News & Commentary
Latest Content tagged with Attacks/Breaches
Page 1 / 2   >   >>
Android Marcher Variant Makes Rounds as Adobe Flash Player Update
Quick Hits  |  6/23/2017  | 
Zscaler researchers discover a new variant of the Android Marcher malware, which aims to steal online banking credentials and credit card information.
$12B in Fraud Loss Came from Data Breach Victims in 2016
Quick Hits  |  6/23/2017  | 
Three-quarters of the total fraud losses for 2016 arose from victims who had been victims of a data breach within the previous six years.
RAT Vulnerabilities Turn Hackers into Victims
News  |  6/23/2017  | 
A small number of Remote Administration Tools have vulnerabilities which can enable attack targets to turn the tables on threat actors.
Threat Intelligence Sharing: The New Normal?
Commentary  |  6/23/2017  | 
The spirit of cooperation seems to be taking hold as demonstrated by the growing number of thriving services and organizations whose sole purpose is to analyze specific threats against specific communities.
8 Hot Hacking Tools to Come out of Black Hat USA
Slideshows  |  6/23/2017  | 
High-impact tools for white hats that will be revealed and released next month at Black Hat USA in Las Vegas.
'GhostHook' Foils Windows 10 64-bit's Kernel Protection
News  |  6/22/2017  | 
Microsoft says an attacker needs kernel-level access before they can use the 'GhostHook' technique to install a rootkit.
Nuclear Plants, Hospitals at Risk of Hacked Radiation Monitoring Devices
News  |  6/22/2017  | 
Security researcher discovers major security flaws that can't be patched or fixed.
Two Arrested for Microsoft Network Intrusion
Quick Hits  |  6/22/2017  | 
UK authorities arrest two men for allegedly breaking into Microsoft's network with the intent to steal customer data from the software giant.
Most General Counsels Fret over Data Security
Quick Hits  |  6/22/2017  | 
An overwhelming percentage of in-house attorneys say cyberattacks and the impact on their business keeps them up at night, a recent survey shows.
KPMG: Cybersecurity Has Reached a Tipping Point from Tech to CEO Business Issue
Commentary  |  6/22/2017  | 
Still, a majority of US-based chief execs say they will be maintaining and not investing in security technology over the next three years, a recent study shows.
WannaCry? Youre Not Alone: The 5 Stages of Security Grief
Commentary  |  6/22/2017  | 
As breach after breach hits the news, security professionals cope with the classic experiences of denial, anger, bargaining, depression, and acceptance.
'Stack Clash' Smashed Security Fix in Linux
News  |  6/21/2017  | 
Linux, OpenBSD, Free BSD, Solaris security updates available to thwart newly discovered attack by researchers.
WannaCry Forces Honda to Take Production Plant Offline
News  |  6/21/2017  | 
Work on over 1,000 vehicles affected at automaker's Sayama plant in Japan while systems were restored.
Russian Hackers Focused on Election Systems in 21 States
Quick Hits  |  6/21/2017  | 
A Department of Homeland Security official testified today that hackers tied to the Russian government attempted to infiltrate election systems in nearly two dozen states.
Consumer Businesses Have False Confidence in their Security: Deloitte
Quick Hits  |  6/21/2017  | 
Consumer business executives are confident in their ability to respond to cyberattacks but fail to document and test response plans.
The Folly of Vulnerability & Patch Management for ICS Networks
Commentary  |  6/21/2017  | 
Yes, such efforts matter. But depending on them can give a false sense of security.
Trusted IDs Gain Acceptance in Smart Building Environment
Quick Hits  |  6/20/2017  | 
A majority of survey respondents believe identities can be connected across multiple systems and devices through a single ID card or mobile phone.
Organizations Are Detecting Intrusions More Quickly
News  |  6/20/2017  | 
But almost every other metric in Trustwave's 2017 global cybersecurity report card is headed in the wrong direction.
Data Breach Costs Drop Globally But Increase in US
News  |  6/20/2017  | 
The average total cost of a data breach declined 10% year-over-year around the world, but in the US edged upward by 5%.
Apple iOS Threats Fewer Than Android But More Deadly
News  |  6/20/2017  | 
Data leakage and corruption haunt iOS and Android mobile apps the most, a new study shows.
Feds Call on Contractors to Play Ball in Mitigating Insider Threats
Commentary  |  6/20/2017  | 
It's said that you're only as strong as your weakest player. That's as true in security as it is in sports.
Cybersecurity Fact vs. Fiction
Commentary  |  6/20/2017  | 
Based on popular media, it's easy to be concerned about the security of smart cars, homes, medical devices, and public utilities. But how truly likely are such attacks?
RNC Voter Data on 198 Million Americans Exposed in the Cloud
News  |  6/19/2017  | 
One of the largest known US voter data leaks compromised personal information via an unsecured public-storage cloud account set up on behalf of the Republican National Committee.
Rise of Nation State Threats: How Can Businesses Respond?
News  |  6/19/2017  | 
Cybersecurity experts discuss nation-state threats of greatest concerns, different types of attacks, and how organization can prepare.
Accused Yahoo Hacker May Comply with US Extradition
Quick Hits  |  6/19/2017  | 
A Canadian hacker accused of collaborating with Russian cybercriminals in the 2014 Yahoo breach, may waive his right to fight US extradition.
Invisible Invaders: Why Detecting Bot Attacks Is Becoming More Difficult
Commentary  |  6/19/2017  | 
Traditional methods can't block the latest attackers, but a behavioral approach can tell the difference between bots and humans.
Hacker Bypasses Microsoft ATA for Admin Access
News  |  6/16/2017  | 
Microsoft's Advanced Threat Analytics defense platform can be cheated, a researcher will show at Black Hat USA next month.
Engineer Sentenced to Prison for Hacking Utility, Disabling Water Meter-Readers
Quick Hits  |  6/16/2017  | 
A Pennsylvania man is sentenced to more than a year in prison after hacking into a remote water meter reading system run by his former employer.
FIN10 Threat Actors Hack and Extort Canadian Mining, Casino Industries
News  |  6/16/2017  | 
Previously unknown threat actor has extracted hundreds of thousands of dollars from Canadian companies in a vicious cyberattack campaign that dates back to 2013, FireEye says.
Lack of Experience Biggest Obstacle for InfoSec Career
Quick Hits  |  6/16/2017  | 
A majority of wanna-be infosec professionals find they need more experience to be a contender to enter this career, according to a recent Tripwire poll.
NSA Reportedly Confident North Korea Was Behind WannaCry
News  |  6/15/2017  | 
But some say no evidence exists to unequivocally pin blame for attacks on Pyongyang.
Samsung KNOX Takes Some Knocks
News  |  6/15/2017  | 
Researcher at Black Hat USA will reveal Samsung KNOX 2.6 vulnerabilities and bypass techniques, and notes that new KNOX 2.8 may be at risk as well.
Climbing the Security Maturity Ladder in Cloud
Commentary  |  6/15/2017  | 
These five steps will insure that you achieve the broadest coverage for onboarding your most sensitive workloads.
Most Organizations Not Satisfied with Threat Intelligence
Quick Hits  |  6/15/2017  | 
Information Security Forum survey finds just one quarter of companies surveyed say threat intelligence technology is delivering on its promise.
Trumps Executive Order: What It Means for US Cybersecurity
Commentary  |  6/15/2017  | 
The provisions are all well and good, but its hardly the first time theyve been ordered by the White House.
Malware Incidents at US SMBs Spiked 165% in Q1
News  |  6/15/2017  | 
Texas-based SMBs suffered the most malware attack attempts in the first quarter while those in Arizona had the biggest year-over-year increase, according to new Malwarebytes report.
Hospital Email Security in Critical Condition as DMARC Adoption Lags
News  |  6/14/2017  | 
Healthcare providers put patient data at risk by failing to protect their email domains with DMARC adoption.
US Warns of North Korea's Not-So-Secret 'Hidden Cobra' DDoS Botnet
News  |  6/14/2017  | 
Reclusive government behind DDoS infrastructure is targeting organizations around the world US-CERT says.
Microsoft Security Updates Include Windows XP, Server 2003
News  |  6/14/2017  | 
Microsoft extends its monthly security updates to respond to a rise in cyberattacks and fix serious flaws in Windows XP and Windows Server 2003.
How Smart Cities Can Minimize the Threat of Cyberattacks
Commentary  |  6/14/2017  | 
As cities face the digital future, governments must prioritize cybersecurity protocols to mitigate attacks that could cripple entire communities.
Relentless Attackers Try Over 100,000 Times Before They Breach a System
News  |  6/14/2017  | 
New report from startup tCell shows XSS attempts a noisy reminder of the overwhelming scale of automated attack techniques.
Europol Operation Busts Payment Card Identity Theft Ring
News  |  6/13/2017  | 
Members of an international crime ring of payment card skimmers who stole more than $500,000 were arrested by a joint multi-national law enforcement operation.
A Former FBI Most Wanted Cybercriminal is Extradited to US
Quick Hits  |  6/13/2017  | 
The Latvian man is charged with four counts of wire fraud and unauthorized computer use in a "scareware" scheme that netted more than $2 million.
WannaCry 'Scareware' Driving Downloads of Bogus Anti-Virus Apps
Quick Hits  |  6/13/2017  | 
Fake anti-virus apps account for 12.2% of active AV apps in the Google Play store, of which roughly one in 10 are blacklisted, according to a report released today.
Deep Learning's Growing Impact on Security
Commentary  |  6/13/2017  | 
Neural networks are now practical for real-world applications, cutting back on work needed from analysts.
The Rising Tide of Crimeware-as-a-Service
Slideshows  |  6/13/2017  | 
Malware, botnets, phishing and backdoors are all offered on the cheap as subscription. These days even crime is in the cloud.
First Malware Designed Solely for Electric Grids Caused 2016 Ukraine Outage
News  |  6/12/2017  | 
Attackers used CrashOverride/Industroyer to cause a partial power outage in Kiev, Ukraine, but it can be used anywhere, say researchers at Dragos and ESET.
New Malware-as-a-Service Offerings Target Mac OS X
News  |  6/12/2017  | 
MacSpy and MacRansom are two early variants of malware-as-a-service portals targeting the broader population of Mac users.
FTC Issues Advice on Mobile Phone Data Security, Identity Theft
Quick Hits  |  6/12/2017  | 
The Federal Trade Commission offers hindsight and foresight on ways to reduce identity theft should your mobile device get stolen.
The Detection Trap: Improving Cybersecurity by Learning from the Secret Service
Commentary  |  6/12/2017  | 
Intruders often understand the networks they target better than their defenders do.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
The Dark Reading Security Spending Survey
The Dark Reading Security Spending Survey
Enterprises are spending an unprecedented amount of money on IT security where does it all go? In this survey, Dark Reading polled senior IT management on security budgets and spending plans, and their priorities for the coming year. Download the report and find out what they had to say.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.