Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content
Page 1 / 2   >   >>
US Treasury Sanctions Russian Institution Linked to Triton Malware
Quick Hits  |  10/23/2020  | 
Triton, also known as TRISIS and HatMan, was developed to target and manipulate industrial control systems, the US Treasury reports.
Flurry of Warnings Highlight Cyber Threats to US Elections
News  |  10/23/2020  | 
FBI and intelligence officials issue fresh warnings about election interference attempts by Iranian and Russian threat actors.
COVID-19: Latest Security News & Commentary
News  |  10/23/2020  | 
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
A Pause to Address 'Ethical Debt' of Facial Recognition
Commentary  |  10/23/2020  | 
Ethical use will require some combination of consistent reporting, regulation, corporate responsibility, and adversarial technology.
Botnet Infects Hundreds of Thousands of Websites
News  |  10/22/2020  | 
KashmirBlack has been targeting popular content management systems, such as WordPress, Joomla, and Drupal, and using Dropbox and GitHub for communication to hide its presence.
7 Mobile Browsers Vulnerable to Address-Bar Spoofing
News  |  10/22/2020  | 
Flaws allow attackers to manipulate URLs users see on their mobile devices, Rapid7 says.
Credential-Stuffing Attacks Plague Loyalty Programs
News  |  10/22/2020  | 
But that's not the only type of web attack cybercriminals have been profiting from.
WordPress Plug-in Updated in Rare Forced Action
Quick Hits  |  10/22/2020  | 
The Logonizer login security plug-in was automatically updated to patch a SQL injection vulnerability.
To Err Is Human: Misconfigurations & Employee Neglect Are a Fact of Life
Commentary  |  10/22/2020  | 
The cyber kill chain is only as strong as its weakest link, so organizations should reinforce that link with a properly equipped dedicated security team.
McAfee Raises $740M in Second IPO
Quick Hits  |  10/22/2020  | 
The security software giant and its investors sold 37 million shares priced at $20 each, putting McAfee's value around $8.6 billion.
Need for 'Guardrails' in Cloud-Native Applications Intensifies
News  |  10/22/2020  | 
With more organizations shifting to cloud services in the pandemic, experts say the traditionally manual process of securing them will be replaced by automated tools in 2021 and beyond.
Implementing Proactive Cyber Controls in OT: Myths vs. Reality
Commentary  |  10/22/2020  | 
Debunking the myths surrounding the implementation of proactive cyber controls in operational technology.
FIRST Announces Cyber-Response Ethical Guidelines
Quick Hits  |  10/21/2020  | 
The 12 points seek to provide security professionals with advice on ethical behavior during incident response.
Oracle Releases Another Mammoth Security Patch Update
News  |  10/21/2020  | 
October's CPU contains 402 patches for vulnerabilities across 29 product sets, many of which are remotely executable without the need for authentication.
Ubiq Rolls Out Encryption-as-a-Service Platform Aimed at Developers
News  |  10/21/2020  | 
A few lines of code and two API calls is all that it takes for developers to add encryption to their applications, startup says.
As Smartphones Become a Hot Target, Can Mobile EDR Help?
News  |  10/21/2020  | 
Lookout Security debuts a mobile endpoint detection and response offering that will integrate into its mobile security platform.
Dealing With Insider Threats in the Age of COVID
Commentary  |  10/21/2020  | 
Dangerous gray areas like new BYOD policies and shadow IT devices have increased, thanks to the rapid shift to remote working.
IASME Consortium to Kick-start New IoT Assessment Scheme
News  |  10/21/2020  | 
The IASME Consortium has been awarded a DCMS grant, enabling the UK organization to kick-start an Internet of Things (IoT) assessment scheme. IASME is looking for manufacturers interested in getting their IoT device certified cyber secure for free via the new pilot scheme.
Are You One COVID-19 Test Away From a Cybersecurity Disaster?
Commentary  |  10/21/2020  | 
One cybersecurity failure can result in a successful ransomware attack or data breach that could cause tremendous damage. There's no need to panic, but neither is there time to ignore the issue.
Iranian Cyberattack Group Deploys New PowGoop Downloader Against Mideast Targets
News  |  10/21/2020  | 
Seedworm Group, aka MuddyWater, is also deploying commodity ransomware as part of espionage attacks on companies and government agencies in the Middle East region.
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
Commentary  |  10/21/2020  | 
Attacks involving an unmanaged device and no malware expose gaps in cybersecurity that must be addressed.
Ransomware Attacks Show Little Sign of Slowing in 2021
News  |  10/20/2020  | 
With businesses paying increasingly larger ransoms, attackers remain motivated, say security experts who foresee a rise in attacks.
NSA Reveals the Top 25 Vulnerabilities Exploited by Chinese Nation-State Hackers
Quick Hits  |  10/20/2020  | 
Officials urge organizations to patch the vulnerabilities most commonly scanned for, and exploited by, Chinese attackers.
The Cybersecurity Maturity Model Certification: Are You in Compliance?
Commentary  |  10/20/2020  | 
Not only can this framework help companies remain solvent, but it will also protect critical information from getting into the wrong hands.
Farsight Labs Launched as Security Collaboration Platform
Quick Hits  |  10/20/2020  | 
Farsight Security's platform will offer no-cost access to certain tools and services.
Businesses Rethink Endpoint Security for 2021
News  |  10/20/2020  | 
The mass movement to remote work has forced organizations to rethink their long-term plans for endpoint security. How will things look different next year?
Building the Human Firewall
Commentary  |  10/20/2020  | 
Cybersecurity was a challenge before COVID-19 sent millions of employees home to work from their own devices and networks. Now what?
Trickbot Tenacity Shows Infrastructure Resistant to Takedowns
News  |  10/20/2020  | 
Both the US Cyber Command and a Microsoft-led private-industry group have attacked the infrastructure used by attackers to manage Trickbot -- but with only a short-term impact.
NSS Labs Shuttered
Quick Hits  |  10/19/2020  | 
The testing firm's website says it has "ceased operations" as of Oct. 15.
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
News  |  10/19/2020  | 
US Department of Justice charges members of Sandworm/APT28 for BlackEnergy, NotPetya, Olympic Destroyer, and other major attacks.
GravityRAT Spyware Targets Android & MacOS in India
Quick Hits  |  10/19/2020  | 
The Trojan once used in attacks against Windows systems has been transformed into a multiplatform tool targeting macOS and Android.
IoT Vulnerability Disclosure Platform Launched
Quick Hits  |  10/19/2020  | 
VulnerableThings.com is intended to help vendors meet the terms of a host of new international IoT security laws and regulations.
Microsoft Tops Q3 List of Most-Impersonated Brands
News  |  10/19/2020  | 
The technology sector was also the most likely targeted industry for brand phishing attacks, according to Check Point's latest report on brand phishing.
Trickbot, Phishing, Ransomware & Elections
Commentary  |  10/19/2020  | 
The botnet has taken some hits lately, but that doesn't mean the threat is over. Here are some steps you can take to keep it from your door.
7 Tips for Choosing Security Metrics That Matter
Slideshows  |  10/19/2020  | 
Experts weigh in on picking metrics that demonstrate how the security team is handling operational efficiency and reducing risk.
A New Risk Vector: The Enterprise of Things
Commentary  |  10/19/2020  | 
Billions of devices -- including security cameras, smart TVs, and manufacturing equipment -- are largely unmanaged and increase an organization's risk.
Massive New Phishing Campaigns Target Microsoft, Google Cloud Users
Quick Hits  |  10/16/2020  | 
At least three campaigns are now underway.
US Counterintelligence Director & Fmr. Europol Leader Talk Election Security
News  |  10/16/2020  | 
The US counterintelligence lead joins a former Europol cyber chief to discuss modern election threats and the benefits of public-private collaboration.
Academia Adopts Mitre ATT&CK Framework
News  |  10/16/2020  | 
Security pros and academic researchers discuss the best ways to use MITRE's framework to inform cybersecurity efforts, analyze threats, and teach future workers.
Cybercrime Losses Up 50%, Exceeding $1.8B
Commentary  |  10/16/2020  | 
Fewer companies are being hit by cyber incidents, but those that do get hit are hit harder and more often.
Prolific Cybercrime Group Now Focused on Ransomware
News  |  10/15/2020  | 
Cybercriminal team previously associated with point-of-sale malware and data theft has now moved almost completely into the more lucrative crimes of ransomware and extortion.
US Indicts Members of Transnational Money-Laundering Organization
News  |  10/15/2020  | 
Members of the QQAAZZ group helped cybercriminals conceal origins of stolen funds, DoJ alleges.
Twitter Hack Analysis Drives Calls for Greater Security Regulation
Quick Hits  |  10/15/2020  | 
New York's Department of Financial Services calls for more cybersecurity regulation at social media firms following the "jarringly easy" Twitter breach.
Barnes & Noble Warns Customers About Data Breach
Quick Hits  |  10/15/2020  | 
Famed bookseller says non-financial data was exposed in a new attack.
Overcoming the Challenge of Shorter Certificate Lifespans
Commentary  |  10/15/2020  | 
We could be in the middle of a major transition to shorter and shorter certificate life spans, which has significant implications for how IT organizations manage certificates across the enterprise.
The Ruthless Cyber Chaos of Business Recovery
Commentary  |  10/15/2020  | 
Critical technology initiatives leveraging the best of technology solutions are the only way through the cyber chaos of 2020.
Microsoft Office 365 Accounts a Big Target for Attackers
News  |  10/15/2020  | 
Just as they did with PowerShell for Windows, threat actors are abusing native O365 capabilities for lateral movement, command-and-control communication, and other malicious activity.
Zoom Announces Rollout of End-to-End Encryption
Quick Hits  |  10/14/2020  | 
Phase 1 removes Zoom servers from the key generation and distribution processes.
London Borough of Hackney Investigates 'Serious' Cyberattack
Quick Hits  |  10/14/2020  | 
London's Hackney Council says some services may be slow or unavailable as it looks into a cyberattack affecting services and IT systems.
Assuring Business Continuity by Reducing Malware Dwell Time
Commentary  |  10/14/2020  | 
Here's how CISOs and IT security operations teams can best address key challenges to network monitoring that could increase malware dwell time.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24847
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
CVE-2020-24848
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
CVE-2020-5990
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
CVE-2020-25483
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
CVE-2020-5977
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.