News & Commentary

Latest Content tagged with Threat Intelligence
Page 1 / 2   >   >>
Email Bomb Threats Follow Sextortion Playbook
News  |  12/14/2018  | 
Yesterday's wave of email bomb threats appear to be an evolution of tactics by the same groups that earlier tried "sextortion" and personal threats, Talos researchers say.
Iranian Hackers Target Nuclear Experts, US Officials
Quick Hits  |  12/14/2018  | 
Hackers ramp up efforts to infiltrate email accounts of Americans responsible for enforcing severe economic sanctions on Iran.
2019 Attacker Playbook
Slideshows  |  12/14/2018  | 
Security pundits predict the ways that cybercriminals, nation-state actors, and other attackers will refine their tactics, techniques, and procedures in the coming year.
Cybercriminals Change Tactics to Outwit Machine-Learning Defense
Quick Hits  |  12/14/2018  | 
The rise in machine learning for security has forced criminals to rethink how to avoid detection.
Cybercrime Is World's Biggest Criminal Growth Industry
Quick Hits  |  12/13/2018  | 
The toll from cybercrime is expected to pass $6 trillion in the next three years, according to a new report.
Education Gets an 'F' for Cybersecurity
Quick Hits  |  12/13/2018  | 
The education sector falls last on a list analyzing the security posture of 17 US industries, SecurityScorecard reports.
Worst Password Blunders of 2018 Hit Organizations East and West
News  |  12/12/2018  | 
Good password practices remain elusive as Dashlane's latest list of the worst password blunders can attest.
Bug Hunting Paves Path to Infosec Careers
News  |  12/12/2018  | 
Ethical hackers use bug bounty programs to build the skills they need to become security professionals.
Mac Malware Cracks WatchGuards Top 10 List
News  |  12/12/2018  | 
Hundreds of sites also still support insecure versions of the SSL encryption protocol, the security vendor reports.
Microsoft, PayPal, Google Top Phishing's Favorite Targets in Q3
Quick Hits  |  12/12/2018  | 
One out of every 100 emails an enterprise receives is a phishing scam, and the attackers behind them are getting more sophisticated.
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Slideshows  |  12/12/2018  | 
Constant learning is a requirement for cybersecurity professionals. Here are 15 books recommended by professionals to continue a professional's education.
Battling Bots Brings Big-Budget Blow to Businesses
News  |  12/11/2018  | 
Fighting off bot attacks on Web applications extracts a heavy cost in human resources and technology, according to a just-released report.
Patch Tuesday Arrives with 9 Critical CVEs, 1 Under Attack
News  |  12/11/2018  | 
Serious bugs addressed today include a Win32K privilege escalation vulnerability and Windows DNS server heap overflow flaw.
49% of Cloud Databases Left Unencrypted
News  |  12/11/2018  | 
Businesses also leave information vulnerable in the cloud by failing to implement MFA and configure Kubernetes settings, new research reveals.
The Grinch Bot Before Christmas: A Security Story for the Holidays
Commentary  |  12/11/2018  | 
Once upon a time, buyers purchased products from certified sellers. Today, hoarders use botnets to amass goods at significant markup for a new gray-market economy.
NetSecOPEN Names Founding Members, Board of Directors
Quick Hits  |  12/11/2018  | 
The organization is charged with building open, transparent testing protocols for network security.
Grammarly Takes Bug Bounty Program Public
Quick Hits  |  12/11/2018  | 
The private bug bounty program has nearly 1,500 participants and is ready for a public rollout with HackerOne.
How Well Is Your Organization Investing Its Cybersecurity Dollars?
Commentary  |  12/11/2018  | 
The principles, methods, and tools for performing good risk measurement already exist and are being used successfully by organizations today. They take some effort -- and are totally worth it.
CrowdStrike: More Organizations Now Self-Detect Their Own Cyberattacks
News  |  12/11/2018  | 
But it still takes an average of 85 days to spot one, the security firm's incident response investigations found.
DanaBot Malware Adds Spam to its Menu
News  |  12/10/2018  | 
A new generation of modular malware increases its value to criminals.
'Highly Active' Seedworm Group Hits IT Services, Governments
News  |  12/10/2018  | 
Since September, the cyber espionage actors have targeted more than 130 victims in 30 organizations including NGOs, oil and gas, and telecom businesses.
Satan Ransomware Variant Exploits 10 Server-Side Flaws
News  |  12/10/2018  | 
Windows, Linux systems vulnerable to self-propagating 'Lucky' malware, security researchers say.
New Google+ Breach Will Lead to Early Service Shutdown
Quick Hits  |  12/10/2018  | 
A breach affecting more than 52 million users was patched, but not before leading to the company rethinking the future of the service.
'Dr. Shifro' Prescribes Fake Ransomware Cure
Quick Hits  |  12/10/2018  | 
A Russian firm aims to capitalize on ransomware victims' desperation by offering to unlock files then passing money to attackers.
Kubernetes Deployments Around the World Show Vulnerabilities
Quick Hits  |  12/7/2018  | 
Kubernetes owners who expose APIs to the Internet are leaving their systems open to hackers.
Kubernetes Vulnerability Hits Top of Severity Scale
News  |  12/6/2018  | 
The security issue strikes at some of the basic reasons for the rising popularity of containers as an architecture and Kubernetes as an orchestration mechanism.
Adobe Flash Zero-Day Spreads via Office Docs
News  |  12/6/2018  | 
Adobe has patched a zero-day in its Flash player after attackers leveraged the exploit in an active campaign.
4 Lessons Die Hard Teaches About Combating Cyber Villains
Commentary  |  12/6/2018  | 
With proper planning, modern approaches, and tools, we can all be heroes in the epic battle against the cyber threat.
Apple Issues Security Fixes Across Mac, iOS
Quick Hits  |  12/6/2018  | 
Software updates for Mac and iOS bring patches to Safari, iCloud, iTunes on Windows, and tvOS.
7 Common Breach Disclosure Mistakes
Slideshows  |  12/6/2018  | 
How you report a data breach can have a big impact on its fallout.
Evidence in Starwood/Marriott Breach May Point to China
Quick Hits  |  12/6/2018  | 
Attackers used methods, tools previously used by known Chinese hackers.
A Shift from Cybersecurity to Cyber Resilience: 6 Steps
Commentary  |  12/5/2018  | 
Getting to cyber resilience means federal agencies must think differently about how they build and implement their systems. Here's where to begin.
Starwood Breach Reaction Focuses on 4-Year Dwell
News  |  12/5/2018  | 
The unusually long dwell time in the Starwood breach has implications for both parent company Marriott International and the companies watching to learn from.
Google Cloud Security Command Center Now in Beta
News  |  12/5/2018  | 
The beta release of Google Cloud SCC will include broader coverage across the cloud platform and more granular access controls, among other features.
Windows 10 Security Questions Prove Easy for Attackers to Exploit
News  |  12/5/2018  | 
New research shows how attackers can abuse security questions in Windows 10 to maintain domain privileges.
Former Estonian Foreign Minister Urges Cooperation in Cyberattack Attribution, Policy
News  |  12/5/2018  | 
Nations must band together to face nation-state cyberattack threats, said Marina Kaljurand.
6 Ways to Strengthen Your GDPR Compliance Efforts
Slideshows  |  12/5/2018  | 
Companies have some mistaken notions about how to comply with the new data protection and privacy regulation and that could cost them.
Backdoors Up 44%, Ransomware Up 43% from 2017
News  |  12/4/2018  | 
Nearly one in three computers was hit with a malware attack this year, and ransomware and backdoors continue to pose a risk.
Quora Breach Exposes Information of 100 Million Users
Quick Hits  |  12/4/2018  | 
The massive breach has exposed passwords for millions who didn't remember having a Quora account.
DHS, FBI Issue SamSam Advisory
News  |  12/4/2018  | 
Following last week's indictment, federal governments issues pointers for how security pros can combat the SamSam ransomware.
Jared, Kay Jewelers Web Vuln Exposes Shoppers' Data
Quick Hits  |  12/4/2018  | 
A Jared customer found he could access other orders by changing a link in his confirmation email.
'Influence Agents' Used Twitter to Sway 2018 Midterms
Quick Hits  |  12/3/2018  | 
About 25% of political support in Arizona and Florida was generated by influence agents using Twitter as a platform, research shows.
Holiday Hacks: 6 Cyberthreats to Watch Right Now
Slideshows  |  11/30/2018  | 
'Tis the season for holiday crafted phishes, scams, and a range of cyberattacks. Experts list the hottest holiday hacks for 2018.
Threat Hunting: Improving Bot Detection in Enterprise SD-WANs
Commentary  |  11/30/2018  | 
How security researchers tracked down Kuai and Bujoi malware through multiple vectors including client type, traffic frequency, and destination.
39 Arrested in Tech Support Scam Crackdown: Microsoft
Quick Hits  |  11/30/2018  | 
Law enforcement officials in India raided 16 call center locations that conned primarily American and Canadian victims.
Overall Volume of Thanksgiving Weekend Malware Attacks Lower This Year
News  |  11/29/2018  | 
But ransomware attacks go through the roof, new threat data from SonicWall shows.
Anti-Botnet Guide Aims to Tackle Automated Threats
News  |  11/29/2018  | 
The international guide is intended to help organizations defend their networks and systems from automated and distributed attacks.
Dunkin' Donuts Serves Up Data Breach Alert
Quick Hits  |  11/29/2018  | 
Forces potentially affected DD Perks customers to reset their passwords after learning of unauthorized access to their personal data.
Beware the Malware-Laden Brexit News
News  |  11/29/2018  | 
New Fancy Bear attack campaign lures victims with phony Brexit-themed document to deliver Zekapab payload.
Google, White Ops, Industry Players Dismantle 3ve Ad Fraud Operation
News  |  11/28/2018  | 
3ve, an ad fraud operation amassing 1.7M infected machines, was taken down in an operation driven by law enforcement, Google, White Ops, and several security companies.
Page 1 / 2   >   >>


Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20161
PUBLISHED: 2018-12-15
A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips (triggered by the motion sensor) are not saved if the attacker's traffic (such as Dot11Deauth) successfully disconnects the Sync Module from the...
CVE-2018-20159
PUBLISHED: 2018-12-15
i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a "...
CVE-2018-20157
PUBLISHED: 2018-12-15
The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.
CVE-2018-20154
PUBLISHED: 2018-12-14
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses.
CVE-2018-20155
PUBLISHED: 2018-12-14
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings.