News & Commentary
Latest Content tagged with Attacks/Breaches
Page 1 / 2   >   >>
Apple: Mac, iPhone Bugs That CIA Allegedly Exploited Were Fixed Years Ago
News  |  3/24/2017  | 
New WikiLeaks data dump describes "Sonic Screwdriver," other CIA exploits for Mac desktops and iPhones
Intro to Cyber Insurance: 7 Questions to Ask
Slideshows  |  3/24/2017  | 
Buying a cyber insurance policy can be complex and difficult. Make sure you're asking these questions as you navigate the process.
Sandia Testing New Intrusion Detection Tool That Mimics Human Brain
News  |  3/24/2017  | 
Neuromorphic Data Microscope can spot malicious patterns in network traffic 100 times faster than current tool, lab claims.
Prioritizing Threats: Why Most Companies Get It Wrong
Commentary  |  3/24/2017  | 
To stay safer, focus on multiple-threat attack chains rather than on individual threats.
5 Ways CISOs Could Work Better with Their Cyber Insurers
Commentary  |  3/23/2017  | 
Risk management has become increasingly important, making it crucial companies have good relationships with their insurance company.
US May Charge North Korea in Bangladesh Bank Cybertheft
Quick Hits  |  3/23/2017  | 
The potential case accuses North Korea, and suspected Chinese middlemen, of spearheading an $81-million theft from Bangladesh Bank.
Russian Man Pleads Guilty for Role in Citadel Malware Attacks
Quick Hits  |  3/23/2017  | 
Russian national Mark Vartanyan pleads guilty in US federal court following his December 2016 extradition from Norway.
Google, Jigsaw Offer Free Cyber Protection to Election Sites
Quick Hits  |  3/22/2017  | 
The Protect Your Election package from Google and Jigsaw includes password alert and two-step verification for candidates and campaigns.
New Yorkers See 60% Rise in Data Breaches in 2016
Quick Hits  |  3/22/2017  | 
Attorney General Eric Schneiderman announced his office received nearly 1,300 data breaches in 2016, a 60% increase over 2015.
Malware Explained: Packer, Crypter & Protector
Partner Perspectives  |  3/22/2017  | 
These three techniques can protect malware from analysis. Heres how they work.
Phishing Your Employees for Schooling & Security
Commentary  |  3/22/2017  | 
Your education program isn't complete until you test your users with fake phishing emails.
Future of the SIEM
News  |  3/22/2017  | 
Current SIEM systems have flaws. Here's how the SIEM's role will change as mobile, cloud, and IoT continue to grow.
Report: OilRig' Attacks Expanding Across Industries, Geographies
Commentary  |  3/21/2017  | 
Malware targets Middle Eastern airlines, government, financial industries and critical infrastructure with a simple but powerful backdoor created by infected Excel files attached to phishing emails.
Cisco Issues Advisory on Flaw in Hundreds of Switches
Quick Hits  |  3/21/2017  | 
Vulnerability was discovered in WikiLeaks recent data dump on CIAs secret cyber-offensive unit.
Getting Beyond the Buzz & Hype of Threat Hunting
Commentary  |  3/20/2017  | 
When harnessed properly, threat hunting can be one of the most useful techniques for finding attackers in your network. But it wont happen overnight.
New Wave of Security Acquisitions Signals Start of Consolidation Trend
Slideshows  |  3/20/2017  | 
A dozen recent high-profile deals reflect cybersecurity vendors' hopes of expanding their offerings with next-generation technology, ideas, and talent.
IRS Warns Taxpayers of Email Scams
Quick Hits  |  3/20/2017  | 
The IRS, along with state tax agencies and the tax industry, urge people to be wary of phishing email scams.
New MagikPOS Malware Targets Point-of-Sale Systems In US & Canada
News  |  3/17/2017  | 
Malware uses a remote access Trojan to sniff out potential victims first, Trend Micro says.
North Korea's 'Lazarus' Likely Behind New Wave of Cyberattacks
Quick Hits  |  3/17/2017  | 
Symantec says it has digital evidence that hack group Lazarus is behind the recent sophisticated cyberattacks on 31 countries.
Embrace the Machine & Other Goals for CISOs
Commentary  |  3/17/2017  | 
Here are five ways we can become more effective for our organizations.
Sound Waves Used to Hack Common Data Sensors
News  |  3/16/2017  | 
Though the immediate threat to your smartphone or Fitbit is slight, University of Michigan researchers show command-and-control capability with spoofed signaling on a variety of MEMS accelerometers.
In Cyber, Who Do We Trust to Protect the Business?
Commentary  |  3/16/2017  | 
If business leaders and directors continue to view cybersecurity as mainly a matter for the IT department, they will leave their companies exposed to significant risks.
ERP Attack Risks Come into Focus
News  |  3/16/2017  | 
New highly critical SAP vulnerability highlights dangers against critical business software.
Ethical Hacking: The Most Important Job No One Talks About
Commentary  |  3/16/2017  | 
If your company doesn't have an ethical hacker on the security team, it's playing a one-sided game of defense against attackers.
What Businesses Can Learn From the CIA Data Breach
News  |  3/16/2017  | 
Just because threats like malicious insiders, zero-days, and IoT vulnerabilities are well-understood doesnt mean organizations have a handle on them.
Personal Data Leak Affects 33 Million US Employees
Quick Hits  |  3/16/2017  | 
Information exposed in the leak includes personal details of employees from the Department of Defense and US Postal Service.
Twitter Counter Hack Uses Familiar Attack Mode
News  |  3/15/2017  | 
Experts advise users to be more aware of the potential downside of third-party apps.
The 6 Riskiest Social Media Habits to Avoid at Work
Slideshows  |  3/15/2017  | 
Cybercriminals are turning to Facebook, Twitter and other platforms to launch attacks via employee behavior that could be putting your business at risk.
WhatsApp, Telegram Flaw Gives Hackers Full Account Access
Quick Hits  |  3/15/2017  | 
A new vulnerability discovered in popular messaging services like WhatsApp and Telegram lets hackers assume complete control over accounts.
Canada Takes Tax Site Offline After Apache Struts Attacks
Quick Hits  |  3/14/2017  | 
Hackers exploit vulnerability in Apache Struts 2 software of Statistics Canada but no damage done.
Enterprises Hit with Malware Preinstalled on their Androids
News  |  3/13/2017  | 
Check Point details evidence of mobile supply chain problems based on infections on devices at two large organizations.
What Your SecOps Team Can (and Should) Do
Commentary  |  3/13/2017  | 
If your organization has all of these pieces in place, congratulations!
Home Depot Will Pay Banks $25 Million for 2014 Breach
Quick Hits  |  3/13/2017  | 
Home Depot has already spent $179 million in compensation for the data breach, which affected 50 million customers.
IoT & Liability: How Organizations Can Hold Themselves Accountable
Commentary  |  3/10/2017  | 
To avoid a lawsuit, your company needs to better understand the state of your infrastructure and the devices and applications within it. Here are five areas on which to focus.
Attacks Under Way Against Easily Exploitable Apache Struts Flaw
News  |  3/9/2017  | 
Enterprises urged to upgrade now to more secure versions of Web application framework.
Securing Todays 'Elastic Attack Surface'
Commentary  |  3/9/2017  | 
The foundation of good cybersecurity is knowing your network. But as organizations embrace new technologies, that simple task has gotten incredibly difficult.
Trojan Android App Bullies Google Play Users Into Giving It 5 Stars
Quick Hits  |  3/9/2017  | 
Users who download "Music Mania" get pounded by ads until they say uncle.
9 Phishing Lures that Could Hijack your 2017 Tax Refund
Slideshows  |  3/9/2017  | 
Scammers are taking an aggressive approach to tax season this year, packing attachments and links with banking Trojans, and fairly new strains of ransomware.
In a Cybersecurity Vendor War, the End User Loses
Commentary  |  3/8/2017  | 
When vulnerability information is disclosed without a patch available, users are the ones really being punished.
4 Ways to Recover from a Cyberattack
Partner Perspectives  |  3/8/2017  | 
Be prepared and act quickly are two key steps that will help you bounce back quickly from a cyberattack.
Why Printers Still Pose a Security Threat
News  |  3/8/2017  | 
Newly discovered security flaws in popular printers remind us how networked devices continue to put users at risk.
'Entire Hacking Capacity Of CIA' Dumped On Wikileaks, Site Claims
News  |  3/7/2017  | 
Leaked data tranche of 8,700 documents purportedly includes tools that turn smart TVs into covert surveillance devices.
A Real-Life Look into Responsible Disclosure for Security Vulnerabilities
Commentary  |  3/7/2017  | 
A researcher gives us a glimpse into what happened when he found a problem with an IoT device.
France Abandons Electronic Voting for Citizens Abroad, Cites Security
Quick Hits  |  3/7/2017  | 
The French government made its decision after the national cybersecurity agency warned of a high risk of cyberattacks.
Shamoon Data-Wiping Malware Now Comes with Ransomware Option
News  |  3/6/2017  | 
And: another data-destruction variant discovered, with similarities to Shamoon.
FTC Report Highlights Low DMARC Adoption
News  |  3/6/2017  | 
New Federal Trade Commission research discovers most online businesses employ email authentication, but few use DMARC to combat phishing.
New Yorks Cyber Regulations: How to Take Action & Whos Next
Commentary  |  3/6/2017  | 
Even if your company isnt directly subject to these new rules, you can assume that the approach will be adopted by regulatory agencies at home and abroad eventually.
Adware vs. Ad Fraud: Viva la Difference!
Partner Perspectives  |  3/6/2017  | 
Both earn their money in the advertising trade but they each have very different means of operation and targets.
Threats Converge: IoT Meets Ransomware
Commentary  |  3/6/2017  | 
Ransomware is already a problem. The Internet of Things has had a number of security issues. What happens when the two combine?
Attackers Employ Sneaky New Method to Control Trojans
News  |  3/3/2017  | 
A new malware sample shows threat actors have begun using DNS TXT record and queries for C2 communications, Cisco Talos says,
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Security Technologies to Watch in 2017
Emerging tools and services promise to make a difference this year. Are they on your company's list?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.