var _hmt = _hmt || []; (function() { var hm = document.createElement("script"); hm.src = "https://hm.baidu.com/hm.js?d387e539c1f2d34f09a9afbac8032280"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(hm, s); })();

7x彩票网appDark Reading is part of the Informa Tech Division of Informa PLC

7x彩票网appThis site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content
Page 1 / 2   >   >>
2017 Data Breach Will Cost Equifax at Least $1.38 Billion
News  |  1/15/2020  | 
Company agrees to set aside a minimum of $380.5 million as breach compensation and spend another $1 billion on transforming its information security over the next five years. The 147 million US consumers affected by the breach have one week from today to file a claim.
Google Lets iPhone Users Turn Device into Security Key
News  |  1/15/2020  | 
The iPhone can now be used in lieu of a physical security key as a means of protecting Google accounts.
Why Firewalls Aren't Going Anywhere
Commentary  |  1/15/2020  | 
Written off multiple times as obsolete, firewalls continue to elude demise by adding features and ensuring that VPNs keep humming.
New Report Spotlights Changes in Phishing Techniques
News  |  1/15/2020  | 
Common and evolving strategies include the use of zero-font attacks, homograph attacks, and new tactics for fake attachments.
ISACs Join Forces to Secure the Travel Industry
Quick Hits  |  1/15/2020  | 
Together, the Travel & Hospitality ISAC and the Retail & Hospitality ISAC intend to improve communications and collaboration about the evolving threat landscape.
How SD-WAN Helps Achieve Data Security and Threat Protection
Commentary  |  1/15/2020  | 
Enterprises currently consider the technology a best practice because of its flexibility, scalability, performance, and agility.
Microsoft Patches Windows Vuln Discovered by the NSA
News  |  1/14/2020  | 
The National Security Agency is publicly acknowledged for its finding and reporting of CVE-2020-0601, marking the start of what it says is a new approach to security.
Cloud Adoption & Technology Change Create Gaps in Enterprise Security
News  |  1/14/2020  | 
Many companies are struggling to get a handle on risk exposure because of visibility issues, Radware survey shows.
'Fancy Bear' Targets Ukrainian Oil Firm Burisma in Phishing Attack
Quick Hits  |  1/14/2020  | 
The oil & gas company is at the heart of the ongoing US presidential impeachment case.
Google: Chrome Will Remove Third-Party Cookies and Tracking
Quick Hits  |  1/14/2020  | 
It's "not about blocking" but removing them altogether, the company said.
Attackers Increasingly Focus on Business Disruption
News  |  1/14/2020  | 
Network intruders are staying undetected for an average of 95 days, enabling them to target critical systems and more completely disrupt business.
Global Predictions for Energy Cyber Resilience in 2020
Commentary  |  1/14/2020  | 
How prepared is the energy sector for an escalating attack surface in the operating technology environment? Here are five trends to watch.
Consumer Reports Calls for IoT Manufacturers to Raise Security Standards
Quick Hits  |  1/14/2020  | 
A letter to 25 companies says Consumer Reports will change ratings to reflect stronger security and privacy standards.
Dustman Attack Underscores Iran's Cyber Capabilities
News  |  1/14/2020  | 
For nearly six months, an attack group linked to Iran reportedly had access to the network of Bahrain's national oil company, Bapco, before it executed a destructive payload.
Processor Vulnerabilities Put Virtual Workloads at Risk
Commentary  |  1/14/2020  | 
Meltdown, Spectre exploits will likely lead to customers making tradeoffs between performance and security of applications, especially virtual and cloud-based apps
Industrial Control System Features at Risk
News  |  1/14/2020  | 
How some ICS product functions can be weaponized by altering their configurations.
Microsoft to Officially End Support for Windows 7, Server 2008
News  |  1/13/2020  | 
Windows 7 and Server 2008 will continue to work after Jan. 14, 2020, but will no longer receive security updates.
Website Collecting Australian Fire Donations Hit by Magecart
Quick Hits  |  1/13/2020  | 
The attack may have compromised donors' payment information.
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
News  |  1/13/2020  | 
Organizations need to apply mitigations for vulnerability in Citrix Application Delivery Controller and Citrix Gateway ASAP, security researchers say.
Texas School District Loses $2.3M to Phishing Attack
Quick Hits  |  1/13/2020  | 
The Manor Independent School District is investigating a phishing email scam that led to three separate fraudulent transactions.
Will This Be the Year of the Branded Cybercriminal?
Commentary  |  1/13/2020  | 
Threat actors will continue to grow enterprise-style businesses that evolve just like their legitimate counterparts.
Synopsys Buys Tinfoil
Quick Hits  |  1/10/2020  | 
Tinfoil Security's dynamic application and API security testing capabilities will be added to Synopsys Software Integrity Group.
Major Brazilian Bank Tests Homomorphic Encryption on Financial Data
News  |  1/10/2020  | 
The approach allowed researchers to use machine learning on encrypted data without first decrypting it.
Indian National Pleads Guilty to Multimillion-Dollar Call Center Scam
Quick Hits  |  1/10/2020  | 
The India-based call centers scammed US victims out of millions of dollars between 2013 and 2016.
5 Tips on How to Build a Strong Security Metrics Framework
Commentary  |  1/10/2020  | 
The carpentry maxim "measure twice, cut once" underscores the importance of timely, accurate, and regular metrics to inform security leaders' risk decisions.
Study Points to Lax Focus on Cybersecurity
News  |  1/10/2020  | 
Despite ranking at the top of respondents' concerns, organizations still show gaps in acting on cybersecurity, Society for Information Management (SIM) report finds.
Attackers Increase Focus on North American Electric Utilities: Report
News  |  1/9/2020  | 
Electric utilities continue to be a target of nation-state attackers, even before the latest tensions between Iran and the United States, says a critical-infrastructure security firm.
Chinese Malware Found Preinstalled on US Government-Funded Phones
News  |  1/9/2020  | 
Researchers found unremovable malware preinstalled in the Unimax U686CL, a budget Android device sold by Assurance Wireless.
TrickBot Group Adds New PowerShell-Based Backdoor to Arsenal
News  |  1/9/2020  | 
PowerTrick is sort of a custom-version of PowerShell Empire and can be used to download additional malware, SentinelOne says.
AWS Issues 'Urgent' Warning for Database Users to Update Certs
Quick Hits  |  1/9/2020  | 
Users of AWS Aurora, DocumentDB, and RDS databases must download and install a fresh certificate and rotate the certificate authority.
Operationalizing Threat Intelligence at Scale in the SOC
Commentary  |  1/9/2020  | 
Open source platforms such as the Malware Information Sharing Platform are well positioned to drive a community-based approach to intelligence sharing.
7 Free Tools for Better Visibility Into Your Network
Slideshows  |  1/9/2020  | 
It's hard to protect what you don't know is there. These free tools can help you understand just what it is that you need to protect -- and need to protect yourself from.
Rockwell Automation to Buy ICS Security Services Firm
Quick Hits  |  1/9/2020  | 
Industrial control systems vendor plans to acquire Avnet Data Security, which provides penetration testing, assessments, training, and managed network and security services for the ICS sector.
Las Vegas Suffers Cyberattack on First Day of CES
Quick Hits  |  1/8/2020  | 
The attack, still under investigation, hit early in the morning of Jan. 7.
Developers Still Don't Properly Handle Sensitive Data
News  |  1/8/2020  | 
The top classes of vulnerabilities for 2019 indicate that developers still don't correctly sanitize inputs, nor protect passwords and keys as they should.
Google's Project Zero Policy Change Mandates 90-Day Disclosure
Quick Hits  |  1/8/2020  | 
The updated disclosure policy aims to achieve more thorough and improved patch development, Google reports.
TikTok Bugs Put Users' Videos, Personal Data At Risk
News  |  1/8/2020  | 
Researchers found it was possible to spoof SMS messages from TikTok and exploit an API flaw that could grant access to users' personal data.
The "Art of Cloud War" for Business-Critical Data
Commentary  |  1/8/2020  | 
How business executives' best intentions may be negatively affecting security and risk mitigation strategies -- and exposing weaknesses in organizational defenses.
DHS Warns of Potential Iranian Cyberattacks
News  |  1/7/2020  | 
Recent US military action in Baghdad could prompt retaliatory attacks against US organizations, it says.
Cloudflare Adds New Endpoint, Web Security Service
News  |  1/7/2020  | 
"Teams" and a new browser security acquisition expand the cloud firm's security offerings.
The Discovery and Implications of 'MDB Leaker'
News  |  1/7/2020  | 
The "MDB Leaker" vulnerability in the Microsoft Access Database could lead to a memory leak if left unpatched.
Accenture to Buy Symantec's Cyber Security Services
Quick Hits  |  1/7/2020  | 
The purchase, for an undisclosed amount, is scheduled to close in March.
Insight Partners Acquires Armis at $1.1B Valuation
Quick Hits  |  1/7/2020  | 
This deal marks the largest-ever acquisition of a private Israeli cybersecurity company, Armis' co-founders report.
New Standards Set to Reshape Future of Email Security
Commentary  |  1/7/2020  | 
Emerging specs and protocols expected to make the simple act of opening an email a less risky proposition
Widely Known Flaw in Pulse Secure VPN Being Used in Ransomware Attacks
News  |  1/6/2020  | 
New Year's Eve attack on currency exchange service Travelex may have involved use of the flaw.
Malicious Google Play Apps Linked to SideWinder APT
News  |  1/6/2020  | 
The active attack involving three malicious Android applications is the first exploiting CVE-2019-2215, Trend Micro researchers report.
US Government Publishing Office Website Defaced
Quick Hits  |  1/6/2020  | 
The Federal Depository Library Program (FDLP) website was attacked by a group of hackers claiming to represent the government of Iran.
Mimecast Acquires Segasec to Boost Phishing Defense
Quick Hits  |  1/6/2020  | 
Segasec's technology will be integrated into Mimecast's email and Web security services to identify malicious domains.
Client-Side JavaScript Risks & the CCPA
Commentary  |  1/6/2020  | 
How California's new privacy law increases the liability for securing Web-facing user data, and what enterprises can do to mitigate their risk.
Ransomware Victim Southwire Sues Maze Operators
News  |  1/3/2020  | 
Attackers demanded $6 million from the wire and cable manufacturer when they launched a December ransomware campaign.
Page 1 / 2   >   >>


Major Brazilian Bank Tests Homomorphic Encryption on Financial Data
Kelly Sheridan, Staff Editor, Dark Reading,  1/10/2020
7 Free Tools for Better Visibility Into Your Network
Curtis Franklin Jr., Senior Editor at Dark Reading,  1/9/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
7x彩票网app Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

PUBLISHED: 2020-01-16
The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ld-profile search field.

PUBLISHED: 2020-01-16
The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/DisplayFAQs.php.

PUBLISHED: 2020-01-16
In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <= to resolve off-by-one errors.

PUBLISHED: 2020-01-16
In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by validating opcodes.

PUBLISHED: 2020-01-16
async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference because malloc return values are unchecked.
66?????? 7072???? 7073???? 689????? 963???? 66????? 7073???? 7073???? 66???app 8????app