Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Attacks/Breaches
Page 1 / 2   >   >>
Alphabet's Chronicle Explores Code-Signing Abuse in the Wild
News  |  5/22/2019  | 
A new analysis highlights the prevalence of malware signed by certificate authorities and the problems with trust-based security.
New Software Skims Credit Card Info From Online Credit Card Transactions
Quick Hits  |  5/22/2019  | 
The new exploit builds a fake frame around legitimate portions of an online commerce website.
Baltimore Email, Other Systems Still Offline from May 7 Ransomware Attack
Quick Hits  |  5/22/2019  | 
The city's mayor says there's no 'exact timeline on when all systems will be restored.'
DDoS Attacks Up in Q1 After Months of Steady Decline
News  |  5/22/2019  | 
Sudden surge suggests that new actors have stepped up to the plate to replace the old operators.
The 3 Cybersecurity Rules of Trust
Commentary  |  5/22/2019  | 
Every day, keeping anything secure requires being smart about trust. The rules of trust will keep you and your data safer.
What You Need to Know About Zero Trust Security
Slideshows  |  5/22/2019  | 
The zero trust model might be the answer to a world in which perimeters are made to be breached. Is it right for your organization?
Satan Ransomware Adds More Evil Tricks
News  |  5/21/2019  | 
The latest changes to the Satan ransomware framework demonstrate attackers are changing their operations while targeting victims more carefully.
To Narrow the Cyber Skills Gap with Attackers, Cut the Red Tape
Commentary  |  5/21/2019  | 
Attackers are getting further ahead, and entrenched corporate rules shoulder much of the blame.
KnowBe4 Focuses on Security Culture with CLTRe Acquisition
Quick Hits  |  5/21/2019  | 
The acquisition solidifies KnowBe4's European presence and shows a focus on building and measuring security culture.
Old Threats Are New Again
Commentary  |  5/21/2019  | 
They may look familiar to you, and that isn't a coincidence. New threats are often just small twists on old ones.
TeamViewer Admits Breach from 2016
Quick Hits  |  5/20/2019  | 
The company says it stopped the attack launched by a Chinese hacking group.
New Trickbot Variant Uses URL Redirection to Spread
News  |  5/20/2019  | 
Switch in tactic is the latest attempt by operators of the prolific banking Trojan to slip past detection mechanisms.
Financial Sector Under Siege
Commentary  |  5/20/2019  | 
The old take-the-money-and-run approach has been replaced by siege tactics such as DDOS attacks and land-and-expand campaigns with multiple points of persistence and increased dwell time.
Killer SecOps Skills: Soft Is the New Hard
Commentary  |  5/20/2019  | 
The sooner we give mindsets and tool sets equal bearing, the better. We must put SOC team members through rigorous training for emergency situations.
7 Signs of the Rising Threat of Magecart Attacks in 2019
Slideshows  |  5/20/2019  | 
Magecart attacks continue to grow in momentum. Here are the stats and stories that show what's behind the mayhem.
How a Manufacturing Firm Recovered from a Devastating Ransomware Attack
News  |  5/20/2019  | 
The infamous Ryuk ransomware slammed a small company that makes heavy-duty vehicle alternators for government and emergency fleet. Here's what happened.
Artist Uses Malware in Installation
Quick Hits  |  5/17/2019  | 
A piece of 'art' currently up for auction features six separate types of malware running on a vulnerable computer.
DevOps Repository Firms Establish Shared Analysis Capability
News  |  5/17/2019  | 
Following an attack on their users, and their shared response, Atlassian, GitHub, and GitLab decide to make the sharing of attack information a permanent facet of their operations.
When Older Windows Systems Won't Die
News  |  5/17/2019  | 
Microsoft's decision to patch unsupported machines for the critical CVE-2019-0708 flaw is a reminder that XP, 2003, and other older versions of Windows still run in some enterprises.
A Trustworthy Digital Foundation Is Essential to Digital Government
Commentary  |  5/17/2019  | 
Agencies must take steps to ensure that citizens trust in the security of government's digital channels.
US Charges Members of GozNym Cybercrime Gang
News  |  5/16/2019  | 
The FBI and counterparts from other nations say group infected over 41,000 computers with malware that steals banking credentials.
The Data Problem in Security
Commentary  |  5/16/2019  | 
CISOs must consider reputation, resiliency, and regulatory impact to establish their organization's guidelines around what data matters most.
Cyber Workforce Exec Order: Right Question, Wrong Answer
Commentary  |  5/16/2019  | 
Shuffling resources, adding administrative process, and creating a competition and incentive system will do little to grow and mature the talent we need to meet the cybersecurity challenges we face.
GDPR Drives Changes, but Privacy by Design Proves Elusive
News  |  5/15/2019  | 
One year later, the EU mandate's biggest impact has been to focus more attention on data protection and privacy, security analysts say.
Two Ransomware Recovery Firms Typically Pay Hackers
Quick Hits  |  5/15/2019  | 
Companies promising the safe return of data sans ransom payment secretly pass Bitcoin to attackers and charge clients added fees.
Website Attack Attempts Rose by 69% in 2018
News  |  5/14/2019  | 
Millions of websites have been compromised, but the most likely malware isn't cyptomining: it's quietly stealing files and redirecting traffic, a new Sitelock report shows.
Commercial Spyware Uses WhatsApp Flaw to Infect Phones
News  |  5/14/2019  | 
A single flaw allowed attackers thought to be linked to a government to target human rights workers and install surveillance software by sending a phone request. The victims did not even have to answer.
Uniqlo Parent Company Says Hack Compromised 461,091
Quick Hits  |  5/14/2019  | 
Fast Retailing Co. reports cyberattackers accessed accounts registered to its Japanese Uniqlo and GU brand websites.
Baltimore Ransomware Attack Takes Strange Twist
News  |  5/14/2019  | 
Tweet suggests possible screenshot of stolen city documents and credentials in the wake of attack that took down city servers last week.
Microsoft Patches Wormable Vuln in Windows 7, 2003, XP, Server 2008
News  |  5/14/2019  | 
Microsoft releases security updates for some out-of-support systems to fix a bug that could be weaponized as a worm if exploited.
Korean APT Adds Rare Bluetooth Device-Harvester Tool
News  |  5/13/2019  | 
ScarCruft has evolved into a skilled and resourceful threat group, new research shows.
Thrangrycat Claws Cisco Customer Security
Quick Hits  |  5/13/2019  | 
A linked pair of vulnerabilities could allow an attacker to take over many different types of Cisco networking components.
LockerGoga, MegaCortex Ransomware Share Unlikely Traits
News  |  5/13/2019  | 
New form of ransomware MegaCortex shares commonalities with LockerGoga, enterprise malware recently seen in major cyberattacks.
Attacks on JavaScript Services Leak Info From Websites
News  |  5/13/2019  | 
Three marketing tools, including the Best Of The Web security logomark, were compromised in supply chain attacks, allegedly leaving website customers leaking their users' sensitive information.
Demystifying the Dark Web: What You Need to Know
Slideshows  |  5/10/2019  | 
The Dark Web and Deep Web are not the same, neither is fully criminal, and more await in this guide to the Internet's mysterious corners.
Microsoft SharePoint Bug Exploited in the Wild
Quick Hits  |  5/10/2019  | 
A number of reports show CVE-2019-0604 is under active attack, Alien Labs researchers say.
How We Collectively Can Improve Cyber Resilience
Commentary  |  5/10/2019  | 
Three steps you can take, based on Department of Homeland Security priorities.
Hackers Still Outpace Breach Detection, Containment Efforts
News  |  5/10/2019  | 
Research shows time to discovery and containment of breaches slowly shrinking, but attackers don't need a very big window to do a lot of damage.
Data Dump Purportedly Reveals Details on Previously Unknown Iranian Threat Group
News  |  5/9/2019  | 
Rana targets airline companies and others in well-planned, well-researched attacks, Israel's ClearSky says.
US DoJ Indicts Chinese Man for Anthem Breach
News  |  5/9/2019  | 
Fujie Wang allegedly worked as part of a hacking team out of China that stole information on nearly 80 million Americans in the massive healthcare breach.
Nation-State Breaches Surged in 2018: Verizon DBIR
News  |  5/9/2019  | 
The source of breaches has fluctuated significantly over the past nine years, but organized crime has almost always topped nation-state actors each year. The gap narrowed significantly in 2018, according to the annual report.
How to Close the Critical Cybersecurity Talent Gap
Commentary  |  5/9/2019  | 
If we don't change our ways, the gap will keep getting worse. Outside-the-box thinking and new techniques are required, and here are a few ways to get started.
Fighting Back Against Tech-Savvy Fraudsters
Commentary  |  5/9/2019  | 
Staying a step ahead requires moving beyond the security techniques of the past.
2018 Arrests Have Done Little to Stop Marauding Threat Group
News  |  5/8/2019  | 
In fact, FIN7's activities only appear to have broadened, according to a new report.
DeepDotWeb Operators Indicted, Website Seized by the FBI
Quick Hits  |  5/8/2019  | 
Defendants allegedly earned kickbacks for sales of illegal contraband, including hacking tools and malicious code.
Social Engineering Slams the C-Suite: Verizon DBIR
News  |  5/8/2019  | 
Criminals are also going after cloud-based email accounts, according to Verizon's '2019 Data Breach Investigations Report.'
FBI: Cybercrime Losses Doubled in 2018
Commentary  |  5/8/2019  | 
The world has embraced digital technology, but cybercrime is putting a serious dent in corporate finances, the FBI finds.
Baltimore City Network Struck with Ransomware Attack
Quick Hits  |  5/7/2019  | 
Government employees are working to determine the source and severity of a cyberattack that forced most city servers offline.
Orgs Are Quicker to Disclose Breaches Reported to Them Via External Sources
News  |  5/7/2019  | 
Companies that find a breach on their own take substantially longer to report a breach, a new analysis shows.
How a Chinese Nation-State Group Reverse-Engineered NSA Attack Tools
News  |  5/7/2019  | 
New Symantec research shows how the Buckeye group captured an exploit and backdoor used by the National Security Agency and deployed them on other victims.
Page 1 / 2   >   >>


97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
How a Manufacturing Firm Recovered from a Devastating Ransomware Attack
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-7201
PUBLISHED: 2019-05-22
CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel.
CVE-2018-7803
PUBLISHED: 2019-05-22
A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet. The emulator is used infrequently for application logic testing. It is susceptible to an attack...
CVE-2018-7844
PUBLISHED: 2019-05-22
A CWE-200: Information Exposure vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause the disclosure of SNMP information when reading memory blocks from the controller over Modbus.
CVE-2018-7853
PUBLISHED: 2019-05-22
A CWE-248: Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service when reading invalid physical memory blocks in the controller over Modbus
CVE-2018-7854
PUBLISHED: 2019-05-22
A CWE-248 Uncaught Exception vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause a denial of Service when sending invalid debug parameters to the controller over Modbus.