Attacks/Breaches

News & Commentary
It's Not What You Know, It's What You Can Prove That Matters to Investigators
Yaron Galant, Chief Product Officer at AccellionCommentary
Achieving the data visibility to ensure you can provide auditors with the information they need after a breach, and do so in just a few days, has never been more difficult.
By Yaron Galant Chief Product Officer at Accellion, 2/22/2018
Comment0 comments  |  Read  |  Post a Comment
SEC: Companies Must Disclose More Info on Cybersecurity Attacks & Risks
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
New agency guidance statement also says company officials, execs can't trade stocks if they have unannounced information on a security breach at the company.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/22/2018
Comment0 comments  |  Read  |  Post a Comment
IRS Warns of Spike in W-2 Phishing Emails
Dark Reading Staff, Quick Hits
The IRS reports an increase in reports of phishing emails asking for W-2 information.
By Dark Reading Staff , 2/22/2018
Comment0 comments  |  Read  |  Post a Comment
Anatomy of an Attack on the Industrial IoT
Eddie Habibi, Founder & CEO of PAS GlobalCommentary
How cyber vulnerabilities on sensors can lead to production outage and financial loss.
By Eddie Habibi Founder & CEO of PAS Global, 2/22/2018
Comment0 comments  |  Read  |  Post a Comment
Security Liability in an 'Assume Breach' World
Raymond Pompon, Principal Threat Research Evangelist at F5 Networks
Cybersecurity today is more than an IT issue. It's a product quality issue, a customer service issue, an operational issue, and an executive issue. Here's why.
By Raymond Pompon Principal Threat Research Evangelist at F5 Networks, 2/22/2018
Comment0 comments  |  Read  |  Post a Comment
Global Cybercrime Costs Top $600 Billion
Jai Vijayan, Freelance writerNews
More than 50% of attacks result in damages of over $500K, two reports show.
By Jai Vijayan Freelance writer, 2/21/2018
Comment0 comments  |  Read  |  Post a Comment
The Mobile Threat: 4 out of 10 Businesses Report 'Significant' Risk
Kelly Sheridan, Associate Editor, Dark ReadingNews
Organizations put efficiency and profit before security, leading to system downtime and data loss, according to inaugural research from Verizon.
By Kelly Sheridan Associate Editor, Dark Reading, 2/21/2018
Comment0 comments  |  Read  |  Post a Comment
Takeaways from the Russia-Linked US Senate Phishing Attacks
Tom Kemp, CEOCommentary
The Zero Trust Security approach could empower organizations and protect their customers in ways that go far beyond typical security concerns.
By Tom Kemp CEO, 2/21/2018
Comment1 Comment  |  Read  |  Post a Comment
7 Cryptominers & Cryptomining Botnets You Can't Ignore
Jai Vijayan, Freelance writer
Cryptominers have emerged as a major threat to organizations worldwide. Here are seven you cannot afford to ignore.
By Jai Vijayan Freelance writer, 2/21/2018
Comment0 comments  |  Read  |  Post a Comment
Researcher to Release Free Attack Obfuscation Tool
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Cybercrime gang FIN7, aka Carbanak, spotted hiding behind another Windows function, according to research to be presented at Black Hat Asia next month.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/20/2018
Comment0 comments  |  Read  |  Post a Comment
SWIFT Network Used in $2 Million Heist at Indian Bank
Dark Reading Staff, Quick Hits
The theft at India's City Union Bank comes on the heels of news that attackers stole $6 million from a Russian bank via SWIFT network last year.
By Dark Reading Staff , 2/20/2018
Comment0 comments  |  Read  |  Post a Comment
Meltdown/Spectre: The First Large-Scale Example of a 'Genetic' Threat
Michael Lines, Vice President, Strategy, Risk, and Compliance Services at  OptivCommentary
These vulnerabilities mark an evolutionary leap forward, and companies must make fighting back a priority.
By Michael Lines Vice President, Strategy, Risk, and Compliance Services at Optiv, 2/20/2018
Comment0 comments  |  Read  |  Post a Comment
13 Russians Indicted for Massive Operation to Sway US Election
Kelly Sheridan, Associate Editor, Dark ReadingNews
Russian nationals reportedly used stolen American identities and infrastructure to influence the 2016 election outcome.
By Kelly Sheridan Associate Editor, Dark Reading, 2/16/2018
Comment6 comments  |  Read  |  Post a Comment
Rise of the 'Hivenet': Botnets That Think for Themselves
Derek Manky, Global Security Strategist, FortinetCommentary
These intelligent botnet clusters swarm compromised devices to identify and assault different attack vectors all at once.
By Derek Manky Global Security Strategist, Fortinet, 2/16/2018
Comment0 comments  |  Read  |  Post a Comment
Russian Hackers Sentenced in Heartland Payment Systems Breach Case
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Two more men involved in the massive payment card theft from multiple major US corporations that began in 2007 now sent to federal prison.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/16/2018
Comment0 comments  |  Read  |  Post a Comment
Cybercrime Gang Ramps up Ransomware Campaign
Jai Vijayan, Freelance writerNews
In the last few weeks, Gold Lowell group has collected over $350K after infecting victims with SamSam crypto malware, researchers at Secureworks found.
By Jai Vijayan Freelance writer, 2/15/2018
Comment0 comments  |  Read  |  Post a Comment
White House: Russian Military Behind NotPetya Attacks
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Trump administration statement comes on the heels of UK government calling out Russia for the cyberattacks that spread through Europe and elsewhere.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/15/2018
Comment0 comments  |  Read  |  Post a Comment
IRS Reports Steep Decline in Tax-Related ID Theft
Steve Zurier, Freelance WriterNews
Research group Javelin confirms that the numbers are trending in the right direction, with total fraud losses dropping more than 14% to $783 million.
By Steve Zurier Freelance Writer, 2/15/2018
Comment0 comments  |  Read  |  Post a Comment
North Korea-Linked Cyberattacks Spread Out of Control: Report
Kelly Sheridan, Associate Editor, Dark ReadingNews
New details on old cyberattacks originating from North Korea indicate several forms of malware unintentionally spread wider than authors intended.
By Kelly Sheridan Associate Editor, Dark Reading, 2/15/2018
Comment0 comments  |  Read  |  Post a Comment
Democracy & DevOps: What Is the Proper Role for Security?
PJ Kirner, CTO & Founder, IllumioCommentary
Security experts need a front-row seat in the application development process but not at the expense of the business.
By PJ Kirner CTO & Founder, Illumio, 2/15/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Joe Stanganelli
Current Conversations "I think I found our security gap."
In reply to: js1
Post Your Own Reply
More Conversations
PR Newswire
13 Russians Indicted for Massive Operation to Sway US Election
Kelly Sheridan, Associate Editor, Dark Reading,  2/16/2018
Facebook Aims to Make Security More Social
Kelly Sheridan, Associate Editor, Dark Reading,  2/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.