Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content
Page 1 / 2   >   >>
Phishers Try 'Text Direction Deception' Technique to Bypass Email Filters
News  |  4/2/2020  | 
With COVID-19 concerns running high, attackers are trying new tactics to get to users.
A Day in The Life of a Pen Tester
News  |  4/2/2020  | 
Two penetration testers share their day-to-day responsibilities, challenges they encounter, and the skills they value most on the job.
Bad Bots Build Presence Across the Web
Quick Hits  |  4/2/2020  | 
Bots that mimic human behavior are driving a growing percentage of website traffic while contributing to an avalanche of misinformation.
Companies Are Failing to Deploy Key Solution for Email Security
News  |  4/2/2020  | 
A single -- albeit complex-to-deploy -- technology could stop the most expensive form of fraud, experts say. Why aren't more companies adopting it?
Prioritizing High-Risk Assets: A 4-Step Approach to Mitigating Insider Threats
Commentary  |  4/2/2020  | 
Sound insider threat detection programs combine contextual data and a thorough knowledge of employee roles and behaviors to pinpoint the biggest risks.
5 Ways Enterprises Inadvertently Compromise Their Network Security
Quick Hits  |  4/2/2020  | 
Is your organization carelessly leaving its networks vulnerable to invasion? Check out these five common oversights to see if your resources are at risk.
A Hacker's Perspective on Securing VPNs As You Go Remote
Commentary  |  4/2/2020  | 
As organizations rush to equip and secure their newly remote workforce, it's important to keep things methodical and purposeful
COVID-19: Latest Security News & Commentary
News  |  4/2/2020  | 
Check out Dark Reading's updated, exclusive news and commentary surrounding the coronavirus pandemic.
Best Practices to Manage Third-Party Cyber-Risk Today
Commentary  |  4/2/2020  | 
Bold new thinking is needed to solve the rapidly evolving challenge of third-party risk management.
New Magecart Skimmer Infects 19 Victim Websites
Quick Hits  |  4/2/2020  | 
MakeFrame, named for its ability to make iframes for skimming payment data, is attributed to Magecart Group 7.
Vulnerability Researchers Focus on Zoom App's Security
News  |  4/2/2020  | 
With videoconferencing's rise as an essential tool for remote work comes a downside: more security scrutiny, which has turned up a number of security weaknesses.
Attackers Leverage Excel File Encryption to Deliver Malware
News  |  4/1/2020  | 
Technique involves saving malicious Excel file as "read-only" and tricking users into opening it, Mimecast says.
Why All Employees Are Responsible for Company Cybersecurity
Commentary  |  4/1/2020  | 
It's not just the IT and security team's responsibility to keep data safe -- every member of the team needs to be involved.
Active Directory Attacks Hit the Mainstream
Commentary  |  4/1/2020  | 
Understanding the limitations of authentication protocols, especially as enterprises link authentication to cloud services to Active Directory, is essential for security teams in the modern federated enterprise.
Microsoft Alerts Healthcare to Human-Operated Ransomware
News  |  4/1/2020  | 
Microsoft has notified dozens of hospitals with vulnerable gateway and VPN appliances in their infrastructure, which could put them at risk.
The SOC Emergency Room Faces Malware Pandemic
Commentary  |  4/1/2020  | 
To keep users and networks healthy and secure, security teams need to mimic countries that have taken on COVID-19 with a rapid, disciplined approach.
Major Cloud, CDN Providers Join Secure Routing Initiative
News  |  4/1/2020  | 
Akamai, AWS, Azion, Cloudflare, Facebook, and Netflix are now members of the Mutually Agreed Norms for Routing Security (MANRS) effort.
Defense Evasion Dominated 2019 Attack Tactics
News  |  3/31/2020  | 
Researchers mapped tactics and techniques to the MITRE ATT&CK framework to determine which were most popular last year.
Researchers Uncover Unsophisticated - But Creative - Watering-Hole Attack
News  |  3/31/2020  | 
Holy Water campaign is targeting users of a specific religious and ethnic group in Asia, Kaspersky says.
Data from 5.2M Marriott Loyalty Program Members Hit by Breach
Quick Hits  |  3/31/2020  | 
The data was breached through the credentials of two franchisee employees.
Why Third-Party Risk Management Has Never Been More Important
Commentary  |  3/31/2020  | 
Given today's coronavirus pandemic, the need for companies to collect cybersecurity data about their business partners is more critical than ever. Here's how to start.
Patching Poses Security Problems with Move to More Remote Work
News  |  3/31/2020  | 
Security teams were not ready for the wholesale move to remote work and the sudden expansion of the attack surface area, experts say.
Palo Alto Networks to Buy CloudGenix for $420M
Quick Hits  |  3/31/2020  | 
Palo Alto Networks plans to integrate CloudGenix's SD-WAN technology into its Prisma SASE platform following the deal.
Does the 2020 Online Census Account for Security Risk?
News  |  3/31/2020  | 
Experts discuss the security issues surrounding a census conducted online and explain how COVID-19 could exacerbate the risk.
How Much Downtime Can Your Company Handle?
Commentary  |  3/31/2020  | 
Why every business needs cyber resilience and quick recovery times.
Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
Slideshows  |  3/31/2020  | 
These products and services could be of immediate help to infosec pros now protecting their organizations while working from home.
Researchers Spot Sharp Increase in Zoom-Themed Domain Registrations
News  |  3/30/2020  | 
Attackers are attempting to take advantage of the surge in teleworking prompted by COVID-19, Check Point says.
Microsoft Edge Will Tell You If Credentials Are Compromised
Quick Hits  |  3/30/2020  | 
Password Monitor, InPrivate mode, and ad-tracking prevention are three new additions to Microsoft Edge.
HackerOne Drops Mobile Voting App Vendor Voatz
Quick Hits  |  3/30/2020  | 
Bug bounty platform provider cited "Voatz's pattern of interactions with the research community" in its decision to halt the app vendor's vuln disclosure program on HackerOne.
Securing Your Remote Workforce: A Coronavirus Guide for Businesses
Commentary  |  3/30/2020  | 
Often the hardest part in creating an effective awareness program is deciding what NOT to teach.
Malicious USB Drive Hides Behind Gift Card Lure
Quick Hits  |  3/27/2020  | 
Victims are being enticed to insert an unknown USB drive into their computers.
Virgin Media Could Pay 4.5B for Leak Affecting 900,000 Customers
Quick Hits  |  3/27/2020  | 
A misconfigured database holding personal data was left available online between April 2019 and February 2020.
The Wild, Wild West(world) of Cybersecurity
Commentary  |  3/27/2020  | 
Though set in the future, HBO's "Westworld" works as an allegory for the present moment in cybersecurity.
Purported Brute-Force Attack Aims at Linksys Routers as More People Work Remotely
News  |  3/27/2020  | 
The attack takes control of poorly secured network devices, redirecting Web addresses to a COVID-themed landing page that attempts to fool victims into downloading malware.
Cyber Version of 'Justice League' Launches to Fight COVID-19 Related Hacks
News  |  3/26/2020  | 
Goal is to help organizations especially healthcare entities protect against cybercriminals trying to take advantage of the pandemic.
Insurance Giant Chubb Might Be Ransomware Victim
Quick Hits  |  3/26/2020  | 
A ransomware operator claims to have successfully attacked Chubb Insurance databases.
How Zoom, Netflix, and Dropbox are Staying Online During the Pandemic
News  |  3/26/2020  | 
Inside the efforts to keep the quarantined world's popular Internet services running smoothly.
10 Security Services Options for SMBs
Slideshows  |  3/26/2020  | 
Outsourcing security remains one of the best ways for small to midsize businesses to protect themselves from cyberthreats.
Security Not a Priority for SAP Projects, Users Report
Quick Hits  |  3/26/2020  | 
Nearly 70% of SAP users surveyed believe organizations lacked focus on IT security during previous SAP implementations.
3 Mobile Security Problems That Most Security Teams Haven't Fixed Yet
Commentary  |  3/26/2020  | 
Mobility must be included in the security operations workflow so that company data is protected regardless of where remote workers are located.
Technology Empowers Pandemic Response, But Privacy Worries Remain
News  |  3/26/2020  | 
As technology companies and the medical community work to find ways to track and test for the virus, privacy might fall by the wayside.
Introducing Zero-Trust Access
Commentary  |  3/26/2020  | 
It's too early to tell whether ZTA will be a VPN killer or not, but major players are ramping up products in this new class of security technology that focuses on the cloud.
China-Based Threat Group Launches Widespread Malicious Campaign
News  |  3/26/2020  | 
The motives behind the attacks remain unclear, but likely triggers include the ongoing trade war between the US and China and the unfolding COVID-19 pandemic.
Missing Patches, Misconfiguration Top Technical Breach Causes
News  |  3/25/2020  | 
Less than half of businesses surveyed can patch critical vulnerabilities within 72 hours. Why does the process take so long?
Tupperware Hit by Card Skimmer Attack
Quick Hits  |  3/25/2020  | 
Malicious code was found hidden inside graphics files on the storage container maker's e-commerce website.
Do DevOps Teams Need a Company Attorney on Speed Dial?
Commentary  |  3/25/2020  | 
In today's regulatory and legislative environment, companies and individuals are exposed to lawsuits over security breaches, resulting in significant fines and ending careers.
FBI Shutters Russian-Based Hacker Platform, Makes Arrest
Quick Hits  |  3/25/2020  | 
The Deer.io platform let cybercriminals buy access to virtual storefronts where they could sell illicit products and services.
COVID-19: Getting Ready for the Next Business Continuity Challenge
Commentary  |  3/25/2020  | 
What comes after you've empowered your remote workforce in the wake of the coronavirus pandemic? Dealing with a large portion of that workforce getting sick at the same time.
How Attackers Could Use Azure Apps to Sneak into Microsoft 365
News  |  3/24/2020  | 
Researchers warn Microsoft 365 account holders to pay attention to unknown applications that request permissions.
Malware Found Hidden in Android Utility Apps, Children's Games
Quick Hits  |  3/24/2020  | 
The 'Tekya' malware, as researchers call it, is designed to imitate the user's actions to click advertisements.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19914
PUBLISHED: 2020-04-03
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2020-5283
PUBLISHED: 2020-04-03
ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS show_subdir_lastmod support. The impact of this vulnerability is mitigated by the need for an attacker to have commit privileges to a CVS repository exposed by an otherwise trusted ViewVC instance that also has the `show_subdir_l...
CVE-2020-11498
PUBLISHED: 2020-04-02
Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tun_darwin.go or tun_windows.go. A user can also use Nebula to execute arbitrary code in the user's own context, e.g., for user-level persistenc...
CVE-2020-11499
PUBLISHED: 2020-04-02
Firmware Analysis and Comparison Tool (FACT) 3 has Stored XSS when updating analysis details via a localhost web request, as demonstrated by mishandling of the tags and version fields in helperFunctions/mongo_task_conversion.py.
CVE-2020-7628
PUBLISHED: 2020-04-02
install-package through 1.1.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the device function.