News & Commentary
Latest Content
Page 1 / 2   >   >>
FTC: It Takes Criminals Just 9 Minutes to Use Stolen Consumer Info
Quick Hits  |  5/26/2017  | 
Federal Trade Commission experiment lured hackers to learn about how they use stolen consumer information.
Elections, Deceptions & Political Breaches
Commentary  |  5/26/2017  | 
Political hacks have many lessons for the business world.
8 Most Overlooked Security Threats
Slideshows  |  5/26/2017  | 
Businesses know the obvious security threats to watch for, but some of the biggest dangers may not at top-of-mind.
New Samba Bug Dangerous But No WannaCry
News  |  5/25/2017  | 
The administrators of the open-source Samba software have fixed a newly discovered vulnerability that lets attackers upload malicious files to vulnerable systems and servers.
In the Cloud, Evolving Infrastructure Means Evolving Alliances
Commentary  |  5/25/2017  | 
New opportunities make for unusual bedfellows. Here's how to navigate the shift in organizational dynamics between security operations, line-of-business managers, and developers.
3 Nigerian Cyberthieves Sentenced to Total of 235 Years in Prison
Quick Hits  |  5/25/2017  | 
Using love-struck girlfriends found on the Internet to help them carry out their schemes, three Nigerian cyberthieves and their cohorts made off with tens of millions of dollars in pilfered goods before they were ultimately sentenced to a collective total of 235 years in prison.
WannaCry Ransom Notes Penned by Chinese-Speaking Authors, Analysis Shows
News  |  5/25/2017  | 
But a Chinese-language link doesn't shoot down theories of the North Korean Lazarus Group's involvement in the ransomware worm attacks, say language experts at Flashpoint.
WannaCry Gives Consumers a First Look into Ransomware
Quick Hits  |  5/25/2017  | 
Although ransomware has been around for two years, it took the fast-moving and expansive WannaCry to provide a majority of consumers their first glimpse, according to a study released today.
You Have One Year to Make GDPR Your Biggest Security Victory Ever
News  |  5/25/2017  | 
The EU's new razor-toothed data privacy law could either rip you apart or help you create the best security program you've ever had. Here's how.
Ransomware: Carding's Replacement for the Criminal Masses
Commentary  |  5/25/2017  | 
Ransomware is not only here to stay, it's going to proliferate by orders of magnitude and cause substantial risk to businesses for the foreseeable future.
Medical Devices Fall Short in Security Best Practices
News  |  5/25/2017  | 
More than half of medical device makers and healthcare delivery organizations anticipate an attack on their medical devices within the next 12 months, but only a smattering take significant steps to prevent it, according to a survey released today.
82% of Databases Left Unencrypted in Public Cloud
News  |  5/25/2017  | 
Personal health information and other sensitive data is left exposed as businesses overlook encryption and network security.
Split Tunnel SMTP Exploit Bypasses Email Security Gateways
News  |  5/25/2017  | 
Attackers can inject malicious payloads directly to email server via email encryption appliances, Securolytics says.
WannaCry: The North Korea Debate
News  |  5/24/2017  | 
Researchers split over whether an infamous North Korean hacking group, an affiliate, or another attacker altogether, is behind the epic ransomware worm.
Unsanctioned Computer Support Costs Companies $88K per Year
Quick Hits  |  5/24/2017  | 
A new survey of security professionals says that 83% of respondents help colleagues in other departments fix their privately-owned computers on company time.
Data Security & Privacy: The Risks of Not Playing by the Rules
Commentary  |  5/24/2017  | 
Achieving compliance is a complex and challenging process. But with the right systems and policies, you can stay ahead of the next data breach and the regulators.
DDoS Attacks Fell 23% in First Quarter, Grew in Size
Quick Hits  |  5/24/2017  | 
Although the number of DDoS attacks dropped in the first three months of the year, the average size of each attack grew, according to a Verisign report released Tuesday.
Target Reaches Breach Settlement: $18.5 Million Fine, Security Controls
News  |  5/24/2017  | 
Target to cough up $18.5 million to 47 states in a settlement following its 2013 security breach, which exposed data of millions of customers.
4 Reasons the Vulnerability Disclosure Process Stalls
Commentary  |  5/24/2017  | 
The relationship between manufacturers and researchers is often strained. Here's why, along with some resources to help.
Data Breach, Vulnerability Data on Track to Set New Records in 2017
News  |  5/23/2017  | 
There are so far 1,254 publicly reported data breaches and 4,837 published vulnerabilities in the first quarter of this year.
Credential-Stuffing Threat Intensifies Amid Password Reuse
News  |  5/23/2017  | 
Employees who reuse logins on multiple websites drive the impact of third-party breaches as hackers use credential stuffing to compromise more accounts.
9 Ways Organizations Sabotage Their Own Security: Lessons from the Verizon DBIR
Slideshows  |  5/23/2017  | 
Mistakes and missteps plague enterprise security. The Verizon 2017 Data Breach Investigations Report (DBIR) offers nuggets on what organizations must stop doing now.
Staying a Step Ahead of Internet Attacks
Commentary  |  5/23/2017  | 
There's no getting around the fact that targeted attacks - like phishing - will happen. But you can figure out the type of attack to expect next.
With Billions Spent on Cybersecurity, Why Are Problems Getting Worse?
Commentary  |  5/23/2017  | 
Technology alone won't keep you safe. Fully engaged employees should be your first line of defense.
Hacker Hit with 30-Month Prison Term in Securities Case
Quick Hits  |  5/23/2017  | 
Ukrainian hacker sentenced for his role stealing press releases about upcoming stock trades that generated roughly $30 million in illegal profits.
WannaCry Hit Windows 7 Machines Most
News  |  5/22/2017  | 
More than 95% of all of the infected machines were running Windows 7, according to Kaspersky Lab data.
Russian 'Cron' Cyber Gang Arrested for Raiding Bank Accounts
Quick Hits  |  5/22/2017  | 
Russian authorities arrest a group of 16 hackers who allegedly were attacking banks in their native country via mobile malware, nixing plans for their global expansion.
Emerging Threats to Add to Your Security Radar Screen
News  |  5/22/2017  | 
The cybersecurity threat landscape is poised to grow in size and complexity - what to look out for.
Chinese Man Pleads Guilty to Espionage, Theft from US Firm
Quick Hits  |  5/22/2017  | 
Chinese national Xu Jiaqiang pleaded guilty to economic espionage and theft of trade secrets from his former employer in the US.
In Search of an Rx for Enterprise Security Fatigue
Commentary  |  5/22/2017  | 
Are you exhausted by the vast number of measures your organization needs to keep its systems and data safe? You're not alone.
Researcher Creates Tool to Unlock WannaCry-Infected Windows XP Files
Quick Hits  |  5/19/2017  | 
A security researcher appears to have discovered a flaw in WannaCry that may provide Windows XP victims of the attack with a way to unlock their files.
Ransomware Rocks Endpoint Security Concerns
News  |  5/19/2017  | 
Meanwhile, threat detection technologies are evolving that can help security teams spot incidents more efficiently.
Deconstructing the 2016 Yahoo Security Breach
Commentary  |  5/19/2017  | 
One good thing about disasters is that we can learn from them and avoid repeating the same mistakes. Here are five lessons that the Yahoo breach should have taught us.
5 Security Lessons WannaCry Taught Us the Hard Way
News  |  5/18/2017  | 
There is a lot more our industry should be doing to protect its systems and data from cyber blackmail.
APT3 Threat Group a Contractor for Chinese Intelligence Agency
News  |  5/18/2017  | 
Recorded Future says its research shows clear link between cyber threat group and China's Ministry of State Security.
Don't Forget Basic Security Measures, Experts Say
News  |  5/18/2017  | 
Some security leaders argue there is little point in worrying about emerging threats when businesses can't defend against today's attacks.
Android Users Fail to Run Latest OS Version
Quick Hits  |  5/18/2017  | 
A study finds 98% of Android devices are not running the latest software version, according to a report released today by Zimperium.
All Generations, All Risks, All Contained: A How-To Guide
Commentary  |  5/18/2017  | 
Organizations must have a security plan that considers all of their employees.
NSA Tools Behind WannaCry Being Used In Even Bigger Attack Campaign
News  |  5/18/2017  | 
Attackers have been using NSAs EternalBlue and Double Pulsar to distribute AdylKuzz cryptocurrency malware to hundreds of thousands of systems, Proofpoint says.
WannaCry: Ransomware Catastrophe or Failure?
Commentary  |  5/18/2017  | 
Using Bitcoin payments as a measure, the WannaCry attack is not nearly as profitable as the headlines suggest. But you should still patch your Windows systems and educate users.
FireEye CEO Mandia Talks Rapid Rise of Nation-State Threats
News  |  5/17/2017  | 
FireEye CEO Kevin Mandia at Interop ITX discussed changes in the geopolitical threat landscape and how attackers target their victims.
Why We Need a Data-Driven Cybersecurity Market
Commentary  |  5/17/2017  | 
NIST should bring together industry to create a standard set of metrics and develop better ways to share information.
Survey: Unpatched Windows OS on the Rise
Quick Hits  |  5/17/2017  | 
Despite the rise in vulnerabilities, the percentage of unpatched Windows operating systems grew in the first quarter compared to the previous year.
Inside the Motivations Behind Modern Cyberattackers
News  |  5/17/2017  | 
Attackers seeking money, dominance, and data are banding together and sharing infrastructure to target businesses.
The Fundamental Flaw in TCP/IP: Connecting Everything
Commentary  |  5/17/2017  | 
Almost 30 years after its inception, it's time to fix the engine that both fuels the modern day Internet and is the root cause of its most vexing security challenges.
WannaCry's 'Kill Switch' May Have Been a Sandbox-Evasion Tool
News  |  5/16/2017  | 
Massive ransomware worm attack appears to have come with a poorly planned anti-analysis feature.
ShadowBrokers To Launch Monthly Subscription Service for Exploits
News  |  5/16/2017  | 
Think of it like a wine of the month club for attack tools and new exploits threat group says.
New Threat Research Shows Vietnam a Rising Force in Cyberespionage
News  |  5/16/2017  | 
FireEye report on APT32 puts evidence together of a group attacking private and public targets for the sake of Vietnamese state interests.
DocuSign's Brand Used in Phishing Attacks
Quick Hits  |  5/16/2017  | 
The electronic signature company issued an update alert today that it noticed a rise in phishing attacks last week and this morning.
FTC Launches 'Operation Tech Trap' to Catch Fraudsters
Quick Hits  |  5/16/2017  | 
The Federal Trade Commission has teamed up with law enforcement partners to crack down on tech support scams.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.