News & Commentary

Latest Content
Page 1 / 2   >   >>
Exploits for Adobe Vulnerabilities Spiked in 2018
News  |  4/23/2019  | 
With Flash Player on way out, attackers are renewing their focus on Acrobat Reader, RiskSense found.
When Every Attack Is a Zero Day
Commentary  |  4/23/2019  | 
Stopping malware the first time is an ideal that has remained tantalizingly out of reach. But automation, artificial intelligence, and deep learning are poised to change that.
Will the US Adopt a National Privacy Law?
Commentary  |  4/23/2019  | 
Probably not before the 2020 election. But keep an eye on this Congress as legislators debate how to define personal data and what limits to place on how companies use it.
7 Ways to Get the Most from Your IDS/IPS
Slideshows  |  4/23/2019  | 
Intrusion detection and prevention is at the foundation of successful security in-depth. Securing the perimeter requires a solid understanding of these two critical components.
1 in 4 Workers Are Aware Of Security Guidelines but Ignore Them
News  |  4/23/2019  | 
Even more are knowingly connecting to unsecure networks and sharing confidential information through collaboration platforms, according to Symphony Communication Services.
FBI: $2.7 Billion in Losses to Cyber-Enabled Crimes in 2018
Quick Hits  |  4/22/2019  | 
Internet Crime Complaint Center (IC3) last year received an average of 900+ reports daily of Internet-enabled theft, fraud, and exploitation.
Trojanized TeamViewer Used in Targeted Attacks Against Multiple Embassies
News  |  4/22/2019  | 
Motive remains unclear though financial theft appears to be one possibility, Check Point Research says.
WannaCry Hero Hutchins Pleads Guilty to Malware Charges
News  |  4/22/2019  | 
Marcus Hutchins, the security researcher who helped halt the spread of the WannaCry attack, pleads guilty to two charges related to writing malware.
Who Gets Targeted Most in Cyberattack Campaigns
Quick Hits  |  4/22/2019  | 
Attackers are changing both their tactics and targets in an attempt to remain criminally successful, Proofpoint's study found.
4 Tips to Protect Your Business Against Social Media Mistakes
Commentary  |  4/22/2019  | 
Don't let social media become the go-to platform for cybercriminals looking to steal sensitive corporate information or cause huge reputational damage.
Researchers Find Clues for Dramatically Reducing IDS Traffic Volume
Quick Hits  |  4/19/2019  | 
Research at military labs and Towson University shows that identifying malicious activity may require much less captured data than has been the case.
Russia Hacked Clinton's Computers Five Hours After Trump's Call
News  |  4/19/2019  | 
Mueller report finds that in July 2016, after then-candidate Donald Trump publicly called for Russia to "find the 30,000 emails," Russian agents targeted Hillary Clinton's personal office with cyberattacks.
APT34 Toolset, Victim Data Leaked via Telegram
Quick Hits  |  4/19/2019  | 
For the last month, an unknown individual or group has been sharing data and hacking tools belonging to Iranian hacker group APT34.
Free Princeton Application Provides IoT Traffic Insight
Quick Hits  |  4/19/2019  | 
The application developed by a research group allows users to spot possible IoT security problems.
Why We Need a 'Cleaner Internet'
Commentary  |  4/19/2019  | 
By blocking threats and attacks nearer to their sources, cybersecurity pros could help turn the connected world into a safer place for all.
Third-Party Cyber-Risk by the Numbers
Slideshows  |  4/19/2019  | 
Recent stats show that the state of third-party cyber risk and vendor risk management remains largely immature at most organizations.
Cisco Issues 31 Mid-April Security Alerts
News  |  4/18/2019  | 
Among them, two are critical and six are of high importance.
Creator of Hub for Stolen Credit Cards Sentenced to 90 Months
News  |  4/18/2019  | 
Coming eight years after he launched the site, the steep sentence for the cybercriminal operator is based on a tab of $30 million in damages calculated by Mastercard and other credit card companies.
6 Takeaways from Ransomware Attacks in Q1
News  |  4/18/2019  | 
Customized, targeted ransomware attacks were all the rage.
Cloud Security Spend Set to Reach $12.6B by 2023
News  |  4/18/2019  | 
Growth corresponds with a greater reliance on public cloud services.
The Cybersecurity Automation Paradox
News  |  4/18/2019  | 
Recent studies show that before automation can reduce the burden on understaffed cybersecurity teams, they need to bring in enough automation skills to run the tools.
How to Raise the Level of AppSec Competency in Your Organization
Commentary  |  4/18/2019  | 
Improving processes won't happen overnight, but it's not complicated either.
Former Student Admits to USB Killer Attack
Quick Hits  |  4/18/2019  | 
An Indian national used device to attack computers and peripherals at a New York college.
GoT Guide to Cybersecurity: Preparing for Battle During a Staffing Shortage
Commentary  |  4/18/2019  | 
Faced with an overwhelming adversary, Game of Thrones heroes Daenerys Targaryen and Jon Snow have a lot in common with today's beleaguered CISOs.
Facebook Accidentally Imported 1.5M Users' Email Data Sans Consent
Quick Hits  |  4/18/2019  | 
The social media giant says it did not access the imported data and is notifying affected users.
Nation-State Hacker Group Hijacking DNS to Redirect Email, Web Traffic
News  |  4/17/2019  | 
'Sea Turtle' group has compromised at least 40 national security organizations in 13 countries so far, Cisco Talos says.
VPN Vulnerabilities Point Out Need for Comprehensive Remote Security
News  |  4/17/2019  | 
VPNs are the primary tool for securing remote access, but recently disclosed vulnerabilities point out the weakness of relying on them as the only tool.
Tips for the Aftermath of a Cyberattack
News  |  4/17/2019  | 
Incident response demands technical expertise, but you can't fully recover without non-IT experts.
New Malware Campaign Targets Financials, Retailers
Quick Hits  |  4/17/2019  | 
The attack uses a legitimate remote access system as well as several families of malware.
Legacy Apps: The Security Risk Lurking in Dusty Corners
Commentary  |  4/17/2019  | 
Four best practices to keep old code from compromising your enterprise environment.
Ever-Sophisticated Bad Bots Target Healthcare, Ticketing
News  |  4/17/2019  | 
From criminals to competitors, online bots continue to scrape information from sites and pose as legitimate users.
Inside the Dark Web's How-To Guides for Teaching Fraud
Quick Hits  |  4/17/2019  | 
A new study investigates nearly 30,000 guides to explore what fraudsters sell and teach aspiring cybercriminals.
Selecting the Right Strategy to Reduce Vulnerability Risk
Commentary  |  4/17/2019  | 
There's no one-size-fits-all strategy for eliminating vulnerability risk. Knowing how your organization operates is what makes the difference.
7 Tips for an Effective Employee Security Awareness Program
Slideshows  |  4/17/2019  | 
Breaches and compliance requirements have heightened the need for continuous and effective employee training, security experts say.
Decoding a 'New' Elite Cyber Espionage Team
News  |  4/16/2019  | 
Stealthy and well-heeled hacking group went undetected for five years and wields a massive attack framework of some 80 different modules.
Security Audit Shows Gains, Though Privacy Lags
News  |  4/16/2019  | 
The 2018 Online Trust Audit shows that "encryption everywhere" is improving security, while fuzzy language is slowing privacy gains.
Threat Group Exploits Chrome Bug to Serve Malicious Ads to iOS Users
News  |  4/16/2019  | 
A new exploit developed by eGobbler is allowing it to distribute malvertisementsmore than 500 million to dateat huge scale, Confiant says.
Meet Scranos: New Rootkit-Based Malware Gains Confidence
News  |  4/16/2019  | 
The cross-platform operation, first tested on victims in China, has begun to spread around the world.
Benefiting from Data Privacy Investments
Commentary  |  4/16/2019  | 
GDPR-ready companies experience lower overall costs associated with data breaches, research finds.
IT Outsourcing Firm Wipro Investigates Data Breach
Quick Hits  |  4/16/2019  | 
Employee accounts may have been compromised in a sophisticated phishing campaign.
New Attacks (and Old Attacks Made New)
Commentary  |  4/16/2019  | 
Although new attacks might get the most attention, don't assume old ones have gone away.
Data on Thousands of Law Enforcement Personnel Exposed in Breach
Quick Hits  |  4/15/2019  | 
Unknown hackers broke into databases of nonprofit and have posted online personal info on FBI, Secret Service, Capitol Police, US Park Police, others.
Microsoft Downplays Scope of Email Attack
News  |  4/15/2019  | 
An unknown attacker used a support agent's credentials to access email content belonging to some Outlook, Hotmail users.
New Details Emerge on Windows Zero Day
News  |  4/15/2019  | 
The CVE-2019-0859 vulnerability, patched last week, is the latest in a string of Windows local privilege escalation bugs discovered at Kaspersky Lab.
TRITON Attacks Underscore Need for Better Defenses
News  |  4/15/2019  | 
As attackers focus on cyber-physical systems, companies must improve their visibility into IT system compromises as well as limit actions on operational-technology networks, experts say.
The Single Cybersecurity Question Every CISO Should Ask
Commentary  |  4/15/2019  | 
The answer can lead to a scalable enterprise security solution for years to come.
CERT, CISA Warn of Vuln in at Least 4 Major VPNs
Quick Hits  |  4/12/2019  | 
VPN products by Cisco, Palo Alto Networks, F5 Networks, Pulse Secure, insecurely store session cookies.
This Week in Security Funding: Where the Money Went
News  |  4/12/2019  | 
Predictions for cybersecurity investment in 2019 are holding true with funding announcements from four startups.
Romanians Convicted in Cybertheft Scheme
Quick Hits  |  4/12/2019  | 
Working out of Bucharest since 2007, a pair of criminals infected and controlled more than 400,000 individual computers, mostly in the US.
8 'SOC-as-a-Service' Offerings
Slideshows  |  4/12/2019  | 
These new cloud services seek to help companies figure out what their traditional SIEM alerts mean, plus how they can prioritize responses and improve their security operations.
Page 1 / 2   >   >>


Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data Researcher,  4/19/2019
Tips for the Aftermath of a Cyberattack
Kelly Sheridan, Staff Editor, Dark Reading,  4/17/2019
Why We Need a 'Cleaner Internet'
Darren Anstee, Chief Technology Officer at Arbor Networks,  4/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7303
PUBLISHED: 2019-04-23
A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. The seccomp rules were generated to match 64-bit ioctl(2) commands on a 64-bit platform; however, the Linux kernel only uses the lower 32 b...
CVE-2019-7304
PUBLISHED: 2019-04-23
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
CVE-2019-0223
PUBLISHED: 2019-04-23
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1...
CVE-2017-12619
PUBLISHED: 2019-04-23
Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijack a valid user session. Issue was reported by "stone lone".
CVE-2018-1317
PUBLISHED: 2019-04-23
In Apache Zeppelin prior to 0.8.0 the cron scheduler was enabled by default and could allow users to run paragraphs as other users without authentication.