News & Commentary
Latest Content tagged with Attacks/Breaches
Page 1 / 2   >   >>
HHS Hits CardioNet with $2.5M HIPAA Settlement Fee
Quick Hits  |  4/26/2017  | 
The US Department of Health and Human Services slapped the mobile cardiac monitoring service with fee after breach of customer health data.
Chipotle Serves Up Security Incident Warning
Quick Hits  |  4/26/2017  | 
The Mexican restaurant chain notifies customers its payment processing system may have been hacked, marking the latest woes for the fast-food maker.
What Role Should ISPs Play in Cybersecurity?
Commentary  |  4/26/2017  | 
There are many actions ISPs could do to make browsing the Web safer, but one thing stands out.
New Ad Fraud Campaign Uses Millions of Domain Names to Bilk Advertising Networks
News  |  4/26/2017  | 
NoTrove has established a huge infrastructure to make money through click redirection and scam traffic-brokering.
INTERPOL Operation Sweeps Up Thousands of Cybercrime Servers Used for Ransomware, DDoS, Spam
News  |  4/25/2017  | 
Massive public-private 'cyber surge' in Asia identifies hundreds of compromised websites in operation that spans multiple cybercriminal groups, activities.
Chinese, Russian Cyber Groups Research Shadow Brokers Malware
News  |  4/25/2017  | 
Cyber communities in China and Russia have started digging into the most recent release of malware from Shadow Brokers.
xDedic Marketplace Data Spells Danger for Businesses
News  |  4/25/2017  | 
The xDedic marketplace, a hotspot for cybercriminals on the dark web, sells access to RDP servers to enable attacks on government and corporations.
Why (& How) CISOs Should Talk to Company Boards
Commentary  |  4/25/2017  | 
The C-Suite needs to minimize cybersecurity risk in order to maximize its principal goal of attaining high-level, sustainable growth.
Hyundai Blue Link Vulnerability Allows Remote Start of Cars
Quick Hits  |  4/25/2017  | 
Car maker Hyundai patched a vulnerability in its Blue Link software, which could potentially allow attackers to remotely unlock a vehicle and start it.
IT-OT Convergence: Coming to an Industrial Plant Near You
Commentary  |  4/25/2017  | 
There's been a big divide between IT and OT, but that must end. Here's how to make them come together.
4 Industries Account for Majority of Global Ransomware Attacks
Quick Hits  |  4/25/2017  | 
When it comes to 77% of global ransomware attacks, these four industries take the greatest hit, according to a global threat trends report released today.
Macron Targeted by Russian Cyber Spies
Quick Hits  |  4/24/2017  | 
France's leading presidential candidate Emmanuel Macron's campaign reportedly is being targeted by hackers ties to Russia's military intelligence arm GRU.
A Closer Look at CIA-Linked Malware as Search for Rogue Insider Begins
News  |  4/24/2017  | 
Symantec researcher explains the goals behind CIA-linked hacking tools, as the government launches an investigation to discover who gave secret documents to WikiLeaks.
IT Engineer Stole Source Code to Verify Acquisition
Quick Hits  |  4/24/2017  | 
Zhengquan Zhang admitted to installing malware on his employer's servers, which he did to research a potential acquisition.
The Road Less Traveled: Building a Career in Cyberthreat Intelligence
Commentary  |  4/24/2017  | 
It's hard to become a threat intelligence pro, but there are three primary ways of going about it.
Russian Citizen Gets Record 27-Year Sentence for Hacking, Fraud Scheme
Quick Hits  |  4/21/2017  | 
Roman Valeryevich gets 27 years for hacking PoS machines. Meanwhile, spam master Pyotr Levashov's indictment is unsealed.
Android Geo-Location Spyware Installed By Up To 5 Million Users
Quick Hits  |  4/21/2017  | 
SMSVova, disguised itself as a system update app and duped between 1 million and 5 million users into downloading it from the Google Play store.
Machine Learning in Security: 4 Factors to Consider
News  |  4/21/2017  | 
Key factors to consider before adding machine learning to your security strategy.
Nigerian Convicted in Passport Wire Fraud and Internet Scam
Quick Hits  |  4/21/2017  | 
A Nigerian man set up a number of U.S. bank accounts with bogus passports over a one year period, in which he managed to steal at least $500,000 through wire fraud and Internet scams.
Exploits Targeting Corporate Users Surged Nearly 30% In 2016
News  |  4/21/2017  | 
At same time, number of attacks targeting software vulnerabilities in systems used by consumers declined over 20%, Kaspersky Lab says in new report.
Best Practices for Securing Open Source Code
Commentary  |  4/21/2017  | 
Attackers see open source components as an obvious target because there's so much information on how to exploit them. These best practices will help keep you safer.
6 Times Hollywood Got Security Right
Slideshows  |  4/20/2017  | 
Hollywood has struggled to portray cybersecurity in a realistic and engaging way. Here are films and TV shows where it succeeded.
Kill Chain & the Internet of Things
Commentary  |  4/20/2017  | 
IoT things such as security cameras, smart thermostats and wearables are particularly easy targets for kill chain intruders, but a layered approach to security can help thwart an attack.
Fake Delta Airlines Receipt Packs Malware
Quick Hits  |  4/20/2017  | 
Phishing emails, disguised as receipts from Delta Airlines, trick victims into downloading malware.
Cutting through the Noise: Is It AI or Pattern Matching?
Commentary  |  4/20/2017  | 
Many vendors are fudging terms when trying to sell their artificial intelligence security systems. Here's what you need to know when you buy.
3 Tips for Updating an Endpoint Security Strategy
News  |  4/19/2017  | 
How to face the process of navigating new threats, tools, and features to build an effective endpoint security strategy.
Google Won't Trust Symantec and Neither Should You
Commentary  |  4/19/2017  | 
As bad as this controversy is for Symantec, the real damage will befall the company and individual web sites deemed untrustworthy by a Chrome browser on the basis of a rejected Symantec certificate.
InterContinental Hotels Group Breach Checks In at 1,200 Locations
Quick Hits  |  4/19/2017  | 
IHG franchises in its Americas region were hit with a point-of-sale malware breach, affecting 1,200 hotels ranging from its Crowne Plaza to Holiday Inn Express.
Cybercriminals Mostly Prefer Skype Messaging
News  |  4/19/2017  | 
But cybercrime gangs worldwide are increasingly using encrypted peer-to-peer chat platforms for their communications outside online underground forums, new study finds.
The Architecture of the Web Is Unsafe for Today's World
Commentary  |  4/19/2017  | 
The Internet is based on protocols that assume content is secure. A new, more realistic model is needed.
Advanced, Low-Cost Ransomware Tools on the Rise
News  |  4/18/2017  | 
New offerings cost as little as $175 and come with lots of anti-detection bells and whistles.
Intrusion Suppression:' Transforming Castles into Prisons
Commentary  |  4/18/2017  | 
How building cybersecurity structures that decrease adversaries dwell time can reduce the damage from a cyberattack.
SWIFT: System Unaffected Following Shadow Brokers Leak
Quick Hits  |  4/18/2017  | 
SWIFT, the interbank messaging system allegedly targeted by the NSA, says there is no indication its network has been compromised.
Identity Thief Faces Potential 22-Year Prison Sentence
Quick Hits  |  4/18/2017  | 
A foreign national pleads guilty to two criminal counts after he and his cohorts steal nearly $1.48 million in bogus tax return refunds following an identity theft hack on a Pittsburgh medical center.
Microsoft Fixed Windows Vulns Before Shadow Brokers Dump
Quick Hits  |  4/17/2017  | 
Microsoft reports the Windows exploits released by Shadow Brokers had already been fixed in earlier patches.
The Second Coming of Managed File Transfer Has Arrived
Commentary  |  4/17/2017  | 
Sometimes, a mature, embedded technology still makes the most sense, especially when it comes to data security.
Why Brand Trumps Tech in C-Level Conversations
News  |  4/17/2017  | 
Brand reputation, not technical tools, should be the focus of the CIO's conversations with board members about the importance of security.
Engineer Arrested for Attempted Theft of Trade Secrets
Quick Hits  |  4/14/2017  | 
Software engineer Dmitry Sazonov has been arrested for trying to steal valuable code from his employer, a financial services firm.
Nearly 40% of Ransomware Victims Pay Attackers
Quick Hits  |  4/14/2017  | 
Ransomware is targeting more consumers, and many of them are paying hundreds to attackers.
10 Questions To Get Practical Answers At Interop ITX
Commentary  |  4/14/2017  | 
May 15-19 in Las Vegas: How to get solutions and advice from top speakers for the things that you really want to know.
1 Out of 5 Companies Have Suffered Mobile Device Breach
Quick Hits  |  4/14/2017  | 
A survey on security solutions for mobile devices finds 24% don't even know if they have been breached.
Health Savings Account Fraud: The Rapidly Growing Threat
Commentary  |  4/14/2017  | 
As income tax season comes to a close, financially-motivated cybercriminals are honing new tactics for monetizing medical PII.
The Long Slog To Getting Encryption Right
News  |  4/14/2017  | 
Encryption practices have improved dramatically over the last 10 years, but most organizations still don't have enterprise-wide crypto strategies.
95% of Organizations Have Employees Seeking to Bypass Security Controls
News  |  4/13/2017  | 
Use of TOR, private VPNs on the rise in enterprises, Dtex report shows.
Got an Industrial Network? Reduce your Risk of a Cyberattack with Defense in Depth
Commentary  |  4/13/2017  | 
If an aggressive, all-out cyberdefense strategy isnt already on your operational technology plan for 2017, its time to get busy.
So You Want to Be a Security Rock Star?
Commentary  |  4/13/2017  | 
While the thrill of crafting attention-grabbing stunt hacks may seem like the coolest job on earth, what our industry needs more of are strong defenders who can fix things as well as break them.
Fifth Person Pleads Guilty in $5 Million ID Theft Case
Quick Hits  |  4/13/2017  | 
A total of five Eastern Europeans were arrested for conspiracy involving cyberattacks and fraudulent purchases.
Hackers May Have DDoS'ed Brexit Vote Site: Report
Quick Hits  |  4/13/2017  | 
British MPs suggest cyberattackers may have used DDoS attacks to bring site down before EU referendum.
New Breed of DDoS Attack On the Rise
News  |  4/13/2017  | 
Akamai Networks since October has detected and mitigated at least 50 DDoS attacks using Connectionless LDAP.
Nation-State Hackers Go Open Source
News  |  4/12/2017  | 
Researchers who track nation-state groups say open-source hacking tools increasingly are becoming part of the APT attack arsenal.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.