News & Commentary

Latest Content tagged with Threat Intelligence
Page 1 / 2   >   >>
8 Security Tips for a Hassle-Free Summer Vacation
Slideshows  |  6/23/2018  | 
It's easy to let your guard down when you're away. Hackers know that, too.
New Drupal Exploit Mines Monero for Attackers
Quick Hits  |  6/22/2018  | 
A new exploit of a known vulnerability gives an attacker control of the Drupal-hosting server.
Microsoft Office: The Go-To Platform for Zero-Day Exploits
News  |  6/21/2018  | 
Malicious Office documents are the weapon of choice among cybercriminals, who use files to access remotely hosted malicious components.
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
News  |  6/20/2018  | 
Hackers are using the infrastructure, meant to transmit data between applications, for command and control.
Alphabet Launches VirusTotal Monitor to Stop False Positives
Quick Hits  |  6/20/2018  | 
Alphabet's Chronicle security division releases VirusTotal Monitor, a tool for developers to check if their product will be flagged as malware.
Improving the Adoption of Security Automation
Commentary  |  6/20/2018  | 
Four barriers to automation and how to overcome them.
The Best and Worst Tasks for Security Automation
Slideshows  |  6/20/2018  | 
As with all new tech, there are good times and and bad times to use it. Security experts share which tasks to prioritize for automation.
Mylobot Malware Brings New Sophistication to Botnets
News  |  6/20/2018  | 
The malware pulls together a variety of techniques to gain a foothold and remain undiscovered.
'Olympic Destroyer' Reappears in Attacks on Europe, Russia
News  |  6/19/2018  | 
The attack group known for targeting the 2018 Winter Olympics has resurfaced in campaigns against European financial and biochem companies.
How to Prepare for 'WannaCry 2.0'
Commentary  |  6/19/2018  | 
It seems inevitable that a more-powerful follow-up to last year's malware attack will hit sooner or later. You'd better get prepared.
Security Analytics Startup Uptycs Raises $10M in Series A
Quick Hits  |  6/19/2018  | 
This round of funding for Uptycs, which runs an osquery-powered analytics platform, was led by ForgePoint Capital and Comcast Ventures.
'Wallchart' Phishing Campaign Exploits World Cup Watchers
News  |  6/18/2018  | 
The details on a phishing attack designed to lure soccer fans with a subject line about the World Cup schedule and scoresheet.
Blockchain All the Rage But Comes With Numerous Risks
News  |  6/13/2018  | 
Researchers dig into four types of cyberattacks targeting blockchain, how they work, and why early adopters are the easiest targets.
Cisco Talos Summit: Network Defenders Not Serious Enough About Attacks
News  |  6/13/2018  | 
Security is weak, and most companies are clueless, according to Immunity researcher Lurene Grenier, who kicked off the Cisco Talos Threat Research Summit on Sunday.
Microsoft Fixes 11 Critical, 39 Important Vulns
News  |  6/12/2018  | 
The most critical vulnerability, experts say, affects Windows Domain Name Systems, while another lets attackers hack Cortana from the lock screen.
MacOS Bypass Flaw Lets Attackers Sign Malicious Code as Apple
News  |  6/12/2018  | 
A security bypass weakness in macOS APIs let attackers impersonate Apple to sign malicious code and evade third-party security tools.
Security Ratings Answer Big Questions in Cyber Insurance
News  |  6/11/2018  | 
More insurers are teaming up with security ratings firms to learn more about their clients, define policies, and determine coverage.
6 Ways Greed Has a Negative Effect on Cybersecurity
Commentary  |  6/11/2018  | 
How the security industry can both make money and stay true to its core values, and why that matters.
SAP CSO: Security Requires Context
News  |  6/11/2018  | 
Security depends on the apps and networks it protects. SAP CSO Justin Somaini discusses three scenarios.
FireEye Finds New Clues in TRITON/TRISIS Attack
News  |  6/8/2018  | 
Attackers behind the epic industrial-plant hack reverse-engineered the safety-monitoring system's proprietary protocol, researchers found.
Bug Bounty Payouts Up 73% Per Vulnerability: Bugcrowd
News  |  6/7/2018  | 
Bug bounty programs grew along with payouts, which averaged $781 per vulnerability this year, researchers report.
DevSecOps Gains Enterprise Traction
News  |  6/7/2018  | 
Enterprise adoption of DevSecOps has surged in the past year, according to a study conducted at this year's RSA Conference.
Adobe Issues Emergency Patch for Flash Zero-Day
News  |  6/7/2018  | 
Adobe has patched four security vulnerabilities today, including a zero-day being actively exploited in the wild.
Operation Prowli Hits 40K with Traffic Monetization, Cryptomining
News  |  6/6/2018  | 
The campaign targets services including Drupal CMS sites, DSL modems, vulnerable IoT devices, and servers with an open SSH port.
Five Indicted for Conning Target, Shoppers Out of Nearly $800K
Quick Hits  |  6/6/2018  | 
Members of a fraud ring were charged with compromising Target's internal gift-card system and defrauding customers out of almost $800,000.
Dark Web Marketplaces Dissolve Post-AlphaBay, Hansa Takedown
News  |  6/5/2018  | 
Cybercrime marketplaces reshape into smaller forums and individual chats as threat actors find new ways to evade law enforcement.
Panorays Debuts With $5 Million Investment
Quick Hits  |  6/5/2018  | 
Panorays, a company focusing on third-party security issues for the enterprise, has exited stealth mode.
10 Open Source Security Tools You Should Know
Slideshows  |  6/5/2018  | 
Open source tools can be the basis for solid security and intense learning. Here are 10 you should know about for your IT security toolkit.
Phishing Scams Target FIFA World Cup Attendees
Quick Hits  |  6/4/2018  | 
Soccer-themed emails and Web pages target fans with fake giveaways and the chance to snag overpriced, illegitimate 'guest tickets.'
Web Application Firewalls Adjust to Secure the Cloud
News  |  6/4/2018  | 
Cloud-based WAFs protect applications without the costs and complexity of on-prem hardware. Here's what to keep in mind as you browse the growing market.
Building Blocks for a Threat Hunting Program
News  |  5/31/2018  | 
Guidance for businesses building threat intelligence strategies while overwhelmed by threats, lack of talent, and a healthy dose of skepticism about the market.
Judge Tosses Kaspersky Lab Suits Against US Government Ban
Quick Hits  |  5/31/2018  | 
A US judge dismisses two lawsuits filed by Kaspersky Lab, which argued the US government ban on its products was unconstitutional and caused undue harm.
6 Security Investments You May Be Wasting
Slideshows  |  5/31/2018  | 
Not all tools and services provide the same value. Some relatively low-cost practices have a major payoff while some of the most expensive tools make little difference.
Windows 'Double Kill' Attack Code Found in RIG Exploit Kit
News  |  5/30/2018  | 
Microsoft issued a fix for the remote code execution zero-day vulnerability in May, but research shows businesses have slowed their patching processes post-Meltdown.
Machine Learning, Artificial Intelligence & the Future of Cybersecurity
Commentary  |  5/30/2018  | 
The ability to learn gives security-focused AI and ML apps unrivaled speed and accuracy over their more basic, automated predecessors. But they are not a silver bullet. Yet.
Getting Revolutionary (Not Evolutionary) about Cybersecurity
Commentary  |  5/30/2018  | 
Being a security revolutionary isn't purely about new, ground-breaking ideas. It's about anticipating, outpacing, and influencing your world, both internally and externally. Here are five keys to success.
Mobile Malware Moves to Mine Monero (and Other Currencies)
Quick Hits  |  5/30/2018  | 
A new report shows that cryptocurrencies tend to be the focus of a growing number of malicious apps.
Over 5K Gas Station Tank Gauges Sit Exposed on the Public Net
News  |  5/29/2018  | 
One gas station failed its PCI compliance test due to security holes in its automated gas tank gauge configuration, researcher says.
Alexa Mishap Hints at Potential Enterprise Security Risk
News  |  5/29/2018  | 
When Alexa mailed a copy of a couple's conversation to a contact, it raised warning flags for security professionals in organizations.
FireMon to Buy Lumeta
News  |  5/29/2018  | 
Network security policy vendor looks to expand its offerings to real-time situational awareness on-premise and in the cloud.
How to Empower Today's 'cISOs'
Commentary  |  5/29/2018  | 
Although many security leaders have a C in their title, not all are true capital-C "Chiefs." Here are three ways to live up to the job description.
FBI Warns Users to Reboot All SOHO Routers
Quick Hits  |  5/29/2018  | 
Everyone with a home router should reboot their systems as a precaution in the wake of the recently discovered VPNFilter attack infrastructure.
Security Lags in Enterprise Cloud Migration
Quick Hits  |  5/25/2018  | 
Cloud security is falling farther behind as companies migrate more and more of their workloads to public cloud infrastructures.
Most Expensive Data Breaches Start with Third Parties: Report
News  |  5/24/2018  | 
Data breach costs increased 24% for enterprise victims and 36% for SMBs from 2017 to 2018, researchers found.
The Good & Bad News about Blockchain Security
Commentary  |  5/23/2018  | 
Blockchain technology promises many things. But to succeed, it must offer users a better plan against hackers.
Destructive 'VPNFilter' Attack Network Uncovered
News  |  5/23/2018  | 
More than 500K home/SOHO routers and storage devices worldwide commandeered in potential nation-state attack weapon - with Ukraine in initial bullseye.
Is Threat Intelligence Garbage?
Commentary  |  5/23/2018  | 
Most security professionals in a recent survey said that threat intelligence doesn't work. So why all the hype?
Windows 10 Adoption Grew 75%, Adobe Flash Plummeted 188% in 2017: Report
News  |  5/23/2018  | 
Authentication data reveals an increase in Apple devices, poor mobile security, and the rapid disappearance of Flash from browsers.
6 Steps for Applying Data Science to Security
Slideshows  |  5/23/2018  | 
Two experts share their data science know-how in a tutorial focusing on internal DNS query analysis.
LA County Nonprofit Exposes 3.2M PII Files via Unsecured S3 Bucket
Quick Hits  |  5/23/2018  | 
A misconfiguration accidentally compromised credentials, email addresses, and 200,000 rows of notes describing abuse and suicidal distress.
Page 1 / 2   >   >>


'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, Preempt,  6/20/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12705
PUBLISHED: 2018-06-24
DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated only on the client side).
CVE-2018-12706
PUBLISHED: 2018-06-24
DIGISOL DG-BR4000NG devices have a Buffer Overflow via a long Authorization HTTP header.
CVE-2018-12714
PUBLISHED: 2018-06-24
An issue was discovered in the Linux kernel through 4.17.2. The filter parsing in kernel/trace/trace_events_filter.c could be called with no filter, which is an N=0 case when it expected at least one line to have been read, thus making the N-1 index invalid. This allows attackers to cause a denial o...
CVE-2018-12713
PUBLISHED: 2018-06-24
GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimp_write_and_read_file function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was ...
CVE-2018-12697
PUBLISHED: 2018-06-23
A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.