News & Commentary

Latest Content tagged with Attacks/Breaches
Page 1 / 2   >   >>
Email Bomb Threats Follow Sextortion Playbook
News  |  12/14/2018  | 
Yesterday's wave of email bomb threats appear to be an evolution of tactics by the same groups that earlier tried "sextortion" and personal threats, Talos researchers say.
Iranian Hackers Target Nuclear Experts, US Officials
Quick Hits  |  12/14/2018  | 
Hackers ramp up efforts to infiltrate email accounts of Americans responsible for enforcing severe economic sanctions on Iran.
Retailers: Avoid the Hackable Holidaze
Commentary  |  12/14/2018  | 
The most wonderful time of the year? Sure, but not if your business and customers are getting robbed.
Cybercriminals Change Tactics to Outwit Machine-Learning Defense
Quick Hits  |  12/14/2018  | 
The rise in machine learning for security has forced criminals to rethink how to avoid detection.
Universities Get Schooled by Hackers
News  |  12/13/2018  | 
Colleges and universities are prime targets for criminals due to huge sets of personal information and security that is weaker than in many businesses.
Cybercrime Is World's Biggest Criminal Growth Industry
Quick Hits  |  12/13/2018  | 
The toll from cybercrime is expected to pass $6 trillion in the next three years, according to a new report.
Setting the Table for Effective Cybersecurity: 20 Culinary Questions
Commentary  |  12/13/2018  | 
Even the best chefs will produce an inferior product if they begin with the wrong ingredients.
The Economics Fueling IoT (In)security
Commentary  |  12/13/2018  | 
Attackers understand the profits that lie in the current lack of security. That must change.
U.S. Defense, Critical Infrastructure Companies Targeted in New Threat Campaign
News  |  12/12/2018  | 
McAfee finds malware associated with 'Operation Sharpshooter' on systems belonging to at least 87 organizations.
Deception: Honey vs. Real Environments
Commentary  |  12/12/2018  | 
A primer on choosing deception technology that will provide maximum efficacy without over-committing money, time and resources.
Microsoft, PayPal, Google Top Phishing's Favorite Targets in Q3
Quick Hits  |  12/12/2018  | 
One out of every 100 emails an enterprise receives is a phishing scam, and the attackers behind them are getting more sophisticated.
Forget Shifting Security Left; It's Time to Race Left
Commentary  |  12/12/2018  | 
Once DevOps teams decide to shift left, they can finally look forward instead of backward.
Battling Bots Brings Big-Budget Blow to Businesses
News  |  12/11/2018  | 
Fighting off bot attacks on Web applications extracts a heavy cost in human resources and technology, according to a just-released report.
Attackers Using New Exploit Kit to Hijack Home & Small Office Routers
News  |  12/11/2018  | 
Goal is to steal banking credentials by redirecting users to phishing sites.
The Grinch Bot Before Christmas: A Security Story for the Holidays
Commentary  |  12/11/2018  | 
Once upon a time, buyers purchased products from certified sellers. Today, hoarders use botnets to amass goods at significant markup for a new gray-market economy.
NetSecOPEN Names Founding Members, Board of Directors
Quick Hits  |  12/11/2018  | 
The organization is charged with building open, transparent testing protocols for network security.
CrowdStrike: More Organizations Now Self-Detect Their Own Cyberattacks
News  |  12/11/2018  | 
But it still takes an average of 85 days to spot one, the security firm's incident response investigations found.
DanaBot Malware Adds Spam to its Menu
News  |  12/10/2018  | 
A new generation of modular malware increases its value to criminals.
'Highly Active' Seedworm Group Hits IT Services, Governments
News  |  12/10/2018  | 
Since September, the cyber espionage actors have targeted more than 130 victims in 30 organizations including NGOs, oil and gas, and telecom businesses.
Satan Ransomware Variant Exploits 10 Server-Side Flaws
News  |  12/10/2018  | 
Windows, Linux systems vulnerable to self-propagating 'Lucky' malware, security researchers say.
New Google+ Breach Will Lead to Early Service Shutdown
Quick Hits  |  12/10/2018  | 
A breach affecting more than 52 million users was patched, but not before leading to the company rethinking the future of the service.
'Dr. Shifro' Prescribes Fake Ransomware Cure
Quick Hits  |  12/10/2018  | 
A Russian firm aims to capitalize on ransomware victims' desperation by offering to unlock files then passing money to attackers.
6 Cloud Security Predictions for 2019
Commentary  |  12/10/2018  | 
How the fast pace of cloud computing adoption in 2018 will dramatically change the security landscape next year.
Criminals Use Locally Connected Devices to Attack, Loot Banks
News  |  12/7/2018  | 
Tens of millions of dollars stolen from at least eight banks in East Europe, Kasperksy Lab says.
Iranian Nationals Charged for Atlanta Ransomware Attack
Quick Hits  |  12/7/2018  | 
The March attack used SamSam ransomware to infect 3,789 computers.
Kubernetes Deployments Around the World Show Vulnerabilities
Quick Hits  |  12/7/2018  | 
Kubernetes owners who expose APIs to the Internet are leaving their systems open to hackers.
Insider Threats & Insider Objections
Commentary  |  12/7/2018  | 
The tyranny of the urgent and three other reasons why its hard for CISOs to establish a robust insider threat prevention program.
Adobe Flash Zero-Day Spreads via Office Docs
News  |  12/6/2018  | 
Adobe has patched a zero-day in its Flash player after attackers leveraged the exploit in an active campaign.
4 Lessons Die Hard Teaches About Combating Cyber Villains
Commentary  |  12/6/2018  | 
With proper planning, modern approaches, and tools, we can all be heroes in the epic battle against the cyber threat.
7 Common Breach Disclosure Mistakes
Slideshows  |  12/6/2018  | 
How you report a data breach can have a big impact on its fallout.
Evidence in Starwood/Marriott Breach May Point to China
Quick Hits  |  12/6/2018  | 
Attackers used methods, tools previously used by known Chinese hackers.
Symantec Intros USB Scanning Tool for ICS Operators
News  |  12/5/2018  | 
ICSP Neural is designed to address USB-borne malware threats.
A Shift from Cybersecurity to Cyber Resilience: 6 Steps
Commentary  |  12/5/2018  | 
Getting to cyber resilience means federal agencies must think differently about how they build and implement their systems. Here's where to begin.
Starwood Breach Reaction Focuses on 4-Year Dwell
News  |  12/5/2018  | 
The unusually long dwell time in the Starwood breach has implications for both parent company Marriott International and the companies watching to learn from.
Republican Committee Email Hacked During Midterms
Quick Hits  |  12/5/2018  | 
The National Republican Congressional Committee detected the compromise of four staffers' email accounts in April.
Windows 10 Security Questions Prove Easy for Attackers to Exploit
News  |  12/5/2018  | 
New research shows how attackers can abuse security questions in Windows 10 to maintain domain privileges.
The Case for a Human Security Officer
Commentary  |  12/5/2018  | 
Wanted: a security exec responsible for identifying and mitigating the attack vectors and vulnerabilities specifically targeting and involving people.
Backdoors Up 44%, Ransomware Up 43% from 2017
News  |  12/4/2018  | 
Nearly one in three computers was hit with a malware attack this year, and ransomware and backdoors continue to pose a risk.
Quora Breach Exposes Information of 100 Million Users
Quick Hits  |  12/4/2018  | 
The massive breach has exposed passwords for millions who didn't remember having a Quora account.
DHS, FBI Issue SamSam Advisory
News  |  12/4/2018  | 
Following last week's indictment, federal governments issues pointers for how security pros can combat the SamSam ransomware.
London Blue BEC Cybercrime Gang Unmasked
News  |  12/4/2018  | 
Security firm turned the tables on attackers targeting its chief financial officer in an email-borne financial scam.
5 Emerging Trends in Cybercrime
Commentary  |  12/4/2018  | 
Organizations can start today to protect against 2019's threats. Look out for crooks using AI "fuzzing" techniques, machine learning, and swarms.
First Lawsuits Filed in Starwood Hotels' Breach
Quick Hits  |  12/3/2018  | 
Class-action suits have been filed on behalf of guests and shareholders, with more expected.
'Influence Agents' Used Twitter to Sway 2018 Midterms
Quick Hits  |  12/3/2018  | 
About 25% of political support in Arizona and Florida was generated by influence agents using Twitter as a platform, research shows.
Holiday Hacks: 6 Cyberthreats to Watch Right Now
Slideshows  |  11/30/2018  | 
'Tis the season for holiday crafted phishes, scams, and a range of cyberattacks. Experts list the hottest holiday hacks for 2018.
Massive Starwood Hotels Breach Hits 500 Million Guests
News  |  11/30/2018  | 
Among the unknowns: who is behind the breach and how many of the affected records have been sold or used by criminals.
Threat Hunting: Improving Bot Detection in Enterprise SD-WANs
Commentary  |  11/30/2018  | 
How security researchers tracked down Kuai and Bujoi malware through multiple vectors including client type, traffic frequency, and destination.
39 Arrested in Tech Support Scam Crackdown: Microsoft
Quick Hits  |  11/30/2018  | 
Law enforcement officials in India raided 16 call center locations that conned primarily American and Canadian victims.
Overall Volume of Thanksgiving Weekend Malware Attacks Lower This Year
News  |  11/29/2018  | 
But ransomware attacks go through the roof, new threat data from SonicWall shows.
Anti-Botnet Guide Aims to Tackle Automated Threats
News  |  11/29/2018  | 
The international guide is intended to help organizations defend their networks and systems from automated and distributed attacks.
Page 1 / 2   >   >>


Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20161
PUBLISHED: 2018-12-15
A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips (triggered by the motion sensor) are not saved if the attacker's traffic (such as Dot11Deauth) successfully disconnects the Sync Module from the...
CVE-2018-20159
PUBLISHED: 2018-12-15
i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a "...
CVE-2018-20157
PUBLISHED: 2018-12-15
The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.
CVE-2018-20154
PUBLISHED: 2018-12-14
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses.
CVE-2018-20155
PUBLISHED: 2018-12-14
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings.