Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content posted in December 2016
Page 1 / 3   >   >>
FBI, DHS Report Implicates Cozy Bear, Fancy Bear In Election-Related Hacks
Quick Hits  |  12/29/2016  | 
US government dubs the operation "GRIZZLY STEPPE" in new Joint Analysis Report, and says the malicious groups' activity continues.
White House Announces Retaliatory Measures For Russian Election-Related Hacking
News  |  12/29/2016  | 
35 Russian intelligence operatives ejected from the US, and two of the "Cyber Most Wanted" are frozen out by Treasury Department.
10 Things InfoSec Pros Can Celebrate About 2016
News  |  12/29/2016  | 
There were a few items that passed for good news this year.
Cyberattack On Ukraine Conflict Watchdog
Quick Hits  |  12/29/2016  | 
Organization for Security Cooperation in Europe confirms data breach but does not name perpetrator.
InterContinental Hotels Probes Possible Card System Breach
Quick Hits  |  12/29/2016  | 
Cybersecurity firm hired by the hotel group to investigate suspected payment card system fraud at various US locations.
Threat Actors Bring Ransomware To Industrial Sector With New Version of KillDisk
News  |  12/29/2016  | 
Disk-erasing malware has been tweaked to encrypt data instead and to ask for a Bitcoin payment.
The Bug Bounty Model: 21 Years & Counting
Commentary  |  12/29/2016  | 
A look back on the beginnings of crowdsourced vulnerability assessment and how its robust history is paving the way for the future.
Another Massive DDoS Closes Out 2016, But Mirai Not To Blame
News  |  12/28/2016  | 
Using a new malware variant called Leet, the 650 Gbps DDoS attack matched Mirai's floods of traffic.
Chinas Cybersecurity Law Seeks Scrutiny Of Technology
Quick Hits  |  12/28/2016  | 
Countrys top internet regulator releases framework for stricter cyberspace laws, including review of local and foreign technology.
Macau Resident Held For Hacking, Insider Trading Charges In US
Quick Hits  |  12/28/2016  | 
Iat Hong and two others allegedly breached computers of major US law firms and stole confidential exchange on M&A transactions.
21 Biggest Cybercriminal Busts Of 2016
Slideshows  |  12/28/2016  | 
This year has been a tornado of major cyberattacks and hacker arrests. Here, we look back on the 21 most interesting 'cyberbusts' of 2016.
How Artificial Intelligence Will Solve The Security Skills Shortage
Commentary  |  12/28/2016  | 
Unlike industries that fear the intrusion of AI, the infosec world is embracing this revolutionary technology, and the seismic changes it will bring to threat detection and mitigation.
Fileless Malware Takes 2016 By Storm
News  |  12/27/2016  | 
In-memory attacks are all the rage, creating a growing class of "non-malware."
8 Boldest Security Predictions For 2017
Slideshows  |  12/27/2016  | 
Scary, funny and maybe even a little outlandish, these industry predictions come from prognosticators who didn't mince words.
Year 2016 Sees Record Deployment Of HTTPS By Firefox, Chrome
Quick Hits  |  12/27/2016  | 
More than half of Web pages loaded by the browsers guarantee protection to visitors.
Lithuania Charges Russia With Hacking Government Network
Quick Hits  |  12/27/2016  | 
Spyware found in computers was allegedly transferring documents and passwords to Russian spy agency address.
Greatest Hits Of 2016: Readers' Picks For The Years' Best Commentary
Commentary  |  12/27/2016  | 
Heres what topped the Dark Reading page-view charts from the security industrys brightest minds, coolest rock stars, and up-and-coming leaders.
A Cybersecurity Christmas Story
Partner Perspectives  |  12/23/2016  | 
Automation and orchestration will be essential components of security in 2017.
More Than 50% Of Biggest Holiday Retailers May Not Be PCI-Compliant
News  |  12/22/2016  | 
SecurityScorecard warns while the industry has made progress, many are still not covering the basics of security.
Major Cyberattacks On Healthcare Grew 63% In 2016
News  |  12/22/2016  | 
US hospitals lack new technologies and best practices to defend against threats, new report says.
Inside The Vulnerability Disclosure Ecosystem
Slideshows  |  12/22/2016  | 
Report released by NTIA stakeholders offers new information on how organizations respond to security vulnerabilities - and what researchers think.
Malware Used In DNC Breach Found Tracking Ukraine Military
News  |  12/22/2016  | 
Russian 'Fancy Bear' now tied to Ukraine artillery Android app hack with the same malware used in breach of the Democratic National Committee.
Network Security: An Ounce Of Prevention Is Worth A Pound Of Reaction
Commentary  |  12/22/2016  | 
For humans ailments, prevention might begin with an allergist. In security, it's the network engineer.
US CISOs Earn $273,033 Per Year
Quick Hits  |  12/22/2016  | 
Security Current survey says salary increase is top incentive for 38% of CISOs.
Gogo Launches Bug Bounty Program Via Bugcrowd
Quick Hits  |  12/22/2016  | 
Researchers to target Gogo's ground-based gogoair.com and airborne gogoinflight.com domains for vulnerabilities.
'Alice' Malware Loots ATMs
News  |  12/21/2016  | 
Trend Micro has an alert about a new bare-bones ATM malware family it recently uncovered.
Explained: Domain-Generating Algorithms
Partner Perspectives  |  12/21/2016  | 
Cybercriminals use domain-generating algorithms to prevent their servers from being blacklisted or taken down.
Security Analytics: Don't Let Your Data Lake Turn Into A Data Swamp
Commentary  |  12/21/2016  | 
It's easy to get bogged down when looking for insights from data using Hadoop. But that doesn't have to happen, and these tips can help.
Man Pleads Guilty To Hacking Competitor's Business
Quick Hits  |  12/21/2016  | 
Texas man allegedly stole customer information from 700,000 accounts on his victims website.
Ukraine Investigates Possible Cyberattack In Kiev Blackout
Quick Hits  |  12/21/2016  | 
External interference could be reason for sudden outage in Pivnichna substation cutting off power for several hours.
Panasonic Inflight Entertainment System Vulnerable To Attack
News  |  12/20/2016  | 
Flaws could theoretically allow access to aircraft control systems, IOActive says in disputed report.
Application Security Still Slows Developer Work
News  |  12/20/2016  | 
Cooperation among DevOps teams might be growing, but security testing still seen as a road block to continuous delivery.
Report: ShadowBrokers Obtained Stolen NSA Info Via Rogue Insider
News  |  12/20/2016  | 
Flashpoint researchers have 'medium confidence' that rogue insider, not just outside hacker, was involved in ShadowBrokers' August and December data dumps.
20 Questions Security Pros Should Ask Themselves Before Moving To The Cloud
Commentary  |  12/20/2016  | 
A template for working collaboratively with the business in todays rapidly changing technology environment.
Democrats And Republicans Join In Demand For Select Cyber Panel
Quick Hits  |  12/20/2016  | 
Four senators push Mitch McConnell for select committee on foreign cyber threats and Russian interference in US presidential polls.
44% Of Companies Miss Breach Reporting Deadlines
Quick Hits  |  12/20/2016  | 
Balabit research on security investigation says organizations lack of understanding lead to delay in breach probe.
Russian Hackers Run Record-Breaking Online Ad-Fraud Operation
News  |  12/20/2016  | 
'Methbot' is a sophisticated cybercrime scheme that has hit major US advertisers and publishing brands and pilfered millions of dollars per day.
Spammers Work Up A Hailstorm
News  |  12/19/2016  | 
In their constant effort to evade anti-spam filters, spammers have devised a new way to deliver junk mail to your inbox.
Investments In Security Operations Centers Are Paying Off, Study Finds
Partner Perspectives  |  12/19/2016  | 
SOCs help organizations reduce security incidents and improve operational maturity.
Brute-Force Botnet Attacks Now Elude Volumetric Detection
Commentary  |  12/19/2016  | 
It just became harder to distinguish bot behavior from human behavior.
5 Ways The Cyber-Threat Landscape Shifted In 2016
Slideshows  |  12/19/2016  | 
IoT botnets and turnkey phishing services were just some of the ways the bad guys stayed ahead in 2016
Phishing Can Leverage Users To Bypass Sandboxes
Partner Perspectives  |  12/19/2016  | 
Using social engineering to bypass traditional security defenses is not new and will certainly continue to grow.
Financial Data Worth Millions Unwittingly Exposed In Ameriprise Accounts
Quick Hits  |  12/19/2016  | 
Leak of bank account and financial planning details emanated from a financial advisor's unsecured Internet-connected backup drive at home.
US Charges 3 Romanians With Cyber Fraud Involving $4 Million
Quick Hits  |  12/19/2016  | 
Defendants extradited to US for alleged conspiracy that infected 60,000 computers and sent 11 million malicious emails.
Obama: US Will Retaliate Against Russian Cyberattacks In Proportional Manner
News  |  12/16/2016  | 
US action will include both covert and explicit response, President says. Meanwhile, a Russian-speaking hacker was discovered behind a data breach of the US Election Assistance Commission (EAC).
Has The Security Industry Failed Its Customers?
Commentary  |  12/16/2016  | 
Short answer: Not really. But the odds of staying safe from a cyberattack go way up when you follow these six tips for security hygiene.
How To Find, Hire The Next-Gen CISO
How To Find, Hire The Next-Gen CISO
Dark Reading Videos  |  12/16/2016  | 
Joyce Brocaglia of Alta Associates and the Executive Women's Forum talks about how to identify the perfect leader for your cybersecurity team, even if "security" isn't on their resume.
Nigerian Charged With BEC Scam Involving $3.1 Billion
Quick Hits  |  12/16/2016  | 
David Adindu and accomplices targeted thousands of businesses globally with fake emails asking for money transfer.
Microsoft To Block Flash In Edge Browser For Security, Speed
News  |  12/16/2016  | 
Microsoft will block Adobe Flash by default in its Edge browser, following similar announcements from Google, Apple, and Mozilla.
Romanian Gets 57-Months Jail For ATM Skimming Scheme
Quick Hits  |  12/16/2016  | 
Robert Mate and 15 others copied bank account details of thousands of ATM users and stole $5 million.
Page 1 / 3   >   >>

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-06-30
In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md function.
PUBLISHED: 2022-06-29
The firmware of EDIMAX IC-3140W Version 3.11 is hardcoded with Administrator username and password.
PUBLISHED: 2022-06-29
Joy ebike Wolf Manufacturing year 2022 is vulnerable to Denial of service, which allows remote attackers to jam the key fob request via RF.
PUBLISHED: 2022-06-29
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_service.
PUBLISHED: 2022-06-29
Code Injection in GitHub repository getgrav/grav prior to 1.7.34.