Threat Intelligence

News & Commentary
The Security Costs of Cloud-Native Applications
Kelly Sheridan, Staff Editor, Dark ReadingNews
More than 60% of organizations report the bulk of new applications are built in the cloud. What does this mean for security?
By Kelly Sheridan Staff Editor, Dark Reading, 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
Websites Attack Attempts Rose in Q2
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New data shows hackers hit websites, on average, every 25 minutes.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
Symantec Offers Free Website Security Service for Midterm Elections
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Security vendor offers US election jurisdictions its Project Dolphin phishing/website spoofing-detection service and security resources.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
GovPayNow Leak of 14M+ Records Dates Back to 2012
Dark Reading Staff, Quick Hits
Thousands of US state and local governments use the service to process online payments for everything from traffic tickets to court fines.
By Dark Reading Staff , 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
Overhauling the 3 Pillars of Security Operations
Dave Frampton, Vice President of Security Solutions at Sumo LogicCommentary
Modern apps and the cloud mean that organizations must now rethink older security practices.
By Dave Frampton Vice President of Security Solutions at Sumo Logic, 9/18/2018
Comment1 Comment  |  Read  |  Post a Comment
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark ReadingNews
Remote desktop protocol access continues to thrive in underground markets, primarily to hackers who lack expertise to find exposed ports themselves.
By Kelly Sheridan Staff Editor, Dark Reading, 9/17/2018
Comment1 Comment  |  Read  |  Post a Comment
How Secure are our Voting Systems for November 2018?
Dark Reading Staff, CommentaryVideo
Anomali CEO Hugh Njemanze discusses the importance of sharing threat intelligence across the countrys highly decentralized voting systems to safeguard the integrity of upcoming elections.
By Dark Reading Staff , 9/14/2018
Comment0 comments  |  Read  |  Post a Comment
Military, Government Users Just as Bad About Password Hygiene as Civilians
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New report comes out just as group of US senators chastise Secretary of State Mike Pompeo for not using multifactor authentication.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/14/2018
Comment1 Comment  |  Read  |  Post a Comment
2 Billion Bluetooth Devices Remain Exposed to Airborne Attack Vulnerabilities
Jai Vijayan, Freelance writerNews
One year after Armis disclosed 'BlueBorne,' a large number of Android, Linux, and iOS devices remain unpatched.
By Jai Vijayan Freelance writer, 9/13/2018
Comment0 comments  |  Read  |  Post a Comment
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers bypass a Trusted Computing Group security measure to manipulate the firmware and steal data in memory.
By Kelly Sheridan Staff Editor, Dark Reading, 9/13/2018
Comment3 comments  |  Read  |  Post a Comment
Enterprise Security Needs an Open Data Solution
Carey Nachenberg, Chief Scientist at ChronicleCommentary
What would it look like if more than a tiny fraction of enterprises had access to all the signals hidden in their big data today?
By Carey Nachenberg Chief Scientist at Chronicle, 9/13/2018
Comment0 comments  |  Read  |  Post a Comment
Modular Malware Brings Stealthy Attacks to Former Soviet States
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new malware technique is making phishing attacks harder to spot when they succeed.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/12/2018
Comment0 comments  |  Read  |  Post a Comment
Malware Campaign Targeting Jaxx Wallet Holders Shut Down
Kelly Sheridan, Staff Editor, Dark ReadingNews
A site spoofing the official Jaxx website was discovered packing several infections for Windows and Mac machines, and has been shut down.
By Kelly Sheridan Staff Editor, Dark Reading, 9/12/2018
Comment0 comments  |  Read  |  Post a Comment
Mobile Attack Rates Up 24% Globally, 44% in US
Dark Reading Staff, Quick Hits
One-third of all fraud targets are mobile, a growing source of all digital transactions.
By Dark Reading Staff , 9/12/2018
Comment0 comments  |  Read  |  Post a Comment
Mirai, Gafgyt Botnets Resurface with New Tricks
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new version of Mirai exploits the Apache Struts flaw linked to the Equifax breach, while Gafgyt targets an old flaw in SonicWall.
By Kelly Sheridan Staff Editor, Dark Reading, 9/11/2018
Comment0 comments  |  Read  |  Post a Comment
The Key to Stealing a Tesla Model S
Dark Reading Staff, Quick Hits
A team of hackers finds it's possible to steal a Tesla Model S by cloning the key fob.
By Dark Reading Staff , 9/11/2018
Comment0 comments  |  Read  |  Post a Comment
New 'Fallout' EK Brings Return of Old Ransomware
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The Fallout exploit kit carries GandCrab into the Middle East in a new campaign.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/10/2018
Comment0 comments  |  Read  |  Post a Comment
Three Trend Micro Apps Caught Collecting MacOS User Data
Kelly Sheridan, Staff Editor, Dark ReadingNews
After researchers found the security apps collecting and uploading users' browser histories, Apple removed the apps from its macOS app store and Trend Micro removed the apps' browser history collection capability.
By Kelly Sheridan Staff Editor, Dark Reading, 9/10/2018
Comment0 comments  |  Read  |  Post a Comment
8 Attack Vectors Puncturing Cloud Environments
Kelly Sheridan, Staff Editor, Dark Reading
These methods may not yet be on your security team's radar, but given their impact, they should be.
By Kelly Sheridan Staff Editor, Dark Reading, 9/7/2018
Comment0 comments  |  Read  |  Post a Comment
The Best Way To Secure US Elections? Paper Ballots
Jai Vijayan, Freelance writerNews
Voting machines that do not provide a paper trail or cannot be independently audited should immediately be removed, concludes a new report from the National Academies of Sciences, Engineering, and Medicine.
By Jai Vijayan Freelance writer, 9/6/2018
Comment4 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by WillieBennett
Current Conversations nice  
In reply to: Re: On Firmwarenice
Post Your Own Reply
More Conversations
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
How Data Breaches Affect the Enterprise
How Data Breaches Affect the Enterprise
This report, offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future. Read the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-3912
PUBLISHED: 2018-09-18
Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.
CVE-2018-6690
PUBLISHED: 2018-09-18
Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system.
CVE-2018-6693
PUBLISHED: 2018-09-18
An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escal...
CVE-2018-16515
PUBLISHED: 2018-09-18
Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.
CVE-2018-16794
PUBLISHED: 2018-09-18
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls.