Vulnerabilities / Threats // Advanced Threats
News & Commentary
Large Botnet Comes Back To Life -- With More Malware
Jai Vijayan, Freelance writerNews
The Necurs botnet associated with Dridex and Locky is back after three-week haitus.
By Jai Vijayan Freelance writer, 6/23/2016
Comment0 comments  |  Read  |  Post a Comment
Crypto Ransomware Officially Eclipses Screen-Blocker Ransomware
Jai Vijayan, Freelance writerNews
Encryption malware represented 54 percent of all ransomware in April compared to barely 10 percent a year ago, Kaspersky Lab found.
By Jai Vijayan Freelance writer, 6/22/2016
Comment1 Comment  |  Read  |  Post a Comment
‘Bug Poachers:’ A New Breed of Cybercriminal
Chris Wysopal, CTO, CISO and co-founder, VeracodeCommentary
As if security researchers don’t have enough to worry about, we now have to contend with extortionists who take advantage of the well-established fact that applications are a ripe target for exploitation.
By Chris Wysopal CTO, CISO and co-founder, Veracode, 6/22/2016
Comment0 comments  |  Read  |  Post a Comment
Guccifer 2.0: Red Herring Or Third DNC Hacker?
Jai Vijayan, Freelance writerNews
CrowdStrike and Fidelis say all evidence for intrusions at DNC points to Russian-backed groups.
By Jai Vijayan Freelance writer, 6/21/2016
Comment1 Comment  |  Read  |  Post a Comment
NATO Officially Declares Cyberspace A Domain For War
Dark Reading Staff, Quick Hits
Cyberattack on a NATO ally will now trigger a collective response.
By Dark Reading Staff , 6/17/2016
Comment1 Comment  |  Read  |  Post a Comment
Lone Hacker Taking Credit For DNC Breach Is Likely Russian, Says Researcher
Dark Reading Staff, Quick Hits
'Guccifer 2.0' claimed responsibility for the breach at the Democratic National Committee, then leaked stolen documents about Donald Trump to prove it.
By Dark Reading Staff , 6/17/2016
Comment1 Comment  |  Read  |  Post a Comment
Ransomware, SCADA Access As a Service Emerging Threats For ICS Operators, Report Says
Jai Vijayan, Freelance writerNews
With attacks against industrial control networks increasing so too have the challenges, Booz Allen Hamilton says.
By Jai Vijayan Freelance writer, 6/17/2016
Comment0 comments  |  Read  |  Post a Comment
For $6, Buy Access To Hacked Government Server, On Underground Market
Dark Reading Staff, Quick Hits
Kaspersky uncovers marketplace where criminals buy entry into 70,000 servers from 173 countries to launch cyberattacks.
By Dark Reading Staff , 6/16/2016
Comment1 Comment  |  Read  |  Post a Comment
US, China Agree To Set Up A Cyber Hotline
Dark Reading Staff, Quick Hits
Cooperative efforts between US, China on cybersecurity are moving slowly, with set-up of temporary email addresses listed as a key achievement.
By Dark Reading Staff , 6/16/2016
Comment2 comments  |  Read  |  Post a Comment
FBI: BEC Scam Attempts Amount to $3 Billion
Dark Reading Staff, Quick Hits
FBI warns of rise in business email compromise frauds, says it should be reported immediately.
By Dark Reading Staff , 6/15/2016
Comment0 comments  |  Read  |  Post a Comment
Trump Data Theft Stirs Concerns Of Cyberattacks On Presidential Campaigns
Jai Vijayan, Freelance writerNews
Two Russian cybergroups stole a DNC database containing opposition research on Trump in two unrelated campaigns over past year, Crowdstrike says
By Jai Vijayan Freelance writer, 6/15/2016
Comment0 comments  |  Read  |  Post a Comment
Russian Hackers Breach Democrats To Steal Data On Trump
Dark Reading Staff, Quick Hits
Washington Post: Government-sponsored group hacked Democratic National Committee to access email, chat traffic, and all 'opposition research' on GOP candidate Donald Trump.
By Dark Reading Staff , 6/14/2016
Comment2 comments  |  Read  |  Post a Comment
Ransomware Now Comes With Live Chat Support
Jai Vijayan, Freelance writerNews
Victims of a new version of Jigsaw now have access to live chat operators to help them through the ransom payment process, Trend Micro says.
By Jai Vijayan Freelance writer, 6/10/2016
Comment2 comments  |  Read  |  Post a Comment
US-CERT Warns Of Resurgence In Macro Attacks
Jai Vijayan, Freelance writerNews
Organizations and individuals urged to be proactive in protecting against threat from the 90s.
By Jai Vijayan Freelance writer, 6/9/2016
Comment0 comments  |  Read  |  Post a Comment
University Pays $20K To Ransomware Attackers
Dark Reading Staff, Quick Hits
Cybercriminals infect University of Calgary network with virus, demand ransom to unlock data.
By Dark Reading Staff , 6/9/2016
Comment0 comments  |  Read  |  Post a Comment
Zcrypt Ransomware: Old Wine In A New Bottle
Jai Vijayan, Freelance writerNews
Malware authors have combined old and new approaches to try and sneak Zcrypt past defenses, Check Point says.
By Jai Vijayan Freelance writer, 6/8/2016
Comment0 comments  |  Read  |  Post a Comment
Top Security To-Dos For The Entertainment Industry
Sara Peters, Senior Editor at Dark ReadingNews
'The biz' has unique security needs. And it isn't only about preventing 'the next Sony.'
By Sara Peters Senior Editor at Dark Reading, 6/6/2016
Comment1 Comment  |  Read  |  Post a Comment
More Evidence Of Link Between Bank Attacks And North Korean Group
Jai Vijayan, Freelance writerNews
Anomali says it has found five new pieces of malware tying the two attack groups together.
By Jai Vijayan Freelance writer, 6/1/2016
Comment0 comments  |  Read  |  Post a Comment
Wekby 'Pisloader' Abuses DNS
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New malware family 'pisloader' uses DNS requests for command and control.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/31/2016
Comment0 comments  |  Read  |  Post a Comment
SWIFT Proposes New Measures For Bolstering Its Security
Jai Vijayan, Freelance writerNews
Measures come amid news that up to 12 banks may have fallen victim to attacks attempting to steal millions via the SWIFT network.
By Jai Vijayan Freelance writer, 5/27/2016
Comment5 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How To Build An Effective Defense Against Ransomware
A compendium of Dark Reading´s best recent coverage of ransomware attacks, as well as best practices for defending your enterprise against them.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Tim Wilson speaks to two experts on vulnerability research – independent consultant Jeremiah Grossman and Black Duck Software’s Mike Pittenger – about the latest wave of vulnerabilities being exploited by online attackers