Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content
Page 1 / 2   >   >>
Breaking the Endless Cycle of "Perfect" Cybercrimes
Commentary  |  6/26/2019  | 
A two-step strategy for creating an attack environment that is more complex, less profitable, and more likely to expose the attacker.
FIDO Alliance to Tackle Identity Verification and IoT Authentication
News  |  6/26/2019  | 
Standards group forms two new working groups to develop new open specifications.
Could Foster Kids Help Solve the Security Skills Shortage?
Commentary  |  6/26/2019  | 
Foster Warriors is a new nonprofit initiative focused on helping foster kids find a place in the world, and especially in the world of security. Join us!
Email Threats Continue to Grow as Attackers Evolve, Innovate
News  |  6/25/2019  | 
Threat actors increasingly using malicious URLs, HTTPS domains, file-sharing sites in email attacks, FireEye says.
Global Cyberattack Campaign Hit Mobile Carrier Networks
News  |  6/25/2019  | 
A nation-state group possibly out of China has attacked cell carrier networks in search of data on high-value individuals.
AWS CISO Talks Risk Reduction, Development, Recruitment
News  |  6/25/2019  | 
Steve Schmidt says limiting access to data has dramatically changed the security posture across Amazon Web Services.
Microsoft Adds New Secure Storage Area to OneDrive
Quick Hits  |  6/25/2019  | 
PersonalVault locks down files with MFA and encryption.
AWS Makes Control Tower & Security Hub Generally Available
Quick Hits  |  6/25/2019  | 
Security Hub aims to manage security across an AWS environment; Control Tower handles security and compliance for multi-account environments.
How to Avoid Becoming the Next Riviera Beach
Commentary  |  6/25/2019  | 
Be prepared by following these five steps so you don't have to pay a ransom to get your data back.
Companies on Watch After US, Iran Claim Cyberattacks
News  |  6/25/2019  | 
With the cyber conflict between the United States and Iran ramping up, companies traditionally targeted by the countries such as those in the oil and gas and financial industries need to bolster their security efforts, experts say.
The Rise of Silence and the Fall of Coinhive
Commentary  |  6/25/2019  | 
Cryptomining will exist as long as it remains profitable. One of the most effective ways to disrupt that activity is to make it too expensive to run cryptomining malware in your network.
DDoS-for-Hire Services Doubled in Q1
News  |  6/24/2019  | 
Impact of FBI's takedown of 15 'booter' domains last December appears to have been temporary.
A Socio-Technical Approach to Cybersecurity's Problems
News  |  6/24/2019  | 
Researchers explore how modern security problems can be solved with an examination of society, technology, and security.
Health Insurer Reports Data Breach That Began 9 Years Ago
Quick Hits  |  6/24/2019  | 
Dominion National first spotted something awry in April 2019.
Raspberry Pi Used in JPL Breach
Quick Hits  |  6/24/2019  | 
NASA report shows exfiltration totaling more than 100 GB of information since 2009.
Never Trust, Always Verify: Demystifying Zero Trust to Secure Your Networks
Commentary  |  6/24/2019  | 
The point of Zero Trust is not to make networks, clouds, or endpoints more trusted; it's to eliminate the concept of trust from digital systems altogether.
Cyber-Risks Hiding Inside Mobile App Stores
News  |  6/21/2019  | 
As the number of blacklisted apps on Google Play continues to drop, attackers find new ways to compromise smartphones.
Four CVEs Describe SACKs of Linux and FreeBSD Vulnerabilities
Quick Hits  |  6/21/2019  | 
Four new CVEs present issues that have a potential DoS impact on almost every Linux user.
Pledges to Not Pay Ransomware Hit Reality
News  |  6/21/2019  | 
While risk analysts and security experts continue to urge companies to secure systems against ransomware, they are now also advising that firms be ready to pay.
Startup Raises $13.7M to Stop Breaches with Behavioral Analytics
Quick Hits  |  6/21/2019  | 
TrueFort plans to use the funding to expand sales, marketing, R&D, customer support, and go-to-market initiatives.
Patrolling the New Cybersecurity Perimeter
Commentary  |  6/21/2019  | 
Remote work and other developments demand a shift to managing people rather than devices.
Customers of 3 MSPs Hit in Ransomware Attacks
News  |  6/20/2019  | 
Early information suggests threat actors gained access to remote monitoring and management tools from Webroot and Kaseya to distribute malware.
Florida Town Pays $600K to Ransomware Operators
News  |  6/20/2019  | 
Riviera Beach's decision to pay ransom to criminals might get files back, but it almost guarantees greater attacks against other governments.
'Democratizing' Machine Learning for Fraud Prevention & Payments Intelligence
Commentary  |  6/20/2019  | 
How fraud experts can fight cybercrime by 'downloading' their knowledge and experience into computer models.
Small Businesses May Not Be Security's Weak Link
Quick Hits  |  6/20/2019  | 
Organizations with 250 or fewer employees often employ a higher percentage of security pros than their larger counterparts.
Machine Learning Boosts Defenses, but Security Pros Worry Over Attack Potential
News  |  6/20/2019  | 
As defenders increasingly use machine learning to remove spam, catch fraud, and block malware, concerns persist that attackers will find ways to use AI technology to their advantage.
7 2019 Security Venture Fund Deals You Should Know
Slideshows  |  6/20/2019  | 
2019 has, so far, been a busy year for venture capitalists in the security industry. Here are 7 funding rounds important because of the technologies or market trends they represent.
Cybersecurity Accountability Spread Thin in the C-Suite
News  |  6/20/2019  | 
While cybersecurity discussions have permeated board meetings, the democratization of accountability has a long way to go.
The Hunt for Vulnerabilities
Commentary  |  6/20/2019  | 
A road map for improving the update process will help reduce the risks from vulnerabilities.
Inside the FBI's Fight Against Cybercrime
News  |  6/20/2019  | 
Heavily outnumbered and outpaced by their targets, small FBI cybersquads have been quietly notching up major wins against online criminals operating out of home and abroad.
With GDPR's 'Right of Access,' Who Really Has Access?
News  |  6/19/2019  | 
How a security researcher learned organizations willingly hand over sensitive data with little to no identity verification.
Critical Firefox Vuln Used in Targeted Attacks
Quick Hits  |  6/19/2019  | 
Mozilla has released patches for the bug reported by Coinbase.
Verizon Media, Uber, PayPal Top List of Companies Paying Bug Bounties
Quick Hits  |  6/19/2019  | 
A new report from HackerOne lists the top five companies running bug-hunting programs on the ethical hacking platform.
Serverless Computing from the Inside Out
Commentary  |  6/19/2019  | 
The biggest 'serverless' risks don't stem from the technology itself. They occur when organizations respond to the adoption from the outside in.
Cost per Cyberattack Jumps to $4.6M in 2019
Quick Hits  |  6/19/2019  | 
From 2018 to 2019, the percentage of cyberattacks costing $10 million or more nearly doubled, hitting 13%.
6 Security Tips That'll Keep the Summer Fun
Slideshows  |  6/19/2019  | 
Taking some time off this summer? Before you head out on vacation, make sure your devices and apps are also ready.
How Hackers Emptied Church Coffers with a Simple Phishing Scam
Commentary  |  6/19/2019  | 
Cyber thieves aren't bound by a code of ethics. They look for weak targets and high rewards, which is exactly what Saint Ambrose Catholic offered.
Insecure Home IoT Devices a Clear and Present Danger to Corporate Security
News  |  6/19/2019  | 
Avast-sponsored study shows wide prevalence of IoT devices, many with weak credentials and other security vulnerabilities.
As Cloud Adoption Grows, DLP Remains Key Challenge
News  |  6/18/2019  | 
As businesses use the cloud to fuel growth, many fail to enforce data loss prevention or control how people share data.
Advertising Alliance Plans Protocols to Reduce Dangerous Content
Quick Hits  |  6/18/2019  | 
The Global Alliance for Responsible Media will seek ways to clamp down on dangerous and fake content.
The Evolution of Identity
Commentary  |  6/18/2019  | 
How data and technology can help businesses make the right fraud decisions, protect people's identities, and create an improved customer experience.
Google Targets Deceptive Sites with New Chrome Tools
Quick Hits  |  6/18/2019  | 
A new extension and browser alert aim to help users report deceptive sites and prevent them from encountering fraud.
Can Your Patching Strategy Keep Up with the Demands of Open Source?
Commentary  |  6/18/2019  | 
It's time to reassess your open source management policies and processes.
How Fraudulent Domains 'Hide in Plain Sight'
News  |  6/18/2019  | 
Cybercriminals use new types of top-level domains, topical keywords, and targeted emails to trick victims into clicking malicious links.
DHS Tests Remote Exploit for BlueKeep RDP Vulnerability
News  |  6/17/2019  | 
Agency urges organizations with vulnerable systems to apply mitigations immediately.
Power Outage Hits Millions in South America
Quick Hits  |  6/17/2019  | 
The outage, which is not (so far) seen as the result of a cyberattack, still had a significant impact on network and server availability.
New Decryptor Unlocks Latest Versions of Gandcrab
Quick Hits  |  6/17/2019  | 
The decryptor neutralizes GandCrab versions 5.0 through 5.2 and lets victims unlock their files for free.
Utilities, Nations Need Better Plan Against Critical Infrastructure Attackers
News  |  6/17/2019  | 
The attackers behind the Triton, or Xenotime, intrusions into critical infrastructure (CI) safety systems are testing their skills against electric power companies. Options for defense are still limited, however.
The Life-Changing Magic of Tidying Up the Cloud
Commentary  |  6/17/2019  | 
Most companies' cloud security operations would benefit significantly from clean-up, alignment, and organization.
10 Notable Security Acquisitions of 2019 (So Far)
Slideshows  |  6/15/2019  | 
In a year when security companies have been snapped up left and right, these deals stand out from the chaos.
Page 1 / 2   >   >>


Florida Town Pays $600K to Ransomware Operators
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/20/2019
Pledges to Not Pay Ransomware Hit Reality
Robert Lemos, Contributing Writer,  6/21/2019
AWS CISO Talks Risk Reduction, Development, Recruitment
Kelly Sheridan, Staff Editor, Dark Reading,  6/25/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-10164
PUBLISHED: 2019-06-26
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL...
CVE-2019-11583
PUBLISHED: 2019-06-26
The issue searching component in Jira before version 8.1.0 allows remote attackers to deny access to Jira service via denial of service vulnerability in issue search when ordering by "Epic Name".
CVE-2019-4234
PUBLISHED: 2019-06-26
IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416.
CVE-2019-4235
PUBLISHED: 2019-06-26
IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417.
CVE-2019-4241
PUBLISHED: 2019-06-26
IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. IBM X-Force ID: 159467.