Threat Intelligence

News & Commentary
New Spectre Variants Add to Vulnerability Worries
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Variants 3a and 4 build on the Spectre foundation, but how worried should enterprise security professionals really be?
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/22/2018
Comment0 comments  |  Read  |  Post a Comment
US Senator to DOD CIO: 'Take Immediate Action' on HTTPS
Kelly Sheridan, Staff Editor, Dark ReadingNews
US Senator Ron Wyden pens a letter to the Department of Defense CIO, urging stronger security on public-facing government sites.
By Kelly Sheridan Staff Editor, Dark Reading, 5/22/2018
Comment0 comments  |  Read  |  Post a Comment
Pet Tracker Flaws Expose Pets and Their Owners to Cybercrime
Dark Reading Staff, Quick Hits
Hackers can exploit vulnerabilities in popular pet trackers to intercept location coordinates and access owners' personal data.
By Dark Reading Staff , 5/22/2018
Comment1 Comment  |  Read  |  Post a Comment
The State of Information Sharing: 20 Years after the First White House Mandate
Paul Kurtz, CEO & Cofounder, TruSTAR TechnologyCommentary
Finally! Actionable guidance for ISACs and enterprises on what threat intel to share, how to share it, and which key technologies will automate redaction and protect privacy.
By Paul Kurtz CEO & Cofounder, TruSTAR Technology, 5/22/2018
Comment0 comments  |  Read  |  Post a Comment
North Korean Defectors Targeted with Malicious Apps on Google Play
Kelly Sheridan, Staff Editor, Dark ReadingNews
Sun Team hacking group is behind RedDawn, which steals victims' photos and data and passes them to threat actors.
By Kelly Sheridan Staff Editor, Dark Reading, 5/21/2018
Comment0 comments  |  Read  |  Post a Comment
New BIND Vulnerabilities Threaten DNS Availability
Dark Reading Staff, Quick Hits
A pair of vulnerabilities in BIND could leave some organizations without DNS.
By Dark Reading Staff , 5/21/2018
Comment0 comments  |  Read  |  Post a Comment
Get Smart About Network Segmentation & Traffic Routing
Jack Hamm, Principal Information Security Engineer, Gigamon
Through a combination of intelligent segmentation and traffic routing to tools, you can gain much better visibility into your network. Here's how.
By Jack Hamm Principal Information Security Engineer, Gigamon, 5/21/2018
Comment0 comments  |  Read  |  Post a Comment
What Israel's Elite Defense Force Unit 8200 Can Teach Security about Diversity
Lital Asher-Dotan, Senior Director, Security Research and Content, CybereasonCommentary
Unit 8200 doesn't follow a conventional recruiting model. Technical knowledge isn't a requirement. The unit values traits that emphasize problem-solving and interpersonal skills, and it uses hiring processes that build female leaders.
By Lital Asher-Dotan Senior Director, Security Research and Content, Cybereason, 5/21/2018
Comment1 Comment  |  Read  |  Post a Comment
Actor Advertises Japanese PII on Chinese Underground
Kelly Sheridan, Staff Editor, Dark ReadingNews
The dataset contains 200 million rows of information stolen from websites across industries, likely via opportunistic access.
By Kelly Sheridan Staff Editor, Dark Reading, 5/18/2018
Comment0 comments  |  Read  |  Post a Comment
Syrian Electronic Army Members Indicted for Conspiracy
Dark Reading Staff, Quick Hits
Two men have been charged for their involvement in a plot to commit computer hacking as members of the Syrian Electronic Army.
By Dark Reading Staff , 5/18/2018
Comment1 Comment  |  Read  |  Post a Comment
New Research Seeks to Shorten Attack Dwell Time
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
It can take months for an organization to know they've been hacked. A new DARPA-funded project seeks to reduce that time to hours.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/18/2018
Comment0 comments  |  Read  |  Post a Comment
Cracking 2FA: How It's Done and How to Stay Safe
Kelly Sheridan, Staff Editor, Dark Reading
Two-factor authentication is a common best security practice but not ironclad. Here's how it can be bypassed, and how you can improve security.
By Kelly Sheridan Staff Editor, Dark Reading, 5/17/2018
Comment1 Comment  |  Read  |  Post a Comment
California Teen Arrested for Phishing Teachers to Change Grades
Dark Reading Staff, Quick Hits
The student faces 14 felony counts for using a phishing campaign to steal teachers' credentials and alter students' grades.
By Dark Reading Staff , 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
Why Isn't Integrity Getting the Attention It Deserves?
Tim Erlin, VP of Product Management & Strategy at TripwireCommentary
A focus on integrity requires a shift in the way many approach security management, but it's one of the most promising approaches to effective enterprise security.
By Tim Erlin VP of Product Management & Strategy at Tripwire, 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
7 Tools for Stronger IoT Security, Visibility
Curtis Franklin Jr., Senior Editor at Dark Reading
If you don't know what's on your IoT network, you don't know what to protect -- or protect from. These tools provide visibility into your network so you can be safe with (and from) what you see.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/16/2018
Comment0 comments  |  Read  |  Post a Comment
Newly Discovered Malware Targets Telegram Desktop
Kelly Sheridan, Staff Editor, Dark ReadingNews
Russian-speaking attacker behind new malware capable of lifting credentials, cookies, desktop cache, and key files.
By Kelly Sheridan Staff Editor, Dark Reading, 5/16/2018
Comment0 comments  |  Read  |  Post a Comment
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrustCommentary
It's time to "do the right thing" when it comes to gender in the hiring and promotion of women in cybersecurity. Four women (and a man named John) offer practical solutions for shifting the balance.
By John De Santis CEO, HyTrust, 5/16/2018
Comment7 comments  |  Read  |  Post a Comment
25% of Businesses Targeted with Cryptojacking in the Cloud
Kelly Sheridan, Staff Editor, Dark ReadingNews
New public cloud security report detects a spike in cryptojacking, mismanaged cloud storage, account takeover, and major patches getting overlooked.
By Kelly Sheridan Staff Editor, Dark Reading, 5/15/2018
Comment0 comments  |  Read  |  Post a Comment
Feds Name Suspect in CIA 'Vault 7' Hacking Tool Leak
Dark Reading Staff, Quick Hits
Ex-CIA employee in jail for unrelated charges at this time.
By Dark Reading Staff , 5/15/2018
Comment0 comments  |  Read  |  Post a Comment
Smashing Silos and Building Bridges in the IT-Infosec Divide
Kelly Sheridan, Staff Editor, Dark ReadingNews
A strong relationship between IT and security leads to strong defense, but it's not always easy getting the two to collaborate.
By Kelly Sheridan Staff Editor, Dark Reading, 5/14/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by lazyjones
Current Conversations "Security through obscurity"
In reply to: Caption
Post Your Own Reply
More Conversations
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11354
PUBLISHED: 2018-05-22
In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling.
CVE-2018-11355
PUBLISHED: 2018-05-22
In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks.
CVE-2018-11356
PUBLISHED: 2018-05-22
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record.
CVE-2018-11357
PUBLISHED: 2018-05-22
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths.
CVE-2018-11358
PUBLISHED: 2018-05-22
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup.