News & Commentary

Latest Content tagged with Threat Intelligence
Page 1 / 2   >   >>
Apache Access Vulnerability Could Affect Thousands of Applications
News  |  10/18/2018  | 
A recently discovered issue with a common file access method could be a major new attack surface for malware authors.
Inside the Dark Web's 'Help Wanted' Ads
News  |  10/18/2018  | 
How cybercriminals recruit everyone from car drivers to corporate insiders and pay them according to the risk they assume.
SEC Warns Public Companies on Accounting Control Use
Quick Hits  |  10/17/2018  | 
A new SEC investigative report urges public organizations to keep cyberthreats in mind when implementing internal accounting tools.
The Three Dimensions of the Threat Intelligence Scale Problem
Commentary  |  10/17/2018  | 
To succeed, organizations must be empowered to reduce their attack surface and staff overload so they can get more out of their existing firewall and threat intelligence investments.
NC Water Utility Fights Post-Hurricane Ransomware
News  |  10/16/2018  | 
North Carolina's Onslow Water and Sewer Authority was hit with an advanced attack in the wake of Hurricane Florence.
6 Reasons Why Employees Violate Security Policies
Slideshows  |  10/16/2018  | 
Get into their heads to find out why they're flouting your corporate cybersecurity rules.
6 Security Trends for 2018/2019
News  |  10/15/2018  | 
Speaking at the Gartner Symposium/ITxpo, analyst Peter Firstbrook's list of trends is likely to inform executive committee conversations for the next 12 months.
IBM Builds 'SOC on Wheels' to Drive Cybersecurity Training
News  |  10/15/2018  | 
A tractor trailer housing a Cyber Tactical Operation Center will travel throughout the US and Europe for incident response training, security support, and education.
Threat Hunters & Security Analysts: A Dynamic Duo
Commentary  |  10/12/2018  | 
Fighting spying with spying, threat hunters bring the proactive mindset of network reconnaissance and repair to the enterprise security team.
12 Free, Ready-to-Use Security Tools
Slideshows  |  10/12/2018  | 
There's no excuse for not knowing your exposure. These free tools can help you analyze what your company is up against and point ways to developing a more thorough security program.
The Better Way: Threat Analysis & IIoT Security
Commentary  |  10/11/2018  | 
Threat analysis offers a more nuanced and multidimensional approach than go/no-go patching in the Industrial Internet of Things. But first, vendors must agree on how they report and address vulnerabilities.
IIS Attacks Skyrocket, Hit 1.7M in Q2
Quick Hits  |  10/10/2018  | 
Drupal and Oracle WebLogic also were hit with more cyberattacks during same quarter.
Security Researchers Struggle with Bot Management Programs
Commentary  |  10/10/2018  | 
Bots are a known problem, but researchers will tell you that bot defenses create problems of their own when it comes to valuable data.
Git Gets Patched for Newly Found Flaw
Quick Hits  |  10/9/2018  | 
A vulnerability in Git could allow an attacker to place malicious, auto-executing code in a sub-module.
Constructing the Future of ICS Cybersecurity
News  |  10/9/2018  | 
As industrial control systems are connected to the cloud and the IoT, experts discuss security challenges.
Microsoft Fixes Privilege Escalation 0Day Under Active Attack
News  |  10/9/2018  | 
This month's Patch Tuesday includes 49 patches, two of which are ranked Critical, and two security advisories.
New Domains: A Wide-Open Playing Field for Cybercrime
Commentary  |  10/9/2018  | 
As bad actors increasingly exploit new domains for financial gain and other nefarious purposes, security teams need to employ policies and practices to neutralize the threat in real time. Here's why and how.
Teach Your AI Well: A Potential New Bottleneck for Cybersecurity
News  |  10/8/2018  | 
Artificial intelligence (AI) holds the promise of easing the skills shortage in cybersecurity, but implementing AI may result in a talent gap of its own for the industry.
Most Home Routers Are Full of Vulnerabilities
Quick Hits  |  10/5/2018  | 
More than 80% of surveyed routers had, on average, 172 security vulnerabilities, new research shows.
Successful Scammers Call After Lunch
News  |  10/5/2018  | 
Analysis of 20,000 voice phishing, or vishing, calls reveals patterns in how social engineers operate and how targets respond.
12 AppSec Activities Enterprises Can't Afford to Skip
Slideshows  |  10/5/2018  | 
The latest Building Security in Maturity Model (BSIMM9) report offers a statistically backed, bare-minimum benchmark for software security initiatives.
For $14.71, You Can Buy A Passport Scan on the Dark Web
News  |  10/4/2018  | 
That's the average price of a digital passport scan, and it goes up with proof of identification, a new study finds.
Malware Outbreak Causes Disruptions, Closures at Canadian Restaurant Chain
News  |  10/3/2018  | 
But Recipe Unlimited denies it was the victim of a ransomware attack, as some have reported.
An Intro to Intra, the Android App for DNS Encryption
News  |  10/3/2018  | 
Alphabet's Jigsaw has released Intra, a free security app that aims to prevent government censorship.
Palo Alto Networks Buys RedLock to Strengthen Cloud Security
Quick Hits  |  10/3/2018  | 
The transaction, valued at $173 million, is intended to bring analytics and threat detection to Palo Alto Networks' cloud security offering.
When Facebook Gets Hacked, Everyone Gets Hacked
News  |  10/2/2018  | 
Facebook's attackers may have gained access to several third-party apps and websites via Facebook Login.
The Award for Most Dangerous Celebrity Goes To
Quick Hits  |  10/2/2018  | 
A new study highlights which celebrities are associated with the most malicious websites, making them risky search subjects.
'Short, Brutal Lives': Life Expectancy for Malicious Domains
News  |  10/1/2018  | 
Using a cooling-off period for domain names can help catch those registered by known bad actors.
October Events at Dark Reading You Can't Miss
News  |  10/1/2018  | 
Cybersecurity Month at Dark Reading is packed with educational webinars, from data breach response to small business security.
Employees Share Average of 6 Passwords With Co-Workers
Quick Hits  |  10/1/2018  | 
Password-sharing and reuse is still prominent, but multifactor authentication is on the rise, new study shows.
FBI IC3 Warns of RDP Vulnerability
Quick Hits  |  9/28/2018  | 
Government agencies remind users that RDP can be used for malicious purposes by criminal actors.
Facebook Hacked, 50 Million Users Affected
News  |  9/28/2018  | 
A vulnerability in Facebook's "View As" feature let attackers steal security tokens linked to 50 million accounts, the company confirms.
7 Most Prevalent Phishing Subject Lines
Slideshows  |  9/28/2018  | 
The most popular subject lines crafted to trick targets into opening malicious messages, gleaned from thousands of phishing emails.
Twitter Bug May Have Exposed Millions of DMs
Quick Hits  |  9/27/2018  | 
The year-long bug could have compromised interactions between customers and businesses, the social media firm reports.
Security Flaw Found in Apple Mobile Device Enrollment Program
News  |  9/27/2018  | 
Authentication weakness in Apple's DEP could open a window of opportunity for attackers.
Alphabet's Chronicle Releases VirusTotal Enterprise
News  |  9/27/2018  | 
Chronicle, the cybersecurity business under Alphabet, releases a major update to VirusTotal geared toward corporate threat hunters.
Managing Data the Way We Manage Money
Commentary  |  9/27/2018  | 
In the data-driven enterprise, myriad types of data have become a new form and flow of currency. Why, then, hasn't the CISO achieved parity with the CFO?
VPNFilter Evolving to Be a More Dangerous Threat
Quick Hits  |  9/26/2018  | 
VPNFilter malware is adding capabilities to become a more fully-featured tool for threat actors.
SEC Slams Firm with $1M Fine for Weak Security Policies
Quick Hits  |  9/26/2018  | 
This is the first SEC enforcement cracking down on violation of the Identity Theft Red Flags Rule, intended to protect confidential data.
Owning Security in the Industrial Internet of Things
Commentary  |  9/26/2018  | 
Why IIoT leaders from both information technology and line-of-business operations need to join forces to develop robust cybersecurity techniques that go beyond reflexive patching.
Mirai Authors Escape Jail Time But Here Are 7 Other Criminal Hackers Who Didn't
Slideshows  |  9/26/2018  | 
Courts are getting tougher on the cybercrooks than some might realize.
USB Drives Remain Critical Cyberthreat
News  |  9/26/2018  | 
USB thumb drives may be used less frequently than before, but they are still commonly used as infection vectors for a wide variety of malware.
Ex-NSA Developer Gets 5 1/2-Year Prison Sentence
News  |  9/25/2018  | 
Nghia Hoang Pho, who illegally took home classified NSA information, also sentenced to three years of supervised release after prison term.
The Cyber Kill Chain Gets a Makeover
News  |  9/25/2018  | 
A new report demonstrates how the cyber kill chain is consolidating as criminals find ways to accelerate the spread of their targeted cyberattacks.
Cryptomining Malware Continues Rapid Growth: Report
Quick Hits  |  9/25/2018  | 
Cryptomining malware is the fastest-growing category of malicious software, according to a new report.
Payment Security Compliance Takes a Turn for the Worse
Quick Hits  |  9/25/2018  | 
This is the first time in six years that Verizon's "Payment Security Report" shows a downward trend, leaving cardholders vulnerable.
In Quiet Change, Google Now Automatically Logging Users Into Chrome
News  |  9/24/2018  | 
The change is a complete departure from Google's previous practice of keeping sign-in for Chrome separate from sign-ins to any Google service.
Microsoft Deletes Passwords for Azure Active Directory Applications
News  |  9/24/2018  | 
At Ignite 2018, security took center stage as Microsoft rolled out new security services and promised an end to passwords for online apps.
6 Dark Web Pricing Trends
Slideshows  |  9/24/2018  | 
For cybercriminals, the Dark Web grows more profitable every day.
'Scan4you' Operator Gets 14-Year Sentence
Quick Hits  |  9/24/2018  | 
The counter antivirus service, which was shut down in 2016, caused a total loss amount of $20.5 billion, according to the DoJ.
Page 1 / 2   >   >>


6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
6 Reasons Why Employees Violate Security Policies
Ericka Chickowski, Contributing Writer, Dark Reading,  10/16/2018
Getting Up to Speed with "Always-On SSL"
Tim Callan, Senior Fellow, Comodo CA,  10/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: Too funny!
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.