News & Commentary
Latest Content tagged with Attacks/Breaches
Page 1 / 2   >   >>
Server Management Software Discovered Harboring Backdoor
News  |  8/15/2017  | 
ShadowPad backdoor found embedded in a software product used by major organizations around the globe to manage their Linux, Windows, and Unix servers.
BEC Attacks Don't Always Require Sophistication
News  |  8/15/2017  | 
Simple business email compromise scams can con companies out of huge sums of money and don't require much hacking or even social engineering know-how.
Webroot Acquires Security Training Platform
Quick Hits  |  8/15/2017  | 
Endpoint security company snaps up the assets of Securecast in a move to build out a training program to test users' ability to recognize a phishing attack.
IoT Medical Devices a Major Security Worry in Healthcare, Survey Shows
News  |  8/15/2017  | 
Healthcare providers, manufacturers, and regulators say cybersecurity risks of IoT medical devices and connected legacy systems a top concern.
Cybersecurity: The Responsibility of Everyone
Commentary  |  8/15/2017  | 
The battle against cybercrime can only be won if we're all focused on the same goals. Here are four ways you can get involved.
In Search of the Security Unicorn: Unified, Adaptive Defense
Partner Perspectives  |  8/15/2017  | 
How enterprises can get an edge over innovative cybercriminals by creating a cycle of continual security posture adjustment within their own organizations.
Amazon Tackles Security of Data in S3 Storage
News  |  8/14/2017  | 
Amazon Macie is a new security service built to protect AWS S3 data from accidental leaks and breaches.
WannaCry Hero Hutchins Pleads Not Guilty
Quick Hits  |  8/14/2017  | 
Lawyers for MalwareTech 'confident he will be fully vindicated.'
HBO Offers Hackers $250,000 as 'Show Of Good Faith' on $6 Million Ransom Request
Quick Hits  |  8/11/2017  | 
The offer was reportedly designed to stall for time, with no plans to ever pay it.
APT28 Uses EternalBlue to Spy on Hotel Wifi Networks
News  |  8/11/2017  | 
Hacker group APT28 is using the EternalBlue hacking tool to spread throughout hotel networks and collect guests' information.
Breaches Are Coming: What Game of Thrones Teaches about Cybersecurity
Commentary  |  8/11/2017  | 
Whether youre Lord Commander of the Nights Watch or the CISO of a mainstream business, its not easy to defend against a constantly evolving threat that is as deadly as an army of White Walkers.
SonicSpy Authors Spin Out Over 1,000 Spyware Apps
Quick Hits  |  8/10/2017  | 
The actors behind this new malware family created a sizable selection of malicious apps in just over seven months, some of which appeared on Google Play.
Air Gap FAILs, Configuration Mistakes Causing ICS/SCADA Cyberattacks
News  |  8/10/2017  | 
A utility's cautionary tale, and how a popular ICS/SCADA network protocol failed a fuzzing test miserably.
Taking Down the Internet Has Never Been Easier
Commentary  |  8/10/2017  | 
Is there a reason why the Internet is so vulnerable? Actually, there are many, and taking steps to remain protected is crucial.
SMBs Practice Better IoT Security Than Large Enterprises Do
News  |  8/9/2017  | 
Small-to midsized businesses are more prepared than big ones to face the next IoT attack: good news given the sharp rise in IoT botnet attacks in the first half of 2017, new reports released today show.
Carbon Black Refutes Claims of Flaw in its EDR Product
News  |  8/9/2017  | 
Endpoint security firm responds to DirectDefense's report, noting that the information was shared voluntarily via a feature in the product that comes disabled by default.
Two Iranians Face Charges for Computer Hacking, Credit Card Fraud
Quick Hits  |  8/9/2017  | 
Federal prosecutors charged two Iranian nationals with identity theft and use of stolen credit card numbers as well as threatening to expose the breach to one of the victim's customers.
Uptick in Malware Targets the Banking Community
Commentary  |  8/9/2017  | 
A number of recent attacks, using tactics old and new, have made off with an astonishing amount of money. How can financial institutions fight back?
Konni Malware Campaign Targets North Korean Organizations
News  |  8/8/2017  | 
For at least three years, an unknown threat actor has used the RAT to steal data and profile organizations in North Korea.
67% of Malware Attacks Came via Phishing in Second Quarter
News  |  8/8/2017  | 
During the second quarter, cyberattacks soared 24% worldwide with phishing attacks playing a large role and Adobe Flash one of the favorite attack targets.
WatchGuard Acquires Authentication Provider Datablink
Quick Hits  |  8/8/2017  | 
WatchGuard looks to expand its security offerings into authentication solutions for small- to midsize businesses and enterprises with a distributed workforce.
HBO Data Dumped, Hackers Demand Millions
Quick Hits  |  8/8/2017  | 
Attackers who reportedly stole 1.5TB of data from HBO release a second data dump and demand millions in ransom.
Automating Defenses Against Assembly-Line Attacks
Commentary  |  8/8/2017  | 
A manual approach just won't cut it anymore. Here's a toolset to defeat automation and unify control across all attack vectors to stop automated attacks.
NIST Releases Cybersecurity Definitions for the Workforce
News  |  8/7/2017  | 
In an effort to bring consistency when describing the tasks, duties, roles, and titles of cybersecurity professionals, the National Institute of Standards and Technology released the finalized draft version of its framework.
Voting System Hacks Prompt Push for Paper-Based Voting
News  |  8/7/2017  | 
DEF CON's Voting Machine Hacker Village hacks confirmed security experts' worst fears.
WannaCry Hero Garners Security Industry Support Following Arrest
News  |  8/7/2017  | 
US law enforcement arrested British security researcher Marcus Hutchins for allegedly developing and selling the Kronos banking Trojan.
Man Who Hacked his Former Employer Gets 18-Month Prison Sentence
Quick Hits  |  8/7/2017  | 
A Tennessee man also must pay restitution of nearly $172,400 to his former employer after hacking into its systems to gain an edge for his new company.
One-Third of Businesses Hit with Malware-less Threats
Quick Hits  |  8/7/2017  | 
Scripting attacks, credential compromise, privilege escalation, and other malware-less threats affect IT systems and add to staff workload.
Risky Business: Why Enterprises Cant Abdicate Cloud Security
Commentary  |  8/7/2017  | 
It's imperative for public and private sector organizations to recognize the essential truth that governance of data entrusted to them cannot be relinquished, regardless of where the data is maintained.
Steganography Use on the Rise Among Cyber Espionage, Cybercrime Groups
News  |  8/4/2017  | 
At least three cyber espionage campaigns and several malware samples in recent months have employed ancient technique, Kaspersky Lab says.
HBO Breach Did Not Compromise Full Email System: CEO
Quick Hits  |  8/4/2017  | 
HBO's recent security breach likely did not compromise its entire email system as hacker(s) allegedly threaten to expose stolen data.
Are Third-Party Services Ready for the GDPR?
Commentary  |  8/4/2017  | 
Third-party scripts are likely to be a major stumbling block for companies seeking to be in compliance with the EU's new privacy rules. Here's a possible work-around.
Russian Botnet Creator Receives 46-Month Prison Sentence
Quick Hits  |  8/4/2017  | 
Federal court sentences the Ebury botnet creator and operator to prison for infecting tens of thousands of servers worldwide.
WannaCry 'Kill Switch' Creator Arrested in Vegas
News  |  8/3/2017  | 
Federal authorities indicted and nabbed Marcus Hutchins, aka MalwareTech, for allegedly creating and distributing the Kronos banking Trojan.
2017 Pwnie Awards: Who Won, Lost, and Pwned
Slideshows  |  8/3/2017  | 
Security pros corralled the best and worst of cybersecurity into an award show highlighting exploits, bugs, achievements, and attacks from the past year.
Making Infosec Meetings More Inclusive
News  |  8/3/2017  | 
Diversity and inclusion experts explain how to avoid meeting pitfalls that preclude the voices of underrepresented members of the team.
WannaCry Ransom Bitcoins Withdrawn from Online Wallets
Quick Hits  |  8/3/2017  | 
More than $140,000 in digital currency paid by WannaCry victims has been removed from online wallets.
Why Cybersecurity Needs a Human in the Loop
Commentary  |  8/3/2017  | 
It's no longer comparable to Kasparov versus Deep Blue. When security teams use AI, it's like Kasparov consulting with Deep Blue before deciding on his next move.
Chinese Telecom DDoS Attack Breaks Record
News  |  8/2/2017  | 
A distributed denial of service siege spanning more than 11 days broke a DDoS record for the year, according to a report from Kaspersky Lab.
72% of Businesses Plan for Endpoint Security Budget Boost
News  |  8/2/2017  | 
For a full third of organizations investing more in endpoint security there will be a "substantial" increase in spending.
Staying in Front of Cybersecurity Innovation
Commentary  |  8/2/2017  | 
Innovation is challenging for security teams because it encompasses two seemingly contradictory ideas: it's happening too slowly and too quickly.
US Senators Propose IoT Security Legislation
Quick Hits  |  8/1/2017  | 
A new bill aims to prohibit the production of IoT devices if they can't be patched or have their password changed.
Digital Crime-Fighting: The Evolving Role of Law Enforcement
Commentary  |  8/1/2017  | 
Law enforcement, even on a local level, has a new obligation to establish an effective framework for combating online crime.
Ransomware Attack on Merck Caused Widespread Disruption to Operations
News  |  7/31/2017  | 
Pharmaceutical giant's global manufacturing, research and sales operations have still not be full restored since the June attacks.
Iranian Hackers Ensnared Targets via Phony Female Photographer
News  |  7/31/2017  | 
US, Indian, Saudi Arabian, Israeli, Iraqi IT, security, executives in oil/gas and aerospace swept up in elaborate social media ruse used for cyber espionage operations.
Anthem Hit with Data Breach of 18,580 Medicare Members
Quick Hits  |  7/31/2017  | 
Third-party service provider for the insurer discovered one of its employees allegedly engaged in identity theft of thousands of Anthem Medicare members.
Healthcare Execs Report Rise in Data Breaches and HIPAA Violations
Quick Hits  |  7/31/2017  | 
IT executives, however, increasingly believe they are "completely ready" to withstand a cybersecurity attack on their healthcare system.
Wannacry Inspires Worm-like Module in Trickbot
News  |  7/28/2017  | 
The malware is being primarily distributed via email spam in the form of spoofed invoices from an international financial services com, says Flashpoint.
Lethal Dosage of Cybercrime: Hacking the IV Pump
News  |  7/28/2017  | 
At DEF CON, a researcher demonstrated how to attack a popular model of infusion pump used in major hospitals around the world.
Throw Out the Playbooks to Win at Incident Response
Commentary  |  7/28/2017  | 
Four reasons why enterprises that rely on playbooks give hackers an advantage.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: No, no, no! Have a Unix CRON do the pop-up reminders!
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The Impact of a Security Breach 2017
The Impact of a Security Breach 2017
Despite the escalation of cybersecurity staffing and technology, enterprises continue to suffer data breaches and compromises at an alarming rate. How do these breaches occur? How are enterprises responding, and what is the impact of these compromises on the business? This report offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.