Dark Reading

Electric Utility Hit with Record Fine for Vulnerabilities

03/14/2018
An unnamed power company has consented to a record fine for leaving critical records exposed.

A Secure Enterprise Starts with a Cyber-Aware Staff

03/14/2018
An attack doesn't have to be super high-tech to cause a lot of damage. Make sure your employees know how to spot an old-fashioned phishing campaign.

Medical Apps Come Packaged with Hardcoded Credentials

03/14/2018
A trio of static accounts in EMR and billing software from DocuTrac can lead to serious vulnerabilities in sensitive data bases.

How to Interpret the SEC's Latest Guidance on Data Breach Disclosure

03/14/2018
Forward-looking organizations should view this as an opportunity to reevaluate their cybersecurity posture and install best practices that should have already been in place.

Microsoft Report Details Different Forms of Cryptominers

03/13/2018
A new report explores different ways legitimate and malicious coin miners are appearing in the enterprise.

Microsoft Patch Tuesday: Prioritize Browser Updates

03/13/2018
All of the critical vulnerabilities Microsoft patched on March 13 were within, and related to, browsers.

AMD Investigating Report of Vulnerabilities in its Microprocessors

03/13/2018
Israel-based firm says it found critical bugs in AMD's newest chip families.

What CISOs Should Know About Quantum Computing

03/13/2018
As quantum computing approaches real-world viability, it also poses a huge threat to today's encryption measures.

Google 'Distrust Dates' Are Coming Fast

03/13/2018
All the tools are in place for the migration of SSL digital certificates on a scale that is unprecedented for the certificate authority industry. Are you ready?

Microsoft Remote Access Protocol Flaw Affects All Windows Machines

03/13/2018
Attackers can exploit newly discovered critical crypto bug in CredSSP via a man-in-the-middle attack and then move laterally within a victim network.

What's the C-Suite Doing About Mobile Security?

03/13/2018
While most companies have security infrastructure for on-premises servers, networks, and endpoints, too many are ignoring mobile security. They'd better get moving.

Malware 'Cocktails' Raise Attack Risk

03/13/2018
Malware mash-ups hiding in encrypted traffic are boosting attack numbers and increasing the danger to data, according to recent reports.

Asia's Security Leaders Feel Underprepared for Future Threats: Report

03/12/2018
A new study highlights major concerns of cybersecurity leaders in Asia, where most fear critical infrastructure attacks, advanced threats, and social engineering.

Malware Leveraging PowerShell Grew 432% in 2017

03/12/2018
Cryptocurrency mining and ransomware were other major threats.

Chinese APT Backdoor Found in CCleaner Supply Chain Attack

03/12/2018
Avast discovers ShadowPad tool for use in apparent planned third stage of the targeted attack campaign.

FlawedAmmyy RAT Campaign Puts New Spin on Old Threat

03/12/2018
A remote access Trojan, in use since 2016, has a new tactic: combining zip files with the SMB protocol to infect target systems.

Disappearing Act: Dark Reading Caption Contest Winners

03/12/2018
A standout field with hysterical puns about security policies, Meltdown, Amazon Web Services, and the right to be forgotten. And the winner is ...

Georgia Man Pleads Guilty to Business Email Compromise Attacks

03/12/2018
Kerby Rigaud has pleaded guilty to using BEC attacks in attempts to steal more than $1 million from US businesses.

CyberArk Buys Vaultive for Privileged Account Security Technology

03/12/2018
The account security firm will use Vaultive's tech to protect privileged users at heightened risk for cyberattacks.

IoT Product Safety: If It Appears Too Good to Be True, It Probably Is

03/12/2018
Proposed new connected-product repair laws will provide hackers with more tools to make our lives less secure.