News & Commentary

Latest Content tagged with Attacks/Breaches
Page 1 / 2   >   >>
EU Takes Step Toward Cyberattack Sanctions
Quick Hits  |  10/19/2018  | 
European leaders complete first step toward establishing a sanctions regime.
WSJ Report: Facebook Breach the Work of Spammers, Not Nation-State Actors
News  |  10/19/2018  | 
A report by the Wall Street Journal points finger at group that is know to Facebook Security.
Risky Business: Dark Reading Caption Contest Winners
Commentary  |  10/19/2018  | 
Phishing, anti-shoulder surfing, Russia and other hysterical identity management puns and comments. And the winners are ...
Cyber Espionage Campaign Reuses Code from China's APT1
News  |  10/18/2018  | 
US, Canadian organizations in crosshairs of group with apparent links to a Chinese military hacking unit that wreaked havoc several years ago.
Audits: The Missing Layer in Cybersecurity
Commentary  |  10/18/2018  | 
Involving the audit team ensures that technology solutions are not just sitting on the shelf or being underutilized to strategically address security risks.
Former Equifax Manager Sentenced for Insider Trading
Quick Hits  |  10/18/2018  | 
Sudhakar Bonthu bought and sold Equifax stock options prior to the public disclosure of its 2017 data breach.
Getting Up to Speed with "Always-On SSL"
Commentary  |  10/18/2018  | 
Websites can avoid the negative consequences of a "not secure" label from Google Chrome 68 by following four AOSSL best practices.
Inside the Dark Web's 'Help Wanted' Ads
News  |  10/18/2018  | 
How cybercriminals recruit everyone from car drivers to corporate insiders and pay them according to the risk they assume.
3 Years After Attacks on Ukraine Power Grid, BlackEnergy Successor Poses Growing Threat
News  |  10/17/2018  | 
In what could be a precursor to future attacks, GreyEnergy is targeting critical infrastructure organizations in Central and Eastern Europe.
Cybercrime-as-a-Service: No End in Sight
Commentary  |  10/17/2018  | 
Cybercrime is easy and rewarding, making it a perfect arena for criminals everywhere.
SEC Warns Public Companies on Accounting Control Use
Quick Hits  |  10/17/2018  | 
A new SEC investigative report urges public organizations to keep cyberthreats in mind when implementing internal accounting tools.
The Three Dimensions of the Threat Intelligence Scale Problem
Commentary  |  10/17/2018  | 
To succeed, organizations must be empowered to reduce their attack surface and staff overload so they can get more out of their existing firewall and threat intelligence investments.
A Cybersecurity Weak Link: Linux and IoT
Commentary  |  10/16/2018  | 
Linux powers many of the IoT devices on which we've come to rely -- something that enterprises must address.
NC Water Utility Fights Post-Hurricane Ransomware
News  |  10/16/2018  | 
North Carolina's Onslow Water and Sewer Authority was hit with an advanced attack in the wake of Hurricane Florence.
Spies Among Us: Tracking, IoT & the Truly Inside Threat
Commentary  |  10/16/2018  | 
In today's ultra-connected world, it's important for users to understand how to safeguard security while browsing the web and using electronic devices.
IBM Builds 'SOC on Wheels' to Drive Cybersecurity Training
News  |  10/15/2018  | 
A tractor trailer housing a Cyber Tactical Operation Center will travel throughout the US and Europe for incident response training, security support, and education.
Millions of Voter Records Found for Sale on the Dark Web
Quick Hits  |  10/15/2018  | 
Voter registration databases from 19 US states are being hawked in an underground hacking forum, researchers say.
4 Ways to Fight the Email Security Threat
Commentary  |  10/15/2018  | 
It's time to reimagine employee training with fresh, more aggressive approaches that better treat email security as a fundamentally human problem.
Facebook Update: 30 Million Users Actually Hit in its Recent Breach
News  |  10/12/2018  | 
The good news: That number is less than the original estimate of 50 million. The bad news: It might not have been the only attack.
Threat Hunters & Security Analysts: A Dynamic Duo
Commentary  |  10/12/2018  | 
Fighting spying with spying, threat hunters bring the proactive mindset of network reconnaissance and repair to the enterprise security team.
Pair of Reports Paint Picture of Enterprise Security Struggling to Keep Up
News  |  10/11/2018  | 
Many organizations have yet to create an effective cybersecurity strategy and it's costing them millions.
Chinese Intelligence Officer Under Arrest for Trade Secret Theft
News  |  10/11/2018  | 
Yanjun Xu attempted to steal data on advanced aviation technology that GE Aviation, among others, had spent billions developing.
Most Malware Arrives Via Email
Quick Hits  |  10/11/2018  | 
Watch out for messages with the word "invoice" in the subject line, too.
Not All Multifactor Authentication Is Created Equal
Commentary  |  10/11/2018  | 
Users should be aware of the strengths and weaknesses of the various MFA methods.
The Better Way: Threat Analysis & IIoT Security
Commentary  |  10/11/2018  | 
Threat analysis offers a more nuanced and multidimensional approach than go/no-go patching in the Industrial Internet of Things. But first, vendors must agree on how they report and address vulnerabilities.
New Threat Group Conducts Malwareless Cyber Espionage
News  |  10/10/2018  | 
Gallmaker group is relying exclusively on legitimate tools and living-off-the-land tactics to make detection very difficult.
IIS Attacks Skyrocket, Hit 1.7M in Q2
Quick Hits  |  10/10/2018  | 
Drupal and Oracle WebLogic also were hit with more cyberattacks during same quarter.
Lesser Skilled Cybercriminals Adopt Nation-State Hacking Methods
News  |  10/9/2018  | 
The trend underscores the need for organizations of all sizes to be prepared to detect and respond to threats faster, CrowdStrike says.
Lessons Learned from the Facebook Breach: Why Logic Errors Are So Hard to Catch
Commentary  |  10/9/2018  | 
By ensuring that each layer of protection scours an application for unintended uses, you can find the flaws before the bad guys do.
New Domains: A Wide-Open Playing Field for Cybercrime
Commentary  |  10/9/2018  | 
As bad actors increasingly exploit new domains for financial gain and other nefarious purposes, security teams need to employ policies and practices to neutralize the threat in real time. Here's why and how.
Successful Scammers Call After Lunch
News  |  10/5/2018  | 
Analysis of 20,000 voice phishing, or vishing, calls reveals patterns in how social engineers operate and how targets respond.
Who Do You Trust? Parsing the Issues of Privacy, Transparency & Control
Commentary  |  10/5/2018  | 
Technology such as Apple's device trust score that decides "you" is not you is a good thing. But only if it works well.
US Indicts 7 Russian Intel Officers for Hacking Anti-Doping Organizations
News  |  10/4/2018  | 
Netherlands expels four of the suspects trying to break into an organization investigating a chemical used in the recent attack on a former Russian spy in Britain.
Report: In Huge Hack, Chinese Manufacturer Sneaks Backdoors Onto Motherboards
Quick Hits  |  10/4/2018  | 
If true, the attack using Supermicro motherboards could be the most comprehensive cyber breach in history.
For $14.71, You Can Buy A Passport Scan on the Dark Web
News  |  10/4/2018  | 
That's the average price of a digital passport scan, and it goes up with proof of identification, a new study finds.
GDPR Report Card: Some Early Gains but More Work Ahead
Commentary  |  10/4/2018  | 
US companies paid the most, to date, to meet the EU's General Data Protection Regulation, according to a recent study, but UK companies made greater progress in achieving compliance goals.
Malware Outbreak Causes Disruptions, Closures at Canadian Restaurant Chain
News  |  10/3/2018  | 
But Recipe Unlimited denies it was the victim of a ransomware attack, as some have reported.
Putting Security on Par with DevOps
Commentary  |  10/3/2018  | 
Inside the cloud, innovation and automation shouldn't take a toll on protection.
100,000-Plus Home Routers Hijacked in Campaign to Steal Banking Credentials
News  |  10/3/2018  | 
The GhostDNS campaign, which has been mainly targeting consumers in Brazil, has exploded in scope since August.
Financial Sector Data Breaches Soar Despite Heavy Security Spending
News  |  10/2/2018  | 
Banks and other financial firms have disclosed three times as many breaches so far this year than they did in 2016, Bitglass says.
When Facebook Gets Hacked, Everyone Gets Hacked
News  |  10/2/2018  | 
Facebook's attackers may have gained access to several third-party apps and websites via Facebook Login.
Hacker 'AlfabetoVirtual' Pleads Guilty to NYC Comptroller, West Point Website Defacements
Quick Hits  |  10/2/2018  | 
Two felony counts each carry a maximum 10-year prison sentence.
The Award for Most Dangerous Celebrity Goes To
Quick Hits  |  10/2/2018  | 
A new study highlights which celebrities are associated with the most malicious websites, making them risky search subjects.
Stop Saying 'Digital Pearl Harbor'
Commentary  |  10/2/2018  | 
Yes, there are serious dangers posed by malevolent nation-states. But the hype is distracting us from the reality of the threats.
'Short, Brutal Lives': Life Expectancy for Malicious Domains
News  |  10/1/2018  | 
Using a cooling-off period for domain names can help catch those registered by known bad actors.
October Events at Dark Reading You Can't Miss
News  |  10/1/2018  | 
Cybersecurity Month at Dark Reading is packed with educational webinars, from data breach response to small business security.
The Right Diagnosis: A Cybersecurity Perspective
Commentary  |  10/1/2018  | 
A healthy body and a healthy security organization have a lot more in common than most people think.
'Torii' Breaks New Ground For IoT Malware
News  |  9/28/2018  | 
Stealth, persistence mechanism and ability to infect a wide swath of devices make malware dangerous and very different from the usual Mirai knockoffs, Avast says.
Facebook Hacked, 50 Million Users Affected
News  |  9/28/2018  | 
A vulnerability in Facebook's "View As" feature let attackers steal security tokens linked to 50 million accounts, the company confirms.
How Data Security Improves When You Engage Employees in the Process
Commentary  |  9/28/2018  | 
When it comes to protecting information, we can all do better. But encouraging a can-do attitude goes a long way toward discouraging users' risky behaviors.
Page 1 / 2   >   >>


6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
6 Reasons Why Employees Violate Security Policies
Ericka Chickowski, Contributing Writer, Dark Reading,  10/16/2018
Getting Up to Speed with "Always-On SSL"
Tim Callan, Senior Fellow, Comodo CA,  10/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: Too funny!
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.