News & Commentary

Latest Content tagged with Threat Intelligence
Page 1 / 2   >   >>
Microsoft Report: Cybersecurity's Top 3 Threats Intertwine
News  |  3/15/2018  | 
Botnets, ransomware, and simple attack methods dominate the threat landscape and build on each other to drive effectiveness.
Cryptojacking Threat Continues to Rise
News  |  3/15/2018  | 
Unauthorized cryptocurrency mining can consume processing power and make apps unavailable as well as lead to other malware.
Trump Administration Slaps Sanctions on Russian Hackers, Operatives
News  |  3/15/2018  | 
A two-pronged and mostly symbolic strategy names and shames Russia for US election-tampering and hacking of critical infrastructure.
(ISC)2 Report: Glaring Disparity in Diversity for US Cybersecurity
News  |  3/15/2018  | 
While the average US security salary is $122,000, the average salary for people of color is $115,000, with men identifying as minorities making $6000 more than minority women.
77% of Businesses Lack Proper Incident Response Plans
News  |  3/14/2018  | 
New research shows security leaders have false confidence in their ability to respond to security incidents.
Microsoft Report Details Different Forms of Cryptominers
News  |  3/13/2018  | 
A new report explores different ways legitimate and malicious coin miners are appearing in the enterprise.
Microsoft Patch Tuesday: Prioritize Browser Updates
Quick Hits  |  3/13/2018  | 
All of the critical vulnerabilities Microsoft patched on March 13 were within, and related to, browsers.
Asia's Security Leaders Feel Underprepared for Future Threats: Report
News  |  3/12/2018  | 
A new study highlights major concerns of cybersecurity leaders in Asia, where most fear critical infrastructure attacks, advanced threats, and social engineering.
Chinese APT Backdoor Found in CCleaner Supply Chain Attack
News  |  3/12/2018  | 
Avast discovers ShadowPad tool for use in apparent planned third stage of the targeted attack campaign.
FlawedAmmyy RAT Campaign Puts New Spin on Old Threat
News  |  3/12/2018  | 
A remote access Trojan, in use since 2016, has a new tactic: combining zip files with the SMB protocol to infect target systems.
CyberArk Buys Vaultive for Privileged Account Security Technology
Quick Hits  |  3/12/2018  | 
The account security firm will use Vaultive's tech to protect privileged users at heightened risk for cyberattacks.
What Happens When You Hold Robots for Ransom?
News  |  3/10/2018  | 
Researchers explore why an attacker would target robots with ransomware, and the implications of what might happen if they did.
Microsoft Windows Defender Prevents 400,000 Dofoil Infections
Quick Hits  |  3/9/2018  | 
Improved anti-malware detection prevented spread of cryptomining software this week, says Microsoft.
7 University-Connected Cyber Ranges to Know Now
Slideshows  |  3/9/2018  | 
Universities are beginning to add cyber ranges to the facilities for teaching cyber security to students and professionals.
Olympic Destroyer's 'False Flag' Changes the Game
News  |  3/8/2018  | 
Kaspersky Lab researchers uncover evidence of how the attackers who targeted the Winter Olympic Games impersonated an infamous North Korea hacking team.
CIGslip Lets Attackers Bypass Microsoft Code Integrity Guard
News  |  3/8/2018  | 
The new technique would enable attackers to inject malicious content into Microsoft Edge and other protected processes.
Cybersecurity Gets Added to the M&A Lexicon
Commentary  |  3/8/2018  | 
Threat intelligence data can give a clear picture of an acquisition target that could make or break a deal.
How Guccifer 2.0 Got 'Punk'd' by a Security Researcher
News  |  3/8/2018  | 
Security expert and former Illinois state senate candidate John Bambenek details his two months of online interaction with the 'unsupervised cutout' who shared with him more stolen DCCC documents.
Memcached DDoS Attack: Kill Switch, New Details Disclosed
Quick Hits  |  3/7/2018  | 
Corero shares a kill switch for the Memcached vulnerability and reports the flaw is more extensive than originally believed.
Pragmatic Security: 20 Signs You Are 'Boiling the Ocean'
Commentary  |  3/6/2018  | 
Ocean-boiling is responsible for most of the draconian, nonproductive security policies I've witnessed over the course of my career. Here's why they don't work.
More Security Vendors Putting 'Skin in the Game'
News  |  3/5/2018  | 
Secure messaging and collaboration provider Wickr now publicly shares security testing details of its software. Goes Away, Panic Ensues
Quick Hits  |  3/5/2018  | 
Turns out the Carnegie Mellon CERT just moved to a newly revamped CMU Software Engineering Institute website.
6 Questions to Ask Your Cloud Provider Right Now
Slideshows  |  3/5/2018  | 
Experts share the security-focused issues all businesses should explore when researching and using cloud services.
Hacking Back & the Digital Wild West
Commentary  |  3/5/2018  | 
Far from helping organizations defend themselves, hacking back will escalate an already chaotic situation.
Millions of Office 365 Accounts Hit with Password Stealers
News  |  3/2/2018  | 
Phishing emails disguised as tax-related alerts aim to trick users into handing attackers their usernames and passwords.
Mueller May Indict Russians Who Hacked DNC
Quick Hits  |  3/2/2018  | 
Special counsel is compiling a case against the hackers who breached the DNC and John Podesta's email account, NBC News reports.
'Chafer' Uses Open Source Tools to Target Iran's Enemies
News  |  3/1/2018  | 
Symantec details operations of Iranian hacking group mainly attacking air transportation targets in the Middle East.
GitHub Among Victims of Massive DDoS Attack Wave
Quick Hits  |  3/1/2018  | 
GitHub reports its site was unavailable this week when attackers leveraged Memcached servers to generate large, widespread UDP attacks.
Equifax Finds 2.4 Million Additional US Victims of its Data Breach
Quick Hits  |  3/1/2018  | 
Total of victims now at 147.9 million customers.
Nearly Half of Cybersecurity Pros Solicited Weekly by Recruiters
News  |  2/28/2018  | 
More than 80% say they are 'open' to new job offers, while 15% are actively on the search, a new (ISC)2 survey shows.
Nation-State Hackers Adopt Russian 'Maskirovka' Strategy
News  |  2/27/2018  | 
New CrowdStrike report shows blurring of state-sponsored and cybercrime hacking methods.
NSA's Rogers: No White House Request for Action Against Russian Hacking
Quick Hits  |  2/27/2018  | 
US Cyber Command head Michael Rogers told US Senate Armed Services Committee that actions to deter Russian hackers from interfering with upcoming US elections requires an order from the White House.
March Dark Reading Event Calendar Spans BlackOps to SecDevOps
Commentary  |  2/27/2018  | 
These upcoming webinars will help you comprehend the mysterious machinations inside the minds of hackers and in-house developers.
SAML Flaw Lets Hackers Assume Users' Identities
News  |  2/27/2018  | 
Vulnerability affects single sign-on for SAML-reliant services including OneLogin, Duo Security, Clever, and OmniAuth.
Incident 'Management': What IT Security Can Learn from Public Safety
Commentary  |  2/27/2018  | 
How a framework developed for fighting California wildfires back in the '70s can fortify first responders to a modern cyberattack.
Adobe Flash Vulnerability Reappears in Malicious Word Files
News  |  2/26/2018  | 
CVE-2018-4878, a Flash zero-day patched earlier this month, has resurfaced in another campaign as attackers capitalize on the bug.
PhishMe Acquired, Rebranded as Cofense in $400M Deal
Quick Hits  |  2/26/2018  | 
Cofense is the new name for PhishMe, which was purchased by a private equity consortium.
7 Key Stats that Size Up the Cybercrime Deluge
Slideshows  |  2/26/2018  | 
Updated data on zero-days, IoT threats, cryptomining and economic costs should keep eyebrows raised in 2018.
93% of Cloud Applications Aren't Enterprise-Ready
News  |  2/23/2018  | 
The average business uses 1,181 cloud services, and most don't meet all recommended security requirements, Netskope says.
10 Can't-Miss Talks at Black Hat Asia
Slideshows  |  2/23/2018  | 
With threats featuring everything from nation-states to sleep states, the sessions taking place from March 20-23 in Singapore are relevant to security experts around the world.
Enabling Better Risk Mitigation with Threat Intelligence
Partner Perspectives  |  2/23/2018  | 
In order to get the maximum benefit from threat intel you need to be able to operationalize it. Here's how.
Best Practices for Recruiting & Retaining Women in Security
News  |  2/22/2018  | 
Gender diversity can help fill the security talent gap, new Forrester Research report says.
Trucking Industry Launches Info Sharing, Cybercrime Reporting Service
Quick Hits  |  2/21/2018  | 
American Trucking Associations developed new Fleet CyWatch threat reporting, information sharing service in conjunction with FBI.
Researcher to Release Free Attack Obfuscation Tool
News  |  2/20/2018  | 
Cybercrime gang FIN7, aka Carbanak, spotted hiding behind another Windows function, according to research to be presented at Black Hat Asia next month.
Vulnerabilities Broke Records Yet Again in 2017
News  |  2/20/2018  | 
Meanwhile, organizations still struggle to manage remediation.
Proactive Threat Hunting: Taking the Fight to the Enemy
Partner Perspectives  |  2/20/2018  | 
Pulling together everything your security team needs to be effective at threat hunting is not easy but it's definitely worthwhile. Here's why.
Siemens Leads Launch of Global Cybersecurity Initiative
News  |  2/16/2018  | 
The new 'Charter of Trust' aims to make security a key element of the digital economy, critical infrastructure.
White House: Russian Military Behind NotPetya Attacks
Quick Hits  |  2/15/2018  | 
Trump administration statement comes on the heels of UK government calling out Russia for the cyberattacks that spread through Europe and elsewhere.
North Korea-Linked Cyberattacks Spread Out of Control: Report
News  |  2/15/2018  | 
New details on old cyberattacks originating from North Korea indicate several forms of malware unintentionally spread wider than authors intended.
Windows 10 Critical Vulnerability Reports Grew 64% in 2017
News  |  2/14/2018  | 
The launch and growth of new operating systems is mirrored by an increase in reported vulnerabilities.
Page 1 / 2   >   >>

Disappearing Act: Dark Reading Caption Contest Winners
Marilyn Cohodas, Community Editor, Dark Reading,  3/12/2018
Microsoft Report Details Different Forms of Cryptominers
Kelly Sheridan, Staff Editor, Dark Reading,  3/13/2018
Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.