By Lisa Vaas on Nov 21, 2019 07:18 am
If you downloaded the Monero command line wallet recently, check it before using it.
By Elizabeth Montalbano on Nov 21, 2019 07:05 am
Check Point researchers found that hundreds of marquee Android mobile apps still contain vulnerabilities that allow remote code-execution even if users update.
By Jai Vijayan Contributing Writer on Nov 20, 2019 07:00 pm
Online shoppers need to be wary about domain spoofing, fraudulent giveaways, and other scams, ZeroFOX study shows.
By Sean Lyngaas on Nov 20, 2019 06:25 pm
Jeanette Manfra, a senior cybersecurity official at the Department of Homeland Security, plans to step down from her position, according to multiple sources familiar with the matter. DHS officials are preparing an internal announcement about Manfra’s departure that could come as soon as this week, two sources told CyberScoop. Manfra has been a key liaison for the agency, speaking about cyberthreats to U.S. supply chains, election infrastructure, and industrial control systems to both the private sector and Congress. She has also represented DHS at top cybersecurity conferences like RSA and DEF CON. Over the course of her tenure, Manfra took on increasingly senior and cybersecurity-focused roles, culminating in her becoming assistant director at DHS’s Cybersecurity and Infrastructure Security Agency (CISA) last year. In a speech last year, she likened supply-chain vulnerabilities to a “digital public health crisis.” It was not immediately clear who would replace her. One source told CyberScoop that officials had a replacement in mind, but declined […]
The post Senior DHS cyber official Jeanette Manfra to step down appeared first on CyberScoop.
By Sara Peters Senior Editor at Dark Reading on Nov 20, 2019 06:00 pm
Need a 101 lesson on Web application firewalls? Here's your crib sheet on what a WAF is, how it works, and what to look for when you're in the market for a new solution.
By Lisa Vaas on Nov 20, 2019 05:12 pm
Twitter wagged its finger at the UK's Conservative party for renaming its press account "factcheckUK" during a live TV debate.
By Tara Seals on Nov 20, 2019 05:00 pm
The Coalition Against Stalkerware launched this week, with the aim of offering a centralized location for helping victims of stalkerware, as well as defining what stalkerware is in the first place.
By Robert Lemos Contributing Writer on Nov 20, 2019 04:52 pm
Organizations that have not yet applied a pair of months-old critical patches from Oracle for E-Business Suite are at risk of attacks on their financial systems, the application security firm says.
By Dark Reading Staff on Nov 20, 2019 04:50 pm
External Key Manager and Key Access Justification are intended to give organizations greater visibility into requests for data access.
By Lindsey O'Donnell on Nov 20, 2019 04:04 pm
In scope RCE Mozilla bug bounty payouts have also tripled to reach $15,000.
By Tom Spring on Nov 20, 2019 02:41 pm
Linux users running the enterprise-search platform Solr are potentially vulnerable to remote code execution attack.
By Michael J. Covington Vice President of Product Strategy at Wandera on Nov 20, 2019 02:00 pm
Why businesses need guidelines for managing their employees' personal information -- without compromising on security.
By Kelly Sheridan Staff Editor, Dark Reading on Nov 20, 2019 01:15 pm
Theresa Payton explains the strategies organizations should consider as they integrate layers of new technology.
By Jeff Stone on Nov 20, 2019 12:31 pm
Bug bounty researchers probing for vulnerabilities in Mozilla software now will be tempted with more cash after the browser-maker doubled most of its rewards and expanded the list of targets. In a blog post Tuesday, Mozilla said it’s marking the 15-year anniversary of its Firefox browser by dedicating a higher budget to its bounty program. Rewards for critical, core and other Mozilla sites are doubled, while remote code-execution vulnerabilities now are worth up to $15,000 on critical sites. Meanwhile, Mozilla also is asking researchers to try hacking its Autograph cryptography service, its Lando code repository tool, the Phabricator, which reviews code changes in Firefox, and Taskcluster, the framework for continuous integration, among others. “We hope the new sites and increased payments will encourage [researchers] to have another look at our sites and help us keep them safe for everyone who uses the web,” Simon Bennetts, a security automation engineer, said […]
The post Mozilla ups bug bounty rewards to $15,000 on critical sites appeared first on CyberScoop.
By Lindsey O'Donnell on Nov 20, 2019 12:20 pm
Further details of the flaw, which has recently been patched by Microsoft, were disclosed Tuesday by researchers.
By Tara Seals on Nov 20, 2019 12:00 pm
The majority give outside partners, contractors and suppliers administrative access -- without strong security policies in place.
By Alex Wawro, Special to Dark Reading on Nov 20, 2019 12:00 pm
Researchers Leigh-Anne Galloway and Tim Yunusov chat about their work testing Visa's contactless payments security system vulnerabilities.
By Tanner Johnson Senior Analyst, Connectivity & IoT, IHS Markit on Nov 20, 2019 10:00 am
SIM swaps, insecure web design, phishing, and channel-jacking are four ways attackers are circumventing MFA technology, according to the FBI.
By Jeff Stone on Nov 20, 2019 09:33 am
As a court weighs the proposed class action settlement stemming from Equifax’s 2017 data breach, an independent legal watchdog is saying the agreement fails to treat victims equally. The nonprofit Center for Class Action Fairness, which advocates on behalf of consumers involved in class action suits, said in a court filing Tuesday the Equifax settlement — which proponents value at $700 million — “flunks” federal requirements for fairness and adequacy. This is the same agreement that Equifax said would include up to $425 million for customers who were affected by the data breach, which compromised information about 147 million Americans. After suggesting individual customers could be paid up t o $125 under certain conditions or accept free credit monitoring, Equifax introduced new requirements forcing Americans to prove they had credit monitoring in place at the time of the breach, otherwise they would be paid nothing. The terms of the deal could result in […]
The post Consumer watchdog says Equifax settlement 'flunks' fairness test appeared first on CyberScoop.
By Elizabeth Montalbano on Nov 20, 2019 09:03 am
The passwords of more than 2.2 million users of a gaming and cryptocurrency website were dumped online after dual data breaches.
By Dark Reading Staff on Nov 20, 2019 09:00 am
Unauthorized activities could be triggered even if a phone is locked, its screen is turned off, or a person is in the middle of a call.