Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content
Page 1 / 2   >   >>
Phishing Campaign Targets Mobile Banking Users
News  |  2/14/2020  | 
Consumers in dozens of countries were targeted, Lookout says.
Palm Beach Elections Office Hit with Ransomware Pre-2016 Election
Quick Hits  |  2/14/2020  | 
Palm Beach County's elections supervisor does not believe the attack is linked to Russian hacking attempts targeting Florida.
Ovum to Expand Cybersecurity Research Under New Omdia Group
News  |  2/14/2020  | 
Informa Tech combines Ovum, Heavy Reading, Tractica, and IHS Markit research.
DHS Warns of Cyber Heartbreak
Quick Hits  |  2/14/2020  | 
Fraudulent dating and relationship apps and websites raise the risks for those seeking online romance on Valentine's Day.
The 5 Love Languages of Cybersecurity
Commentary  |  2/14/2020  | 
When it comes to building buy-in from the business, all cybersecurity needs is love -- especially when it comes to communication.
DDoS Attacks Nearly Double Between Q4 2018 and Q4 2019
News  |  2/13/2020  | 
Peer-to-peer botnets, TCP reflection attacks, and increased activity on Sundays are three DDoS attack trends from last quarter.
Architectural Analysis IDs 78 Specific Risks in Machine-Learning Systems
News  |  2/13/2020  | 
The new threat model hones in on ML security at the design state.
Babel of IoT Authentication Poses Security Challenges
News  |  2/13/2020  | 
With more than 80 different schemes for authenticating devices either proposed or implemented, best practices and reference architectures are sorely needed, experts say.
Huawei Charged with RICO Violations in Federal Court
Quick Hits  |  2/13/2020  | 
A new set of indictments adds conspiracy to violate RICO statutes to a list of existing charges against the Chinese telecommunications giant.
7 Tax Season Security Tips
Slideshows  |  2/13/2020  | 
Security pros need be on high alert from now until Tax Day on April 15. Here are seven ways to help keep your company safe.
Small Business Security: 5 Tips on How and Where to Start
Commentary  |  2/13/2020  | 
There is no one-size-fits-all strategy for security, but a robust plan and the implementation of new technologies will help you and your IT team sleep better.
Apps Remain Favorite Mobile Attack Vector
Quick Hits  |  2/13/2020  | 
Mobile apps are used in nearly 80% of attacks targeting mobile devices, followed by network and operating system attacks.
Forget Hacks... Ransomware, Phishing Are Election Year's Real Threats
Commentary  |  2/13/2020  | 
As we gear up for the voting season, let's put aside any links between foreign interference and voting machine security and focus on the actual risks threatening election security.
Third-Party Breaches and the Number of Records Exposed Increased Sharply in 2019
News  |  2/12/2020  | 
Each breach exposed an average of 13 million records, Risk Based Security found.
Avast Under Investigation by Czech Privacy Agency
Quick Hits  |  2/12/2020  | 
The software security maker is suspected of selling data about more than 100 million users to companies including Google, Microsoft, and Home Depot.
FBI: Business Email Compromise Cost Businesses $1.7B in 2019
News  |  2/12/2020  | 
BEC attacks comprised nearly half of cybercrime losses last year, which totaled $3.5 billion overall as Internet-enabled crimes ramped up.
Stop Defending Everything
Commentary  |  2/12/2020  | 
Instead, try prioritizing with the aid of a thorough asset inventory.
5G Adoption Should Change How Organizations Approach Security
News  |  2/12/2020  | 
With 5G adoption, businesses will be able to power more IoT devices and perform tasks more quickly, but there will be security ramifications.
5 Common Errors That Allow Attackers to Go Undetected
Commentary  |  2/12/2020  | 
Make these mistakes and invaders might linger in your systems for years.
Healthcare Ransomware Damage Passes $157M Since 2016
Quick Hits  |  2/11/2020  | 
Researchers found the total cost far exceeded the amount of ransom paid to attackers.
Microsoft Patches Exploited Internet Explorer Flaw
News  |  2/11/2020  | 
This month's Patch Tuesday brings fixes for 99 CVEs, including one IE flaw seen exploited in the wild.
Why Ransomware Will Soon Target the Cloud
Commentary  |  2/11/2020  | 
As businesses' daily operations become more dependent on cloud services, ransomware authors will follow to maximize profits. The good news: Many of the best practices for physical servers also apply to the cloud.
Cybercriminals Swap Phishing for Credential Abuse, Vuln Exploits
News  |  2/11/2020  | 
Infection vectors were evenly divided among phishing, vulnerability exploitation, and unauthorized credential use in 2019.
Macs See More Adware, Unwanted Apps Than PCs
News  |  2/11/2020  | 
The latest data from Malwarebytes show the average Mac sees almost twice as many bad apps as Windows systems, but actual malware continues to be scarce.
CIA's Secret Ownership of Crypto AG Enabled Extensive Espionage
Quick Hits  |  2/11/2020  | 
Crypto AG made millions selling encryption devices to more than 120 countries, which unknowingly transmitted intel back to the CIA.
Keeping a Strong Security Metrics Framework Strong
Commentary  |  2/11/2020  | 
Don't just report metrics -- analyze, understand, monitor, and adjust them. These 10 tips will show you how.
How North Korea's Senior Leaders Harness the Internet
News  |  2/10/2020  | 
Researchers learn how North Korea is expanding its Internet use in order to generate revenue and bypass international sanctions.
Some Democrats Lead Trump in Campaign Domain-Security Efforts
News  |  2/10/2020  | 
Sanders and Trump campaigns lack proper DMARC security enforcement, study finds.
Israel's Entire Voter Registry Exposed in Massive Incident
Quick Hits  |  2/10/2020  | 
Personal details of nearly 6.5 million Israelis were out in the open after the entire registry was uploaded to an notably insecure app.
China's Military Behind 2017 Equifax Breach: DoJ
News  |  2/10/2020  | 
Four members of China's People Liberation Army hacked the information broker, leading to the theft of sensitive data on approximately 145 million citizens.
Unlocked S3 Bucket Lets 36,077 Jail Files Escape
Quick Hits  |  2/10/2020  | 
The leaky repository belongs to JailCore, a cloud management and compliance platform used in several states' correctional facilities.
6 Factors That Raise The Stakes For IoT Security
Slideshows  |  2/10/2020  | 
Developments that exacerbate the risk and complicate making Internet of Things devices more secure.
Day in the Life of a Bot
Commentary  |  2/10/2020  | 
A typical workday for a bot, from its own point of view.
Google Takeout Serves Up Video Files to Strangers
Quick Hits  |  2/7/2020  | 
A limited number of user videos were shared with others in a five-day incident from November.
CCPA and GDPR: The Data Center Pitfalls of the 'Right to be Forgotten'
News  |  2/7/2020  | 
Compliance with the new privacy rules doesn't always fall on data center managers, but when it does, it's more difficult than it may sound.
RobbinHood Kills Security Processes Before Dropping Ransomware
News  |  2/7/2020  | 
Attackers deploy a legitimate, digitally signed hardware driver to delete security software from machines before encrypting files.
5 Measures to Harden Election Technology
Commentary  |  2/7/2020  | 
Voting machinery needs hardware-level security. The stakes are the ultimate, and the attackers among the world's most capable.
Researchers Reveal How Smart Lightbulbs Can Be Hacked to Attack
News  |  2/6/2020  | 
New exploit builds on previous research involving Philips Hue Smart Bulbs.
90% of CISOs Would Cut Pay for Better Work-Life Balance
News  |  2/6/2020  | 
Businesses receive $30,000 of 'free' CISO time as security leaders report job-related stress taking a toll on their health and relationships.
Forescout Acquired by Private Equity Team
Quick Hits  |  2/6/2020  | 
The deal, valued at $1.9 billion, is expected to close next quarter.
Cybersecurity Vendor Landscape Transforming as Symantec, McAfee Enter New Eras
Commentary  |  2/6/2020  | 
Two years ago, Symantec and McAfee were both primed for a comeback. Today, both face big questions about their future.
Facebook Tops Imitated Brands as Attackers Target Tech
Quick Hits  |  2/6/2020  | 
Brand impersonators favor Facebook, Yahoo, Network, and PayPal in phishing attempts to steal credentials from victims.
Invisible Pixel Patterns Can Communicate Data Covertly
News  |  2/6/2020  | 
University researchers show that changing the brightness of monitor pixels can communicate data from air-gapped systems in a way not visible to human eyes.
How Can We Make Election Technology Secure?
Commentary  |  2/6/2020  | 
In Iowa this week, a smartphone app for reporting presidential caucus results debuted. It did not go well.
RSAC Sets Finalists for Innovation Sandbox
Slideshows  |  2/6/2020  | 
The 10 finalists will each have three minutes to make their case for being the most innovative, promising young security company of the year.
Vixie: The Unintended Consequences of Internet Privacy Efforts
News  |  2/5/2020  | 
Paul Vixie says emerging encryption protocols for endpoints could "break" security in enterprise - and even home - networks.
Majority of Network, App-Layer DDoS Attacks in 2019 Were Small
News  |  2/5/2020  | 
Attacks turned to cheaper, shorter attacks to try and disrupt targets, Imperva analysis shows.
Department of Energy Adds Attivo Decoys for Critical Infrastructure Security
Quick Hits  |  2/5/2020  | 
The decoys and lures will help redirect attacks away from devices that can't be protected through traditional means.
IoT Malware Campaign Infects Global Manufacturing Sites
News  |  2/5/2020  | 
The infection uses Lemon_Duck PowerShell malware variant to exploit vulnerabilities in embedded devices at manufacturing sites.
Emotet Preps for Tax Season with New Phishing Campaign
Quick Hits  |  2/5/2020  | 
Malicious emails in a new attack campaign contain links and attachments claiming to lead victims to W-9 forms.
Page 1 / 2   >   >>


Stop Defending Everything
Kevin Kurzawa, Senior Information Security Auditor,  2/12/2020
Small Business Security: 5 Tips on How and Where to Start
Mike Puglia, Chief Strategy Officer at Kaseya,  2/13/2020
Architectural Analysis IDs 78 Specific Risks in Machine-Learning Systems
Jai Vijayan, Contributing Writer,  2/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9016
PUBLISHED: 2020-02-16
Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header.
CVE-2020-9013
PUBLISHED: 2020-02-16
Arvato Skillpipe 3.0 allows attackers to bypass intended print restrictions by deleting <div id="watermark"> from the HTML source code.
CVE-2020-9007
PUBLISHED: 2020-02-16
Codoforum 4.8.8 allows self-XSS via the title of a new topic.
CVE-2020-9012
PUBLISHED: 2020-02-16
A cross-site scripting (XSS) vulnerability in the Import People functionality in Gluu Identity Configuration 4.0 allows remote attackers to inject arbitrary web script or HTML via the filename parameter.
CVE-2019-20456
PUBLISHED: 2020-02-16
Goverlan Reach Console before 9.50, Goverlan Reach Server before 3.50, and Goverlan Client Agent before 9.20.50 have an Untrusted Search Path that leads to Command Injection and Local Privilege Escalation via DLL hijacking.