Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Advanced Threats

News & Commentary
Satan Ransomware Adds More Evil Tricks
Robert Lemos, Contributing WriterNews
The latest changes to the Satan ransomware framework demonstrate attackers are changing their operations while targeting victims more carefully.
By Robert Lemos Contributing Writer, 5/21/2019
Comment1 Comment  |  Read  |  Post a Comment
Old Threats Are New Again
Liron Barak, CEO of BitDamCommentary
They may look familiar to you, and that isn't a coincidence. New threats are often just small twists on old ones.
By Liron Barak CEO of BitDam, 5/21/2019
Comment0 comments  |  Read  |  Post a Comment
Financial Sector Under Siege
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
The old take-the-money-and-run approach has been replaced by siege tactics such as DDOS attacks and land-and-expand campaigns with multiple points of persistence and increased dwell time.
By Marc Wilczek Digital Strategist & CIO Advisor, 5/20/2019
Comment0 comments  |  Read  |  Post a Comment
A Trustworthy Digital Foundation Is Essential to Digital Government
Gus Hunt, Managing Director and Cyber Strategy Lead for Accenture Federal ServicesCommentary
Agencies must take steps to ensure that citizens trust in the security of government's digital channels.
By Gus Hunt Managing Director and Cyber Strategy Lead for Accenture Federal Services, 5/17/2019
Comment0 comments  |  Read  |  Post a Comment
Commercial Spyware Uses WhatsApp Flaw to Infect Phones
Robert Lemos, Contributing WriterNews
A single flaw allowed attackers thought to be linked to a government to target human rights workers and install surveillance software by sending a phone request. The victims did not even have to answer.
By Robert Lemos Contributing Writer, 5/14/2019
Comment0 comments  |  Read  |  Post a Comment
How We Collectively Can Improve Cyber Resilience
Todd Weller, Chief Strategy Officer at Bandura CyberCommentary
Three steps you can take, based on Department of Homeland Security priorities.
By Todd Weller Chief Strategy Officer at Bandura Cyber, 5/10/2019
Comment0 comments  |  Read  |  Post a Comment
How to Close the Critical Cybersecurity Talent Gap
Tom Weithman, Managing Director at CIT GAP Funds & Chief Investment Officer at MACH37Commentary
If we don't change our ways, the gap will keep getting worse. Outside-the-box thinking and new techniques are required, and here are a few ways to get started.
By Tom Weithman Managing Director at CIT GAP Funds & Chief Investment Officer at MACH37, 5/9/2019
Comment2 comments  |  Read  |  Post a Comment
Fighting Back Against Tech-Savvy Fraudsters
Chris Ryan, Senior Fraud Solutions Consultant at ExperianCommentary
Staying a step ahead requires moving beyond the security techniques of the past.
By Chris Ryan Senior Fraud Solutions Consultant at Experian, 5/9/2019
Comment0 comments  |  Read  |  Post a Comment
The Big E-Crime Pivot
Adam Meyers, VP of Intelligence, CrowdStrikeCommentary
Criminals have begun to recognize that enterprise ransomware offers tremendous financial advantage over the more traditional tactics of wire fraud and account takeover.
By Adam Meyers VP of Intelligence, CrowdStrike, 5/7/2019
Comment0 comments  |  Read  |  Post a Comment
Better Behavior, Better Biometrics?
Rajiv Dholakia, VP Products, Nok Nok LabsCommentary
Behavioral biometrics is a building block to be used in conjunction with other security measures, but it shows promise.
By Rajiv Dholakia VP Products, Nok Nok Labs, 5/7/2019
Comment0 comments  |  Read  |  Post a Comment
Attackers Add a New Spin to Old Scams
Jai Vijayan, Contributing WriterNews
Scammers are figuring out unique ways of abusing cloud services to make their attacks look more genuine, Netskope says.
By Jai Vijayan Contributing Writer, 5/6/2019
Comment0 comments  |  Read  |  Post a Comment
Password Reuse, Misconfiguration Blamed for Repository Compromises
Robert Lemos, Contributing WriterNews
Armed with stolen credentials from another breach or from a misconfigured file, attackers delete developers' repositories on GitHub, Bitbucket, and GitLab, leaving behind ransom notes.
By Robert Lemos Contributing Writer, 5/6/2019
Comment0 comments  |  Read  |  Post a Comment
Trust the Stack, Not the People
John De Santis, CEO, HyTrustCommentary
A completely trusted stack lets the enterprise be confident that apps and data are treated and protected wherever they are.
By John De Santis CEO, HyTrust, 5/6/2019
Comment0 comments  |  Read  |  Post a Comment
Security Depends on Careful Design
Susanto Irwan, Co-Founder and VP of Engineering at Xage SecurityCommentary
Deploying focused edge protection on-site extends security beyond the network level to shield millions of previously exposed devices, apps, and control systems.
By Susanto Irwan Co-Founder and VP of Engineering at Xage Security, 5/2/2019
Comment0 comments  |  Read  |  Post a Comment
Why Are We Still Celebrating World Password Day?
Steve Zurier, Contributing WriterNews
Calls to eliminate the password abound on this World Password Day and the technology to change is ready. So why can't we get off our password habit?
By Steve Zurier Contributing Writer, 5/2/2019
Comment1 Comment  |  Read  |  Post a Comment
Attackers Used Red-Team, Pen-Testing Tools to Hack Wipro
Robert Lemos, Contributing WriterNews
Breach of India-based outsourcing giant involved a remote access tool and a post-exploitation tool, according to an analysis by Flashpoint.
By Robert Lemos Contributing Writer, 5/1/2019
Comment0 comments  |  Read  |  Post a Comment
Digital Transformation Exposes Operational Technology & Critical Infrastructure
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
The convergence of OT and IP-based IT networks makes society more vulnerable, requiring CISOs to rethink defense.
By Marc Wilczek Digital Strategist & CIO Advisor, 5/1/2019
Comment1 Comment  |  Read  |  Post a Comment
Attackers Aren't Invincible & We Must Use That to Our Advantage
Roselle Safran & Utpal Desai, President of Rosint Labs/Director of Product Management of BitdefenderCommentary
The bad guys only seem infallible. Use their weaknesses to beat them.
By Roselle Safran & Utpal Desai President of Rosint Labs/Director of Product Management of Bitdefender, 4/24/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Windows, Antivirus Software at Odds After Latest Update
Robert Lemos, Contributing WriterNews
This month's Windows update has caused incompatibilities with software from at least five antivirus companies, resulting in slow boot times and frozen systems.
By Robert Lemos Contributing Writer, 4/23/2019
Comment0 comments  |  Read  |  Post a Comment
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Contributing WriterNews
Mueller report finds that in July 2016, after then-candidate Donald Trump publicly called for Russia to "find the 30,000 emails," Russian agents targeted Hillary Clinton's personal office with cyberattacks.
By Robert Lemos Contributing Writer, 4/19/2019
Comment17 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by reducefat2
Current Conversations This is good
In reply to: hi
Post Your Own Reply
More Conversations
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
How a Manufacturing Firm Recovered from a Devastating Ransomware Attack
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7844
PUBLISHED: 2019-05-22
Adobe Media Encoder version 13.0.2 has an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2017-9809
PUBLISHED: 2019-05-22
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Information Exposure.
CVE-2018-12886
PUBLISHED: 2019-05-22
stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypas...
CVE-2019-7834
PUBLISHED: 2019-05-22
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execu...
CVE-2019-7835
PUBLISHED: 2019-05-22
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary co...