News & Commentary
Latest Content
Page 1 / 2   >   >>
10 Cybercrime Myths that Could Cost You Millions
Commentary  |  4/29/2017  | 
Dont let a cybersecurity fantasy stop you from building the effective countermeasures you need to protect your organization from attack.
Google, Facebook Swindled in $100M Payment Scam
Quick Hits  |  4/28/2017  | 
Lithuanian man impersonated an Asian-based manufacturer to trick Facebook and Google into paying him $100 million.
FTC Offers ID Theft Victims Online Crime Reporting Tool
Quick Hits  |  4/28/2017  | 
ID theft victims can report their cybercrime attack to the Federal Trade Commission, without having to file a police report in most cases.
Fileless Malware Attacks Continue to Gain Steam
News  |  4/28/2017  | 
Endpoint woes grow as fileless attacks grow in prevalence and file-based attacks remain largely undetected by AV engines.
A Day in the Life of a Security Avenger
Commentary  |  4/28/2017  | 
Behind the scenes with a security researcher as we follow her through a typical day defending the world against seemingly boundless cyberthreats and attacks
Ransomware Payout Doesn't Pay Off
News  |  4/28/2017  | 
About 40% of small- and midsized businesses hit with ransomware paid their attackers, but less than half got their information back.
Verizon DBIR Shows Attack Patterns Vary Widely By Industry
News  |  4/27/2017  | 
Its not always the newest or the most sophisticated threat you need to worry about, Verizons breach and security incident data for 2016 shows.
Facebook Spam Botnet Promises 'Likes' for Access Tokens
News  |  4/27/2017  | 
Facebook users can fuel a social spam botnet by providing verified apps' access tokens in exchange for "likes" and comments.
OWASP Top 10 Update: Is It Helping to Create More Secure Applications?
Commentary  |  4/27/2017  | 
What has not been updated in the new Top 10 list is almost more significant than what has.
New OWASP Top 10 Reveals Critical Weakness in Application Defenses
Commentary  |  4/27/2017  | 
It's time to move from a dependence on the flawed process of vulnerability identification and remediation to a two-pronged approach that also protects organizations from attacks.
Iranian Hackers Believed Behind Massive Attacks on Israeli Targets
News  |  4/27/2017  | 
OilRig aka Helix Kitten nation-state group leveraged Microsoft zero-day bug in targeted attacks.
IRS and Immigration Officials Impersonated in Call Center Scam
Quick Hits  |  4/27/2017  | 
A call center in India was used to scare US residents with threats of imprisonment and deportation in a ruse that impersonated US officials.
Microsoft Updates Foreign Surveillance Request Count
Quick Hits  |  4/27/2017  | 
Microsoft received 0-499 surveillance requests from January to June 2016, correcting an earlier report stating orders spiked to 1,000-1,499.
HHS Hits CardioNet with $2.5M HIPAA Settlement Fee
Quick Hits  |  4/26/2017  | 
The US Department of Health and Human Services slapped the mobile cardiac monitoring service with fee after breach of customer health data.
USAF Launches 'Hack the Air Force'
News  |  4/26/2017  | 
Bug bounty contest expands Defense Department outreach to the global hacker community to find unknown vulnerabilities in DoD networks.
Microsoft App Aims to Delete the Password
News  |  4/26/2017  | 
Microsoft has officially launched its Authenticator app designed to simplify and secure user logins, raising questions about the future of password-free authentication.
Threat Intelligence Is (Still) Broken: A Cautionary Tale from the Past
Commentary  |  4/26/2017  | 
There is much to be learned from the striking parallels between counter-terrorism threat analysis before 9-11 and how we handle cyber threat intelligence today.
Chipotle Serves Up Security Incident Warning
Quick Hits  |  4/26/2017  | 
The Mexican restaurant chain notifies customers its payment processing system may have been hacked, marking the latest woes for the fast-food maker.
What Role Should ISPs Play in Cybersecurity?
Commentary  |  4/26/2017  | 
There are many actions ISPs could do to make browsing the Web safer, but one thing stands out.
6 Steps to Find Your Next Dozen Cloud Security Experts
Slideshows  |  4/26/2017  | 
There's stiff competition for cloud security experts, but finding yours may actually be easier than you think.
New Ad Fraud Campaign Uses Millions of Domain Names to Bilk Advertising Networks
News  |  4/26/2017  | 
NoTrove has established a huge infrastructure to make money through click redirection and scam traffic-brokering.
Locky Returns with a New (Borrowed) Distribution Method
Partner Perspectives  |  4/26/2017  | 
A layered defense is a strong security posture for dealing with a threat like Locky, that can come in different disguises.
Call Center Fraud Spiked 113% in 2016
News  |  4/26/2017  | 
Criminals are increasingly spoofing caller ID using VoIP apps including Skype or Google Voice to hide their identity and location, according to a report released today by Pindrop Labs.
Web Attacks Decline, Ransomware Attacks Surge
News  |  4/26/2017  | 
Symantec's annual Internet Security Threat Report data shows how attacks last year directly targeted end users, and became more efficient and lucrative.
INTERPOL Operation Sweeps Up Thousands of Cybercrime Servers Used for Ransomware, DDoS, Spam
News  |  4/25/2017  | 
Massive public-private 'cyber surge' in Asia identifies hundreds of compromised websites in operation that spans multiple cybercriminal groups, activities.
Chinese, Russian Cyber Groups Research Shadow Brokers Malware
News  |  4/25/2017  | 
Cyber communities in China and Russia have started digging into the most recent release of malware from Shadow Brokers.
xDedic Marketplace Data Spells Danger for Businesses
News  |  4/25/2017  | 
The xDedic marketplace, a hotspot for cybercriminals on the dark web, sells access to RDP servers to enable attacks on government and corporations.
Why (& How) CISOs Should Talk to Company Boards
Commentary  |  4/25/2017  | 
The C-Suite needs to minimize cybersecurity risk in order to maximize its principal goal of attaining high-level, sustainable growth.
Hyundai Blue Link Vulnerability Allows Remote Start of Cars
Quick Hits  |  4/25/2017  | 
Car maker Hyundai patched a vulnerability in its Blue Link software, which could potentially allow attackers to remotely unlock a vehicle and start it.
IT-OT Convergence: Coming to an Industrial Plant Near You
Commentary  |  4/25/2017  | 
There's been a big divide between IT and OT, but that must end. Here's how to make them come together.
4 Industries Account for Majority of Global Ransomware Attacks
Quick Hits  |  4/25/2017  | 
When it comes to 77% of global ransomware attacks, these four industries take the greatest hit, according to a global threat trends report released today.
Macron Targeted by Russian Cyber Spies
Quick Hits  |  4/24/2017  | 
France's leading presidential candidate Emmanuel Macron's campaign reportedly is being targeted by hackers ties to Russia's military intelligence arm GRU.
A Closer Look at CIA-Linked Malware as Search for Rogue Insider Begins
News  |  4/24/2017  | 
Symantec researcher explains the goals behind CIA-linked hacking tools, as the government launches an investigation to discover who gave secret documents to WikiLeaks.
IT Engineer Stole Source Code to Verify Acquisition
Quick Hits  |  4/24/2017  | 
Zhengquan Zhang admitted to installing malware on his employer's servers, which he did to research a potential acquisition.
The Road Less Traveled: Building a Career in Cyberthreat Intelligence
Commentary  |  4/24/2017  | 
It's hard to become a threat intelligence pro, but there are three primary ways of going about it.
Russian Citizen Gets Record 27-Year Sentence for Hacking, Fraud Scheme
Quick Hits  |  4/21/2017  | 
Roman Valeryevich gets 27 years for hacking PoS machines. Meanwhile, spam master Pyotr Levashov's indictment is unsealed.
Android Geo-Location Spyware Installed By Up To 5 Million Users
Quick Hits  |  4/21/2017  | 
SMSVova, disguised itself as a system update app and duped between 1 million and 5 million users into downloading it from the Google Play store.
Machine Learning in Security: 4 Factors to Consider
News  |  4/21/2017  | 
Key factors to consider before adding machine learning to your security strategy.
Nigerian Convicted in Passport Wire Fraud and Internet Scam
Quick Hits  |  4/21/2017  | 
A Nigerian man set up a number of U.S. bank accounts with bogus passports over a one year period, in which he managed to steal at least $500,000 through wire fraud and Internet scams.
The Hidden Dangers of Component Vulnerabilities
Slideshows  |  4/21/2017  | 
Dangerous flaws in open source components and dependencies lurk within most applications today.
Exploits Targeting Corporate Users Surged Nearly 30% In 2016
News  |  4/21/2017  | 
At same time, number of attacks targeting software vulnerabilities in systems used by consumers declined over 20%, Kaspersky Lab says in new report.
Best Practices for Securing Open Source Code
Commentary  |  4/21/2017  | 
Attackers see open source components as an obvious target because there's so much information on how to exploit them. These best practices will help keep you safer.
6 Times Hollywood Got Security Right
Slideshows  |  4/20/2017  | 
Hollywood has struggled to portray cybersecurity in a realistic and engaging way. Here are films and TV shows where it succeeded.
Kill Chain & the Internet of Things
Commentary  |  4/20/2017  | 
IoT things such as security cameras, smart thermostats and wearables are particularly easy targets for kill chain intruders, but a layered approach to security can help thwart an attack.
Fake Delta Airlines Receipt Packs Malware
Quick Hits  |  4/20/2017  | 
Phishing emails, disguised as receipts from Delta Airlines, trick victims into downloading malware.
Cutting through the Noise: Is It AI or Pattern Matching?
Commentary  |  4/20/2017  | 
Many vendors are fudging terms when trying to sell their artificial intelligence security systems. Here's what you need to know when you buy.
APT Attack Activity Occurs at 'Low, Consistent Hum,' Rapid7 Finds
News  |  4/20/2017  | 
Organizations in industries aligned to nation-state interests are main targets of nation-state attack threats, new quarterly threat report shows.
Users Overshare Sensitive Enterprise Data
News  |  4/20/2017  | 
Survey finds nearly half of the employees trained to protect sensitive data engage in risky security practices.
3 Tips for Updating an Endpoint Security Strategy
News  |  4/19/2017  | 
How to face the process of navigating new threats, tools, and features to build an effective endpoint security strategy.
Google Won't Trust Symantec and Neither Should You
Commentary  |  4/19/2017  | 
As bad as this controversy is for Symantec, the real damage will befall the company and individual web sites deemed untrustworthy by a Chrome browser on the basis of a rejected Symantec certificate.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.