News & Commentary

Latest Content tagged with Attacks/Breaches
Page 1 / 2   >   >>
Ohio Man Sentenced to 15 Years for BEC Scam
Quick Hits  |  8/20/2018  | 
Olumuyiwa Adejumo and co-conspirators targeted CEOs, CFOs, and other enterprise leaders in the US with fraudulent emails.
Augusta University Health Reports Major Data Breach
Quick Hits  |  8/20/2018  | 
Over 400K individuals affected by the breach, which was the result of a successful phishing attack that occurred in September 2017.
Real Estate Industry Remains Rich Target for Cybercrime
News  |  8/20/2018  | 
Trojans, file downloaders, stolen credentials, and BEC scams, hitting the real estate sector.
Make a Wish: Dark Reading Caption Contest Winners
Commentary  |  8/18/2018  | 
Certification, endpoint security, 2FA, phishing, and PII were among the themes and puns offered by readers in our latest cartoon caption competition. And the winners are ...
Researchers Find New Fast-Acting Side-Channel Vulnerability
News  |  8/17/2018  | 
A group of researchers from Georgia Tech have discovered a method for pulling encryption keys from mobile devices without ever touching the phones, themselves.
Malicious Cryptomining & Other Shifting Threats
Malicious Cryptomining & Other Shifting Threats
Dark Reading Videos  |  8/17/2018  | 
Skybox Security CMO Michelle Johnson Cobb discloses research results that include a spike in malicious cryptomining during Bitcoins peak, a shift to outside-the-perimeter mobile threats, and more.
Marap Malware Appears, Targeting Financial Sector
Quick Hits  |  8/17/2018  | 
A new form of modular downloader packs the ability to download other modules and payloads.
Australian Teen Hacked Apple Network
Quick Hits  |  8/17/2018  | 
The 16-year-old made off with 90 gigs of sensitive data.
The 5 Challenges of Detecting Fileless Malware Attacks
Commentary  |  8/17/2018  | 
Simply applying file-based tools and expectations to fileless attacks is a losing strategy. Security teams must also understand the underlying distinctions between the two.
The Rise of Bespoke Ransomware
The Rise of Bespoke Ransomware
Dark Reading Videos  |  8/17/2018  | 
Drawing from a recent study by SophosLabs, Principal Research Scientist Chester Wisniewski highlights a shift to the rise of more targeted and sophisticated ransomware threats, such as SamSam.
Necurs Botnet Goes Phishing for Banks
News  |  8/16/2018  | 
A new Necurs botnet campaign targets thousands of banks with a malicious file dropping the FlawedAmmyy remote-access Trojan.
Overcoming 'Security as a Silo' with Orchestration and Automation
Commentary  |  8/16/2018  | 
When teams work in silos, the result is friction and miscommunication. Automation changes that.
Intel Reveals New Spectre-Like Vulnerability
News  |  8/15/2018  | 
A new side-channel speculative execution vulnerability takes aim at a different part of the CPU architecture than similar vulnerabilities that came before it.
2018 Pwnie Awards: Who Pwned, Who Got Pwned
Slideshows  |  8/15/2018  | 
A team of security experts round up the best and worst of the year in cybersecurity at Black Hat 2018.
Instagram Hack: Hundreds Affected, Russia Suspected
Quick Hits  |  8/15/2018  | 
Affected users report the email addresses linked to their Instagram accounts were changed to .ru domains.
Open Source Software Poses a Real Security Threat
Commentary  |  8/15/2018  | 
It's true that open source software has many benefits, but it also has weak points. These four practical steps can help your company stay safer.
Microsoft ADFS Vulnerability Lets Attackers Bypass MFA
News  |  8/14/2018  | 
The flaw lets an attacker use the same second factor to bypass multifactor authentication for any account on the same ADFS service.
Washington Man Sentenced in Ransomware Conspiracy
Quick Hits  |  8/14/2018  | 
A guilty plea brings 18-month sentence on money laundering charges for former Microsoft employee.
'Election Protection' Aims to Secure Candidates Running for Office
Quick Hits  |  8/14/2018  | 
The kit is designed to prevent credential theft targeting people running for federal, state, and local elected offices.
Social Engineers Show Off Their Tricks
News  |  8/13/2018  | 
Experts in deception shared tricks of the trade and showed their skills at Black Hat and DEF CON 2018.
Nigerian National Convicted for Phishing US Universities
Quick Hits  |  8/13/2018  | 
Olayinka Olaniyi and his co-conspirator targeted the University of Virginia, Georgia Tech, and other educational institutions.
FBI Warns of Cyber Extortion Scam
Quick Hits  |  8/13/2018  | 
Spear-phishing techniques are breathing new life into an old scam.
The Data Security Landscape Is Shifting: Is Your Company Prepared?
Commentary  |  8/13/2018  | 
New ways to steal your data (and profits) keep cropping up. These best practices can help keep your organization safer.
NSA Brings Nation-State Details to DEF CON
News  |  8/10/2018  | 
Hackers were eager to hear the latest from the world of nation-state cybersecurity.
The Enigma of AI & Cybersecurity
Commentary  |  8/10/2018  | 
We've only seen the beginning of what artificial intelligence can do for information security.
6 Eye-Raising Third-Party Breaches
Slideshows  |  8/10/2018  | 
This year's headlines have featured a number of high-profile exposures caused by third parties working on behalf of major brands.
Cloud Intelligence Throwdown: Amazon vs. Google vs. Microsoft
News  |  8/9/2018  | 
A closer look at native threat intelligence capabilities built into major cloud platforms and discussion of their strengths and shortcomings.
AWS Employee Flub Exposes S3 Bucket Containing GoDaddy Server Configuration and Pricing Models
News  |  8/9/2018  | 
Publicly accessible S3 bucket included configuration data for tens of thousands of systems, as well as sensitive pricing information.
PGA of America Struck By Ransomware
Quick Hits  |  8/9/2018  | 
Hackers provided a Bitcoin wallet number, though no specific ransom amount was demanded, for the return of files.
Dark Reading News Desk Live at Black Hat USA 2018
News  |  8/9/2018  | 
Watch here Wednesday and Thursday, 2 p.m. - 6 p.m. ET to see over 40 live video interviews straight from the Black Hat USA conference in Las Vegas.
Oh, No, Not Another Security Product
Commentary  |  8/9/2018  | 
Let's face it: There are too many proprietary software options. Addressing the problem will require a radical shift in focus.
White Hat to Black Hat: What Motivates the Switch to Cybercrime
News  |  8/8/2018  | 
Almost one in 10 security pros in the US have considered black hat work, and experts believe many dabble in criminal activity for financial gain or employer retaliation.
Understanding Firewalls: Build Them Up, Tear Them Down
News  |  8/8/2018  | 
A presentation at Black Hat USA will walk attendees through developing a firewall for MacOS, and then poking holes in it.
Shadow IT: Every Company's 3 Hidden Security Risks
Commentary  |  8/7/2018  | 
Companies can squash the proliferation of shadow IT if they listen to employees, create transparent guidelines, and encourage an open discussion about the balance between security and productivity.
US-CERT Warns of New Linux Kernel Vulnerability
Quick Hits  |  8/7/2018  | 
Patches now available to prevent DoS attack on Linux systems.
IT Managers: Are You Keeping Up with Social-Engineering Attacks?
Commentary  |  8/6/2018  | 
Increasingly sophisticated threats require a mix of people, processes, and technology safeguards.
Spot the Bot: Researchers Open-Source Tools to Hunt Twitter Bots
News  |  8/6/2018  | 
Their goal? To create a means of differentiating legitimate from automated accounts and detail the process so other researchers can replicate it.
Mastering MITRE's ATT&CK Matrix
Slideshows  |  8/6/2018  | 
This breakdown of Mitre's model for cyberattacks and defense can help organizations understand the stages of attack events and, ultimately, build better security.
Dept. of Energy to Test Electrical Grid Against Cyberattacks
Quick Hits  |  8/3/2018  | 
This is the first time the Department of Energy will test the electrical grid's ability to recover from a blackout caused by cyberattacks.
4 Reasons Why Companies Are Failing at Incident Response
Commentary  |  8/3/2018  | 
When it comes to containing the business impacts of a security breach, proper planning is often the difference between success and failure.
Is SMS 2FA Enough Login Protection?
News  |  8/3/2018  | 
Experts say Reddit breach offers a prime example of the risks of depending on one-time passwords sent via text.
Industrial Sector Targeted in Highly Personalized Spear-Phishing Campaign
News  |  8/2/2018  | 
At least 400 companies in Russia have been in the bullseye of new, sophisticated spear-phishing attacks, Kaspersky Lab says.
Cryptojacker Campaign Hits MikroTik Routers
News  |  8/2/2018  | 
More than 200,000 routers hit with a sophisticated cryptomining attack that appears to be spreading.
Power Grid Security: How Safe Are We?
Commentary  |  8/2/2018  | 
Experiencing a power outage? It could have been caused by a hacker or just a squirrel chewing through some equipment. And that's a problem.
Feds Indict Three Ukrainians For Cyberattacks on 100+ Companies
News  |  8/1/2018  | 
Dmytro Fedorov, Fedir Hladyr, and Andrii Kolpakov are senior members of the notorious FIN7 cybercrime group, aka the Carbanak Group.
New Chrome Extension Alerts Users to Hacked Sites
News  |  8/1/2018  | 
HackNotice leverages a database of 20,000 hacks to alert users when a site they visit has been compromised.
Reddit Warns Users of Data Breach
Quick Hits  |  8/1/2018  | 
An attacker broke into Reddit systems and accessed user data, email addresses, and a database of hashed passwords from 2007.
UnityPoint Health Reveals 1.4 Million Patient Breach
Quick Hits  |  8/1/2018  | 
The hospital company's second breach this year is far larger than the first.
How AI Could Become the Firewall of 2003
Commentary  |  8/1/2018  | 
An over-reliance on artificial intelligence and machine learning for the wrong uses will create unnecessary risks.
48% of Customers Avoid Services Post-Data Breach
Quick Hits  |  8/1/2018  | 
Nearly all organizations hit with a security incident report a long-term negative impact on both revenue and consumer trust.
Page 1 / 2   >   >>


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Data Privacy Careers Are Helping to Close the IT Gender Gap
Dana Simberkoff, Chief Compliance and Risk Management Officer, AvePoint, Inc,  8/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10006
PUBLISHED: 2018-08-20
Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference vulnerability in Function jsi_ValueCopyMove from jsiValue.c:240 that can result in Crash due to segmentation fault. This attack appear to be exploitable via a crafted javascript code. This vulnerability appears to have been fixed in 2...
CVE-2018-10006
PUBLISHED: 2018-08-20
The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This ...
CVE-2018-10006
PUBLISHED: 2018-08-20
Rust Programming Language Rust standard library version Commit bfa0e1f58acf1c28d500c34ed258f09ae021893e and later; stable release 1.3.0 and later contains a Buffer Overflow vulnerability in std::collections::vec_deque::VecDeque::reserve() function that can result in Arbitrary code execution, but no ...
CVE-2018-10006
PUBLISHED: 2018-08-20
JabRef version <=4.3.1 contains a XML External Entity (XXE) vulnerability in MsBibImporter XML Parser that can result in disclosure of confidential data, denial of service, server side request forgery, port scanning. This attack appear to be exploitable via Specially crafted MsBib file. This vuln...
CVE-2018-10006
PUBLISHED: 2018-08-20
zzcms version 8.3 and earlier contains a SQL Injection vulnerability in zt/top.php line 5 that can result in could be attacked by sql injection in zzcms in nginx. This attack appear to be exploitable via running zzcms in nginx.