News & Commentary

Latest Content tagged with Threat Intelligence
Page 1 / 2   >   >>
Researchers Find Clues for Dramatically Reducing IDS Traffic Volume
Quick Hits  |  4/19/2019  | 
Research at military labs and Towson University shows that identifying malicious activity may require much less captured data than has been the case.
APT34 Toolset, Victim Data Leaked via Telegram
Quick Hits  |  4/19/2019  | 
For the last month, an unknown individual or group has been sharing data and hacking tools belonging to Iranian hacker group APT34.
Free Princeton Application Provides IoT Traffic Insight
Quick Hits  |  4/19/2019  | 
The application developed by a research group allows users to spot possible IoT security problems.
Why We Need a 'Cleaner Internet'
Commentary  |  4/19/2019  | 
By blocking threats and attacks nearer to their sources, cybersecurity pros could help turn the connected world into a safer place for all.
Third-Party Cyber-Risk by the Numbers
Slideshows  |  4/19/2019  | 
Recent stats show that the state of third-party cyber risk and vendor risk management remains largely immature at most organizations.
Creator of Hub for Stolen Credit Cards Sentenced to 90 Months
News  |  4/18/2019  | 
Coming eight years after he launched the site, the steep sentence for the cybercriminal operator is based on a tab of $30 million in damages calculated by Mastercard and other credit card companies.
The Cybersecurity Automation Paradox
News  |  4/18/2019  | 
Recent studies show that before automation can reduce the burden on understaffed cybersecurity teams, they need to bring in enough automation skills to run the tools.
Tips for the Aftermath of a Cyberattack
News  |  4/17/2019  | 
Incident response demands technical expertise, but you can't fully recover without non-IT experts.
Ever-Sophisticated Bad Bots Target Healthcare, Ticketing
News  |  4/17/2019  | 
From criminals to competitors, online bots continue to scrape information from sites and pose as legitimate users.
Inside the Dark Web's How-To Guides for Teaching Fraud
Quick Hits  |  4/17/2019  | 
A new study investigates nearly 30,000 guides to explore what fraudsters sell and teach aspiring cybercriminals.
7 Tips for an Effective Employee Security Awareness Program
Slideshows  |  4/17/2019  | 
Breaches and compliance requirements have heightened the need for continuous and effective employee training, security experts say.
Decoding a 'New' Elite Cyber Espionage Team
News  |  4/16/2019  | 
Stealthy and well-heeled hacking group went undetected for five years and wields a massive attack framework of some 80 different modules.
Meet Scranos: New Rootkit-Based Malware Gains Confidence
News  |  4/16/2019  | 
The cross-platform operation, first tested on victims in China, has begun to spread around the world.
IT Outsourcing Firm Wipro Investigates Data Breach
Quick Hits  |  4/16/2019  | 
Employee accounts may have been compromised in a sophisticated phishing campaign.
New Details Emerge on Windows Zero Day
News  |  4/15/2019  | 
The CVE-2019-0859 vulnerability, patched last week, is the latest in a string of Windows local privilege escalation bugs discovered at Kaspersky Lab.
The Single Cybersecurity Question Every CISO Should Ask
Commentary  |  4/15/2019  | 
The answer can lead to a scalable enterprise security solution for years to come.
This Week in Security Funding: Where the Money Went
News  |  4/12/2019  | 
Predictions for cybersecurity investment in 2019 are holding true with funding announcements from four startups.
New 'HOPLIGHT' Malware Appears in Latest North Korean Attacks, Say DHS, FBI
News  |  4/11/2019  | 
The FBI and Department of Homeland Security release malware analysis report, indicators of compromise for nine different executable files.
Tax Hacks: How Seasonal Scams Cause Yearlong Problems
News  |  4/11/2019  | 
Tax season is marked with malware campaigns, tax fraud, and identity theft, with money and data flowing through an underground economy.
In Security, All Logs Are Not Created Equal
Commentary  |  4/11/2019  | 
Prioritizing key log sources goes a long way toward effective incident response.
When Your Sandbox Fails
Commentary  |  4/11/2019  | 
The sandbox is an important piece of the security stack, but an organization's entire strategy shouldn't rely on its ability to detect every threat. Here's why.
25% of Phishing Emails Sneak into Office 365: Report
News  |  4/10/2019  | 
Researchers analyzed 55.5 million emails and found one out of every 99 messages contains a phishing attack.
'MuddyWater' APT Spotted Attacking Android
News  |  4/10/2019  | 
Cyber espionage attack group adds mobile malware to its toolset.
Microsoft Patch Tuesday Fixes Windows Bugs Under Attack
News  |  4/9/2019  | 
The April release of security updates patches 74 vulnerabilities, two of which are being exploited in the wild.
Meet Baldr: The Inside Scoop on a New Stealer
News  |  4/9/2019  | 
Baldr first appeared in January and has since evolved to version 2.2 as attackers aim to build a long-lasting threat.
Yahoo Reaches $117.5M Breach Accord Following Failed Settlement
Quick Hits  |  4/9/2019  | 
An adjusted settlement between Yahoo and the victims of its massive data breach is still awaiting approval.
Credential-Stuffing Attacks Behind 30 Billion Login Attempts in 2018
News  |  4/8/2019  | 
Using e-mail addresses and passwords from compromised sites, attackers most often targeted retail sites, video-streaming services, and entertainment companies, according to Akamai.
8 Steps to More Effective Small Business Security
Slideshows  |  4/8/2019  | 
Small business face the same security challenges as large enterprises but with much smaller security teams. Here are 8 things to do to get the most from yours.
Microsoft Products Under EU Investigation About Data Collection
Quick Hits  |  4/8/2019  | 
A new inquiry aims to determine whether contracts between Microsoft and EU organizations violate GDPR.
Phishing Campaign Targeting Verizon Mobile Users
News  |  4/5/2019  | 
Lookout Phishing AI, which discovered the attack, says it has been going on since late November.
Ongoing DNS Hijack Attack Hits Consumer Modems and Routers
Quick Hits  |  4/5/2019  | 
The attack campaigns have re-routed DNS requests through illicit servers in Canada and Russia.
The Matrix at 20: A Metaphor for Today's Cybersecurity Challenges
Commentary  |  4/5/2019  | 
The Matrix ushered in a new generation of sci-fi movies and futuristic plotlines with a relentless, seemingly invulnerable set of villains. Twenty years later, that theme is all too familiar to security pros.
New, Improved BEC Campaigns Target HR and Finance
News  |  4/4/2019  | 
Spearphishing campaigns from new and established business email compromise (BEC) gangs are stealing from companies using multiple tactics.
7 Malware Families Ready to Ruin Your IoT's Day
Slideshows  |  3/29/2019  | 
This latest list of Internet of Things miscreants doesn't limit itself to botnets, like Mirai.
UK Watchdog Criticizes Huawei for Lax Software Security, Development
News  |  3/29/2019  | 
Calling the company's software development practices chaotic and unsustainable, a UK government oversight group calls on the company to make measurable progress toward more secure and sustainable code.
40% of Organizations Not Doing Enough to Protect Office 365 Data
News  |  3/28/2019  | 
Companies could be leaving themselves vulnerable by not using third-party data backup tools, a new report finds.
Microsoft Tackles IoT Security with New Azure Updates
News  |  3/28/2019  | 
The Azure Security Center for IoT provides teams with an overview of IoT devices and helps monitor their security properties.
Inside Cyber Battlefields, the Newest Domain of War
News  |  3/28/2019  | 
In his Black Hat Asia keynote, Mikko Hypponen explored implications of "the next arms race" and why cyber will present challenges never before seen in warfare.
Threat Hunting 101: Not Mission Impossible for the Resource-Challenged
Commentary  |  3/27/2019  | 
How small and medium-sized businesses can leverage native features of the operating system and freely available, high-quality hunting resources to overcome financial limitations.
Russia Regularly Spoofs Regional GPS
News  |  3/26/2019  | 
The nation is a pioneer in spoofing and blocking satellite navigation signals, causing more than 9,800 incidents in the past three years, according to an analysis of navigational data.
Insurers Collaborate on Cybersecurity Ratings
Quick Hits  |  3/26/2019  | 
A group of insurers will base rates and terms on whether customers purchase technology that has earned a stamp of approval.
87% of Cloud Pros Say Lack of Visibility Masks Security
Quick Hits  |  3/26/2019  | 
The majority of cloud IT professionals find a direct link between network visibility and business value, new data shows.
Ex-NSA Director Rogers: Insider Threat Prevention a 'Contract'
News  |  3/26/2019  | 
Ret. Admiral Michael Rogers who served as head of the NSA and the US Cyber Command from 2014 to 2018 on how to handle the risk of insiders exposing an organization's sensitive data.
Two Found Guilty in Online Dating, BEC Scheme
Quick Hits  |  3/22/2019  | 
Cybercriminals involved in the operation created fake online dating profiles and tricked victims into sending money to phony bank accounts.
Security Lessons from My Game Closet
Commentary  |  3/22/2019  | 
In an era of popular video games like Fortnite and Minecraft, there is a lot to be learned about risk, luck, and strategy from some old-fashioned board games.
Businesses Manage 9.7PB of Data but Struggle to Protect It
News  |  3/21/2019  | 
What's more, their attempts to secure it may be putting information at risk, a new report finds.
Facebook Employees for Years Could See Millions of User Passwords in Plain Text
Quick Hits  |  3/21/2019  | 
2,000 Facebook engineers or developers reportedly made some nine million internal queries for data elements with plain text passwords.
SaaS Ecosystem Complexity Ratcheting Up Risk of Insider Threats
News  |  3/21/2019  | 
Even with common security platforms like CASBs, organizations struggle to deal with the volume of apps and accounts that interact with business-critical data.
Microsoft Brings Defender Security Tools to Mac
News  |  3/21/2019  | 
Windows Defender becomes Microsoft Defender, and it's available in limited preview for Mac users.
Google Photos Bug Let Criminals Query Friends, Location
News  |  3/20/2019  | 
The vulnerability, now patched, let attackers query where, when, and with whom victims' photos were taken.
Page 1 / 2   >   >>


Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data Researcher,  4/19/2019
Tips for the Aftermath of a Cyberattack
Kelly Sheridan, Staff Editor, Dark Reading,  4/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-11378
PUBLISHED: 2019-04-20
An issue was discovered in ProjectSend r1053. upload-process-form.php allows finished_files[]=../ directory traversal. It is possible for users to read arbitrary files and (potentially) access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code.
CVE-2019-11372
PUBLISHED: 2019-04-20
An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.
CVE-2019-11373
PUBLISHED: 2019-04-20
An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.
CVE-2019-11374
PUBLISHED: 2019-04-20
74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI.
CVE-2019-11375
PUBLISHED: 2019-04-20
Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI.