News & Commentary

Latest Content tagged with Attacks/Breaches
Page 1 / 2   >   >>
'Hacker Door' RAT Resurfaces
Quick Hits  |  10/18/2017  | 
Sophisticated RAT re-emerges more than a decade after its 2004 public release, with updated advanced malicious functionality.
Reuters: Microsoft's 2013 Breach Hit Bug Repository, Insiders Say
Quick Hits  |  10/17/2017  | 
Five anonymous former Microsoft employees tell Reuters that Microsoft's database of internally discovered vulnerabilities was compromised in 2013, but Microsoft will not confirm it occurred.
ATM Machine Malware Sold on Dark Web
Quick Hits  |  10/17/2017  | 
Cybercriminals are advertising ATM malware that's designed to exploit hardware and software vulnerabilities on the cash-dispensing machines.
Factorization Bug Exposes Millions Of Crypto Keys To 'ROCA' Exploit
News  |  10/17/2017  | 
Products from Lenovo, HPE, Google, Microsoft, and others impacted by flaw in Infineon chipset.
InfoSec Pros Among Worst Offenders of Employer Snooping
News  |  10/17/2017  | 
A majority of IT security professionals admit to trolling through company information unrelated to their work -- even sensitive material.
Why Security Leaders Can't Afford to Be Just 'Left-Brained'
Commentary  |  10/17/2017  | 
The left side of the brain is logical and linear; the right side, creative. You have to use both sides of the brain to connect to your audience in your business.
Secure Wifi Hijacked by KRACK Vulns in WPA2
News  |  10/16/2017  | 
All modern WiFi access points and devices that have implemented the protocol vulnerable to attacks that allow decryption, traffic hijacking other attacks. Second, unrelated crypto vulnerability also found in RSA code library in TPM chips.
DHS to Require All Fed Agencies to Use DMARC, HTTPS, and STARTTLS
News  |  10/16/2017  | 
The move follows a DHS review of federal government agencies' steps to secure email and deploy authentication technologies.
New Cybercrime Campaign a 'Clear and Imminent' Threat to Banks Worldwide
News  |  10/16/2017  | 
Hundreds of millions of dollars stolen from banks via an sophisticated attack that blended cyber and physical elements.
Adobe Patches Flash ZeroDay Used To Plant Surveillance Software
Quick Hits  |  10/16/2017  | 
Second time in four weeks FINSPY "lawful intercept" tool and a zero-day found together.
GDPR Compliance: 5 Early Steps to Get Laggards Going
Slideshows  |  10/16/2017  | 
If you're just getting on the EU General Data Protection Regulation bandwagon, here's where you should begin.
DoubleLocker Delivers Unique Two-Punch Hit to Android
News  |  10/13/2017  | 
Combines Android ransomware with capability to change users device PINs.
Hyatt Hit With Another Credit Card Breach
Quick Hits  |  10/13/2017  | 
Payment card information stolen when cards were either swiped or manually entered into registration systems at some Hyatt hotels.
Getting the Most Out of Cyber Threat Intelligence
Commentary  |  10/13/2017  | 
How security practitioners can apply structured analysis and move from putting out fires to fighting the arsonists.
Kaspersky Lab and the AV Security Hole
News  |  10/12/2017  | 
It's unclear what happened in the reported theft of NSA data by Russian spies, but an attacker would need little help to steal if he or she had privileged access to an AV vendor's network, security experts say.
Coalition to Offer Free Business Email Compromise Workshops
Quick Hits  |  10/12/2017  | 
A coalition of federal law enforcement agencies, ISACs, and Symantec will offer BEC workshops in a dozen cities.
Equifax Now Faces Potential Breach of Customer Help Page
Quick Hits  |  10/12/2017  | 
Embattled credit-monitoring company takes down help page that reportedly redirects users to download a bogus software update.
Olympic Games Face Greater Cybersecurity Risks
News  |  10/12/2017  | 
Cybercriminals may alter score results and engage in launching physical attacks at future Olympic Games, a recently released report warns.
Ransomware Grabs Headlines but BEC May Be a Bigger Threat
Commentary  |  10/12/2017  | 
With social media, gathering information has never been easier, making Business Email Compromise the land of milk and honey for cybercriminals.
North Korean Threat Actors Probe US Electric Companies
News  |  10/11/2017  | 
September spear phishing attack appeared to be more reconnaissance activity than sign of impending attack, FireEye says.
Akamai Acquires Nominum
Quick Hits  |  10/11/2017  | 
Purchase of DNS and enterprise cybersecurity solutions company is designed to bolster Akamai's offering to telecom carriers.
Phishing Emails that Invoke Fear, Urgency, Get the Most Clicks
News  |  10/11/2017  | 
The most commonly clicked phishing emails include urgent calls to action, or exploit victims' desire for popularity.
How Systematic Lying Can Improve Your Security
Commentary  |  10/11/2017  | 
No, you don't have to tell websites your mother's actual maiden name.
Ransomware Sales on the Dark Web Spike 2,502% in 2017
News  |  10/11/2017  | 
Sales soar to $6.2 million as do-it-yourself kits, ransomware-as-a-service, and distribution offerings take hold.
Cybercrime Meets Culture In Middle East, North African Underground
News  |  10/10/2017  | 
Spirit of sharing and free malware a characteristic of crimeware markets in this region, Trend Micro says.
Equifax: 12.5 Million UK Client Records Exposed in Breach
Quick Hits  |  10/10/2017  | 
But of that data, it affects 700K of British consumers, credit-monitoring company said today.
FDIC Incurs 54 Confirmed and Suspected Breaches in 2 Years
Quick Hits  |  10/10/2017  | 
Office of Inspector General takes the Federal Deposit Insurance Corporation to task for its response to breaches.
Unstructured Data: The Threat You Cannot See
Commentary  |  10/10/2017  | 
Why security teams needs to take a cognitive approach to the increasing volumes of data flowing from sources they don't control.
SiteLock: Website Attacks Surged 186% in Q2
News  |  10/9/2017  | 
Websites mostly belonging to small- to midsized firms got hit with more than 60 attacks per day on average, new analysis finds.
New 4G, 5G Network Flaw 'Worrisome'
News  |  10/9/2017  | 
Weaknesses in the voice and data convergence technology can be exploited to allow cybercriminals to launch DoS attacks and hijack mobile data.
Russian Hackers Targeted NSA Employee's Home Computer
Quick Hits  |  10/6/2017  | 
New reports today say it was a National Security Agency employee, not a a contractor, whose home machine running Kaspersky Lab antivirus was hacked for classified files.
Rise in Insider Threats Drives Shift to Training, Data-Level Security
Commentary  |  10/6/2017  | 
As the value and volume of data grows, perimeter security is not enough to battle internal or external threats.
John Kelly's Personal Phone Compromised
Quick Hits  |  10/6/2017  | 
Officials fear foreign entities may have accessed White House chief of staff Kelly's phone while he was secretary of Homeland Security.
Russian Hackers Pilfered Data from NSA Contractor's Home Computer: Report
News  |  10/5/2017  | 
Classified information and hacking tools from the US National Security Agency landed in the hands of Russian cyberspies, according to a Wall Street Journal report.
How Businesses Should Respond to the Ransomware Surge
News  |  10/5/2017  | 
Modern endpoint security tools and incident response plans will be key in the fight against ransomware.
Equifax Lands $7.25 Million Contract with IRS
Quick Hits  |  10/5/2017  | 
The embattled credit monitoring agency will provide taxpayer identification verification and fraud prevention services to the federal tax agency.
Private, Public, or Hybrid? Finding the Right Fit in a Bug Bounty Program
Commentary  |  10/5/2017  | 
How can a bug bounty not be a bug bounty? There are several reasons. Here's why you need to understand the differences.
Nation-State Attackers Steal, Copy Each Other's Tools
News  |  10/4/2017  | 
When advanced actors steal and re-use tools and infrastructure from other attack groups, it makes it harder to attribute cybercrime.
Yahoo, Equifax Serve as Cautionary Tales in Discerning Data Breach Scope
News  |  10/4/2017  | 
Both companies this week revealed that their previously disclosed breaches impacted a lot more people than previously thought.
DNS a 'Victim of its Own Success'
News  |  10/4/2017  | 
Why securing the Domain Name System remains an afterthought at many organizations.
What Security Teams Need to Know about the NIAC Report
Commentary  |  10/4/2017  | 
Which of the recommendations made by the NIAC working group will affect security teams the most, and how should they prepare?
Ransomware Will Target Backups: 4 Ways to Protect Your Data
Commentary  |  10/4/2017  | 
Backups are the best way to take control of your defense against ransomware, but they need protecting as well.
Yahoo: All 3 Billion Accounts Affected in 2013 Breach
Quick Hits  |  10/3/2017  | 
Every single Yahoo account was affected in a 2013 data breach, bringing the total from 1 billion to 3 billion.
Less Than Half of Consumers Take Protective Steps Post-Breach
Quick Hits  |  10/3/2017  | 
New data on consumer behavior and identity theft shows most don't protect themselves after their personal data is compromised.
70% of US Employees Lack Security and Privacy Awareness
News  |  10/3/2017  | 
Acceptable use of social media and adherence to workplace physical security drops, new survey shows.
Equifax: Number of US Breach Victims Rises to 145.5 Million
Quick Hits  |  10/2/2017  | 
Credit bureau provides update on its breach investigation.
5 IT Practices That Put Enterprises at Risk
Commentary  |  10/2/2017  | 
No one solution will keep you 100% protected, but if you avoid these common missteps, you can shore up your security posture.
Weakness In Windows Defender Lets Malware Slip Through Via SMB Shares
News  |  10/2/2017  | 
CyberArk says the manner in which Defender scans for malicious executables in SMB shares gives attackers an opening.
Apple Shares More Data with US in First Half of 2017
Quick Hits  |  9/29/2017  | 
Device-based data requests from government agencies dropped in the first half over last year, but Apple fulfilled a higher percentage of those requests, according to its transparency report.
Whole Foods Reports Credit Card Breach
Quick Hits  |  9/29/2017  | 
The breach affects customers of certain Whole Foods taprooms and table-service restaurants.
Page 1 / 2   >   >>


Cybersecurity's 'Broken' Hiring Process
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/11/2017
Ransomware Grabs Headlines but BEC May Be a Bigger Threat
Marc Wilczek, Digital Strategist & CIO Advisor,  10/12/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What did you expect from this SOC? A unicorn....
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.