News & Commentary
Latest Content
Page 1 / 2   >   >>
Where Cybercriminals Go To Buy Your Stolen Data
Slideshows  |  12/3/2016  | 
What malicious sites provide both free and paid access to stolen credit cards, company databases, malware and more?
'Frighteningly Easy' Hack Guesses Full Credit Card Details In 6 Seconds
News  |  12/2/2016  | 
Attack works only on Visa network, Newcastle University researchers say.
Dark Web Vendor Gets 50 Months Jail For ID Theft
Quick Hits  |  12/2/2016  | 
Minnesota resident Aaron Glende aka IcyEagle caught selling stolen bank details on AlphaBay market.
MasterCard, Visa Push Gas Pump EMV Migration Deadline To 2020
Quick Hits  |  12/2/2016  | 
Fuel merchants get three extra years to deploy the secure chip-enabled payment infrastructure in their complex environments.
The Human Firewall: Why People Are Critical To Email Security
Commentary  |  12/2/2016  | 
Technology is just the beginning; employees must be fully on board with security procedures.
Avalanche Botnet Comes Tumbling Down In Largest-Ever Sinkholing Operation
News  |  12/1/2016  | 
800,000 domains seized, sinkholed, or blocked, and five individuals arrested, in international effort to bring down botnet linked to 17 major malware families.
Mandia: Russian State Hackers Changed The Game
News  |  12/1/2016  | 
Founder of Mandiant and FireEye CEO says Russia doesn't appear to want to cover its tracks anymore.
Organizations In Saudi Arabia Reportedly Hit In Destructive New Shamoon Attacks
News  |  12/1/2016  | 
Thousands of computers at countrys main civil aviation authority and other entities rendered unusable by same malware that destroyed 30,000 computers at Aramco in 2012.
Holiday Weekend Online Payment Card Fraud 20% Higher In 2016
Quick Hits  |  12/1/2016  | 
In the face of EMV chips, criminals turned online to commit card-not-present fraud this Black Friday and Cyber Monday.
Cybercriminals Next Target: Long-Term Prizes (Part 2 of 2)
Partner Perspectives  |  12/1/2016  | 
Attacks of a more strategic nature will test early blockchain implementations and continue to explore ways to monetize weak IoT devices.
DMARC Continues To Confound Users, Report Says
News  |  12/1/2016  | 
Almost three-quarters of those who deploy email authentication standard fail to get its full benefits, ValiMail says.
20 Questions Smart Security Pros Should Ask About 'Intelligence'
Commentary  |  12/1/2016  | 
Threat intel is a hot but complicated topic that encompasses a lot more than just data feeds. Here's how to get beyond the fear, uncertainty, and doubt to maximize its potential.
Gaming Company Sues Ex-Employees Over Data Theft
Quick Hits  |  12/1/2016  | 
San Francisco-based Zynga alleges former workers took sensitive information with them when they joined rival company.
Microsoft 'Father Of SDL' Named To Top Post At SAFECode
News  |  12/1/2016  | 
Steve Lipner, the former Microsoft security leader credited with spearheading its security development lifecycle (SDL) initiative, takes on a new role as executive director at SAFECode.
China Cybersecurity Firm Linked With Countrys Intel Agency For Espionage
Quick Hits  |  11/30/2016  | 
Boyusec is working with Chinas intelligence services and military to doctor security products for spying, says Pentagon report.
Georgia Tech Gets $17 Million Defense Deal For Cyberattack Attribution
Quick Hits  |  11/30/2016  | 
US Department of Defense awards research to work on technique for quick attribution of cyberattack with hard evidence.
In Break From Usual, Threat Actors Use RAT To Steal POS Data
News  |  11/30/2016  | 
New NetWire RAT version comes with keylogger for stealing a lot more than just credit and debit card data.
Androids Under Attack: 1 Million Google Accounts Hijacked
News  |  11/30/2016  | 
Two separate attack campaigns were discovered targeting Androids - one that roots them and gains access to Google Gmail, Docs, Drive, accounts and another that steals information and intercepts and sends messages.
Cybercriminals' Next Target: Short-Term Dangers (Part 1 of 2)
Partner Perspectives  |  11/30/2016  | 
With the holidays approaching, the focus will be on lucrative online shopping, email ransomware, phishing for credentials, and infection by holiday-lurking malware.
Windows Malware Infections Spiked 106% From Black Friday To Cyber Monday
News  |  11/30/2016  | 
The number of infected PCs jumped some 106% during the holiday season's first shopping weekend and 118% above normal on Cyber Monday.
The Rise Of SecBizOps & Why It Matters
Commentary  |  11/30/2016  | 
By aligning security dollars and technology with core business requirements, infosec can become a business enabler, not a business impediment.
Just Half Of Organizations Employ Threat Intelligence
News  |  11/30/2016  | 
PwC survey finds half of enterprises worldwide swap actionable information with industry peers, and 45% with ISACs.
Job Loss And Financial Damage: CIOs Main Fears When Adopting Virtualization
Partner Perspectives  |  11/30/2016  | 
Companies arent prepared for the security challenges of hybrid infrastructures, Bitdefender study reveals.
Deutsche Telekom Attacks Suggest Mirai Threat Poised To Become Much Larger
News  |  11/29/2016  | 
With attack, Mirai has added an exploit targeting Web service vulnerability.
Retailers Limit Data Access For Temporary, Seasonal Workers
News  |  11/29/2016  | 
Employers are scaling back on sensitive data access for temporary and contract employees, and increasing visibility into their online activity.
Beware: Scalable Vector Graphics Files Are A New Ransomware Threat
Partner Perspectives  |  11/29/2016  | 
SVG files offer many advantages as far as graphics go, but hackers looking to embed malware on websites can exploit them.
Cybersecurity User Training That Sticks: 3 Steps
Commentary  |  11/29/2016  | 
People are eager for common-sense advice that gives them control over their environment and helps them stay safe online.
European Commission Hit By DDoS Attack
Quick Hits  |  11/29/2016  | 
The cyberattack lasted for several hours and affected output but no loss of data was reported.
German Telco Probes Possible Hack Of 900,000 Customers
Quick Hits  |  11/29/2016  | 
Network outages bring down services of many Deutsche Telekom customers raising suspicion that external parties may be involved.
San Francisco Transit Agency Earns Praise For Denying Ransom Request
News  |  11/28/2016  | 
Despite being forced to give out free rides all weekend, metropolitan transportation authority declines to pay the ransomware operators who locked down ticketing systems.
2016's 7 Worst DDoS Attacks So Far
Slideshows  |  11/28/2016  | 
Rise of booter and stresser services, mostly run on IoT botnets, is fueling DDoS excitement (but the pros aren't impressed).
Q&A: SonicWall CEO Talks Rise Of Ransomware, IoT
News  |  11/28/2016  | 
Bill Conner discusses security risks at top of mind as the newly appointed leader of SonicWall, a company becoming independent for the second time.
Petition Forces Parliament To Reconsider Surveillance Bill
Quick Hits  |  11/28/2016  | 
100,000 signatures require MPs to consider debating Snoopers' Charter again.
5 Links Of The Attack Chain And How To Disrupt Them
Partner Perspectives  |  11/28/2016  | 
By identifying steps in the attack chain, you can deploy appropriate defenses at each stage to prevent breaches from happening in the first place.
Time For Security & Privacy To Come Out Of Their Silos
Commentary  |  11/28/2016  | 
By working separately, these two teams aren't operating as efficiently as they could and are missing huge opportunities.
Researchers Demo Method For Turning A PC Into An Eavesdropping Device
News  |  11/23/2016  | 
The audio chipsets in many modern PCs allow audio jacks to be flipped from lineout to line-in, says team from Israels Ben-Gurion University.
Atlanta Attorneys Office Gets Cybercrime Unit
Quick Hits  |  11/23/2016  | 
New cell created after arrest and extradition of two Nigerians from Malaysia in alleged phishing attacks on US.
European Regulator Probes Yahoos 2015 Secret Email Scan
Quick Hits  |  11/23/2016  | 
Dublin-based Data Protection Commissioner trying to ascertain if Yahoo broke Europes privacy laws.
Security Automation: Striking The Right Balance
Commentary  |  11/23/2016  | 
What a smart toaster oven taught me about the importance of learning how to do a task versus the efficiency of automating the work.
8 Books Security Pros Should Read
Slideshows  |  11/23/2016  | 
Hunting for a good resource on the security industry? Check out these classics from the experts to learn more about hacking, defense, cryptography and more.
178 Arrested In Money Mule Crackdown
Quick Hits  |  11/22/2016  | 
Total of 17 countries involved in second European effort to disrupt cybercriminals' money laundering mechanism.
Symantec To Buy LifeLock At $2.3 Billion
Quick Hits  |  11/22/2016  | 
Deal set to be finalized by Q1 2017 and financed by cash and $750 million of new debt.
Oracle Announces Acquisition Of Dyn
Quick Hits  |  11/22/2016  | 
Oracle says purchase of the recently DDoSed DNS service is aimed expanding the companys cloud computing platform.
Raising The Nation's Cybersecurity IQ: 'Learn To Code'
Commentary  |  11/22/2016  | 
We need to ensure that the students of today are prepared for the security challenges of tomorrow.
WindTalker Attack Finds New Vulnerabilities in Wi-Fi Networks
News  |  11/21/2016  | 
White hat researchers show how hackers read keystrokes to potentially compromise cellphone and tablet users on public Wi-Fi and home networks.
Millions Exposed In Data Breach At UK Telecom Three
Quick Hits  |  11/21/2016  | 
Three, a British ISP and telecom company, suffers major breach of its upgrade database, impacting two-thirds of its 9 million users.
Hackers Attack Canada Army Site, Redirect Visitors To China
Quick Hits  |  11/21/2016  | 
Canada armed forces take down recruitment site after would-be recruits are redirected to official Chinese government page.
Balancing The Risk & Promise Of The Internet Of Things
Commentary  |  11/21/2016  | 
You can't defend against something you don't understand. So make sure you consider IoT's risks before embracing its functionality.
5 Ways Retailers Can Stay Safe Over the Holidays
Slideshows  |  11/21/2016  | 
E-commerce experts offer tips for locking down systems as the busy holiday season approaches.
Ransomware Surveys Fill In Scope, Scale of Extortion Epidemic
News  |  11/21/2016  | 
Half of all surveyed organizations have been hit with ransomware campaigns in the last year, many more than once
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Social engineering, ransomware, and other sophisticated exploits are leading to new IT security compromises every day. Dark Reading's 2016 Strategic Security Survey polled 300 IT and security professionals to get information on breach incidents, the fallout they caused, and how recent events are shaping preparations for inevitable attacks in the coming year. Download this report to get a look at data from the survey and to find out what a breach might mean for your organization.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Security researchers are finding that there's a growing market for the vulnerabilities they discover and persistent conundrum as to the right way to disclose them. Dark Reading editors will speak to experts -- Veracode CTO and co-founder Chris Wysopal and HackerOne co-founder and CTO Alex Rice -- about bug bounties and the expanding market for zero-day security vulnerabilities.