Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in December 2016
Page 1 / 3   >   >>
FBI, DHS Report Implicates Cozy Bear, Fancy Bear In Election-Related Hacks
Quick Hits  |  12/29/2016  | 
US government dubs the operation "GRIZZLY STEPPE" in new Joint Analysis Report, and says the malicious groups' activity continues.
White House Announces Retaliatory Measures For Russian Election-Related Hacking
News  |  12/29/2016  | 
35 Russian intelligence operatives ejected from the US, and two of the "Cyber Most Wanted" are frozen out by Treasury Department.
10 Things InfoSec Pros Can Celebrate About 2016
News  |  12/29/2016  | 
There were a few items that passed for good news this year.
Cyberattack On Ukraine Conflict Watchdog
Quick Hits  |  12/29/2016  | 
Organization for Security Cooperation in Europe confirms data breach but does not name perpetrator.
InterContinental Hotels Probes Possible Card System Breach
Quick Hits  |  12/29/2016  | 
Cybersecurity firm hired by the hotel group to investigate suspected payment card system fraud at various US locations.
Threat Actors Bring Ransomware To Industrial Sector With New Version of KillDisk
News  |  12/29/2016  | 
Disk-erasing malware has been tweaked to encrypt data instead and to ask for a Bitcoin payment.
The Bug Bounty Model: 21 Years & Counting
Commentary  |  12/29/2016  | 
A look back on the beginnings of crowdsourced vulnerability assessment and how its robust history is paving the way for the future.
Another Massive DDoS Closes Out 2016, But Mirai Not To Blame
News  |  12/28/2016  | 
Using a new malware variant called Leet, the 650 Gbps DDoS attack matched Mirai's floods of traffic.
Chinas Cybersecurity Law Seeks Scrutiny Of Technology
Quick Hits  |  12/28/2016  | 
Countrys top internet regulator releases framework for stricter cyberspace laws, including review of local and foreign technology.
Macau Resident Held For Hacking, Insider Trading Charges In US
Quick Hits  |  12/28/2016  | 
Iat Hong and two others allegedly breached computers of major US law firms and stole confidential exchange on M&A transactions.
21 Biggest Cybercriminal Busts Of 2016
Slideshows  |  12/28/2016  | 
This year has been a tornado of major cyberattacks and hacker arrests. Here, we look back on the 21 most interesting 'cyberbusts' of 2016.
How Artificial Intelligence Will Solve The Security Skills Shortage
Commentary  |  12/28/2016  | 
Unlike industries that fear the intrusion of AI, the infosec world is embracing this revolutionary technology, and the seismic changes it will bring to threat detection and mitigation.
Fileless Malware Takes 2016 By Storm
News  |  12/27/2016  | 
In-memory attacks are all the rage, creating a growing class of "non-malware."
8 Boldest Security Predictions For 2017
Slideshows  |  12/27/2016  | 
Scary, funny and maybe even a little outlandish, these industry predictions come from prognosticators who didn't mince words.
Year 2016 Sees Record Deployment Of HTTPS By Firefox, Chrome
Quick Hits  |  12/27/2016  | 
More than half of Web pages loaded by the browsers guarantee protection to visitors.
Lithuania Charges Russia With Hacking Government Network
Quick Hits  |  12/27/2016  | 
Spyware found in computers was allegedly transferring documents and passwords to Russian spy agency address.
Greatest Hits Of 2016: Readers' Picks For The Years' Best Commentary
Commentary  |  12/27/2016  | 
Heres what topped the Dark Reading page-view charts from the security industrys brightest minds, coolest rock stars, and up-and-coming leaders.
A Cybersecurity Christmas Story
Partner Perspectives  |  12/23/2016  | 
Automation and orchestration will be essential components of security in 2017.
More Than 50% Of Biggest Holiday Retailers May Not Be PCI-Compliant
News  |  12/22/2016  | 
SecurityScorecard warns while the industry has made progress, many are still not covering the basics of security.
Major Cyberattacks On Healthcare Grew 63% In 2016
News  |  12/22/2016  | 
US hospitals lack new technologies and best practices to defend against threats, new report says.
Inside The Vulnerability Disclosure Ecosystem
Slideshows  |  12/22/2016  | 
Report released by NTIA stakeholders offers new information on how organizations respond to security vulnerabilities - and what researchers think.
Malware Used In DNC Breach Found Tracking Ukraine Military
News  |  12/22/2016  | 
Russian 'Fancy Bear' now tied to Ukraine artillery Android app hack with the same malware used in breach of the Democratic National Committee.
Network Security: An Ounce Of Prevention Is Worth A Pound Of Reaction
Commentary  |  12/22/2016  | 
For humans ailments, prevention might begin with an allergist. In security, it's the network engineer.
US CISOs Earn $273,033 Per Year
Quick Hits  |  12/22/2016  | 
Security Current survey says salary increase is top incentive for 38% of CISOs.
Gogo Launches Bug Bounty Program Via Bugcrowd
Quick Hits  |  12/22/2016  | 
Researchers to target Gogo's ground-based gogoair.com and airborne gogoinflight.com domains for vulnerabilities.
'Alice' Malware Loots ATMs
News  |  12/21/2016  | 
Trend Micro has an alert about a new bare-bones ATM malware family it recently uncovered.
Explained: Domain-Generating Algorithms
Partner Perspectives  |  12/21/2016  | 
Cybercriminals use domain-generating algorithms to prevent their servers from being blacklisted or taken down.
Security Analytics: Don't Let Your Data Lake Turn Into A Data Swamp
Commentary  |  12/21/2016  | 
It's easy to get bogged down when looking for insights from data using Hadoop. But that doesn't have to happen, and these tips can help.
Man Pleads Guilty To Hacking Competitor's Business
Quick Hits  |  12/21/2016  | 
Texas man allegedly stole customer information from 700,000 accounts on his victims website.
Ukraine Investigates Possible Cyberattack In Kiev Blackout
Quick Hits  |  12/21/2016  | 
External interference could be reason for sudden outage in Pivnichna substation cutting off power for several hours.
Panasonic Inflight Entertainment System Vulnerable To Attack
News  |  12/20/2016  | 
Flaws could theoretically allow access to aircraft control systems, IOActive says in disputed report.
Application Security Still Slows Developer Work
News  |  12/20/2016  | 
Cooperation among DevOps teams might be growing, but security testing still seen as a road block to continuous delivery.
Report: ShadowBrokers Obtained Stolen NSA Info Via Rogue Insider
News  |  12/20/2016  | 
Flashpoint researchers have 'medium confidence' that rogue insider, not just outside hacker, was involved in ShadowBrokers' August and December data dumps.
20 Questions Security Pros Should Ask Themselves Before Moving To The Cloud
Commentary  |  12/20/2016  | 
A template for working collaboratively with the business in todays rapidly changing technology environment.
Democrats And Republicans Join In Demand For Select Cyber Panel
Quick Hits  |  12/20/2016  | 
Four senators push Mitch McConnell for select committee on foreign cyber threats and Russian interference in US presidential polls.
44% Of Companies Miss Breach Reporting Deadlines
Quick Hits  |  12/20/2016  | 
Balabit research on security investigation says organizations lack of understanding lead to delay in breach probe.
Russian Hackers Run Record-Breaking Online Ad-Fraud Operation
News  |  12/20/2016  | 
'Methbot' is a sophisticated cybercrime scheme that has hit major US advertisers and publishing brands and pilfered millions of dollars per day.
Spammers Work Up A Hailstorm
News  |  12/19/2016  | 
In their constant effort to evade anti-spam filters, spammers have devised a new way to deliver junk mail to your inbox.
Investments In Security Operations Centers Are Paying Off, Study Finds
Partner Perspectives  |  12/19/2016  | 
SOCs help organizations reduce security incidents and improve operational maturity.
Brute-Force Botnet Attacks Now Elude Volumetric Detection
Commentary  |  12/19/2016  | 
It just became harder to distinguish bot behavior from human behavior.
Phishing Can Leverage Users To Bypass Sandboxes
Partner Perspectives  |  12/19/2016  | 
Using social engineering to bypass traditional security defenses is not new and will certainly continue to grow.
5 Ways The Cyber-Threat Landscape Shifted In 2016
Slideshows  |  12/19/2016  | 
IoT botnets and turnkey phishing services were just some of the ways the bad guys stayed ahead in 2016
Financial Data Worth Millions Unwittingly Exposed In Ameriprise Accounts
Quick Hits  |  12/19/2016  | 
Leak of bank account and financial planning details emanated from a financial advisor's unsecured Internet-connected backup drive at home.
US Charges 3 Romanians With Cyber Fraud Involving $4 Million
Quick Hits  |  12/19/2016  | 
Defendants extradited to US for alleged conspiracy that infected 60,000 computers and sent 11 million malicious emails.
Obama: US Will Retaliate Against Russian Cyberattacks In Proportional Manner
News  |  12/16/2016  | 
US action will include both covert and explicit response, President says. Meanwhile, a Russian-speaking hacker was discovered behind a data breach of the US Election Assistance Commission (EAC).
How To Find, Hire The Next-Gen CISO
How To Find, Hire The Next-Gen CISO
Dark Reading Videos  |  12/16/2016  | 
Joyce Brocaglia of Alta Associates and the Executive Women's Forum talks about how to identify the perfect leader for your cybersecurity team, even if "security" isn't on their resume.
Has The Security Industry Failed Its Customers?
Commentary  |  12/16/2016  | 
Short answer: Not really. But the odds of staying safe from a cyberattack go way up when you follow these six tips for security hygiene.
Nigerian Charged With BEC Scam Involving $3.1 Billion
Quick Hits  |  12/16/2016  | 
David Adindu and accomplices targeted thousands of businesses globally with fake emails asking for money transfer.
Microsoft To Block Flash In Edge Browser For Security, Speed
News  |  12/16/2016  | 
Microsoft will block Adobe Flash by default in its Edge browser, following similar announcements from Google, Apple, and Mozilla.
Romanian Gets 57-Months Jail For ATM Skimming Scheme
Quick Hits  |  12/16/2016  | 
Robert Mate and 15 others copied bank account details of thousands of ATM users and stole $5 million.
Page 1 / 3   >   >>

Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.