1/14/2019  | 
In 2019, there will be no end in sight to email-driven cybercrime such as business email compromise, spearphishing, and ransomware.
Government Shutdown Brings Certificate Lapse Woes
Quick Hits  |  1/11/2019  | 
Among the problems: TLS certificates are expiring and websites are becoming inaccessible.
Page 1 / 2   >   >>


How Cybercriminals Clean Their Dirty Money
Alexon Bell, Global Head of AML & Compliance, Quantexa,  1/22/2019
Facebook Shuts Hundreds of Russia-Linked Pages, Accounts for Disinformation
Sara Peters, Senior Editor at Dark Reading,  1/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-1637
PUBLISHED: 2019-01-23
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Fo...
CVE-2019-1638
PUBLISHED: 2019-01-23
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Fo...
CVE-2019-1639
PUBLISHED: 2019-01-23
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Fo...
CVE-2019-1640
PUBLISHED: 2019-01-23
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Fo...
CVE-2019-1641
PUBLISHED: 2019-01-23
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Fo...