News & Commentary

Content posted in December 2016
Page 1 / 3   >   >>
FBI, DHS Report Implicates Cozy Bear, Fancy Bear In Election-Related Hacks
Quick Hits  |  12/29/2016  | 
US government dubs the operation "GRIZZLY STEPPE" in new Joint Analysis Report, and says the malicious groups' activity continues.
White House Announces Retaliatory Measures For Russian Election-Related Hacking
News  |  12/29/2016  | 
35 Russian intelligence operatives ejected from the US, and two of the "Cyber Most Wanted" are frozen out by Treasury Department.
10 Things InfoSec Pros Can Celebrate About 2016
News  |  12/29/2016  | 
There were a few items that passed for good news this year.
Cyberattack On Ukraine Conflict Watchdog
Quick Hits  |  12/29/2016  | 
Organization for Security Cooperation in Europe confirms data breach but does not name perpetrator.
InterContinental Hotels Probes Possible Card System Breach
Quick Hits  |  12/29/2016  | 
Cybersecurity firm hired by the hotel group to investigate suspected payment card system fraud at various US locations.
Threat Actors Bring Ransomware To Industrial Sector With New Version of KillDisk
News  |  12/29/2016  | 
Disk-erasing malware has been tweaked to encrypt data instead and to ask for a Bitcoin payment.
The Bug Bounty Model: 21 Years & Counting
Commentary  |  12/29/2016  | 
A look back on the beginnings of crowdsourced vulnerability assessment and how its robust history is paving the way for the future.
Another Massive DDoS Closes Out 2016, But Mirai Not To Blame
News  |  12/28/2016  | 
Using a new malware variant called Leet, the 650 Gbps DDoS attack matched Mirai's floods of traffic.
Chinas Cybersecurity Law Seeks Scrutiny Of Technology
Quick Hits  |  12/28/2016  | 
Countrys top internet regulator releases framework for stricter cyberspace laws, including review of local and foreign technology.
Macau Resident Held For Hacking, Insider Trading Charges In US
Quick Hits  |  12/28/2016  | 
Iat Hong and two others allegedly breached computers of major US law firms and stole confidential exchange on M&A transactions.
21 Biggest Cybercriminal Busts Of 2016
Slideshows  |  12/28/2016  | 
This year has been a tornado of major cyberattacks and hacker arrests. Here, we look back on the 21 most interesting 'cyberbusts' of 2016.
How Artificial Intelligence Will Solve The Security Skills Shortage
Commentary  |  12/28/2016  | 
Unlike industries that fear the intrusion of AI, the infosec world is embracing this revolutionary technology, and the seismic changes it will bring to threat detection and mitigation.
Fileless Malware Takes 2016 By Storm
News  |  12/27/2016  | 
In-memory attacks are all the rage, creating a growing class of "non-malware."
8 Boldest Security Predictions For 2017
Slideshows  |  12/27/2016  | 
Scary, funny and maybe even a little outlandish, these industry predictions come from prognosticators who didn't mince words.
Year 2016 Sees Record Deployment Of HTTPS By Firefox, Chrome
Quick Hits  |  12/27/2016  | 
More than half of Web pages loaded by the browsers guarantee protection to visitors.
Lithuania Charges Russia With Hacking Government Network
Quick Hits  |  12/27/2016  | 
Spyware found in computers was allegedly transferring documents and passwords to Russian spy agency address.
Greatest Hits Of 2016: Readers' Picks For The Years' Best Commentary
Commentary  |  12/27/2016  | 
Heres what topped the Dark Reading page-view charts from the security industrys brightest minds, coolest rock stars, and up-and-coming leaders.
A Cybersecurity Christmas Story
Partner Perspectives  |  12/23/2016  | 
Automation and orchestration will be essential components of security in 2017.
More Than 50% Of Biggest Holiday Retailers May Not Be PCI-Compliant
News  |  12/22/2016  | 
SecurityScorecard warns while the industry has made progress, many are still not covering the basics of security.
Major Cyberattacks On Healthcare Grew 63% In 2016
News  |  12/22/2016  | 
US hospitals lack new technologies and best practices to defend against threats, new report says.
Inside The Vulnerability Disclosure Ecosystem
Slideshows  |  12/22/2016  | 
Report released by NTIA stakeholders offers new information on how organizations respond to security vulnerabilities - and what researchers think.
Malware Used In DNC Breach Found Tracking Ukraine Military
News  |  12/22/2016  | 
Russian 'Fancy Bear' now tied to Ukraine artillery Android app hack with the same malware used in breach of the Democratic National Committee.
Network Security: An Ounce Of Prevention Is Worth A Pound Of Reaction
Commentary  |  12/22/2016  | 
For humans ailments, prevention might begin with an allergist. In security, it's the network engineer.
US CISOs Earn $273,033 Per Year
Quick Hits  |  12/22/2016  | 
Security Current survey says salary increase is top incentive for 38% of CISOs.
Gogo Launches Bug Bounty Program Via Bugcrowd
Quick Hits  |  12/22/2016  | 
Researchers to target Gogo's ground-based gogoair.com and airborne gogoinflight.com domains for vulnerabilities.
'Alice' Malware Loots ATMs
News  |  12/21/2016  | 
Trend Micro has an alert about a new bare-bones ATM malware family it recently uncovered.
Explained: Domain-Generating Algorithms
Partner Perspectives  |  12/21/2016  | 
Cybercriminals use domain-generating algorithms to prevent their servers from being blacklisted or taken down.
Security Analytics: Don't Let Your Data Lake Turn Into A Data Swamp
Commentary  |  12/21/2016  | 
It's easy to get bogged down when looking for insights from data using Hadoop. But that doesn't have to happen, and these tips can help.
Man Pleads Guilty To Hacking Competitor's Business
Quick Hits  |  12/21/2016  | 
Texas man allegedly stole customer information from 700,000 accounts on his victims website.
Ukraine Investigates Possible Cyberattack In Kiev Blackout
Quick Hits  |  12/21/2016  | 
External interference could be reason for sudden outage in Pivnichna substation cutting off power for several hours.
Panasonic Inflight Entertainment System Vulnerable To Attack
News  |  12/20/2016  | 
Flaws could theoretically allow access to aircraft control systems, IOActive says in disputed report.
Application Security Still Slows Developer Work
News  |  12/20/2016  | 
Cooperation among DevOps teams might be growing, but security testing still seen as a road block to continuous delivery.
Report: ShadowBrokers Obtained Stolen NSA Info Via Rogue Insider
News  |  12/20/2016  | 
Flashpoint researchers have 'medium confidence' that rogue insider, not just outside hacker, was involved in ShadowBrokers' August and December data dumps.
20 Questions Security Pros Should Ask Themselves Before Moving To The Cloud
Commentary  |  12/20/2016  | 
A template for working collaboratively with the business in todays rapidly changing technology environment.
Democrats And Republicans Join In Demand For Select Cyber Panel
Quick Hits  |  12/20/2016  | 
Four senators push Mitch McConnell for select committee on foreign cyber threats and Russian interference in US presidential polls.
44% Of Companies Miss Breach Reporting Deadlines
Quick Hits  |  12/20/2016  | 
Balabit research on security investigation says organizations lack of understanding lead to delay in breach probe.
Russian Hackers Run Record-Breaking Online Ad-Fraud Operation
News  |  12/20/2016  | 
'Methbot' is a sophisticated cybercrime scheme that has hit major US advertisers and publishing brands and pilfered millions of dollars per day.
Spammers Work Up A Hailstorm
News  |  12/19/2016  | 
In their constant effort to evade anti-spam filters, spammers have devised a new way to deliver junk mail to your inbox.
Investments In Security Operations Centers Are Paying Off, Study Finds
Partner Perspectives  |  12/19/2016  | 
SOCs help organizations reduce security incidents and improve operational maturity.
Brute-Force Botnet Attacks Now Elude Volumetric Detection
Commentary  |  12/19/2016  | 
It just became harder to distinguish bot behavior from human behavior.
5 Ways The Cyber-Threat Landscape Shifted In 2016
Slideshows  |  12/19/2016  | 
IoT botnets and turnkey phishing services were just some of the ways the bad guys stayed ahead in 2016
Phishing Can Leverage Users To Bypass Sandboxes
Partner Perspectives  |  12/19/2016  | 
Using social engineering to bypass traditional security defenses is not new and will certainly continue to grow.
Financial Data Worth Millions Unwittingly Exposed In Ameriprise Accounts
Quick Hits  |  12/19/2016  | 
Leak of bank account and financial planning details emanated from a financial advisor's unsecured Internet-connected backup drive at home.
US Charges 3 Romanians With Cyber Fraud Involving $4 Million
Quick Hits  |  12/19/2016  | 
Defendants extradited to US for alleged conspiracy that infected 60,000 computers and sent 11 million malicious emails.
Obama: US Will Retaliate Against Russian Cyberattacks In Proportional Manner
News  |  12/16/2016  | 
US action will include both covert and explicit response, President says. Meanwhile, a Russian-speaking hacker was discovered behind a data breach of the US Election Assistance Commission (EAC).
How To Find, Hire The Next-Gen CISO
How To Find, Hire The Next-Gen CISO
Dark Reading Videos  |  12/16/2016  | 
Joyce Brocaglia of Alta Associates and the Executive Women's Forum talks about how to identify the perfect leader for your cybersecurity team, even if "security" isn't on their resume.
Has The Security Industry Failed Its Customers?
Commentary  |  12/16/2016  | 
Short answer: Not really. But the odds of staying safe from a cyberattack go way up when you follow these six tips for security hygiene.
Nigerian Charged With BEC Scam Involving $3.1 Billion
Quick Hits  |  12/16/2016  | 
David Adindu and accomplices targeted thousands of businesses globally with fake emails asking for money transfer.
Microsoft To Block Flash In Edge Browser For Security, Speed
News  |  12/16/2016  | 
Microsoft will block Adobe Flash by default in its Edge browser, following similar announcements from Google, Apple, and Mozilla.
Romanian Gets 57-Months Jail For ATM Skimming Scheme
Quick Hits  |  12/16/2016  | 
Robert Mate and 15 others copied bank account details of thousands of ATM users and stole $5 million.
Page 1 / 3   >   >>


13 Russians Indicted for Massive Operation to Sway US Election
Kelly Sheridan, Associate Editor, Dark Reading,  2/16/2018
From DevOps to DevSecOps: Structuring Communication for Better Security
Robert Hawk, Privacy & Security Lead at xMatters,  2/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.