Threat Intelligence

News & Commentary
Flaws in Mobile Point of Sale Readers Displayed at Black Hat
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
While security is high overall for mPOS tools from companies like Square, PayPal, and iZettle, some devices have vulnerabilities that attackers could exploit to gather data and cash.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/14/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft ADFS Vulnerability Lets Attackers Bypass MFA
Kelly Sheridan, Staff Editor, Dark ReadingNews
The flaw lets an attacker use the same second factor to bypass multifactor authentication for any account on the same ADFS service.
By Kelly Sheridan Staff Editor, Dark Reading, 8/14/2018
Comment0 comments  |  Read  |  Post a Comment
Hacker Unlocks 'God Mode' and Shares the 'Key'
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
At Black Hat USA and DEF CON, researcher Christopher Domas showed how he found backdoors that may exist in many different CPUs.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/13/2018
Comment0 comments  |  Read  |  Post a Comment
Social Engineers Show Off Their Tricks
Kelly Sheridan, Staff Editor, Dark ReadingNews
Experts in deception shared tricks of the trade and showed their skills at Black Hat and DEF CON 2018.
By Kelly Sheridan Staff Editor, Dark Reading, 8/13/2018
Comment0 comments  |  Read  |  Post a Comment
Nigerian National Convicted for Phishing US Universities
Dark Reading Staff, Quick Hits
Olayinka Olaniyi and his co-conspirator targeted the University of Virginia, Georgia Tech, and other educational institutions.
By Dark Reading Staff , 8/13/2018
Comment0 comments  |  Read  |  Post a Comment
NSA Brings Nation-State Details to DEF CON
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Hackers were eager to hear the latest from the world of nation-state cybersecurity.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/10/2018
Comment0 comments  |  Read  |  Post a Comment
6 Eye-Raising Third-Party Breaches
Ericka Chickowski, Contributing Writer, Dark Reading
This year's headlines have featured a number of high-profile exposures caused by third parties working on behalf of major brands.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/10/2018
Comment0 comments  |  Read  |  Post a Comment
Xori Adds Speed, Breadth to Disassembler Lineup
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new open source tool, introduced at Black Hat USA, places a priority on speed and automation.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/9/2018
Comment0 comments  |  Read  |  Post a Comment
IoT Malware Discovered Trying to Attack Satellite Systems of Airplanes, Ships
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researcher Ruben Santamarta shared the details of his successful hack of an in-flight airplane Wi-Fi network and other findings at Black Hat USA today.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/9/2018
Comment0 comments  |  Read  |  Post a Comment
Cloud Intelligence Throwdown: Amazon vs. Google vs. Microsoft
Kelly Sheridan, Staff Editor, Dark ReadingNews
A closer look at native threat intelligence capabilities built into major cloud platforms and discussion of their strengths and shortcomings.
By Kelly Sheridan Staff Editor, Dark Reading, 8/9/2018
Comment0 comments  |  Read  |  Post a Comment
AWS Employee Flub Exposes S3 Bucket Containing GoDaddy Server Configuration and Pricing Models
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Publicly accessible S3 bucket included configuration data for tens of thousands of systems, as well as sensitive pricing information.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/9/2018
Comment0 comments  |  Read  |  Post a Comment
PGA of America Struck By Ransomware
Dark Reading Staff, Quick Hits
Hackers provided a Bitcoin wallet number, though no specific ransom amount was demanded, for the return of files.
By Dark Reading Staff , 8/9/2018
Comment1 Comment  |  Read  |  Post a Comment
Dark Reading News Desk Live at Black Hat USA 2018
Sara Peters, Senior Editor at Dark ReadingNews
Watch here Wednesday and Thursday, 2 p.m. - 6 p.m. ET to see over 40 live video interviews straight from the Black Hat USA conference in Las Vegas.
By Sara Peters Senior Editor at Dark Reading, 8/9/2018
Comment1 Comment  |  Read  |  Post a Comment
White Hat to Black Hat: What Motivates the Switch to Cybercrime
Kelly Sheridan, Staff Editor, Dark ReadingNews
Almost one in 10 security pros in the US have considered black hat work, and experts believe many dabble in criminal activity for financial gain or employer retaliation.
By Kelly Sheridan Staff Editor, Dark Reading, 8/8/2018
Comment1 Comment  |  Read  |  Post a Comment
No, The Mafia Doesn't Own Cybercrime: Study
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Organized crime does, however, sometimes provide money-laundering and other expertise to cybercriminals.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/8/2018
Comment0 comments  |  Read  |  Post a Comment
Researchers Release Free TRITON/TRISIS Malware Detection Tools
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Team of experts re-creates the TRITON/TRISIS attack to better understand the epic hack of an energy plant that ultimately failed.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/8/2018
Comment0 comments  |  Read  |  Post a Comment
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
Kelly Sheridan, Staff Editor, Dark ReadingNews
Google engineering director Parisa Tabriz took the Black Hat keynote stage to detail the Chrome transition and share advice with security pros.
By Kelly Sheridan Staff Editor, Dark Reading, 8/8/2018
Comment6 comments  |  Read  |  Post a Comment
10 Threats Lurking on the Dark Web
Steve Zurier, Freelance Writer
Despite some high-profile takedowns last year, the Dark Web remains alive and well. Here's a compilation of some of the more prolific threats that loom.
By Steve Zurier Freelance Writer, 8/8/2018
Comment0 comments  |  Read  |  Post a Comment
Expect API Breaches to Accelerate
Ericka Chickowski, Contributing Writer, Dark ReadingNews
APIs provide the digital glue that binds apps, cloud resources, app services and data all together and they're increasingly an appsec security threat.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/7/2018
Comment0 comments  |  Read  |  Post a Comment
Google Details Tech Built into Shielded VMs
Kelly Sheridan, Staff Editor, Dark ReadingNews
Specialized virtual machines, recently released in beta mode, ensure cloud workloads haven't been compromised.
By Kelly Sheridan Staff Editor, Dark Reading, 8/6/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
White Hat to Black Hat: What Motivates the Switch to Cybercrime
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
PGA of America Struck By Ransomware
Dark Reading Staff 8/9/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-3937
PUBLISHED: 2018-08-14
An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2018-3938
PUBLISHED: 2018-08-14
An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST r...
CVE-2018-12537
PUBLISHED: 2018-08-14
In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.
CVE-2018-12539
PUBLISHED: 2018-08-14
In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on Windows,...
CVE-2018-3615
PUBLISHED: 2018-08-14
Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.