Attacks/Breaches

News & Commentary
4 Ways to Fight the Email Security Threat
Asaf Cidon, Vice President, Content Security Services, at Barracuda NetworksCommentary
It's time to reimagine employee training with fresh, more aggressive approaches that better treat email security as a fundamentally human problem.
By Asaf Cidon Vice President, Content Security Services, at Barracuda Networks, 10/15/2018
Comment0 comments  |  Read  |  Post a Comment
Facebook Update: 30 Million Users Actually Hit in its Recent Breach
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The good news: That number is less than the original estimate of 50 million. The bad news: It might not have been the only attack.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/12/2018
Comment0 comments  |  Read  |  Post a Comment
Threat Hunters & Security Analysts: A Dynamic Duo
Rick Costanzo, CEO, RANK SoftwareCommentary
Fighting spying with spying, threat hunters bring the proactive mindset of network reconnaissance and repair to the enterprise security team.
By Rick Costanzo CEO, RANK Software, 10/12/2018
Comment1 Comment  |  Read  |  Post a Comment
Pair of Reports Paint Picture of Enterprise Security Struggling to Keep Up
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Many organizations have yet to create an effective cybersecurity strategy and it's costing them millions.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/11/2018
Comment1 Comment  |  Read  |  Post a Comment
Chinese Intelligence Officer Under Arrest for Trade Secret Theft
Jai Vijayan, Freelance writerNews
Yanjun Xu attempted to steal data on advanced aviation technology that GE Aviation, among others, had spent billions developing.
By Jai Vijayan Freelance writer, 10/11/2018
Comment0 comments  |  Read  |  Post a Comment
Most Malware Arrives Via Email
Dark Reading Staff, Quick Hits
Watch out for messages with the word "invoice" in the subject line, too.
By Dark Reading Staff , 10/11/2018
Comment1 Comment  |  Read  |  Post a Comment
Not All Multifactor Authentication Is Created Equal
Alexandre Cagnoni, Director of Authentication at WatchGuard TechnologiesCommentary
Users should be aware of the strengths and weaknesses of the various MFA methods.
By Alexandre Cagnoni Director of Authentication at WatchGuard Technologies, 10/11/2018
Comment0 comments  |  Read  |  Post a Comment
The Better Way: Threat Analysis & IIoT Security
Satish Gannu, Chief Security Officer, ABBCommentary
Threat analysis offers a more nuanced and multidimensional approach than go/no-go patching in the Industrial Internet of Things. But first, vendors must agree on how they report and address vulnerabilities.
By Satish Gannu Chief Security Officer, ABB, 10/11/2018
Comment0 comments  |  Read  |  Post a Comment
New Threat Group Conducts Malwareless Cyber Espionage
Jai Vijayan, Freelance writerNews
Gallmaker group is relying exclusively on legitimate tools and living-off-the-land tactics to make detection very difficult.
By Jai Vijayan Freelance writer, 10/10/2018
Comment0 comments  |  Read  |  Post a Comment
IIS Attacks Skyrocket, Hit 1.7M in Q2
Dark Reading Staff, Quick Hits
Drupal and Oracle WebLogic also were hit with more cyberattacks during same quarter.
By Dark Reading Staff , 10/10/2018
Comment0 comments  |  Read  |  Post a Comment
Lesser Skilled Cybercriminals Adopt Nation-State Hacking Methods
Jai Vijayan, Freelance writerNews
The trend underscores the need for organizations of all sizes to be prepared to detect and respond to threats faster, CrowdStrike says.
By Jai Vijayan Freelance writer, 10/9/2018
Comment0 comments  |  Read  |  Post a Comment
Lessons Learned from the Facebook Breach: Why Logic Errors Are So Hard to Catch
Jerry Gamblin, Principal Security Engineer, Kenna SecurityCommentary
By ensuring that each layer of protection scours an application for unintended uses, you can find the flaws before the bad guys do.
By Jerry Gamblin Principal Security Engineer, Kenna Security, 10/9/2018
Comment1 Comment  |  Read  |  Post a Comment
New Domains: A Wide-Open Playing Field for Cybercrime
Ben April, CTO, Farsight SecurityCommentary
As bad actors increasingly exploit new domains for financial gain and other nefarious purposes, security teams need to employ policies and practices to neutralize the threat in real time. Here's why and how.
By Ben April CTO, Farsight Security, 10/9/2018
Comment1 Comment  |  Read  |  Post a Comment
Successful Scammers Call After Lunch
Kelly Sheridan, Staff Editor, Dark ReadingNews
Analysis of 20,000 voice phishing, or vishing, calls reveals patterns in how social engineers operate and how targets respond.
By Kelly Sheridan Staff Editor, Dark Reading, 10/5/2018
Comment0 comments  |  Read  |  Post a Comment
Who Do You Trust? Parsing the Issues of Privacy, Transparency & Control
Richard Ford, Chief Scientist, ForcepointCommentary
Technology such as Apple's device trust score that decides "you" is not you is a good thing. But only if it works well.
By Richard Ford Chief Scientist, Forcepoint, 10/5/2018
Comment0 comments  |  Read  |  Post a Comment
US Indicts 7 Russian Intel Officers for Hacking Anti-Doping Organizations
Jai Vijayan, Freelance writerNews
Netherlands expels four of the suspects trying to break into an organization investigating a chemical used in the recent attack on a former Russian spy in Britain.
By Jai Vijayan Freelance writer, 10/4/2018
Comment0 comments  |  Read  |  Post a Comment
Report: In Huge Hack, Chinese Manufacturer Sneaks Backdoors Onto Motherboards
Curtis Franklin Jr., Senior Editor at Dark ReadingQuick Hits
If true, the attack using Supermicro motherboards could be the most comprehensive cyber breach in history.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/4/2018
Comment2 comments  |  Read  |  Post a Comment
For $14.71, You Can Buy A Passport Scan on the Dark Web
Kelly Sheridan, Staff Editor, Dark ReadingNews
That's the average price of a digital passport scan, and it goes up with proof of identification, a new study finds.
By Kelly Sheridan Staff Editor, Dark Reading, 10/4/2018
Comment1 Comment  |  Read  |  Post a Comment
GDPR Report Card: Some Early Gains but More Work Ahead
Chris Babel, CEO, TrustArcCommentary
US companies paid the most, to date, to meet the EU's General Data Protection Regulation, according to a recent study, but UK companies made greater progress in achieving compliance goals.
By Chris Babel CEO, TrustArc, 10/4/2018
Comment0 comments  |  Read  |  Post a Comment
Malware Outbreak Causes Disruptions, Closures at Canadian Restaurant Chain
Jai Vijayan, Freelance writerNews
But Recipe Unlimited denies it was the victim of a ransomware attack, as some have reported.
By Jai Vijayan Freelance writer, 10/3/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
12 Free, Ready-to-Use Security Tools
Steve Zurier, Freelance Writer,  10/12/2018
Most IT Security Pros Want to Change Jobs
Dark Reading Staff 10/12/2018
Most Malware Arrives Via Email
Dark Reading Staff 10/11/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-1744
PUBLISHED: 2018-10-15
IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 148423.
CVE-2018-1747
PUBLISHED: 2018-10-15
IBM Security Key Lifecycle Manager 2.5, 2.6, 2.7, and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 148428.
CVE-2018-18324
PUBLISHED: 2018-10-15
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has XSS via the admin/fileManager2.php fm_current_dir parameter, or the admin/index.php module, service_start, service_fullstatus, service_restart, service_stop, or file (within the file_editor) parameter.
CVE-2018-18322
PUBLISHED: 2018-10-15
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Command Injection via shell metacharacters in the admin/index.php service_start, service_restart, service_fullstatus, or service_stop parameter.
CVE-2018-18323
PUBLISHED: 2018-10-15
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.480 has Local File Inclusion via directory traversal with an admin/index.php?module=file_editor&file=/../ URI.