Threat Intelligence
News & Commentary
BEC Attacks Far More Lucrative than Ransomware over Past 3 Years
Dawn Kawamoto, Associate Editor, Dark ReadingNews
BEC fraud netted cyberthieves five times more profit than ransomware over a three-year period, according to Cisco's midyear report released today.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/20/2017
Comment0 comments  |  Read  |  Post a Comment
98% of Companies Favor Integrating Security with DevOps
Dawn Kawamoto, Associate Editor, Dark ReadingNews
A majority of companies are either planning or have launched an integrated DevOps and security team, a new report shows.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/19/2017
Comment0 comments  |  Read  |  Post a Comment
Catastrophic Cloud Attack Costs Would Rival that of Hurricane Damages
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Lloyd's of London estimates multi-billion-dollar loss figures in worst-case scenarios of a major zero-day exploit or massive cloud outage.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/19/2017
Comment0 comments  |  Read  |  Post a Comment
Zero-Day Exploit Surfaces that May Affect Millions of IoT Users
Dark Reading Staff, Quick Hits
A zero-day vulnerability dubbed Devil's Ivy is discovered in a widely used third-party toolkit called gSOAP.
By Dark Reading Staff , 7/18/2017
Comment0 comments  |  Read  |  Post a Comment
Apple iOS Malware Growth Outpaces that of Android
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Number of iOS devices running malicious apps more than tripled in three consecutive quarters, while infected Android devices remained largely flat, report shows.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/18/2017
Comment0 comments  |  Read  |  Post a Comment
FBI Issues Warning on IoT Toy Security
Dark Reading Staff, Quick Hits
IoT toys are more than fun and games and can potentially lead to a violation of children's privacy and safety, the Federal Bureau of Investigation warned Monday.
By Dark Reading Staff , 7/17/2017
Comment1 Comment  |  Read  |  Post a Comment
AsTech Offers a $5 Million Security Breach Warranty
Dark Reading Staff, Quick Hits
AsTech expands its warranty program with a guarantee it will find Internet application vulnerabilities or it will pay up to $5 million if there is a breach.
By Dark Reading Staff , 7/14/2017
Comment0 comments  |  Read  |  Post a Comment
US Voters Consider Russia the Largest Security Risk to Elections
Dark Reading Staff, Quick Hits
Nearly half of US voters believe Russia is the largest security risk for elections in the nation, according to a survey.
By Dark Reading Staff , 7/13/2017
Comment5 comments  |  Read  |  Post a Comment
Cisco Plans to Buy Observable Networks for Cloud Security
Dark Reading Staff, Quick Hits
Cisco announces plans to acquire Observable Networks as part of a plan to bring its Stealthwatch solution into the cloud.
By Dark Reading Staff , 7/13/2017
Comment0 comments  |  Read  |  Post a Comment
Verizon Suffers Cloud Data Leak Exposing Data on Millions of Customers
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Six million of Verizon's US customers had their personal and account information exposed, including PIN numbers.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/12/2017
Comment4 comments  |  Read  |  Post a Comment
Majority of IT Security Professionals Work Weekends
Dark Reading Staff, Quick Hits
A survey finds that 57% of IT security professionals work weekends, and most say they still find their jobs rewarding.
By Dark Reading Staff , 7/12/2017
Comment0 comments  |  Read  |  Post a Comment
Web App Vulnerabilities Decline 25% in 12 Months
Dawn Kawamoto, Associate Editor, Dark ReadingNews
WhiteHat Security's annual Web app report shows the average number of vulns in a Web app is down from four to three.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/11/2017
Comment0 comments  |  Read  |  Post a Comment
IoT Devices Plagued by Lesser-Known Security Hole
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Internet of Things devices are security-challenged enough, but they're also being massively exposed on the public Internet this time via MQTT communications, a researcher will show at Black Hat USA.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/10/2017
Comment0 comments  |  Read  |  Post a Comment
Cybercriminal with Ties to Exclusive Russian Hacking Forums Sentenced to Prison
Dark Reading Staff, Quick Hits
L.A. resident is sentenced to 110 months in prison for stealing and trafficking sensitive information on exclusive Russian-speaking cybercriminal forums.
By Dark Reading Staff , 7/10/2017
Comment0 comments  |  Read  |  Post a Comment
IoT Physical Attack Exploit to be Revealed at Black Hat
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Security researcher Billy Rios plans to demonstrate how an exploit can cause an IoT device to launch a physical attack against a human.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/7/2017
Comment1 Comment  |  Read  |  Post a Comment
IRS to Launch Educational Phishing Series
Dark Reading Staff, Quick Hits
The Internal Revenue Service is preparing to launch an educational series on phishing attacks and related warning signs.
By Dark Reading Staff , 7/7/2017
Comment0 comments  |  Read  |  Post a Comment
Telecom Hacker Sentenced for Laundering Millions
Dark Reading Staff, Quick Hits
Pakistani man sentenced to prison for hacking into PBX systems and generating millions of dollars via bogus premium phone calls and laundering the money.
By Dark Reading Staff , 7/6/2017
Comment0 comments  |  Read  |  Post a Comment
Sabre Breach Investigation Concludes with Impact Limited
Dark Reading Staff, Quick Hits
The travel company finds that attackers gained limited access to a subset of its bookings in its reservation system.
By Dark Reading Staff , 7/6/2017
Comment0 comments  |  Read  |  Post a Comment
CopyCat Malware Infects 14 Million Android Devices
Dawn Kawamoto, Associate Editor, Dark ReadingNews
A new malware strain is discovered with a novel approach to infecting Android handheld devices with adware.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/6/2017
Comment0 comments  |  Read  |  Post a Comment
Bitcoin Funds Stolen from Bithumb Exchange
Dark Reading Staff, Quick Hits
Exchange employee's home PC the initial attack vector.
By Dark Reading Staff , 7/5/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: No, you were supposed to display UNICODE characters!
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
[Strategic Security Report] Assessing Cybersecurity Risk
[Strategic Security Report] Assessing Cybersecurity Risk
As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.