News & Commentary

Latest Content tagged with Operations
Page 1 / 2   >   >>
New Drupal Exploit Mines Monero for Attackers
Quick Hits  |  6/22/2018  | 
A new exploit of a known vulnerability gives an attacker control of the Drupal-hosting server.
Cracking Cortana: The Dangers of Flawed Voice Assistants
News  |  6/22/2018  | 
Researchers at Black Hat USA will show how vulnerabilities in Microsoft's Cortana highlight the need to balance security with convenience.
White House Email Security Faux Pas?
Commentary  |  6/22/2018  | 
The Executive Office of the President isn't complying with the DMARC protocol, but that has fewer implications than some headlines would suggest.
Artificial Intelligence & the Security Market
News  |  6/21/2018  | 
A glimpse into how two new products for intrusion detection and entity resolution are using AI to help humans do their jobs.
7 Places Where Privacy and Security Collide
Slideshows  |  6/21/2018  | 
Privacy and security can experience tension at a number of points in the enterprise. Here are seven plus some possibilities for easing the strain.
Templates: The Most Powerful (And Underrated) Infrastructure Security Tool
Commentary  |  6/21/2018  | 
If your team is manually building cloud instances and networks for every application, you're setting yourself up for a data breach.
AppSec in the World of 'Serverless'
Commentary  |  6/21/2018  | 
The term 'application security' still applies to 'serverless' technology, but the line where application settings start and infrastructure ends is blurring.
Inside a SamSam Ransomware Attack
Commentary  |  6/20/2018  | 
Here's how hackers use network tools and stolen identities to turn a device-level compromise into an enterprise-level takedown.
Intel VP Talks Data Security Focus Amid Rise of Blockchain, AI
News  |  6/20/2018  | 
Intel vice president Rick Echevarria discusses the challenges of balancing data security with new technologies like blockchain and artificial intelligence.
Alphabet Launches VirusTotal Monitor to Stop False Positives
Quick Hits  |  6/20/2018  | 
Alphabet's Chronicle security division releases VirusTotal Monitor, a tool for developers to check if their product will be flagged as malware.
Improving the Adoption of Security Automation
Commentary  |  6/20/2018  | 
Four barriers to automation and how to overcome them.
The Best and Worst Tasks for Security Automation
Slideshows  |  6/20/2018  | 
As with all new tech, there are good times and and bad times to use it. Security experts share which tasks to prioritize for automation.
Mylobot Malware Brings New Sophistication to Botnets
News  |  6/20/2018  | 
The malware pulls together a variety of techniques to gain a foothold and remain undiscovered.
Tesla Employee Steals, Sabotages Company Data
News  |  6/19/2018  | 
The electric carmaker is the victim of an "extensive and damaging" insider attack, says CEO Elon Musk.
CrowdStrike Secures $200M Funding Round
Quick Hits  |  6/19/2018  | 
The new funding round brings the company's valuation to more than $3 billion.
Cisco CPO: Privacy Is Not About Secrecy or Compliance
News  |  6/19/2018  | 
Michelle Dennedy sat down with Dark Reading at the recent Cisco Live event to set the record straight about privacy, regulation, encryption, and more.
Security Analytics Startup Uptycs Raises $10M in Series A
Quick Hits  |  6/19/2018  | 
This round of funding for Uptycs, which runs an osquery-powered analytics platform, was led by ForgePoint Capital and Comcast Ventures.
'Wallchart' Phishing Campaign Exploits World Cup Watchers
News  |  6/18/2018  | 
The details on a phishing attack designed to lure soccer fans with a subject line about the World Cup schedule and scoresheet.
Mass. Man Pleads Guilty in ATM Jackpotting Operation
Quick Hits  |  6/18/2018  | 
Citizens Bank ATM and others targeted in the scheme.
F-Secure Buys MWR InfoSecurity
Quick Hits  |  6/18/2018  | 
Finnish endpoint security company buys British security service provider in cash deal.
3 Tips for Driving User Buy-in to Security Policies
Commentary  |  6/18/2018  | 
Teaching users why it's important to commit to security controls is a far more effective strategy than simply demanding that they follow them. Here's how.
Email, Social Media Still Security Nightmares
Quick Hits  |  6/15/2018  | 
Phishing and banking trojans continue to be major threats brought into the enterprise.
Kaspersky Lab Freezes Work with Europol in Protest of EU Vote
News  |  6/14/2018  | 
New European Parliament document calls out Kaspersky Lab software as 'malicious' and says it should be banned.
23,000 Compromised in HealthEquity Data Breach
Quick Hits  |  6/14/2018  | 
HealthEquity, which handles more than 3.4 million health savings accounts, was breached when an intruder accessed an employee's email.
Meet 'Bro': The Best-Kept Secret of Network Security
Commentary  |  6/14/2018  | 
This often overlooked open source tool uses deep packet inspection to transform network traffic into exceptionally useful, real-time data for security operations.
Cisco Talos Summit: Network Defenders Not Serious Enough About Attacks
News  |  6/13/2018  | 
Security is weak, and most companies are clueless, according to Immunity researcher Lurene Grenier, who kicked off the Cisco Talos Threat Research Summit on Sunday.
Why CISOs Need a Security Reality Check
Commentary  |  6/13/2018  | 
We deserve a seat at the executive table, and we'll be much better at our jobs once we take it.
Cyxtera Completes Immunity Purchase
Quick Hits  |  6/12/2018  | 
Cyxtera completes acquisition it first announced in January.
Fewer Phishing Attacks Hit More Diverse Targets
News  |  6/11/2018  | 
Nearly 300 brands were hit with phishing attacks in Q1, with cloud storage providers now among the top 10 most targeted.
6 Ways Greed Has a Negative Effect on Cybersecurity
Commentary  |  6/11/2018  | 
How the security industry can both make money and stay true to its core values, and why that matters.
SAP CSO: Security Requires Context
News  |  6/11/2018  | 
Security depends on the apps and networks it protects. SAP CSO Justin Somaini discusses three scenarios.
FireEye Finds New Clues in TRITON/TRISIS Attack
News  |  6/8/2018  | 
Attackers behind the epic industrial-plant hack reverse-engineered the safety-monitoring system's proprietary protocol, researchers found.
Enterprise IT Juggling 20-Plus SecOps Tools
Quick Hits  |  6/8/2018  | 
Lack of integration also a big issue among decision makers.
DevSecOps Gains Enterprise Traction
News  |  6/7/2018  | 
Enterprise adoption of DevSecOps has surged in the past year, according to a study conducted at this year's RSA Conference.
In Pursuit of Cryptography's Holy Grail
Commentary  |  6/7/2018  | 
Homomorphic encryption eliminates the need for data exposure at any point something that certainly would be welcome these days.
New Colorado Breach Notification Rules Signed Into Law
Quick Hits  |  6/7/2018  | 
Colorado has enacted a new data breach notification law that contains some of the most stringent requirements in the US.
Dark Reading Launches Second INsecurity Conference
News  |  6/5/2018  | 
To be held in Chicago Oct. 23-25, defense-focused conference will feature closed-door discussions, co-resident Black Hat Training sessions
10 Open Source Security Tools You Should Know
Slideshows  |  6/5/2018  | 
Open source tools can be the basis for solid security and intense learning. Here are 10 you should know about for your IT security toolkit.
Fortinet Completes Bradford Networks Purchase
Quick Hits  |  6/4/2018  | 
NAC and security firm added to Fortinet's portfolio.
5 Tips for Protecting SOHO Routers Against the VPNFilter Malware
Slideshows  |  6/2/2018  | 
Most home office users need to simply power cycle their routers and disable remote access; enterprises with work-at-home employees should move NAS behind the firewall.
The Good News about Cross-Domain Identity Management
Commentary  |  5/31/2018  | 
Adoption of the SCIM open source, standards-based approach for syncing user information between applications is ratcheting up among SaaS vendors as well as enterprises.
Facebook Must Patch 2 Billion Human Vulnerabilities; How You Can Patch Yours
Commentary  |  5/31/2018  | 
The situation Facebook is in should be prompting all security teams to evaluate just how defenseless or protected the people in their organizations are.
6 Security Investments You May Be Wasting
Slideshows  |  5/31/2018  | 
Not all tools and services provide the same value. Some relatively low-cost practices have a major payoff while some of the most expensive tools make little difference.
Machine Learning, Artificial Intelligence & the Future of Cybersecurity
Commentary  |  5/30/2018  | 
The ability to learn gives security-focused AI and ML apps unrivaled speed and accuracy over their more basic, automated predecessors. But they are not a silver bullet. Yet.
Getting Revolutionary (Not Evolutionary) about Cybersecurity
Commentary  |  5/30/2018  | 
Being a security revolutionary isn't purely about new, ground-breaking ideas. It's about anticipating, outpacing, and influencing your world, both internally and externally. Here are five keys to success.
6 Ways Third Parties Can Trip Up Your Security
Slideshows  |  5/29/2018  | 
Poor access control, inadequate patch management, and non-existent DR practices are just some of the ways a third party can cause problems
Security Lags in Enterprise Cloud Migration
Quick Hits  |  5/25/2018  | 
Cloud security is falling farther behind as companies migrate more and more of their workloads to public cloud infrastructures.
6 Steps for Applying Data Science to Security
Slideshows  |  5/23/2018  | 
Two experts share their data science know-how in a tutorial focusing on internal DNS query analysis.
Cybercriminals Battle Against Banks' Incident Response
News  |  5/22/2018  | 
'Filess' attacks account for more than half of successful breaches of bank networks, new data shows.
GDPR 101: Keeping Data Safe Throughout the 'Supply Chain'
Commentary  |  5/22/2018  | 
There are a lot of moving pieces involved with data collection, retention, and processing in the EU's new General Data Protection Regulation. Here's how to break down responsibilities between your security team and service providers.
Page 1 / 2   >   >>


'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, Preempt,  6/20/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12697
PUBLISHED: 2018-06-23
A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.
CVE-2018-12698
PUBLISHED: 2018-06-23
demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump.
CVE-2018-12699
PUBLISHED: 2018-06-23
finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.
CVE-2018-12700
PUBLISHED: 2018-06-23
A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion.
CVE-2018-11560
PUBLISHED: 2018-06-23
The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100.