Attacks/Breaches
News & Commentary
$71 Million Restitution Owed for Hacking, Fraud Scheme
Dark Reading Staff, Quick Hits
Convicted money launderer Muhammad Sohail Qasmani is sentenced to 4 years in prison, and will share the hefty payout with other co-conspirators convicted in the conspiracy.
By Dark Reading Staff , 6/28/2017
Comment0 comments  |  Read  |  Post a Comment
Half of Ransomware Victims Suffer Repeat Attacks
Kelly Sheridan, Associate Editor, Dark ReadingNews
Half of ransomware victims are likely to get hit again as threat actors change their strategies to target servers and accelerate the spread of ransomware.
By Kelly Sheridan Associate Editor, Dark Reading, 6/28/2017
Comment0 comments  |  Read  |  Post a Comment
Telegram Agrees to Register Messaging App With Russia
Dark Reading Staff, Quick Hits
The messaging app company will comply with Russia's registration mandate but not share confidential user data, founder says.
By Dark Reading Staff , 6/28/2017
Comment0 comments  |  Read  |  Post a Comment
After Cyber Attack, FedEx Temporarily Halts Trading of Its Shares
Dark Reading Staff, Quick Hits
An attack at subsidiary TNT Express may disrupt FedEx's push to hit a record-high share price.
By Dark Reading Staff , 6/28/2017
Comment0 comments  |  Read  |  Post a Comment
Researchers Find 'Vaccine' for Global Ransomware Attack
Dark Reading Staff, Quick Hits
A vaccine, not a killswitch, has been discovered to prevent the Petya/NotPetya ransomware from infecting machines.
By Dark Reading Staff , 6/28/2017
Comment1 Comment  |  Read  |  Post a Comment
Massive Skype Zero-Day Enables Remote Crashes
Kelly Sheridan, Associate Editor, Dark ReadingNews
A security researcher uncovered a Skype vulnerability that could allow hackers to remotely execute code and crash software if exploited.
By Kelly Sheridan Associate Editor, Dark Reading, 6/27/2017
Comment0 comments  |  Read  |  Post a Comment
Petya Or Not? Global Ransomware Outbreak Hits Europe's Industrial Sector, Thousands More
Jai Vijayan, Freelance writerNews
With echoes of WannaCry, infections spread fast. Some security researchers describe malware as variant of Petya; others say it's a brand new sample.
By Jai Vijayan Freelance writer, 6/27/2017
Comment0 comments  |  Read  |  Post a Comment
WannaCry Blame Game: Why Delayed Patching is Not the Problem
T. Frank Downs, Senior Manager, Cyber/Information Security, ISACACommentary
While post mortems about patching, updating, and backups have some value, the best preventative security controls are increased understanding and knowledge.
By T. Frank Downs Senior Manager, Cyber/Information Security, ISACA, 6/27/2017
Comment0 comments  |  Read  |  Post a Comment
9 Ways to Protect Your Cloud Environment from Ransomware
Kelly Sheridan, Associate Editor, Dark Reading
The same technology driving faster collaboration and data transfer also enables cybercriminals to quickly spread ransomware.
By Kelly Sheridan Associate Editor, Dark Reading, 6/27/2017
Comment0 comments  |  Read  |  Post a Comment
Anthem Agrees to $115 Million Settlement for 2015 Breach
Dark Reading Staff, Quick Hits
If approved, it will dwarf settlements paid by Target, Home Depot, and Ashley Madison.
By Dark Reading Staff , 6/26/2017
Comment9 comments  |  Read  |  Post a Comment
FBI Highlights BEC, Tech Support Scams, Ransomware Concerns
Kelly Sheridan, Associate Editor, Dark ReadingNews
The 2016 Internet Crime Report found tech support fraud, business email compromise, and ransomware were major fraud categories last year.
By Kelly Sheridan Associate Editor, Dark Reading, 6/26/2017
Comment0 comments  |  Read  |  Post a Comment
Recovering from Bad Decisions in the Cloud
Jeff Schilling, Chief Security Officer, ArmorCommentary
The cloud makes it much easier to make changes to security controls than in traditional networks.
By Jeff Schilling Chief Security Officer, Armor, 6/26/2017
Comment1 Comment  |  Read  |  Post a Comment
Android Marcher Variant Makes Rounds as Adobe Flash Player Update
Dark Reading Staff, Quick Hits
Zscaler researchers discover a new variant of the Android Marcher malware, which aims to steal online banking credentials and credit card information.
By Dark Reading Staff , 6/23/2017
Comment0 comments  |  Read  |  Post a Comment
$12B in Fraud Loss Came from Data Breach Victims in 2016
Dark Reading Staff, Quick Hits
Three-quarters of the total fraud losses for 2016 arose from victims who had been victims of a data breach within the previous six years.
By Dark Reading Staff , 6/23/2017
Comment1 Comment  |  Read  |  Post a Comment
RAT Vulnerabilities Turn Hackers into Victims
Kelly Sheridan, Associate Editor, Dark ReadingNews
A small number of Remote Administration Tools have vulnerabilities which can enable attack targets to turn the tables on threat actors.
By Kelly Sheridan Associate Editor, Dark Reading, 6/23/2017
Comment1 Comment  |  Read  |  Post a Comment
Threat Intelligence Sharing: The New Normal?
Danelle Au, VP Strategy, SafeBreachCommentary
The spirit of cooperation seems to be taking hold as demonstrated by the growing number of thriving services and organizations whose sole purpose is to analyze specific threats against specific communities.
By Danelle Au VP Strategy, SafeBreach, 6/23/2017
Comment12 comments  |  Read  |  Post a Comment
8 Hot Hacking Tools to Come out of Black Hat USA
Ericka Chickowski, Contributing Writer, Dark Reading
High-impact tools for white hats that will be revealed and released next month at Black Hat USA in Las Vegas.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/23/2017
Comment0 comments  |  Read  |  Post a Comment
'GhostHook' Foils Windows 10 64-bit's Kernel Protection
Jai Vijayan, Freelance writerNews
Microsoft says an attacker needs kernel-level access before they can use the 'GhostHook' technique to install a rootkit.
By Jai Vijayan Freelance writer, 6/22/2017
Comment0 comments  |  Read  |  Post a Comment
Nuclear Plants, Hospitals at Risk of Hacked Radiation Monitoring Devices
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Security researcher discovers major security flaws that can't be patched or fixed.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/22/2017
Comment0 comments  |  Read  |  Post a Comment
Two Arrested for Microsoft Network Intrusion
Dark Reading Staff, Quick Hits
UK authorities arrest two men for allegedly breaking into Microsoft's network with the intent to steal customer data from the software giant.
By Dark Reading Staff , 6/22/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: just wondering...Thanx
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.