Attacks/Breaches

News & Commentary
70% of Energy Firms Worry About Physical Damage from Cyberattacks
Dark Reading Staff, Quick Hits
High-profile ICS attacks Triton/Trisis, Industroyer/CrashOverride, and Stuxnet have driven energy firms to invest more in cybersecurity, survey shows.
By Dark Reading Staff , 4/18/2018
Comment0 comments  |  Read  |  Post a Comment
The Role of KPIs in Incident Response
John Moran, Senior Product Manager, DFLabsCommentary
Using KPIs can have a positive impact on the tactical and strategic functions of a security operations program.
By John Moran Senior Product Manager, DFLabs, 4/18/2018
Comment1 Comment  |  Read  |  Post a Comment
Cyber War Game Shows How Federal Agencies Disagree on Incident Response
Sara Peters, Senior Editor at Dark ReadingNews
Former officials at DHS, DOJ, and DOD diverge on issues of attribution and defining what constitutes an act of cyber war.
By Sara Peters Senior Editor at Dark Reading, 4/18/2018
Comment0 comments  |  Read  |  Post a Comment
Latest News from RSAC 2018
Dark Reading Staff, News
Check out Dark Reading's exclusive coverage of the news and security themes that are dominating RSA Conference 2018 this week in San Francisco.
By Dark Reading Staff , 4/18/2018
Comment0 comments  |  Read  |  Post a Comment
Data Visibility, Control Top Cloud Concerns at RSA
Kelly Sheridan, Staff Editor, Dark ReadingNews
As the traditional perimeter dissolves and sensitive data moves to the cloud, security experts at RSA talk about how they're going to protect it.
By Kelly Sheridan Staff Editor, Dark Reading, 4/18/2018
Comment0 comments  |  Read  |  Post a Comment
8 Ways Hackers Monetize Stolen Data
Steve Zurier, Freelance Writer
Hackers are craftier than ever, pilfering PII piecemeal so bad actors can combine data to set up schemes to defraud medical practices, steal military secrets and hijack R&D product information.
By Steve Zurier Freelance Writer, 4/17/2018
Comment2 comments  |  Read  |  Post a Comment
New Malware Adds RAT to a Persistent Loader
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A newly discovered variant of a long-known malware loader adds the ability to control the victim from afar.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/17/2018
Comment0 comments  |  Read  |  Post a Comment
INsecurity Conference Seeks Security Pros to Speak on Best Practices
Tim Wilson, Editor in Chief, Dark Reading, News
Dark Reading's second annual data defense conference will be held Oct. 23-25 in Chicago; call for speakers is issued.
By Tim Wilson, Editor in Chief, Dark Reading , 4/16/2018
Comment0 comments  |  Read  |  Post a Comment
7 Non-Financial Data Types to Secure
Curtis Franklin Jr., Senior Editor at Dark Reading
Credit card and social security numbers aren't the only sensitive information that requires protection.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/14/2018
Comment1 Comment  |  Read  |  Post a Comment
Power Line Vulnerability Closes Air Gap
Dark Reading Staff, Quick Hits
A new demonstration of malware shows that air-gapped computers may still be at risk.
By Dark Reading Staff , 4/13/2018
Comment0 comments  |  Read  |  Post a Comment
Former Airline Database Administrator Sentenced for Hacking Reservation System
Dark Reading Staff, Quick Hits
Former PenAir IT staffer gets five-year probation sentence via plea deal.
By Dark Reading Staff , 4/13/2018
Comment0 comments  |  Read  |  Post a Comment
Federal Agency Data Under Siege
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Seventy-one percent of IT security professionals in US federal agencies have reported breaches in their organizations.
By Marc Wilczek Digital Strategist & CIO Advisor, 4/13/2018
Comment0 comments  |  Read  |  Post a Comment
Uber Agrees to New FTC Settlement Over 2016 Breach Disclosure
Dark Reading Staff, Quick Hits
Uber has agreed to an updated settlement with the FTC after news of its massive 2016 data breach.
By Dark Reading Staff , 4/12/2018
Comment0 comments  |  Read  |  Post a Comment
Microsegmentation: Strong Security in Small Packages
Avishai Wool, Co-Founder and CTO at AlgoSecCommentary
A deep dive into how organizations can effectively devise and implement microsegmentation in a software-defined networking data center.
By Avishai Wool Co-Founder and CTO at AlgoSec, 4/12/2018
Comment1 Comment  |  Read  |  Post a Comment
New Email Campaign Employs Malicious URLs
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new attack dropping the Quant Loader Trojan bypasses scanners and sandboxes.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/12/2018
Comment0 comments  |  Read  |  Post a Comment
How Attackers Can Exploit rTorrent with Monero Cryptocurrency Miner
Andrey Shalnev, F5 Security Researcher
As cryptomining campaigns become more profitable, cybercriminals are becoming more creative about finding new ways to extend their operations.
By Andrey Shalnev F5 Security Researcher, 4/12/2018
Comment0 comments  |  Read  |  Post a Comment
Attacker Dwell Time Still Too Long, Research Shows
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New DBIR and M-Trends reports show the window between compromise and discovery are still way too long.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/11/2018
Comment0 comments  |  Read  |  Post a Comment
2.6 Billion-Plus Data Records Breached Last Year
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Most exposed data records caused by human error.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/11/2018
Comment0 comments  |  Read  |  Post a Comment
Stopping Cyber Madness: Why the Private Sector Must Lead the Fight
Paul Kurtz, CEO & Cofounder, TruSTAR TechnologyCommentary
The government's ability to help secure the Internet will be limited given the light speed of the Internet versus the slower pace of government. That's why stopping the madness begins with the private sector.
By Paul Kurtz CEO & Cofounder, TruSTAR Technology, 4/11/2018
Comment0 comments  |  Read  |  Post a Comment
Palo Alto Networks Buys Secdo for Endpoint Detection
Dark Reading Staff, Quick Hits
The acquisition is intended to ramp up Palo Alto's endpoint detection capabilities with new tech and talent.
By Dark Reading Staff , 4/11/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
8 Ways Hackers Monetize Stolen Data
Steve Zurier, Freelance Writer,  4/17/2018
Microsegmentation: Strong Security in Small Packages
Avishai Wool, Co-Founder and CTO at AlgoSec,  4/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.